Presentation Englais

8/3/2019 Presentation Englais

1/24

HACKING

Dont Learn to Hack Hack to Learn

Realized by :o Hamid IMIHI

o Abdelghafour MOUJAHIDDINE


2/24

Outline

Brief History What hackers do? Hackers techniques System Hacking

27/04/12 2


3/24

Who is a hacker?

There are at least two common interpretations:

Someone who bypasses the systemsaccess controls by taking advantage of security weaknesses left in the systemby

developers. Someone who is both knowledgeable

and skilled at computer programming,and who is a member of the hackersubculture.

27/04/12 3


4/24

A Brief History of Hacking

1980s Two hacker groups formed 2600 published

1990s National Crackdown on hackers Microsofts NT operating system pierced National infrastructure protection center unveiled

2000 In one of the biggest denial-of-service attacks , hackers

launch attacks against eBay, Yahoo!, CNN.com., Amazonand others.

27/04/12 4


5/24

What Do Hackers Do?

System Access confidential information Threaten someone from YOUR

computer Broadcast your confidential letters or

materials

Store illegal or espionage material

27/04/12 5


6/24

What Do Hackers Do?

Network Eavesdrop and replay Imposer: server / client

Modify data / stream Denial-of-Service

27/04/12 6


7/24

Hackers techniques

System hacking Network hacking Software hacking

27/04/12 7


8/24

System Hacking

Footprinting Scanning Enumeration Gaining access Escalating privilege Covering tracks Creating backdoors Denial of service

27/04/12 8


9/24

Footprinting

Objective To learn as much as you can about

target system, it's remote accesscapabilities, its ports and services,and the aspects of its security.

Techniques Whois Web interface to whois

27/04/12 9


10/24

PING

27/04/12 10


11/24

Web interface to whois

27/04/12 11


12/24

Scanning

Objective Bulk target assessment and

identification of listing servicesfocuses the attention on the mostpromising avenues of entry

Techniques Ping sweep TCP/UDP port scan OS Detection

27/04/12 12


13/24

27/04/12 13


14/24

27/04/12 14


15/24

Port numbers and description

27/04/12 15


16/24

Enumeration

Objective More intrusive probing now begins as

attackers begin identifying valid useraccounts or poorly protectedresource shares

Techniques List user accounts List file shares Identify applications

27/04/12 16


17/24

Gaining Access

Objective Enough data has been gathered at

this point to make an informedattempt to access the target

Techniques File share brute forcing Password file grab Buffer overflows Password eavesdropping

27/04/12 17


18/24

NETBRUTE FORCE

27/04/12 18


19/24

Escalating Privileges

Objective If only user level access was obtained

in the last step, the attacker will nowseek to gain the complete control of the system

Techniques Password cracking Known exploits

27/04/12 19


20/24

Covering Tracks

Objective Once total ownership of the target is

secured, hiding this from systemadministrators become paramount,lest they quickly end the romp.

Techniques Clear logs Hide tools

27/04/12 20


21/24

Creating Back Doors Objective

Trap doors will be laid in various partsof the system to ensure thatprivileged access is easily regained atthe whim if the intruder

Techniques Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms

Replace apps with trojans27/04/12 21


22/24

Denial of Service

Objective If an attacker is unsuccessful in gainingaccess ,they may use readily availableexploit code to disable a target as a last

resort. Techniques

SYN flood

Identical SYN requests Overlapping fragment/offset bugs DDOS


23/24

NORMAL SYN FLOOD

27/04/12 23


24/24

Thanks for your attention

27/04/12 24

Documents

Presentation Englais