A Seminar Report On

ETHICAL HACKING
In partial fulfillment of requirements for the degree of

Bachelors of Technology
SUBMITTED BY:

SWETA LEENA PANDA

COMPUTER SCIENCE AND ENGINEERING DEPARTMENT INTERNATIONAL INSTITUTE OF INFOFMATION TECHNOLOGY BHUBANESWAR 751003, INDIA APRIL, 2013

A Seminar Report On
ETHICAL HACKING
In partial fulfillment of requirements for the degree of

Bachelors of Technology
SUBMITTED BY:

SWETA LEENA PANDA

Under the Guidance of: Prof. RAKESH KUMAR LENKA

COMPUTER SCIENCE AND ENGINEERING DEPARTMENT INTERNATIONAL INSTITUTE OF INFOFMATION TECHNOLOGY BHUBANESWAR 751003, INDIA APRIL, 2013

UNDERTAKING
I declare that the work presented in this thesis Ethical hacking, submitted to the Department, International Institute of Information Technology, Bhubaneswar, for the award of the Bachelors of Technology degree in Computer Science and Engineering, is my original work. I have not plagiarized or submitted the same work for the award of any other degree. In case this undertaking is found incorrect, I accept that my degree may be unconditionally withdrawn.

April, 2013 Bhubaneswar Sweta Leen panda

CERTIFICATE
Certified that the work contained in the thesis titled Ethical Hacking by Sweta Leena Panda , B410054 has been carried out under my supervision and that this work has not been submitted elsewhere for a degree.

April , 2013 Rakesh Kumar Lenka Dept of Information technology and Engineering IIIT, Bhubaneswar

ACKNOWLEDGEMENT
I would like to express my gratitude and appreciation to all those who gave me the possibility to complete this report. A special thanks to my project Coordinator Professor Rakesh Kumar Lenka whose help, stimulating suggestions and encouragement, helped me to coordinate my project. His full effort in guiding helped me to achieve the goal as Well as his encouragement to maintain my progress in track.

Table of Contents
1. Introduction a) security b) Need of security c) types of hackers 2. Literature survey a) Ethical hacking b) What does Ethical hacker do c) Required skills of an Ethical hacker d) History highlights 3. Technical Details a) Various stages of Hacking Methodology b) Advantage & Disadvantage 4. Conclusion

List of Figures
Chapter page number

1. Abstract ....7 2. Introduction ..8 3. Security ..............8 4. Need of security..9 5. Types of hackers ....9 6. Ethical hacking..10 7. What does Ethical hacker do.10 8. Required skills of an Ethical hacker.11 9. History highlights ..11 10. Various stages of Hacking Methodology12 11. Advantage & Disadvantage 18 12. Conclusion ............19

ABSTRACT
Today more and more software are being developed and people are getting more and more options in their present softwares. But many are not aware that they are being hacked without their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. A good ethical hacker should know the methodology chosen by the hacker like reconnaissance, host or target scanning, gaining access, maintaining access and clearing tracks. For ethical hacking we should know about the various tools and methods that can be used by a black hat hacker apart from the methodology used by him. From the point of view of the user one should know at least some of these because some hackers make use of those who are not aware of the various hacking methods to hack into a system. Also when thinking from the point of view of the developer, he also should be aware of these since he should be able to close holes in his software even with the usage of the various tools. With the advent of new tools the hackers may make new tactics. But at least the software will be resistant to some of the tools.

INTRODUCTION

Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the targets permission. The intent of ethical hacking is to discover vulnerabilities from a hackers viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors claims about the security of their products are legitimate. -

A) Security:
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. In the case of networks the security is also called the information security. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

B) Need for Security:

Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated which are produced by the intruders. These include: Lose of confidential data Damage or destruction of data Damage or destruction of computer system

 Loss of reputation of a company Hacking Eric Raymond, compiler of The New Hacker's Dictionary , defines a hacker as a clever programmer. A "good hack is a clever solution to a programming problem and "hacking is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here: A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system.

A) Types of Hackers:
Hackers can be broadly classified on the basis of why they are hacking system or why they are indulging hacking. There are mainly three types of hacker on this basis

Black-Hat Hacker
A black hat hackers or crackers are individuals with extraordinary computing skills, resorting to malicious or destructive activities. That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others.

White-Hat Hacker
White hat hackers are those individuals professing hacker skills and using them for defensive purposes. This means that the white hat hackers use their knowledge and skill for the good of others and for the common good.

Grey-Hat Hackers
These are individuals who work both offensively and various times. We cannot predict their behavior. Sometimes they use their skills for the common good while in some other times he uses them for their personal gains.

ETHICAL HACKING
Ethical hacking defined as a methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. With the growth of the Internet, computer security has become a major concern for businesses and governments. In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.

A) What does an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security personal who tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical hacker will always have the permission to enter into the target network. An ethical hacker will first think with a mindset of a hacker who tries to get in to the system.He will first find out what an intruder can see or what others can see. Finding these an ethical hacker will try to get into the system with that information in whatever method he can. If he succeeds in penetrating into the system then he will report to the company with a detailed report about the particular vulnerability exploiting which he got in to the system. He may also sometimes make patches for that particular vulnerability or he may suggest some methods to prevent the vulnerability.

B) Required Skills of an Ethical Hacker:

Following are the skills at mostly required by an Ethical Hacker: Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems. Routers: knowledge of routers, routing protocols, and access control lists Mainframes

 Network Protocols: TCP/IP; how they function and can be manipulated. Project Management: leading, planning, organizing, and controlling a penetration testing team.

C) HISTORY HIGHLIGHTS:
In one early ethical hack, the United States Air Force conducted a security evaluation of the Multics operating systems for potential use as a twolevel(secret/top secret) system. With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies began to appear outside of the military establishment. Most notable of these was the work by Farmer and Venema, which was originally posted to Usenet in December of 1993.Methodology of Hacking:As described above there are mainly five steps in hacking like reconnaissance, scanning, and gaining access, maintaining access and clearing tracks. But it is not the end of the process. The actual hacking will be a circular one. Once the hacker completed the five steps then the hacker will start reconnaissance in that stage and the preceding stages to get in to the next level.

D) STAGES OF HACKING
The various stages in the hacking methodology are Reconnaissance Scanning & Enumeration Gaining access Maintaining access Covering tracks Clearing tracks

A)Reconnaissance Types
Reconnaissance techniques can be categorized broadly into active and passive reconnaissance. When an attacker approaches the attack using passive reconnaissance techniques, he/she does not interact with the system directly. He uses publicly available information, social engineering, and dumpster diving as a means of gathering information. When an attacker employs active reconnaissance techniques, he/she tries to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications. The next phase of attacking is scanning, which is discussed in the following section. Some experts do not differentiate scanning from active reconnaissance. However, there is a slight difference as scanning involves more in-depth probing on the part of the attacker. Often reconnaissance and scanning phases overlap, and it is not always possible to demarcate these phases as watertight compartments. Active reconnaissance is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected. Newbies and script kiddies are often found attempting this to get faster, visible results, and sometimes just for the brag value they can obtain. As an ethical hacker, you must be able to distinguish among the various reconnaissance methods, and be able to advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral part of their business and/or operational strategy, and be equipped with proper policies and procedures to check for such activities.

B) Scanning & Enumeration:

Scanning is the method an attacker performs prior to attacking the network. In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities. Scanning can be considered a logical extension (and overlap) of the active reconnaissance. Often attackers use automated tools such as network/host scanners, and war dialers to locate systems and attempt to discover vulnerabilities. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as Traceroute. Alternatively, they can use tools such as Cheops to add sweeping functionality along with what Traceroute renders. Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also be adopted

as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering. An attacker follows a particular sequence of steps in order to scan any network. Though a generic approach has been presented, the scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process. Figure:

The most commonly used tools are vulnerability scanners that can search for several known vulnerabilities on a target network, and can potentially detect thousands of vulnerabilities. This gives the attacker the advantage of time because he/she only has to find a single means of entry while the systems professional has to secure many vulnerable areas by applying patches. Organizations that deploy intrusion detection systems still have reason to worry because attackers can use evasion techniques at both the application and network levels.

C)Gaining Access:
Gaining access is the most important phase of an attack in terms of potential damage. Attackers need not always gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system. Stopping of service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system. Resources can be exhausted locally by filling up outgoing communication links.

The exploit can occur locally, offline, over a LAN or the Internet as a deception or theft. Examples include stack-based buffer overflows, denial-of-service, and session hijacking. Attackers use a technique called spoofing to exploit the system by pretending to be strangers or different systems. They can use this technique to send a malformed packet containing a bug to the target system in order to exploit vulnerability. Packet flooding may be used to remotely stop availability of the essential services. Smurf attacks try to elicit a response from the available users on a network and then use their legitimate address to flood the victim. Factors that influence the chances of an attacker gaining access into a target system include to architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. The most damaging type of the denial-of-service attacks can be distributed denial-of service attacks, where an attacker uses zombie software distributed over several machines on the Inter to trigger an orchestrated large scale denial of services.

D) Maintaining access:
Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources, and further use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the

system. Both these actions can damage the organization. For instance,the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems. Attackers, who choose to remain undetected, remove evidence of their entry and use a backdoor or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain super user access. The reason behind this is that rootkits gain access at the operating system level while a Trojan horse gains access at the application level. Both rootkits and Trojans depend on users to install them. Within Windows systems, most Trojans install themselves as a service and run as local system, which has administrative access. Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system. They can maintain control over their system for a long time by hardening the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion. Organizations can use intrusion detection systems or deploy honey pots and honey nets to detect intruders. The latter though is not recommended unless the organization has the required security professional to leverage the concept for protection.

E) Covering Tracks

An attacker would like to destroy evidence of his/her presence and activities for various reasons such as maintaining access and evading punitive action. Erasing evidence of a compromise is a requirement forany attacker who would like to remain obscure. This is one of the best methods to evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process, e.g., a buffer overflow attack will usually leave a message in the system logs. Next, the attention is turned to effecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of his/her system is correct, and that no intrusion or compromise has actually taken place. Since, the first thing a system administrator does to monitor unusual activity, is to check the system log files, it is common for intruders to use a utility to modify the system logs. In some extreme cases, rootkits can disable logging altogether and discard all existing logs. This happens if the intruders intend to use the system for a longer period of time as a launch base for future intrusions. They will then remove only those portions of logs that can reveal their presence. It is imperative for attackers to make the system look like it did before they gained access and established backdoors for their use. Any files, which have been modified, need to be changed back to their original attributes. Information listed, such as file size and date, is just attribute information contained within the file. Trojans such as ps or netcat come in handy for any attacker who wants to destroy the evidence from the log files or replace the system binaries with the same. Once the Trojans are in place, the attacker can be assumed to have gained total control of the system. Rootkits are automated tools that are designed to hide the presence of the attacker. By executing the script, a variety of critical files are replaced with trojanned versions, hiding the attacker with ease. Other techniques include: Steganography and tunneling. Steganography is the process of hiding the data for instance in images and sound files. Tunneling takes advantage of the transmission protocol by carrying one protocol over another. Even the extra space (e.g. unused bits) in the TCP and IP headers can be used for hiding information. An attacker can use the system as a cover to launch fresh attacks against other systems or use it as a means of reaching another system on the network without being detected. Thus, this phase of attack can turn into a new cycle of attack by using reconnaissance techniques all over again.

F) Clearing Tracks:
Now we come to the final step in the hacking. There is a saying that

everybody knows a good hacker but nobody knows a great hacker . This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here. Whenever a hacker downloads some file or installs some software, its log will be stored in the server logs. So in order to erase that hacker uses man tools. One such tool is windows resource kits auditpol.exe. This is a command line tool with which the intruder can easily disable auditing. Another tool which eliminates any physical evidence is the evidence eliminator. Sometimes apart from the server logs some other in formations may be stored temporarily. The Evidence Eliminator deletes all such evidences.

What do hackers do after hacking

Patch security hole The other hackers cant intrude Clear logs and hide themselves Install rootkit ( backdoor ) The hacker who hacked the system can use the system later It contains trojan virus, and so on Install irc related program identd, irc, bitchx, eggdrop, bnc Install scanner program mscan, sscan, nmap Install exploit program Install denial of service program Use all of installed programs silently

How can protect the system?

Patch security hole often Encrypt important data Ex) pgp, ssh Do not run unused daemon Remove unused setuid/setgid program Setup loghost Backup the system often Setup firewall

 Setup IDS Ex) snor

Difference between Hacker & Cracker

HACKING WITH MALICIOUS INTENTION IS CRACKING The basic difference is hackers do not do anything disastrous. Cracking yield more devastating results. Cracking is crime. Cyber crime are the results of cracking ,not hacking

Advantages and Disadvantages:

Ethical hacking nowadays is the backbone of network security. Each day its relevance is increasing, the major pros & cons of ethical hacking are given below:

Advantages
o o o o Provides security to banking and financial establishments Prevents website defacements An evolving technique To catch a thief you have to think like a thief

Disadvantages
o All depends upon the trustworthiness of the ethical hacker o Hiring professionals is expensive.

Future enhancements:
o As it an evolving branch the scope of enhancement in technology is immense. No ethical hacker can ensure the system security by using the same technique repeatedly. He would have to improve, develop and explore new avenues repeatedly. o more enhanced software should be used for optimum protection. Tools used, need to be updated regularly and more efficient ones need to be developed.

Understanding the Need to Hack Your Own Systems

To catch a thief, think like a thief. Thats the basis for ethical hacking. The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys and not just the generic vulnerabilities that everyone knows about is absolutely critical. When you know hacker tricks, you can see how vulnerable your systems are. Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual private networks (VPNs) can create a false feeling of safety. These security systems often focus on high-level vulnerabilities, such as viruses and traffic through a firewall, without affecting how hackers work. Attacking your own systems to discover vulnerabilities is a step to making them more secure. This is the only proven method of greatly hardening your systems from attack. If you dont identify weaknesses, its a matter of time before the vulnerabilities are exploited. As hackers expand their knowledge, so should you. You must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart hackers efforts. You dont have to protect your systems from everything. You cant. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them not even you. Thats not the best approach to information security. Whats important is to protect your systems from known vulnerabilities and common hacker attacks. Its impossible to buttress all possible vulnerabilities on all your systems. You cant plan for all possible attacks especially the ones that are currently unknown. However, the more combinations you try the more you test whole systems instead of individual units the better your chances of discovering vulnerabilities that affect everything as a whole. Dont take ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks.

CONCLUSION
The idea of testing the security of a system by trying to break into it is not new. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely accepted as prudent. It is, however, not sufficient by itself. As Roger Schell observed nearly 30 years ago: From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality. Regular auditing, vigilant intrusion detection, good system administration practice, and computer security awareness are all essential parts of an organization's security efforts. A single failure in any of these areas could very well expose an organization to cyber-vandalism, embarrassment, loss of revenue or mind share, or worse. Any new technology has its benefits and its risks. While ethical hackers can help clients better understand their security needs, it is up to the clients to keep their guards in place. Hacking has entered the age of mass production.Current and future Internet attacks are a technologically enabled crime - shifting from manual to automated attacks. Automated scanning tools as a pre-attack tool are a substantial threat to the Internet - a few widely available automated tools endanger the majority of Internet-based computers. Ultimately the solution to automated attacks is more elective defenses based on new technology in some cases and the law for prosecution in some cases. We cannot eliminate cracking through solely technical or legal means but until the future solution what are we to do in the meantime?Security used to be a private matter. Until recently information security had been left largely in the hands of a few specially trained professionals. The paradigm shift of technologically enabled crime has now made security everyone's business. Ethical hackers see this clearly and are responding to actual threats to themselves and in the process also acting in

the common good. The consequences of a security breach are so large that this volunteer proactive activity should not only be encouraged but also rewarded and some companies are being paid handsomely for doing this as a business.At present the tactical objective is to stay one step ahead of the crackers. We must think more strategically for the future. Social behavior, as it relates to computers and information technology, goes beyond merely adhering to the law since the law often lags technological advance. The physical activity of ethical hacking is sometimes hard to differentiate from cracking - it is hard to discern intent and predict future action - the main difference is that while an ethical hacker identifies vulnerabilities (often using the same scanning tools as a cracker) the ethical hacker does not exploit the vulnerabilities while a cracker does. Until a social framework is developed to discern the good guys (white hats) from the bad guys (black hats), we should be slow to codify into law or condemn ethical hacking -or we may risk eliminating our last thin line of stabilizing defense and not realize it until it is too late.

HACKING PRONE AREA