ethical hacking full report

8/2/2019 Ethical Hacking Full Report

1/18

www.way2project.in

ABSTRACT

Today more and more softwares are developing and people are getting more and more

options in their present softwares. But many are not aware that they are being hacked without

their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking"

which attempts to proactively increase security protection by identifying and patching known

security vulnerabilities on systems owned by other parties. A good ethical hacker should

know the methodology chosen by the hacker like reconnaissance, host or target scanning,

gaining access, maintaining access and clearing tracks. For ethical hacking we should know

about the various tools and methods that can be used by a black hat hacker apart from the

methodology used by him. From the point of view of the user one should know atleast some

of these because some hackers make use of those who are not aware of the various hacking

methods to hack into a system. Also when thinking from the point of view of the developer,

he also should be aware of these since he should be able to close holes in his software even

with the usage of the various tools. With the advent of new tools the hackers may make new

tactics. But atleast the software will be resistant to some of the tools


2/18

www.way2project.in

1.INTRODUCTION

Ethical hacking ,also known as penetration testing or white-hat hacking, involves the same

tools, tricks, and techniques that hackers use, but with one major difference that Ethical

hacking is legal. Ethical hacking is performed with the targets permission. The intent of

ethical hacking is to discover vulnerabilities from a hackers viewpoint so systems can be

better secured. Its part of an overall information risk management program that allows for

ongoing security improvements. Ethical hacking can also ensure that vendorsclaims

about the security of their products are legitimate.

1.1 Security

Security is the condition of being protected against danger or loss. In the general sense,

security is a concept similar to safety. In the case of networks the security is also called the

information security. Information security means protecting information and information

systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Usually the security is described in terms of CIA triads. The CIA are the basic principles of

security in which C denotes the Confidentiality , I represents Integrity and the letter A

represents the Availability. Confidentiality

Confidentiality is the property of preventing disclosure of information to unauthorized

individuals or systems. This implies that the particular data should be seen only by the

authorized personals. Those persons who is a passive person should not see those data. For

example in the case of a credit card transaction, the authorized person should see the credit

card numbers and he should see that data. Nobody others should see that number because

they may use it for some other activities. Thus the confidentiality is very important.Confidentiality is necessary for maintaining the privacy of the people whose personal

information a system holds.

Integrity

Integrity means that data cannot be modified without authorization. This means that the data

seen by the authorized persons should be correct or the data should maintain the property ofintegrity. With out that integrity the data is of no use. Integrity is violated when a computer

virus infects a computer, when an employee is able to modify his own salary in a payroll


3/18

www.way2project.in

database, when an unauthorized user vandalizes a web site, when someone is able to cast a

very large number of votes in an online poll, and so on. In such cases the data is modified

and then we can say that there is a breach in the security.

Availability

For any information system to serve its purpose, the information must be available when it is

needed. Consider the case in which the data should have integrity and confidentiality. For

achieving both these goals easily we can make those data off line. But then the data is not

available for the user or it is not available. Hence the data is of no use even if it have all the

other characteristics. This means that the computing systems used to store and process the

information, the security controls used to protect it, and the communication channels used to

access it must be functioning correctly.

All these factors are considered to be important since data lacking any of the above

characteristics is useless. Therefore security is described as the CIA trio. Lacking any one of

the CIA means there is a security breach.

1.2 Need for Security

Computer security is required because most organizations can be damaged by hostile

software or intruders. Moreover security is directly related to business. This is because if a

company losses a series of credit card numbers of it`s customers then many customers would

be hesitant to go back to the same company and that particular company will lose many

customer and hence the business. There may be several forms of damage which are

obviously interrelated which are produced by the intruders. These include:

lose of confidential data damage or destruction of data damage or destruction of computer

system loss of reputation of a company There may be many more in the list due to securitybreaches. This means that security is absolutely necessary.

1.3 Hacking

A hacker is a person who is interested in a particular subject and have an immense

knowledge on that subject. In the world of computers a hacker is a person intensely

interested in the arcane and recondite workings of any computer operating system. Most

often, hackers are programmers with advance knowledge of operating systems and

programming languages. Eric Raymond, compiler of The New Hacker's Dictionary, defines

a hacker as a clever programmer. A "good hack" is a clever solution to a programming


4/18

www.way2project.in

problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that

qualify one as a hacker, which we paraphrase here:

A person who enjoys learning details of a programming language or system

A person who enjoys actually doing the programming rather than just theorizing about it

A person capable of appreciating someone else's hacking

A person who picks up programming quickly

A person who is an expert at a particular programming language or system

1.4 Types of Hackers

Hackers can be broadly classified on the basis of why they are hacking system or why the are

indulging hacking. There are mainly three types of hacker on this basis Black-Hat Hacker A

black hat hackers are individuals with extraordinary computing skills, resorting to malicious

or destructive activities. That is black hat hackers use their knowledge and skill for their own

personal gains probably by hurting others. These black hat hackers are also known as

crackers White-Hat Hacker White hat hackers are those individuals professing hacker skills

and using them for defensive purposes. This means that the white hat hackers use their

knowledge and skill for the good of others and for the common good. These white hat

hackers are also called as security analysts.

Grey-Hat Hackers

These are individuals who work both offensively and defensively at various times. We

cannot predict their behaviour. Sometimes they use their skills for the common good while in

some other times he uses them for their personal gains.

1.5 Can Hacking Be Done Ethically Due to some reasons hacking is always meant in the bad

sense and hacking means black hat hacking. But the question is can hacking be doneethically? The answer is yes because to catch a thief, think like a thief. Thats the basis for

ethical hacking. Suppose a person or hacker try to hack in to a system and if he finds a

vulnerability. Also suppose that he reports to the company that there is a vulnerability. Then

the company could make patches for that vulnerability and hence they could protect

themselves from some future attacks from some black hat hacker who tries to use the same

vulnerability. So unless some body try to find a vulnerability, it remains hidden and on

someday somebody might find these vulnerability and exploit them for their own personal

interests. So this can be done using ethical hacking.


5/18

www.way2project.in

1.6 Ethical hacking is also known as penetration testing, intrusion testing or red teaming.

With the growth of the Internet, computer security has become a major concern for

businesses and governments. They want to be able to take advantage of the Internet for

electronic commerce, advertising, information distribution and access, and other pursuits, but

they are worried about the possibility of being hacked. At the same time, the potential

customers of these services are worried about maintaining control of personal information

that varies from credit card numbers to social security numbers and home addresses. In their

search for a way to approach the problem, organizations came to realize that one of the best

ways to evaluate the intruder threat to their interests would be to have independent computer

security professionals attempt to break into their computer systems. This scheme is called

Ethical Hacking. This similar to having independent auditors come into an organization to

verify its bookkeeping records. This method of evaluating the security of a system has been

in use from the early days of computers. In one early ethical hack, the United States Air

Force conducted a security evaluation of the Multics operating systems for potential use as a

two-level (secret/top secret) system. With that they found out that the particular software is

better than the conventional systems. But it also brought out some of its vulnerabilities.

Successful ethical hackers possess a variety of skills. First and foremost, they must be

completely trustworthy. While testing the security of a client's systems, the ethical hacker

may discover information about the client that should remain secret. In many cases, this

information, if publicized, could lead to real intruders breaking into the systems, possibly

leading to financial losses. During an evaluation, the ethical hacker often holds the keys to

the company, and therefore must be trusted to exercise tight control over any informationabout a target that could be misused. The sensitivity of the information gathered during an

evaluation requires that strong measures be taken to ensure the security of the systems being

employed by the ethical hackers themselves: limited-access labs with physical security

protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold

paper documentation from clients, strong cryptography to protect electronic results, and

isolated networks for testing. Ethical hackers also should possess very strong programming

and computer networking skills and have been in the computer and networking business for

several years. Another quality needed for ethical hacker is to have more drive and patience


6/18

www.way2project.in

than most people since a typical evaluation may require several days of tedious work that is

difficult to automate. Some portions of the evaluations must be done outside of normal

working hours to avoid interfering with production at live targets or to simulate the timing of

a real attack. When they encounter a system with which they are unfamiliar, ethical hackers

will spend the time to learn about the system and try to find its weaknesses. Finally, keeping

up with the ever-changing world of computer and network security requires continuous

education and review.

1.7 What do an Ethical Hacker do An ethical hacker is a person doing ethical hacking that is

he is a security personal who tries to penetrate in to a network to find if there is some

vulnerability in the system. An ethical hacker will always have the permission to enter into

the target network. An ethical hacker will first think with a mindset of a hacker who tries to

get in to the system. He will first find out what an intruder can see or what others can see.

Finding these an ethical hacker will try to get into the system with those information in

whatever method he can. If he succeeds in penetrating into the system then he will report to

the company with a detailed report about the particular vulnerability exploiting which he got

in to the system. He may also sometimes make patches for that particular vulnerability or he

may suggest some methods to prevent the vulnerability.

2. Ethical hacking is a process in which an authenticated person,who is a computer and

network expert, attacks a security system on behalf of it`s owners a security system on behalf

of its owners, seeking vulnerabilities that a malicious hacker could exploit. In order to test

the system an ethical hacker will use the same principles as the usual hacker uses, but reports

those vulnerabilities instead of using them for their own advantage.2.1 Analogy with Building Robbing

The methodology of a hacker is similar to the one used for usual thefts. Lets consider the

case of a bank robbery. The first step will be to find information about the total transaction of

the bank, the total amount of money that may be kept in the bank, who is the manager, if the

security personals have a gun with them etc. This is similar to the reconnaissance phase of

hacking. The next step will be to find the ways through which we can enter the building, how

many doors are present in the building, if there is a lock at each door etc. This is similar to

the second stage the scanning in which we will check which all hosts are present, which all


7/18

www.way2project.in

services are running etc. The third step will be to enter the building which is similar to

gaining access. For entering in to a building we need some keys. Like that in case of network

we need some ids and passwords. Once we entered the building our next aim will be to make

an easier way inside when I come next time which is analogous to the next step maintaining

access. In the hacking case we use Trojans,back door worms etc like placing a hidden door

inside the building. Then the final step in which we will try to hide the fact that I entered the

building which is analogous to the clearing of tracks in the case of hacking

2.2 Methodology of Hacking

As described above there are mainly five steps in hacking like reconnaissance, scanning,

gaining access, maintaining access and clearing tracks. But it is not the end of the process.

The actual hacking will be a circular one. Once the hacker completed the five steps then the

hacker will start reconnaissance in that stage and the preceding stages to get in to the next

level. The various stages in the hacking methodology are

Reconnaissance

Scanning & Enumeration

Gaining access

Maintaining access

Clearing tracks

2.3 Reconnaissance

The literal meaning of the word reconnaissance means a preliminary survey to gain

information. This is also known as foot-printing. This is the first stage in the methodology of

hacking. As given in the analogy, this is the stage in which the hacker collects information

about the company which the personal is going to hack. This is one of the pre-attackingphases. Reconnaissance refers to the preparatory phase where an attacker learns about all of

the possible attack vectors that can be used in their plan. In this pre-attack phase we will

gather as much as information as possible which are publicly available. The information

includes the domain names, locations contact informations etc. The basic objective of this

phase is to make a methodological mapping of the targets security schema which results in a

unique organization profile with respect to network and system involved. As we are dealing

with the Internet we can find many information here which we may not intend to put it

publicly. We have many tools for such purposes. These include tools like samspade, email


8/18

www.way2project.in

tracker, visual route etc. The interesting thing to note is that we can even use the simple

googling as a footprinting tool.

2.3.1 Google

Google is one of the most famous search engines used in the Internet. Using some kind of

specialized keywords for searching we can find many such information that is put in

publicly. For example if we use some keywords like for internal use only followed by the

targets domain name we may get many such useful information. Some times even if the

company actually removed from its site, it sometimes get preserved in the Google`s caches.

Some times even the job advertisement in Internet can also be used in footprinting. For

example if some company is looking for professional who are good in oracle database, this

can be telling to the world that they are using th oracle database in their company. This can

be helpful for the hacker since he can look for the vulnerabilities of that particular object.

One of the main advantages of Google is it`s advanced search option. The advanced search

have many options like searching for particular domain, documents published after a

particular period of time, files of particular format, particular languages etc.

2.3.2 Samspade

Samspade is a simple tool which provides us information about a particular host. This tool is

very much helpful in finding the addresses, phone numbers etc The above fig 2.1 represents

the GUI of the samspade tool. In the text field in the top left corner of the window we just

need to put the address of the particular host. Then we can find out various information

available. The information given may be phone numbers, contact names, IP addresses , email

ids, address range etc. We may think that what is the benefit of getting the phone numbers,

email ids, addresses etc. But one of the best way to get information about a company is tojust pick up the phone and ask the details. Thus we can much information in just one click.

2.3.3 Email Tracker and Visual Route

We often used to receive many spam messages in our mail box. We don`t know where it

comes from. Email tracker is a software which helps us to find from which server does the

mail actually came from. Evey message we receive will have a header associated with it. The

email tracker use this header information for find the location.

The above fig 2.2 shows the GUI of the email tracker software. One of the options in the

email tracker is to import the mail header. In this software we just need to import the mails


9/18

www.way2project.in

header to it. Then the software finds from which area does that mail come from. That is we

will get information like from which region does the message come from like Asia pacific,

Europe etc. To be more specific we can use another tool visual route to pinpoint the actual

location of the server. The option of connecting to visual route is available in the email

tracker. Visual route is a tool which displays the location a particular server with the help of

IP addresses. When we connect this with the email tracker we can find the server which

actually send the mail . We can use this for finding the location of servers of targets also

visually in a map.

The above fig 2.3 depicts the GUI of the visual route tool. The visual route GUI have a world

map drawn to it. The software will locate the position of the server in that world map. It will

also depict the path though which the message came to our system. This software will

actually provide us with information about the routers through which the message or the path

traced by the mail from the source to the destination. We may wonder what is the use of

finding the place from which the message came. Suppose you got the email id of an

employee of our target company and we mailed to him telling that u are his greatest friend.

Some times he may reply you saying that he don`t know you. Then you use the email tracker

and the visual route to find that he is not working from the office. Then you can understand

that there are home users in the company. We should understand the fact that the home users

are not protected like the employees working from office. This can be helpful for the hacker

to get in to the system.

2.4 Scanning & Enumeration

Scanning is the second phase in the hacking methodology in which the hacker tries to make a

blue print of the target network. It is similar to a thief going through your neighborhood andchecking every door and window on each house to see which ones are open and which ones

are locked. The blue print includes the ip addresses of the target network which are live, the

services which are running on those system and so on. Usually the services run on

predetermined ports. For example the web server will be making use of the port no 80. This

implies that if the port 80 is open in a particular system we can understand that the targets

web server is running in that host. There are different tools used for scanning war dialing and

pingers were used earlier but now a days both could be detected easily and hence are not in

much use. Modern port scanning uses TCP protocol to do scanning and they could even


10/18

www.way2project.in

detect the operating systems running on the particular hosts.

2.4.1 War Dialing

The war dialers is a hacking tool which is now illegal and easier to find out. War dialing is

the practice of dialing all the phone numbers in a range in order to find those that will answer

with a modem. Earlier the companies used to use dial in modems to which their employees

can dial in to the network. Just a phone number is enough in such cases. War dialing

software makes use of this vulnerability. A war dialer is a computer program used to identify

the phone numbers that can successfully make a connection with a computer modem. The

program automatically dials a defined range of phone numbers and logs and enters in a

database those numbers that successfully connect to the modem. Some programs can also

identify the particular operating system running in the computer and may also conduct

automated penetration testing. In such cases, the war dialer runs through a predetermined list

of common user names and passwords in an attempt to gain access to the system.

2.4.2 Pingers

Pingers and yet another category of scanning tools which makes use of the Internet Control

Message Protocol(ICMP) packets for scanning. The ICMP is actually used to know if a

particular system is alive or not. Pingers using this principle send ICMP packets to all host in

a given range if the acknowledgment comes back we can make out that the system is live.

Pingers are automated software which sends the ICMP packets to different machines and

checking their responses. But most of the firewalls today blocks ICMP and hence they also

cannot be used.

2.4.3 Port Scanning

A port scan is a method used by hackers to determine what ports are open or in use on asystem or network. By using various tools a hacker can send data to TCP or UDP ports one

at a time. Based on the response received the port scan utility can determine if that port is in

use. Using this information the hacker can then focus their attack on the ports that are open

and try to exploit any weaknesses to gain access. Port scanning software, in its most basic

state, simply sends out a request to connect to the target computer on each port sequentially

and makes a note of which ports responded or seem open to more in-depth probing. Network

security applications can be configured to alert administrators if they detect connection

requests across a broad range of ports from a single host. To get around this the intruder can


11/18

www.way2project.in

do the port scan in strobe or stealth mode. Strobing limits the ports to a smaller target set

rather than blanket scanning all 65536 ports. Stealth scanning uses techniques such as

slowing the scan. By scanning the ports over a much longer period of time you reduce the

chance that the target will trigger an alert.

2.4.4 Super Scan

SuperScan is a powerful TCP port scanner, that includes a variety of additional networking

tools like ping, traceroute, HTTP HEAD, WHOIS and more. It uses multi- threaded and

asynchronous techniques resulting in extremely fast and versatile scanning. You can perform

ping scans and port scans using any IP range or specify a text file to extract addresses from.

Other features include TCP SYN scanning, UDP scanning, HTML reports, built-in port

description database, Windows host enumeration, banner grabbing and more.

The fig 2.4 show the GUI of the superscan. In this either we can search a particular host or

over a range of IP addresses. As an output the software will report the host addresses which

are running. There is another option port list setup which will display the set of services

which are running on different hosts.

2.4.5 Nmap

Nmap ("Network Mapper") is a free and open source utility for network exploration or

security auditing. Many systems and network administrators also find it useful for tasks such

as network inventory, managing service upgrade schedules, and monitoring host or service

uptime. The fig 2.5 shows the GUI of the Nmap. Nmap uses raw IP packets in novel ways to

determine what hosts are available on the network, what services those hosts are offering,

what operating systems they are running, what type of packet filters or firewalls are in use,

and dozens of other characteristics. It can even find the different versions. It was designed torapidly scan large networks, but works fine against single hosts. We also have the option of

different types of scan like syn scan, stealth scan, syn stealth scan etc and using this we can

even time the scanning of different ports. Using this software we just need to specify the

different host address ranges and the type of scan to be conducted. As an output we get the

hosts which are live, the services which are running etc. It can even detect the version of the

operating system making use of the fact that different operating systems react differently to

the same packets as they use their own protocol stacks.

2.4.6 Enumeration


12/18

www.way2project.in

Enumeration is the ability of a hacker to convince some servers to give them information that

is vital to them to make an attack. By doing this the hacker aims to find what resources and

shares can be found in the system, what valid user account and user groups are there in the

network, what applications will be there etc. Hackers may use this also to find another hosts

in the entire network. A common type of enumeration is by making use of the null sessions.

Many of the windows operating systems will allow null sessions through which a hacker can

log on. A null session is a connection which uses no user name and password. That is a null

session is created by keeping the user name and password as null. Once the hacker is logged

in then he start enumeration by issuing some queries to find the list of users and groups

either local or active including SID`s, list of hosts, list of shares or processes etc. One of the

tools used after logging in using null sessions is NBTscan which allows the hacker to scan

the network this helps the hacker to get the user name, resource shares etc. Other tools used

are NAT(Netbios Auditing Tool), DumpSec etc. Another way of enumerating is the

enumeration of the SNMP(Simple Network Management Protocol). Using this protocol the

managing entities send messages to the managed entities. In enumerating this SNMP

protocol the hacker sniffs the network to get the various information. The SNMP versions till

3 sends data as text files so it is very easy to get data. While from SNMP version 3 there the

data is encrypted and send. But still we can enumerate those protocols and get information.

Some of the tools used for this are SNMPutil, IP Network Browser etc.

2.5 System Hacking

This is the actual hacking phase in which the hacker gains access to the system. The hacker

will make use of all the information he collected in the pre- attacking phases. Usually the

main hindrance to gaining access to a system is the passwords. System hacking can beconsidered as many steps. First the hacker will try to get in to the system. Once he get in to

the system the next thing he want will be to increase his privileges so that he can have more

control over the system. As a normal user the hacker may not be able to see the confidential

details or cannot upload or run the different hack tools for his own personal interest. Another

way to crack in to a system is by the attacks like man in the middle attack.

2.5.1 Password Cracking

There are many methods for cracking the password and then get in to the system. The

simplest method is to guess the password. But this is a tedious work. But in order to make


13/18

www.way2project.in

this work easier there are many automated tools for password guessing like legion. Legion

actually have an inbuilt dictionary in it and the software will automatically. That is the

software it self generates the password using the dictionary and will check the responses.

Many types of password cracking strategies are used today by the hackers which are

described below.

Dictionary cracking

In this type of cracking there will be a list of various words like the persons children`s name,

birthday etc. The automated software will then make use of these words to make different

combinations of these words and they will automatically try it to the system.

Brute force cracking

This is another type of password cracking which does not have a list of pre compiled words.

In this method the software will automatically choose all the combinations of different

letters, special characters, symbols etc and try them automatically. This process is of course

very tedious and time consuming.

Hybrid cracking

This is a combination of both dictionary and hybrid cracking technique. This means that it

will first check the combination of words in it inbuilt dictionary and if all of them fails it will

try brute force.

Social Engineering

The best and the most common method used to crack the password is social engineering. In

this technique the hacker will come in direct contact with the user through a phone call or

some way and directly ask for the password by doing some fraud.

2.5.2 Loftcrack

This is a software from @stake which is basically a password audit tool. This software uses

the various password cracking methodologies. Loftcrack helps the administrators to find if

their users are using an easy password or not. This is very high profile software which uses

dictionary cracking then brute force cracking. Some times it uses the precompiled hashes

called rainbow tables for cracking the passwords.

The fig 2.6 given above shows the GUI of loftcrack. Usually in windows the passwords are

stored in the sam file in the config directory of system 32. This file operating system


14/18

www.way2project.in

protected that is we cannot access this file if the operating system is running. But with this

loftcrack we just need to run a wizard to get the details of the passwords stored in the sam

file. As seen from the figure the software used the dictionary of 29156 words in this case. It

also got options to use the brute force and pre-compiled hashes.

2.5.3 Privilege escalation

Privilege escalation is the process of raising the privileges once the hacker get in to the

system. That is the hacker may get in as an ordinary user. And now he tries to increase his

privileges to that of an administrator who can do many things. There are many types of tools

available for this. There are some tools like getadmin attaches the user to some kernel routine

so that the services run by the user look like a system routine rather than user initiated

program. The privilege escalation process usually uses the vulnerabilities present in the host

operating system or the software. There are many tools like hk.exe, metasploit etc. One such

community of hackers is the metasploit.

2.5.4 Metasploit

Metasploit is actually a community which provides an online list of vulnerabilities. The

hacker can directly download the vulnerabilities and directly use in the target system for

privilege escalation and other exploits. Metasploit is a command line tool and is very

dangerous as the whole community of black hat hackers are contributing their own findings

of different vulnerabilities of different products.

2.5.5 Man in the Middle Attack

In this type of system hacking we are not actually cracking the password instead we let all

the traffic between a host and a client to go through the hacker system so that he can directly

find out the passwords and other details. In the man in the middle attack what a hacker doesis he will tell to the user that he is the server and then tell the server that I am the client. Now

the client will send packets to the hacker thinking that he is the server and then the hacker

instead of replying forwards a copy of the actual request to the actual server. The server will

then reply to the hacker which will forward a copy of the reply to the actual client. Now the

client will think that he got the reply from the server and the server will think that it replied

to the actual client. But actually the hacker,the man in the middle, also have a copy of the

whole traffic from which he can directly get the needed data or the password using which he

can actually hack in.


15/18

www.way2project.in

2.6 Maintaining Access

Now the hacker is inside the system by some means by password guessing or exploiting

some of it`s vulnerabilities. This means that he is now in a position to upload some files and

download some of them. The next aim will be to make an easier path to get in when he

comes the next time. This is analogous to making a small hidden door in the building so that

he can directly enter in to the building through the door easily. In the network scenario the

hacker will do it by uploading some softwares like Trojan horses,sniffers, key stroke loggers

etc.

2.6.1 Key Stroke Loggers

Key stroke loggers are actually tools which record every movement of the keys in the

keyboard. There are software and hardware keystroke loggers the directly records the

movement of keys directly. For maintaining access and privilege escalation the hacker who

is now inside the target network will upload the keystroke logging softwares in to the

system. The software keystroke loggers will stay as a middle man between the keyboard

driver and the CPU. That is all the keystroke details will directly come to the software so that

the tool keeps a copy of them in a log and forwarding them to the CPU.

2.6.2 Trojan Horses & Backdoors

A Trojan horse is a destructive program that masquerades as a benign application. Unlike

viruses , Trojan horses do not replicate themselves but they can be just as destructive. One of

the most insidious types of Trojan horse is a program that claims to rid your computer of

viruses but instead introduces viruses on to your computer. The term comes from a Greek

story of the Trojan war in which the Greeks fie a giant wooden horse to their foes, theTrojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city

walls, Greek soldiers sneak out of the horse`s hollow belly and open the city gates, allowing

their compatriots to pour in and capture Troy. Generally a Trojan is a malware that runs

programs that you are either unaware of or don`t want to have tunning on your system. The

hackers will place these Trojan softwares inside the network and will go out. Then after

sometimes when he come back the Trojan software either authenticate the hacker as a valid

user or opens some other ports for the hacker to get in. There are many genere of Trojans

like


16/18

www.way2project.in

password sending/capturing

FTP Trojans

Keystroke captures Trojans

Remote access Trojans

Destructive Trojans

Denial of Service Trojans

Proxy Trojans

The Trojans can be introduced through chat clients, email attachments,physical access to

systems,file sharing,wrappers and through other P2P softwares. There are many examples for

trojans like Tini, netcat, subseven, barkorffice etc. Tini is a very tiny Trojan which just

listens to the port 7777. so after introducing the tini the hacker can send his commands to

that port number. Netcat is another Trogen which have the ability to connect to any local port

and could start out bound or inbound TCP or UDP connections to or from any ports. It can

even return the command shell to the hacker through which the hacker can access the system.

Subseven and barkorffice are other Trojans which have a client server architecture which

means that the server part will reside in the target and the hacker can directly access the

server with the knowledge of the user.

2.6.3 Wrappers

In the maintaining access phase in the hacking we usually upload some software in to the

system so that for some needs. In order to keep the softwares and other data to be hidden

from the administrator and other usual user the hackers usually use wrapper software to wrap

their contents to some pictures, greeting cards etc so that they seem usual data to the

administrators. What the wrapper softwares actually does is they will place the maliciousdata in to the white spaces in the harmless data. There are some tools like blindslide which

will insert and extract the data into just jpeg or bmp pictures. Actually what they does is that

they will insert the data into the white spaces that may be present in the files. The most

attractive thing is that most of the time they will not alter the size of the file.

2.6.4 Elitewrap

This is a very notorious wrapper software. Elitewrap is a command line tool which wraps

one or more Trojans in to a normal file. After the processing the product will look like one

program while it will contain many softwares. The speciality of this is that we can even


17/18

www.way2project.in

make the Trojans,packed in to it, to get executed when the user open that file. For example

consider the case in which the netcat Trojan is packed to a flash greeting card. Now when the

user opens the card, in the background, the netcat will start working and will start listening to

some ports which will be exploited by the hackers.

2.7 Clearing Tracks

Now we come to the final step in the hacking. There is a saying that everybody knows a

good hacker but nobody knows a great hacker. This means that a good hacker can always

clear tracks or any record that they may be present in the network to prove that he was here.

When ever a hacker downloads some file or installs some software,its log will be stored in

the server logs. So inorder to erase those the hacker uses man tools. One such tool is

windows resource kit`s auditpol.exe. This is a command line tool with which the intruder can

easily disable auditing. There are some other tools like Eslave which directly clears all the

event logs which tell the administrator that some intruder has come in. Another tool which

eliminates any physical evidence is the evidence eliminator. Sometimes apart from the server

logs some other informations may be stored temporarily. The Evidence Eliminator deletes all

such evidences.

2.7.1 Winzapper

This is another tool which is used for clearing the tracks. This tool will make a copy of the

log and allows the hackers to edit it. Using this tool the hacker just need to select those logs

to be deleted. Then after the server is rebooted the logs will be deleted.


18/18

www.way2project.in

3. CONCLUSION

One of the main aim of the seminar is to make others understand that there are so many tools

through which a hacker can get in to a system. There are many reasons for everybody should

understand about this basics. Lets check its various needs from various perspectives. Student

A student should understand that no software is made with zero vulnerabilities. So while

they are studying they should study the various possibilities and should study how to prevent

that because they are the professionals of tomorrow. Professionals Professionals should

understand that business is directly related to security. So they should make new software

with vulnerabilities as less as possible. If they are not aware of these then they wont be

cautious enough in security matters. Users The software is meant for the use of its users.

Even if the software menders make the software with high security options with out the help

of users it can never be successful. Its like a highly secured building with all doors open

carelessly by the insiders. So users must also be aware of such possibilities of hacking so that

they could be more cautious in their activities. In the preceding sections we saw the

methodology of hacking, why should we aware of hacking and some tools which a hackermay use. Now we can see what can we do against hacking or to protect ourselves from

hacking. The first thing we should do is to keep ourselves updated about those softwares we

and using for official and reliable sources. Educate the employees and the users against black

hat hacking. Use every possible security measures like Honey pots, Intrusion Detection

Systems, Firewalls etc. Every time make our password strong by making it harder and longer

to be cracked. The final and foremost thing should be to try ETHICAL HACKING at regular

intervals.

ethical hacking full report

Documents