Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Hacking Methods Techniques and Their Pre

Download as rtf, pdf, or txt
Download as rtf, pdf, or txt
You are on page 1of 15

HACKING METHODS,

TECHNIQUES
ANDTHEIR
PREVENTION
ICT RESEARCH PAPER

MANRAJ SINGH, BBA.LLB 2nd YEAR, A -4


SUBMITTED TO: Mr. H.B. KESHAVA
25/08/2016
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

2|Page
zxcvbnmqwertyuiopasdfghjklzxcvbn
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

mqwertyuiopasdfghjklzxcvbnmqwert
rtyuiopasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmrtyuiopasdfghjklzxcvbnmq
HACKING METHODS,
wertyuiopasdfghjklzxcvbnmqwertyui
TECHNIQUES ANDTHEIR
PREVENTION
opasdfghjklzxcvbnmqwertyuiopasdfg
ICT RESEARCH PAPER

hjklzxcvbnmqwertyuiopasdfghjklzxcv
25/08/2016

MANRAJ SINGH, BBA.LLB 2nd YEAR, A -4


SUBMITTED TO: Mr. H.B. KESHAVA

bnmqwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmrtyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmq 3|Page

wertyuiopasdfghjklzxcvbnmqwertyui
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

INDEX

Sr No. CHAPTERISATION
1) Introduction
2) Definition
3) Hacker" etiquette
4) Ethics
5) Hacking groups
5.1 Open supply and free computer code hackers
5.2- Security hackers
6) Hacking methodology
6.1 Information gathering
6.2 Scanning and enumeration
6.3 Gaining access
6.4 Maintaining access
6.5 Covering tracks
7) Web application testing
8) Security
8.1 Understand
8.2 Communicate
8.3 Train
8.4 Measure
9) Hacking protection techniques
10) Hacking tools
11) Wireless network searching
12) Conclusion
13) Refrences

4|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

5|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

Keywords: Hacking, hacker, etiquette, ethics, groups of hacking, m'category' of hackers, methods of hacking,
security, hacking tools.

1.INTRODUCTION:

Computer hacking means someone alters computer hardware or software such that it can change the original content. The
people who hack computers are known as hackers. Hackers are the experts who had learnt about the computer and the
working of the computer.

RESEARCH METHODOLGY:

This LTP is based on information and interpretations. Drafting and research is based on secondary data provided on the
web. Emphasis is laid on hacking groups as well.

SCOPE OF RESEARCH:

In this LTP,we shall be primarily focusing on hacking methods,techniques of hacking and how we can prevent hacking in
our day to day life.

SIGNIFICANCE:

Through this LTP,we shall be explaining all the types of hacking,types of hackers,hacking groups and methods to prevent
hacking.

RESEARCH QUESTION:

What is hacking.Explain the methods,techniques and ways to prevent hacking

2.DEFINITION

Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a

clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics

that qualify one as a hacker, which we paraphrase here:

A person who enjoys learning details of a programming language or system

A person who enjoys actually doing the programming rather than just theorizing about it

6|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

A person capable of appreciating someone else's hacking

A person who picks up programming quickly

A person who is an expert at a particular programming language or system, as in "UNIX hacker"

Raymond deprecates the use of this term for someone who attempts to crack someone else's system or otherwise
uses programming or expert knowledge to act maliciously. He prefers the term cracker for this meaning.
The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically,
this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the
weak points in a security system.

7|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

3.HACKER ETIQUETTE

Hacker Ethic may be a term that was 1st utilized in Hackers: Heroes of the pc Revolution written by Yankee journalist
Steven Levy in 1984. The ideology behind hacker ethics came from the values of the hackers at the university computer
science Laboratory. The key points square measure:

"Access to computers - and something which could teach you one thing concerning the method the planet works -Should
be unlimited and total. Invariably yield to the active Imperative!"
"All data ought to be free."
Mistrust authority- promotes decentralization."

Hackers ought to be judged by their hacking, not imitative criteria like degrees, age, race, or position."

"You will produce art and sweetness on a pc."


"Computers will modification your life for the higher."

4.ETHICS
The Jargon File, a wordbook of hacker slang created in 1975 from multiple technical cultures, conjointly provides a
definition of hacker ethic.

1. "The belief that information-sharing may be a powerful positive smart, which it's associate moral duty of hackers to
share their experience by writing ASCII text file code and facilitating access to data and to computing resources where
doable."

2. "The belief that system-cracking for fun and exploration is ethically OK as long because the cracker commits no
thievery, vandalism, or breach of confidentiality." A lot of typically, hacker ethic "is that just about all hackers square
measure actively willing to share technical tricks, software, and probably computing resources with different hackers".

5.HACKING GROUPS
The two classes of hackers area unit Open supply and free computer code cluster and therefore the second is security
Hackers cluster.
5.1. OPEN SUPPLY AND FREE COMPUTER CODE HACKERS
Hackers UN agency see the look of the computer code as associate degree sort and that they build the program simply.
This cluster was developed within the 1960s by educational hackers those area unit operating with minicomputers within
the field of technology. It became a lot of what we all know because the free computer code and open supply movement
in 1990s.The hackers people who belong to the open supply and free computer code class named as white hat hackers.
Hackers beneath this cluster add the open and blow over their real name. Usually they appear down for security hackers
and consult with them as kooky. Programmers people who area unit operating within the educational culture can modify
existing code or the resources to attain their finish goal. Most of the contributors belong to the present cluster. Example
Linux creator LINUS TORVALDS and DENNIS RITCHIE and KEN THOMPSON creator of C programming. A number
of the foremost common free computer code merchandise that exists area unit given below.

Free Software Description


Linux OS
Eclipse Java based Integrated Development Environment
Mozilla Internet browser
Firefox Lightweight browser

8|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

Wireshark Network protocol analyzer


Thunderbird Redesign of Mozilla mail component
Openoffice Complete office suite
My SQL Relational database management system

5.2. SECURITY HACKERS

Security hackers square measure the class of hackers prefers to be uncommunicative. Typically they use associate degree
alias to hide their true identity. Hackers within the security hacking class square measure known as black hat hackers
operating with unwell intensions. Some teams and people but might higher be classified as gray hat hackers. The cluster
was at the start developed within the context of phreaking, the social group curious about the general public phone
networks, throughout the 1960s and also the personal computer bulletin board system (BBS) scene of the 1980s.

6. HACKING METHODOLOGY
The method of hacking is worn out 5 phases. The phases are a unit.

Information gathering

Scanning and enumeration

Gaining access

Maintaining access

Covering tracks

6.1. INFORMATION GATHERING


This part includes survey and foot printing. This part is preparation part that is employed to assemble the data the
maximum amount as potential past to AN attack. The offender tries to search out and exploit a ambiguity by
distinguishing patterns of behavior of individuals or systems. Here non-intrusive ways area unit used for making a map of
AN organizations network. The ways area unit,

Target system

Network design

Application sort

Operating system and version

Server sorts

Physical Location

6.2. SCANNING AND ENUMERATION

During this part, the offender acknowledges target systems informatics address and determines whether or not a system is
on the network and additionally they're accessible. additionally this part helps to spot the known security loopholes in
keeping with system and repair version and defines a user account or system account to be used in hacking the target
system. Most account rights will then be exaggerated to permit the account with a lot of access than it had been
9|Page
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

antecedently granted.
6.3. GAINING ACCESS

During this section of hacking, hackers exploit exposures exposed throughout the survey and scanning section. They may
gain access through dissimilar path like,

Direct access to a private laptop

Local space network

Internet

A common exposure includes stack primarily based buffer overflow, denial of service and hijacking session that has the
most objective to realize the possession of the system. Once the system has been hacked, the system management is below
the hacker and that they use the system as they need.
6.4. MAINTAINING ACCESS

Once gaining access, hackers keep the access for his or her future activities. They will even harden the system and shield
their access with backdoors rootkits and Trojans to forestall different hackers. Once the hacker owns the system, they will
use it as a base to launch further attacks within which the cooperated system is additionally referred to as zombies.
6.5. COVERING TRACKS

In this section hackers would take away all traces of the attack like log files, alarms to safeguard themselves. The purpose
of this to avoid detection by protective personnel to continue exploitation the compromised system and take away proof of
hacking to avoid action.

7. WEB APPLICATION TESTING

On-line services, net applications are developed and deployed with smallest attention given to security risks, leading to a
shocking range of company sites that are at risk of hackers. Outstanding sites from variety of regulated industries together
with money services, government, healthcare, and retail, are probed daily. The implications of a security breach are great:
loss of revenues, harm to believability, legal liability, and loss of client trust. Software system most at risk of these styles
of attacks includes:
User interface code: This can be to supply the planning and feel of the location
Web server: This supports the physical communication between the user's browser and therefore the net applications
Frontend applications: This interfaces directly with the interface code, and backend systems

8. SECURITY PLAN
A Web Application Security method is enforced exploitation four key guidelines:
8.1. Understand

Perform security audits and defect testing throughout the appliance life cycle. Production applications are a clear 1st place
to implement regular audits and analysis to see security and compliance risk to a corporation. At constant time, don't
forget that the appliance development life cycle is that the piece of land for the defects that cause the risks. Playacting
security testing throughout the appliance development life cycle at key points throughout the varied stages from
development to QA to Staging can scale back prices and considerably scale back your on-line risk.
8.2. Communicate

When risks and security defects are known, it's imperative to induce the proper data to the proper neutral. Development
has to perceive what these vulnerabilities and compliance exposures are in development terms. this suggests providing
details around however the attack works and steerage on rectification. There are many smart sources each on-line and in
security testing tools for developers. Similarly, QA should be ready to perform delta, trend and multivariate analysis on
the protection defects similar to they are doing for performance and practicality flaws. Exploitation their existing
10 | P a g e
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

strategies and metrics they, alongside Product Management, will properly priorities and monitor the defect rectification
method further as accurately assess unleash political campaign. Finally, with the ever-increasing range and scope of state
and internal laws and policies, groups from Security, Risk, Compliance, and analysis & Development have to be
compelled to communicate and validate application risks against these terribly real business drivers.
8.3. Train

Guarantee correct coaching of developers. This doesn't essentially mean that with coaching the codes they write are going
to be safer. However the a lot of developers perceive however net servers and browsers communicate and act, and
therefore the protocols employed in web communications, the a lot of possible they're to create applications that aren't at
risk of attacks.
8.4. Measure

For any method to achieve success there has to be criteria by that to live the successes or failures of the procedures
enforced. Organizations use trending and defect rectification analysis metrics to spot areas and problems to focus on; there
may well be a particular security defect sort that keeps cropping up which may then be known and prohibited through
targeted education and coaching to acknowledge recurrent risks with a specific infrastructure product or seller. Ultimately,
measurement and analyzing scan results can contribute to a discount in liability and risk led to by implementing an online
application security set up.

9. HACKINGPROTECTION TECHNIQUES

In relevance numerous hacking activities, a number of the suggested protection techniques area unit
9.1. SECURITY INFRASTRUCTURE

One amongst the foremost common infrastructures for imposing info security is that the firewall, that aims at proscribing
the access of incoming and departing traffic through configuration of rule sets.
9.2. INTRUSION DETECTION SYSTEM

It protects a network by grouping info from a spread of system and network supply, so analyzing the data for potential
security issues. It provides time period observation and analysis of user and system activity. In general, there are a unit 2
styles of IDS, specifically Network Intrusion Detection System (NIDS) monitors multiple hosts by examining network
traffic at the network boundaries and Host Intrusion Detection System (HIDS) will monitor one host by analyzing
application logs, filing system modification like word file and access management lists.
9.3. CODE REVIEW
For any self-developed applications like internet applications, AN freelance code review conducted severally from the
appliance development so as to make sure no security flaw is disclosed from the codes that area unit visible to the general
public, and proper error handling and input validation are implemented within the code.
on the programs ought to be
9.4. SECURITY PATCHES

Several service suppliers, together with package vendors and package suppliers compromise with security patches once
their weakness of the package or package was found. The installation of up-to-date protective patches is incredibly vital
since these weaknesses area unit sometimes noted to the general public.

10. TOP TEN HACKING TOOLS

Commonly, a hacker knows the usage of tools. Some hacker writes their own tools. Here are the top TEN best hacking
tools listed below:

o Nmap

o Wireshark

11 | P a g e
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

o Cain and abel

o Metasploit

o Burp suite

o Aircrack-ng

o Nessus

o THC hydra

o Hping3

o Putty
10.1. Nmap

This is often additionally referred to as because the Swiss knife of hacking. This is often largely employed in the foot
printing section to scan the ports of the remote laptop for locating out ports is open.
10.2. Wireshark

This captures all networks traffic prying a network adapter. It analyze for juicy information like usernames and
passwords. To perform network troubleshooting network directors is employed.
10.3. Cain and abel

This could be wont to crack window watchword. It additionally performs man within the middle attacks, capture network
passwords etc.
10.4. Metasploit

It's a large info of exploits. Its the final word hacking tool which will enable to hack a laptop. Its best to use metasploit
below Linux.
10.5. Burp suite

Burpsuite may be a net proxy tool that is employed to check the net application security. This could brute force any login
type in a very browser. One will edit or modify information before causation to the server. This tool is below windows
and Linux environments
10.6. Aircrack-ng
Aircrack-ng may be a set of tools wont to crack wireless fidelity passwords. This additionally comes below Linux setting.
10.7. Nessus
This is often a comprehensive automatic weakness scanner. One ought to provide information processing address as input
and it'll scan that address to seek out the weakness therein system.

10.8. THC Hydra

This is often a quick watchword cracker tool. It cracks passwords of remote systems through the network. It will crack
passwords of the many protocols as well as ftp, http, etc. there's Associate in Nursing choice to provide a lexicon file it
contains attainable passwords. It comes below Linux setting.
10.9. Hping3

Hping3 sends custom ICMP, UDP or communications protocol packets so displays any replies. This tool is extremely
helpful once attempting to trace route/ping/probe hosts that have firewalls obstruction traditional pings. This comes below
windows and Linux.
10.10. Putty
12 | P a g e
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

It's not a hacking computer code by itself; it's an awfully great tool for hacker. Its a shopper for SSH and telnet, which
may be wont to connect with remote computers. The use putty after you needs to attach to your return machine from your
Windows laptop. It may also be wont to perform SSH tunneling to bypass firewalls.

11. WIRELESS NETWORK SEARCHING

Even though the wrongdoer collects tidy quantity of data concerning a wireless network through sniffing, while not
revealing his wireless presence in the slightest degree, there are a unit items that will still be missing. The wrongdoer then
sends unnaturally created packets to a target that trigger helpful responses. This activity is understood as searching or
active scanning.

The target might realize that it's being probed, it'd even be a honey pot target fastidiously created to lure the wrongdoer.
The wrongdoer would try and minimize this risk.
11.1. Detection of SSID
Detection of SSID is often potential by merely sniffing Beacon frames as describe during a previous section.

If Beacon transmission is disabled, and therefore the wrongdoer doesn't want to with patience sit up for a voluntary
Associate Request to seem from a legitimate station that already features a correct SSID, or Probe Requests from
legitimate stations, he can resort to searching by injecting a research Request frame that contains a spoofed supply
raincoat address. The Probe Response frame from the APs can contain, within the clear, the SSID and alternative data
kind of like that within the Beacon frames were they enabled. The wrongdoer sniffs these Probe Responses and extracts
the SSIDs.

Some models of APs have associate degree choice to disable responding to Probe Requests that don't contain the right
SSID. During this case, the wrongdoer determines a station related to the AP, and sends the station a cast Disassociation
frame wherever the supply raincoat address is about thereto of the AP. The station can send an Association Request that
exposes the SSID.
11.2. Detection of APs and stations

Every AP could be a station, so SSIDs, raincoat addresses area unit gathered as delineated on top of. Certain bits within
the frames establish that the frame is from associate degree AP. If we tend to assume that WEP is either disabled or
cracked, the wrongdoer may collect the informatics addresses of the AP and therefore the stations.
11.3. Detection of searching

13 | P a g e
HACKING METHODS, TECHNIQUES ANDTHEIR PREVENTION

Detection of searching is feasible. The frames that associate degree wrongdoer injects may be detected by the intrusion
detection systems (IDS) of hardened wireless local area network. Theres GPS-enabled instrumentation which will
establish the physical coordinates of a wireless device through that the probe frames area unit being transmitted
.

12. CONCLUSION

The word "hacker" carries weight. People strongly disagree as to what a hacker is. Hacking may be defined as legal or
illegal, ethical or unethical. The medias portrayal of hacking has boosted one version of discourse. The conflict between
discourses is important for our understanding of computer hacking subculture. Also, the outcome of the conflict may
prove critical in deciding whether or not our society and institutions remain in the control of a small elite or we move
towards a radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will move beyond their
limitations (through inclusion of women, a deeper politicization, and more concern for recruitment and teaching) and
become hacktivists. They need to work with non-technologically based and technology-borrowing social movements (like
most modern social movements who use technology to do their task more easily) in the struggle for global justice.
Otherwise the non-technologically based social movements may face difficulty continuing to resist as their power base is
eroded while that of the new technopower elite is growing and the fictionesque cyberpunk-1984 world may become
real.

13. REFERENCES
[1] http://www.gangte.net/2013/09/top-10-best-hacking-tools.html
[2] http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm

[3] http://ito.hkbu.edu.hk/eng/publication/newsletter/is_newsletter/professional/Issue_11_HackingProtection/JU
CC%20Newsletter-IT-11%20HackingProtection.pdf

[4] http://www.cse.wustl.edu/~jain/cse571-07/ftp/hacking_orgs.pdf
[5] http://www.nebhe.org/info/pdf/tdbank_breakfast/Fraud_Prevention_and_Detection.pdf
[6] http://www.cs.berkeley.edu/~bh/hacker.html
[7] http://whatishacking.org/
[8] http://stackoverflow.com/questions/449421/what-is-the-legal-definition-of-hacking
[9] http://www4.ncsu.edu/~kksivara/sfwr4c03/projects/YamKhadduri-Project.pdf
[10] http://www.iss.net/security_center/advice/Underground/Hacking/default.html

14 | P a g e

You might also like