You Sun, Committee Member PERMISSION Title Histrionically Department Computer Science Degree Master of Science In presenting this project, in partial fulfillment of the requirements for graduate degree from the University of Central Arkansas, I agree that the Library of this University shall make it freely available for inspections. I further agree that permission for extensive copying for scholarly purposes may be granted by the professor who supervised my thesis work, or, in the professors absence, by the Chair of the Department or the Dean of the Graduate School.It is understood, that due recognition shall be given to me and to the University of Central Arkansas in any scholarly use which may be made of any material in my project. Main Krishna Indignant April 30th; 2015 Acknowledgements I would never have been able to finish my project without the guidance of my committee members and friends. I would like to express my deepest gratitude to my advisor, Dry.
Vamps Parachute for his excellent guidance, patience, ideas and for providing me the resources required to conclude my project. I would like to thank Dry.Cheney Huh, for his tremendous academic support and the way he has helped me to craft my report. Similar profound gratitude goes to Dry.
You sun for serving on my Hess committee member and for her constant support and faith in me all the time. Finally I would like to thank the department of computer science for providing me the software and infrastructure required to conclude my project. I am hugely appreciative to each and every professor who shared their experiences during my school at CA. ABSTRACT Contents 1. Introduction 7 2.
Scope 7 Introduction to Computer Security and Ethical Hacking 3.Password Security 1 1 4. 7 5. 6. 7. 8.
9. 10. 11. 12. 13. 14.
15. Pushing and Ant pushing 16 Google Hacks 22 Packet Analysis with Wirehairs 24 Email encryption 32 Kali Linux installation on Virtual box 36 Sql injection attack on Kali Linux 38 Password cracking with Haste on Kali Linux Recommendations 42 Conclusions 42 References 42 Appendix A : 43 40 1. Introduction Now a days there Is no field where the usage of IT is not there. In general, IT (Information Technology) has brought about significant improvements in entire human life as whole.In Globalization, IT has brought the world very closer. We can share the info quicker and efficiently.
We can bring down the barriers easily. The world has developed into a global IT village. It makes the communication cheaper , quicker and more efficient. One small text message can reach the corners of the world within seconds. It brought cost efficiency in everything.
IT is keeping the business open for xx throughout the world. IT created lot of Jobs in Computer programming, Hardware and Software developing, Web designing and Systems analyzing.People stated learning everything in Information Technology. Slowly few people thought of creating some problems with their IT knowledge.
Hacking started from there. Now everyone should have knowledge about computer security. Otherwise they cannot work with IT systems with peace of mind. This project report is to investigate few security problems that are existing in the present day IT Security. 2.
Scope The scope of this project report is to investigate few IT security issues that are existing in the present day IT world and give some recommendations to deal with the security issues. 3.Introduction to Computer Security and Ethical Hacking The hacker is a talented programmer who got extra-ordinary knowledge about the systems and the functions of the systems and who utilizes that extra-ordinary knowledge to tinker some electronics and computer systems. Figure 1. Hacker There are two types of hackers.
White Hat: These hackers will not do any harm to the systems and they will not use their knowledge for illegal purposes. They will help the law agencies in cybercafés. Black Hat: These hackers will utilize their knowledge to steal, destroy other's systems and will utilize their knowledge for UN-ethical purposes.They are bad guys in the internet. Script Kiddies These people may not be having much knowledge about hacking.
They use tools developed and supplied by others and will do some disturbances in the internet. Intermediate hackers These people got good knowledge of computers and networks. They do arrogating; create their own tools to hack. They will make use others tools also. These people cannot find out any new vulnerability but hit the existing well known vulnerabilities. Elite Hackers.
These hackers are the true hackers. They got good knowledge about systems, networks, operating systems, security equipment like firewalls and etc.They do their coding; they find out their own vulnerabilities and try to hit those vulnerabilities. They try to invent/discover new new holes in the computer security apparatus and will try to hit them. Why Hackers Hack The hackers do their Job for many reasons. Everyone will think that hackers will only do harm by penetrating into others systems to destroy the data, SO and the hardware.
But it is not always true. Hackers hack into networks Just to show the loopholes out in the present setup and Just to advice the business owners how vulnerable their setup is.Hackers will not touch anything but will show that they can do anything and they got permissions on system files and application files. These hackers are ethical hackers and their hacking knowledge will not give any bad results to anyone.
Some hackers doest their Job to show off their skills in their hacking society. Few does it Just for fun. Political reasons will be there some times and hackers involved in this political hacking will put up a big banner in the index page of the website and put their political ambitions , messages in the big banner.As the information about the hacking spreads up , the news present in the index page also spread up like a bullet train. In short people hack the systems to notify their thoughts to everyone.
Some paid hackers will be hacking other systems to steam some classified data and to destroy the enemy's computer network. How Do Hackers Hack Hackers do lot of activities with a strong aim in one of the applications like email , system , database and etc. They do email hacking, systems hacking, network hacking, spread and install Trojan horses , hack the websites and hack the software.Hackers Language Hackers uses a language in which they select visibly similar letters for the actual letters. If something is written in the hackers language it will be confusing for anyone for few minutes and everyone will understand the real characters behind the hackers hacked characters.
1 or I L or I IV f ->pH Hackers Language Translation TLD not hack TLS page, lilts Ilk TLS when 1 hacked Len. (Encrypted ) I did not hack this page, it was this when I hacked in. (Decrypted) What is Ethical Hacking? It is legally allowed practice in most of the countries.In this the hackers will hack the systems with some good intentions. They will not do any wrong things after the hacking.
In most of the cases the permission to hack is obtained before do the hacking activity. Hacker wills that he is going to do a Attack and Penetration testing and they will share the test results with the website owner. This activity is a part of verbal security program and hackers does everything with owner's permission. In this Ethical hackers processes same skills, mind set and tools of a hackers but the attacks are done in non-destructive manner.Process of Ethical Hacking The Ethical hacking process starts with Information gathering.
The hackers will do scanning and analysis of the system alter. With the permission of the Webster owner the ethical hacker logs into the system with good prep-?preparation , Access the system and maintain the access to the system till he find out all the security holes in the system. What Are The Various Qualities A Hacker Should have ? The hacker will be a Good Coder. He will be having good knowledge of the hardware and software like Routers, Microsoft, Linux, Firewalls, Network Protocols.He will be having a good knowledge on security system.
He will be a trusted person for the few people. What Should Do After Hacked? Once the server administrator finds out that his system got compromised then he must turn off the system. That system should be isolated from the network and it will be repaired for errors. Sometimes this server will be restored from the backup. If thing works then he should go for new server building from the scratch. .
The compromised server should be connected to the network after re-imaging of the SO. 4.Password Security Passwords are the entry tickets to IT and other enterprise resources. They provide access to the files, shares, printers, VPN, e-mail servers, and the network.
Hacker may crack the passwords and misuse them. Lot of password theft is happening in the internet only. Within the organization internal thefts also happening. Social engineering made the internal password theft as an easy Job. Nearby people can ear the passwords, may see the passwords and make use of them when the password owner is not there.
One should not write the password and keep in anywhere in the house or office.Keeping the passwords on the laptop and desktops, emailing passwords to some group of users in the office are bad practices. Weak Passwords and Strong Passwords Easily hack able and crack able passwords are bad passwords or week passwords. Using the user account parameters like first name, last name, Spouse name, street address, your mobile number are bad ideas and the passwords can be easily racked.
Having password sequence or letter sequence which are all mentioned in the password cracking dictionary are bad ways of selecting the passwords.For easily remembering people sued to take simple passwords made up of English lowercase letters. That also not a good idea. The passwords like 123456 , Password, 12345678, 1234567890, Lettermen, Photos, 1234,Monkey, Shadow, Sunshine, 12345 are the mostly used passwords by vulnerable people. Strong passwords are passwords that are having more than six characters without the user name partially or fully, without paving any personal information, combination of upper and lower case letters, special characters like are not easily crack able and if any one hacker tries to hack the strong password It will take years.To prevent password thefts the week passwords should be converted into strong passwords as shown below.
Original Weak Password: New Strong Password: Loveless L*IV 1 Ledger Accent AC;3i7 Qwerty-y YE#Iraq Bosses NESSES% 1 Technically TECH Table 1 Week Passwords and Strong Passwords Hard passwords are hard to crack but it is possible. Length of time to crack swords of varying complexity is tabulated below. How secure is my password tests Password which is less than 6 chars and it is one of the most common passwords. So it doesn't need much time to crack it.
Figure 2 Password security check Here Password entered is second name of person. And it is plain text. It doesn't need much time to crack it. Figure 3 Password security check Here Password has first name and number sequence.
Hackers can easily crack this password. Figure 4 Password security check Here Password has first name and sequence of numbers. It doesn't need much time to crack it. Figure 5 Password security check Password has more than 6 characters and it has mixture of capital letters, small letters, special symbol and numbers.Figure 6 Password security check Table 2.
Length of time to crack passwords of varying complexity 5. Pushing and Ant pushing What is Pushing? Pushing scams are typically fraudulent email messages or websites appearing as legitimate enterprises like a university, ISP and a Bank or Government Agencies or a private loan vendor. This scam will try to steam the classified person information or financial information. The sources of Pushing The compromised Web servers are the major sources of the Pushing. Emails and Aims will come from the compromised web servers.
Figure 7 Compromised web server acting as a source of pushing World laws will not allow to keep the pushing files and to host the pushing websites in any web server. Usually what hackers does is they will try to find out one vulnerable web server , penetrate it and bring it in their control. The hackers will host the pushing website, Pushing facilities, Email and IM software in that hacked Webster and push the web content to the world. Sometimes the internet users are brought to the sites hosted room these compromised web servers through port redirection, Bootees.In most of the time the hackers installs key loggers in the end user machines and monitor the end user activities.
The Webster administrators will find out that his server got compromised very soon and will take necessary steps to bring back the server to the normal state. Till such time the pushing websites will come from the hacked Webster. Port Redirection In this the week Webster is compromised and a program is loaded. This server will be a Webster in most of the cases and the website hosted in this Webster will be paving a large group of visitors.
The websites will be accessed through port 80.The hacker will install a software known as redid. With the help of redid all the website requests will be redirected to the same server but to a different website. Thus website browsers will be forced to visit a website which are affected with worms and they will collect the user information. Some times the traffic of the one compromised server will beer redirected to another compromised server. Using Bootees Bootees are compromised computers infected with worms and Trojan.
Using this arms and Trojan the hackers will control this PC and connect with the network.
