Webinar: 5 Deadliest attacks an Ethical Hacker is capable-of
2017 was a year where cybercrimes took another level. There has been ransomware attack and the leak of Spy tools and various other mind-boggling attacks by hackers that shook the biggest of the economies in the world.
GreyCampus brings to you 1 hour webinar video hosted Mr. Syama Prasad. He covers the 5 attacks from the curriculum of the Certified Ethical Hacking training by EC Council. The attacks will be covered with their demonstrations using iLabs. But before getting to this, we will cover what exactly is the job role of an Ethical Hacker in a company, his obligations, and limitations. The attacks shown in this webinar might have an unexpected result if done without any supervision. It is best advised to use the time given for one-on-one discussion with the trainer and clear all your doubts before getting down to implement them yourself.
Below is the recorded version of the Webinar that was held on 18th of January 2018.
All right well hello everyone welcome to today’s session and today I will be presenting the topic 5 deadliest attacks an ethical hacker is capable of ok. To all those who aspire to become a certified ethical hacker I’d like to introduce today’s presenter mr. Sharma Prasad Das who is a certified ec-council instructor he has trained over 200 plus professionals and worked on various offensive and defensive security projects over domains including pentesting defensive security forensic investigation Linux and windows security software-defined data center security secure storage cluster policy and different network security postures in data center before we proceed let’s all set up some guidelines for an easy flow of the session 1 before the webinar begins everyone will be muted to prevent the noise disturbance to the presenter for asking questions you can please send a message over the chat or raise a hand you have an option two questions will be taken by the presenter during the session why a chat you can also email your questions to support at grey campus.com I repeat its support at grey campus.com will be very happy to take your questions and give you more information we will also have a dedicated question and answer session at the end of the webinar okay also stay tuned for details on payment plan for CEH training and certification (also consider checking this perfect guide for cyber security certification) at the end of the webinar okay now we’ll go ahead with the session today or what do you mr. shama Prasad does yeah thank you so good morning guys so this is shama here and I’m want to share my screen right now first I hope everyone can see my screen I’m going to present today particular types of attacks which is running nowadays a lot and yeah what ethical hackers do by those attacks and how they do penetration testing to find out not only the vulnerabilities but also to find out multiple types of exploits and how to do a penetration testing successfully and how to generate a report and how to submit it so these are the things done by the ethical hackers I will be discussing more about this penetration testing and I will show you some of the deadliest attack which can be done by ethical hacker.
I will be starting with the difference between vulnerability as analysis and penetration testing so before moving to pond ability analysis and penetration testing I will emphasize on what exactly security what exactly information security and what is cyber security I’m want to discuss about that then I’ll move to what exactly the things happens when ethical hacker do a penetration testing and when these things come into picture so that I’m want to discuss there then I will I’ll be showing you multiple type of sniffing passwords using qua sir so I want to show you how to sniff a particular network right and how you can get the user ID and password from the network there are multiple ways are there I’m want to show you two different ways one will be from the local machine from where we can sniff it by the local network interface card and the other one I’m want to show you is how we can sniff a remote device or remote computer system and then I’ll move with performing a man-in-the-middle attack using one of the tool well-known tool that is called enable that is what I’m want to show you there and then we’ll move with some of the doors and Dos attacks so there are two doors attacks I am want to show you today one will be sync loading attack which happens over tcp/ip protocol basically the flag the tcp flag which is want to enable there and it is going to send continuous packets over the network to capture the bandwidth so that the machines network bandwidth use fully by the attacking machine or by the attacker or by the ethical hackers machine through which he is doing the attack okay so that is one of the Dos attack I’m want to show you and the other one will be a city big flooding using DOS HTTP so this is one of the tool which helped us to do a particular kind of flooding with over port number 80 that is the HTTP service port right so that is want to show you about that port and then will move with no performing distributed Dos using one of the tool called HOIC so I will tell you how exactly a well-crafted sophisticated Dos attack happens over multiple but machines or you can see jam in machines right so multiple machines with multiple threat they actually do that and it will be not only called as Dos it will be called as distributed dos attack or denial of service attack so these are the few attacks we are going to see and I will be taking a small break in between before showing the dos attack so that I need to go for my environment from EC Council I lab but I’m want show you all these things so let me quickly start with what exactly cyber security is and what exactly the information security is and what each security so people are confused with these all things and when they want to start working on this area or wanted they make it as a profession they are all confuse with this what exactly from where we need to start so let me tell you here what is security now security is a simple term where we protect something it may be a physical security or it may be a security over network or it may be a security over a particular host machine or you can say your simple your laptops and your mobile devices alright so it can be anything which is which we are protecting all right even your home also now the lock locking systems and all those things and now that will be a simple term it is called security and when it comes to information security information security means protecting the data right protecting the information which is used to run a particular business right it’s it’s business critical information’s but which normally runs from data centers where data will be in process that is using the server resources data data will be in motion from server to client that will be network resources and data will be in dressed that is the storage resources these three things will be part of data center and yeah now it has been moved to cloud right now right so you will see the things I’m working from cloud environment now whenever is ethical hacker we are into penetration testing or we are doing penetration testing so there what happens we get different environments so it may be a normal data center or it may be cloud empowerment but so whenever we do penetration testing we need to understand that okay so the information security has been given over maybe it’s a cloud environment or maybe a normal data center environment so that’s the that’s where we provide information security so it is protecting the internal network right or it is protecting the host machines right so these all things comes under to protect a particular set of data which is in a data center or it may be in the cloud data center.
The next term what now I want to discuss that is the cyber security now cyber security is something which is moving over Internet now the things which is moving over Internet Oesterle between the consumer and the provider for example cloud is providing some application maybe office 365 it’s a Microsoft product so people are using it and people are accessing it over Internet now when they’re accessing over Internet and it needs to to protect because the data what they wants to keep in the word document or maybe Excel document or it may be any other MS Office features so it has to store in a secure channel otherwise someone can attack in the mill and they can get the data so that may be a man-in-the-middle attack all right so now this is the difference between security information security and cyber security (Here’s a resource that will navigate you through cyber security attacks).
Mostly when we do ethical egg hacking we do two types of ethical hacking one will be internal penetration testing or one will be external penetration testing we call it like a black box and white box penetration testing so black box you don’t have any information you have to move from their external zones to the internal zones if it is white box normally we do the penetration testing over the their environment itself it’s a it’s it’s we have information about their infrastructure so we know bit information about their infrastructure we know where it is running how it is running and we just need to know the more sophisticated attacks so we just help them to patch it and so that the next so that the next kind of vulnerability should not be there or it has been passed like you know in 2018 there is one of the vulnerability came out from Intel so intel amt vulnerability and the reason other one is running for same microprocessor chips that is related to this one meltdown and spectra so this is one of the malware so there are lots of wonder bilities lots of milieus lots of breeches happens every time so we should know as ethical hacker what can possibly attack the environment and what we need to do so what kind of report we need to submit so that the company will be protected or there will be a protection so why I am talking about protection more because we are not hackers we are ethical hackers right so ethical hackers always try to protect the environment the cyber and now it all maybe the Information Systems right so what exactly we do.
We do two things we do risk assessment now risk assessment is of two types now one will be your one
Vulnerability assessment and
now see you whether you do one vulnerability assessment or you do penetration testing the thumb rule is you need to follow five steps of hacking so five steps of hacking now is ethical hacker we also do the same thing so we also follow the stay food of hacker so Hacker do five steps we also do five steps but when it comes to wonder ability assessment company azoles stop us in step two itself so we do information gathering we do scanning and sometimes we do enumeration but they take the report in this three phases report and they stop it okay so you no need to do more tasks so you just stop it here so we do not want to exploit our data so just let us know what other vulnerabilities are there and which are having higher severity level so that we will the critical levels or maybe high level or maybe there are multiple levels of vulnerabilities are there so they just want those who under ability needs should be passed so that the main attacks should not be I mean the highly severe at that should not happens right so that’s what they do there so this is part of vulnerability one durability assessment normally we do information gathering there now information gathering simple collect network information host information or national information that’s it scanning identify the systems which are life or which is up which is running and find out so which port is open on each system there are virtual ports are the the services are running so each service run on top of a particular port when we we call about network services so they need virtual port to communicate between other machines or to provide a service to on the outside or the remote accesses so that’s where we need to find out what are the ports needs to be I mean what are the ports are open or what in the ports are closed so that is what needs to be I mean we need to do one durability assessment on top of that so in scanning fridge then in the same page we also do we also identify the services which is the version of the basically so why the version of the service because there are multiple version of services are running maybe there is a wonder ability in the older version of the particular application which has been passed in the newer version so we just wanted to check whether the whenever a company who is running a particular application for example you can take a web server now web server is IAS there or you there are other web servers like apache or you maybe genex or maybe goggle also has its product other products are also there in the market but we just wanted to know whether they’re using the latest past question of the particular application or not if it is not so again.
We need to find out that particular vulnerabilities we need to find out okay so that version things are there we need to find out its vulnerabilities and we need to let the company know ok so these are the things you have you have to patch it up so next thing what is something called enumeration OCI’s which we call it internal penetration testing or internal fund ability assessment now there what we do we do it we do a assessment from the internal network itself so we are inside the organization and we are connected to their switches we are connected with I mean we get the information just to do the penetration testing over the particular data center resources maybe it’s a application level or it may be in network level or it may be OS and hardware level so that will be internal and we find out normally the users groups and the share resources or the share folders or maybe any other network level services so normally we do penetration I’m a affordability assessment over those resources but when it is called as a penetration testing how it is different from vulnerability assessment it’s one step ahead it’s one step ahead first you found the vulnerabilities by using these three steps of the next step is to exploit that from the contain by using a pelo now this payload are the fancy tools no you will find the tools from they call it from dark wave deep wave so there are lots of other things other sites are running so where people are want to get the tools I mean heck Ursula get the tools it’s illegal to do but normally they do they do it to steal information to exploit it but there are some ethical ways are also there are companies who runs like rapid7 so they have Meta squared a meta squared is one of the two which normally have all the payloads knobs or maybe there will be something which is related to the exhilarates or the exploits right so this these these are the malicious code know it in simple term these are the malicious codes which find out the according to a particular vulnerability one code is going to be execute in the computer’s machine or maybe over the network resources and it is going to exploit it and it is going to give maybe a remote access or maybe it is running certain kind of software’s to provide information or to steal the information or maybe it’s it’s kind of like a virus or maybe a worm which is moving across the network right so to stop the things so that is where it is called exploitation successful exploitations now when exploitation happens normal process stops now normal process of a company should not stop all right so there business critical should not stop so that’s where most of the company they stopped their assessments after getting the vulnerabilities they don’t want to move with the penetration testing but some companies they do a challenge they gives challenge like you will find at Apple or Samsung so they give open challenges right so come to our environment and do a penetration testing and let us know whether how much you can exploit our involvement right so they’re in penetration testing they not only do information gathering not only do the scanning both but also they actually actually what they do they exploit the environment to gain access to it and they maintain those access and they so all stay reports and even they do covering the track so that they cannot be been cut by the particular companies and vomit or the company’s security resources like IDs or IPS resources so this is a brief difference between vulnerability assessment and penetration testing.
Sniffing Password Using Wireshark
Now let me move to few of the attack what I am going to show you today so the first one will be the sniffing attack which you which I am going to show you over a stop obviously I’m want to use a Lab from EC Council which has been providing when will be in the training program from CEH see a certification program so there you are goanna this get this particular I’ll have access so where you can do such kind of attack I’ll show you if we now explain you how this attack can be possible and what are the prerequisite required to do these attacks or what are the post things you need to be done because you are ethical hacker you need to know everything it’s not like you are not a normal hacker so that you did the things and you may made the mess and you left out a normal do not work out in organizational and government if you are doing something you need to you know to make it good report out of it and you need to make the things back again I’m unit to make sure everything is running fine at the end of the day over information security and cyber security so here what I’m goanna show you here is now the sniffing a password using wire sucks so here and I use two machines one will be our server where it’s run it runs a web server and the other thing is the consumer or you can say the client who is accessing the web server so when he’s goanna access a web server he’s going to get one of the shopping site or one of the ticket booking site or it is a movie scoop sites so he’s goanna get a movie scoop site so he’s goanna log in to that particular site and when he’s goanna log into it I mean I’m goanna getting that thinks he’s user ID and password from by sniffing the particular server side or the local machine so prerequisite is I have already in the Machine 2012 machine maybe by being exploited to the server or it’s a compromised server the particular client do not know about it and when I’m when he’s connecting to that I’m sniffing the service network adapter so I’m want to get the user ID password out of it this is the one case that is the first case study what I’m want to show you and the second case study is I’m want to I’m not want to know no access these things from the server side or I I know no to be in the local machine I’m want to access it from the remote machine so this 8.1 and machines adapter want to be use or I’m want to sniffing that adapter and I’m getting the particular password and user ID out of it and that can be done by one of the tool called wire sock which is normally used by the network administrators to monitor their network to find out lots of protocol information’s how the data moves over it and how the packets are moving over it so they use it for monitoring purpose but the same thing illegally used by the hackers to get the things done to get a user ID and password and so let me quickly move to the I love environment so let me show you how it exactly works out so this is one of the Lab you will get it when you join this particular course so you here you have multiple types of attacks sophisticated attacks are there already so let me show you on this particular attack out of it okay so meanwhile that live will be up let me quickly move to the next attack.
Performing MIMA Using C&A
Which is also related to or know of a network level attack we can say it whenever we do penetration testing or whenever we do vulnerability assessment so this is one of the attack what happens here it performs men in the middle attack using a tool called coin Cain and Abel now Cain and Abel tool is something which is used by the attackers machine and it is going it is going to interrupt the normal communication between a client to a particular web application server and it will redirect all the traffic which is moving from client to server or server to client through the attackers machine that means there are four steps it normally do one is interruption then interception modification and fabrication now interrupts and it’s stopped the normal process normal request and it take out the request it intercept it and it tried to send the modified message to the server and whenever server is going to send a response to that it is going to do get that response so sometimes they fabricate it also right so the fabricator and they will send their own request after that so this is what comes under men in the middle attack I mean here what happens Windows Server Windows Server I mean here you can see it’s it’s window server which is running here so what I’m going to do here is I’m want to connect it to the switch it’s a network switch although all this machine is connected here and the server is also connected here and the normal user is going to access the web application normally you do not know what happens in between so what is a attacker I’m want to use Cain and Abel tool and I’m want to check I’m want to poison the whole network switch and whatever request sent by the particular machine will come to me and even the server whatever response is want to say give it will also come to me so it’s a both way communication and for to me it is reach to the client and if it is coming from the client side it will reach to the self so it’s both way communication but it will happen through the attackers machine all right so that’s what I have shown you in the example so let’s see these two attacks so let me quickly move.
The environment okay so here have other windows server so first of what I’ll do I’ll log into it and then I all the wires are cool and I’ll start monitoring the interface of this one yourself so I’m want to since following the tool here why sir quickly oops okay yeah I saw bit slow yeah it started so let me I think to installer has been open so cancel one okay let’s install it that’s perfect so let me make run was a okay so now we have the tool install so what I’m want to do here I’m want to select the adapter of the local machine that means the web service adapter right and I’ll start it now here if you’ll see there are three pens you have one will be where you can see all the requests comes from multiple places which is actually monitored or the promiscuous mode has been enabled and you can see the frames for each particular types of requests so here you can see the whole tcp/ip hood if you have understanding on what exactly it is happy yes so you’ll find all the application layer below and then you will find that UDP IP packet Ethernet bits and frames so these all things you can see for a particular request so you can see like that multiple requests so multiple types of requests you can see it here ARP request so basically what Y cell does it’s knit the particular Channel right so what is happening to that particular adapter the connectivity so what I’m want to do here so let me move to Windows Server I’m in Windows client now the server I have started sniffing now have on this client let me connect to it place the console now here what I will do I’ll access one of the website over HTTP modesty TPS because it’s our Internet website only calm and I’ll give the user ID and password and I’ll log in now I have a administrator user I have logged in to this particular website and now I can see all my things so but in the meanwhile Windows Server is also monitoring this particular great question response so let me stop here let me stop the things okay so now what I will do here I’ll select HTTP okay now I’ll go for packet sniffing so I’ll go for find packet I’ll leave string I’ll use one of the key word for txt okay so let me do one more time again I’ll do the same thing I’ll just put find see here on the third pan where we have the hexadecimal values and we have the address reference and they said we have ASCII conversion of these things nowhere you can see in small letter it has written text username Sam I am Sam and text password is also test so it’s a plain text right so I have send it over HTTP so it’s a plain test it’s can be readable anyone who is sniffing the environment right so this is one of the local a network adapter I have sniff now next time what I will do so I will connect now one more case I’m I’m want to show you here I’ll connect with the remote access I’m not going to monitor this Windows Server machine I’m going to monitor one of the client machine so what I will do here now first of all I will go to Windows 8.1 so there I’m going to enable this machine capable of capturing more so that can be possible here over one of the service that is called remote packet capture so let it run later on that particular service see I have told you there are some prerequisite attacks I require to do this kind of attack so you need to have access to this machine maybe you might have installed a Trojan previously you got the remote access out of it so I’m want to discuss about Trojans and malware in a separate topic when you will be in the class of CH but yes so to those attacks you can be in a remote machine and you can run any service out of it by using a true sir right so now once you are in the machine so you can enable one of the service and there I’ll go for the more packet capture and I will start it that’s it .
Next what I will do I’ll move back to Windows 2012 server and here I’m want to again start wire sack and this time I’ll go to capture options and I’ll take it go for – interface this time I’ll use one of the remote interface and I’ll give the IP address of remote machine that is 2008 machine 1961 two zero zero two and yes I told you need to have the password authentication for it and I’ll go with Jason boss one day keep playing close and I have the remote adapter to monitor so I will start monitoring so this machines you can ignore it telling a buffer size and now it’s a normal user that user is again going to browse the web sites now this time I’m going to use another swapping website that will be www okay so let me put its HTTP because sniffing a network you can get the things if it is running over HTTP the plaintext good something put my account Smith and I’ll get the password and the user been logged in and now it is showing me the logout button and yeah he can do his shopping or what we’ll do here let’s go to Windows 2012 machine stop it and let me analyze let me check the packets find string I’ll go with txt I mean this is one of the key word I’m searching but before that I need to choose it it should be HTTP so let me just cancel here a bit I’m good HTTP because I see only the HTTP packets did fine package and I’ll do the same again 16 yes fine the same way what we did last time but that was done for the local machine but this time we got the user ID password from a remote captured adapter you can see the user ID Smith and the password is Smith 1 2 3 which has been written in clear text right so this is one of the sniffing attack or by doing a sniffing attack collect the information the plane takes the information which is moving over the network by monitoring the particular adapters through which it is moving up ok so the next tool what I’m going to show you here from sniffing itself so that will be coin enable 2 so this tool will first install here so to use that tool I’m going to use one of the machine probably 8.1 let me install a tool here this is the attackers machine where you have the tool install so let me go for our poisoning Cain and Abel install it now the communication will happen between this Kali Linux machine to 2012 server but in between there is a machine Windows 8.1 which is the attackers machine which is want to do a man-in-the-middle attack right so it’s a direct connection between one of the machine to a different machine which is a normal communication but it always will happen bit through this particular – ok so let’s see how it can done don’t it so ok so now my tool is ready I’ll put yes and this is the tool where I’m want to capture the network first I’ll choose the adapter of this machine I’ll put ok it’s a bit configuration unit to do here so I’ll start by adapter to sniff the network to didn’t reach all the machines which is connected here and I’ll go to sniffer go to sniffer and I’m want to sniff it and I’ll give the range not in pain 172 17 9 sixty-two let’s put 70 so normally as a got a penetration test though we do for the whole range I’m just doing it for demonstration purpose so let me just use a small wrench here and I found out some of the machine out of it so as I have told you it’s a communication between Kali Linux 2 2012 server so Kali Linux machine IP it will look into Kali Linux machine the IP of the machine will be 67 so let me just confirm it and IP conflict so I have conflict my mistake yeah it’s 67here this window server that is 62 if I’m not wrong let me check I pick on thick yeah it’s 62 so what I’m want to do here in 8.1 machine I’m want to do poison between these two machine so what I will do I will go for a PR and I’ll choose the sniffing and I’ll I will tell to this tool that okay so sniff between 67 to 62 this traffic okay and I’ll simple poison this traffic by using start a Pia okay now it is poisoning the traffic now I’ll go to Kali Linux and I will open the browser and let me access one of the website nice to TP : double slash capital w good sake give that user ID eight one two three okay now this request went to 2012 server where this particular website has been hosted but now when I have run the Cain and Abel tool in between now all the requests and response between this two machine has to pass through my – so you can see here the packet has been captured the receiving packet and the sending packets not only that if you go to password section you’ll go to http you’ll see the plain user ID and password which has been captured here right more better than the Y’s are true it’s like bit more sophisticated tool which can collect the user and password for you from the plaintext HTTP requests ok so let’s take a small break here so I think it will be for your feedback so let me start from a moment yeah over to you gray campus thank you so much.
Shama oh I’m launching a poem well we have a pose all to attend Oh we’ll take a minute to finish the poll and get back thank you all right thank you so much well I hope you have enjoyed today’s session I believe Shama wants to go ahead give you a quick summary and you know take it forward Shama yeah so what do you okay so I will show you one more tool running so that will be for this distributed denial-of-service attack here and then we will go for the Q&A; session so this distributed denial-of-service attack what happens it is a DOS attack again so denial of service attacks so normally there are lots of service runs over the information system or the information network right so this is this is what kind of attack this is what kind of penetration testing what ethical hackers do so they do attack to the particular range of service to stop the surface okay