80 likes | 324 Views
CITA 250. Hacking Demo Part 1 Pre-Attack Phases. Hackers. Hackers Access computer system or network without authorization Crackers Break into systems to steal or destroy data Ethical hackers Performs most of the same activities but with owner’s permission.
E N D
CITA 250 Hacking Demo Part 1 Pre-Attack Phases
Hackers • Hackers • Access computer system or network without authorization • Crackers • Break into systems to steal or destroy data • Ethical hackers • Performs most of the same activities but with owner’s permission
Phase 1: Footprinting (Reconnaissance)- Gather Information • Hackers gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network
Footprinting Demo • Google hacking • IPAddress.com • WHOIS: www.whois.net, www.dnsstuff.com • Web server: www.netcraft.com • Email: www.readnotify.com • Software: • VisualRoute (www.visualroute.com) • Sam Spade (information available from en.wikipedia.org/wiki/Sam_Spade_(software))
Phase 2: Scanning- Gain View • Hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use
Scanning Demo • TCP/UDP/port number/service review • Software: • Nmap (www.nmap.org) • SuperScan (www.mcafee.com/us/downloads/free-tools/superscan.aspx) • NetScanTools (www.netscantools.com)
Phase 3: Enumeration- Identify Weakness • Hackers identify user accounts and poorly protected computing resources
Enumeration Demo • Null session • Software: • ipMonitor and more (www.solarwinds.com/downloads/)