04-03-2011, 09:44 AM
presented by:
vamsi
[attachment=9496]
INTRODUCTION
It is an intellectual activity
It is a sort of mental gymnasium
It can also used for criminal activities
Ethical hacking is one of remedy to prevent the criminal hacking
HACKER Vs CRACKER
Hacker - a computer freak who peeps into others computers
- computer experts who knew everything about the way of software works
-they debug code and use trail and error methods to discover new tricks and secrets
There is a thin line between hackers and cracker
Cracker - nerd persons with an intention of harming others computers
- besides unauthorized entry they try to destroy others resources
TECHNIQUES:
Cookie based technique
SQL Injection technique
Object based technique
COOKIE BASED
Cookies are bits of data that a browser stores in your visitor's computer
They are stored in file named ‘temp’
They allow us to store data, specific to a particular user or a particular site
Java script is the popular method in cookie based technique
Example:
This is a simple java script to hack any web site
‘javascript: document.body.contentEditable = 'true';document.designMode = 'on'; void 0’
By placing this JavaScript code in the address bar of your web browser and hit enter, it will become editable just as a notepad
It is shown below
Before:
After:
SQL INJECTION
SQL Injection involves entering SQL code into web forms
This method mainly used in breaking password of any web application
It works directly on database
There are many SQL queries to break the password
Example:
Following are some of the SQL codes used to break passwords
x‘ or 'a' = ‘a (or) 1=1—
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a‘
Above SQL command is the full form of SQL code
The above commands are placed in the password field to break
OBJECT BASED
Objects are created to hack the data from ones system
They are classes written in the Java programming language
They are used to encapsulate many objects into a single object (the bean)
they can be passed around as a single bean object instead of as multiple individual objects