17-09-2016, 12:51 PM
1455121863-EthicalHackinginLinuxEnvironment.docx (Size: 50.98 KB / Downloads: 7)
Abstract —
“Ethical Hacking” which attempts to pro-actively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. Ethical hackers may be tested unreleased software, stress test released software, and scan networks of computers for vulnerabilities. Ethical hacking can be defined as the practice of hacking without no malicious intention, rather evaluate target system with a hackers perspectives.[1][7] Hacking is a process to bypass the security mechanisms of an information system or network. In common usage, hacker is a generic term for a computer criminal. Hacking is an unprivileged usage of computer and network resources. The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.
Keywords —Ethical standards[2], Penetration, Exploits, Philosophy of Hacking, Emanations, Vandalism.
I. INTRODUCTION
This paper aims at putting forward the basic concept of ethical hacking and difference between a hacker and cracker, root philosophy of hacking, the approach that differs in the thought processes of hackers and programmers and reveals secretes of hacking under Linux domain. As we all are aware that data and Computer Communications are hot subjects and getting hotter every day[5]. We see it when we turn on our television, cordless or cell phone, or the computer when we get our email. It has provided us lightning speed conveniences that our grandparents could only imagine when they went to the movies to see Buck Rogers or Dick Tracy. However, what they could not have imagined was the "dark side" that comes along with these technological advances. The rapid growth of the Internet has brought many constructive and valued solutions for our lives such as e-commerce, electronic communication, and new areas for research and information sharing. However, like many other technological advancements, there is also an issue of growing number of criminal hackers. [4]Businesses are scared of computer experts who will penetrate into their web server and change their logo, steal their private emails or credit card numbers, or put in software that will quietly transmit their organization's data to somebody in another country.
Hackers are commonly known as bad or terrible people in our society. They are also known as crackers or black hat guys. The reason is that majority of computer users are somehow victim of malicious activities by other users who are outstandingly experts in computers. The important thing to understand is not all the hackers are bad as some people are doing penetration of a system in the limits of ethical standards to understand the vulnerabilities in their system or their clients system, also called white hat hackers. Hence the term ―Ethical Standards‖ actually refers to the consideration if the person performing hacking has a valid intention or not. If he or she just wants to access the target system with an illegal intention and misuse the data explored, can be termed as the cracker whereas the ethical hacker always intends for test that yields the vulnerabilities of the system as the output through the process of hacking. In ethical hacking, for example, a network administrator might use the encrypted password file and a "cracking" program to determine who has not picked a good password. The need is to train our computer science students with ethical hacking techniques, so that they can fight against criminal hackers. Because ethical hackers believe that one can best protect systems by probing them while causing no damage and subsequently fixing the vulnerabilities found.
II. RELATED WORK
The new generation of hackers are turning open source into a powerful force in today‘s computing world. They are the heirs to an earlier hacking culture that thrived in the 1960s and 1970s when computers were still new part of community that believed software should be shared and all would benefit as a result. These experts programmers and networking wizards trace their lineage back to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this community coined the term ―Hacker‖. Hackers build the internet and made the UNIX operating system what is it today. Hackers run the Usenet and make the World Wide Web work.
1. Hackers sparked the open source revolution- In 1991, Linus Torvalds sent a posting to an Internet newsgroup, asking for advice on how to make a better operating system. His project was a Hobby, he said, and would never be ‗big and professional‘[12].
In 1994, the first working version of Linux was distributed. Marleen Wynants and Jan Cornelis, while discussing the economic, social, and cultural impact of Free and Open Source Software in their paper ―How Open Source is the Future?‖ suggest that Linux was more than just a toy of hackers. Propelled by Linux, the open source culture surface from its underground location.
In the spring of 1997, a group of leaders in the free software community assembled in California. This group included Eric Raymond, Tim O‘Reilly and VA Research president Larry Augustin, among others. Basically ―HACKING‖ is a loaded term ~ the distinction between hacking and cracking is not universal. The concept of hacking is yielded from the dictionary meaning of ―hack‖ as a verb ―to chop or cut roughly, to make rough cuts‖ as in programming using ad hoc methods based on experience without necessarily having a formal plan or methodology for evaluation. In another perspective and being a little antisocial, hacking is clever but unstructured programming solution to a problem.
2. What is the difference? - In our pyramid of human brain, information is stored in terms of chemicals and genetic substances, as in the same way, two majorly used operating systems viz. Linux and Windows have their owned file system like NTFS and FAT or ext and both of them are considered as robust based on their user‘s perspectives and specification. But the fact lies in that, every operating system can be cracked and hacked. So what is this difference between the hacks and cracks? Ethical hackers simulate how an attacker with no inside knowledge of a system might penetrate and believe their activities benefit society by exposing system weaknesses – stressing that if they can break these systems so could terrorists. The result is not only enhanced local security for the ethical hacker but also overall operating domain security. The white paper also tries to elaborate about the basic tools and techniques that are widely used by a mass of unexplored group of hackers in the world their methodology of working.
3. Philosophy – The backend thoughts that tempts a person to be either a hacker or a cracker
lies in the approach he puts his directions. Henceforth what the hacker digests is this.
Ethical hackers believe one can best protect systems by probing them while causing no damage and subsequently fixing the vulnerabilities found.
Ethical hackers simulate how an attacker with no inside knowledge of a system might try to penetrate and believe their activities benefit society by exposing system weaknesses - stressing that if they can break these systems so could terrorists.
Ethical hackers use their knowledge as risk management techniques.
Whereas influenced with an invalid intentions people think –
Hacker or cracker are clever but an unstructured programmer and believe the same but with invalid intentions.
Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.
Hackers have a destructive R&D approach to break different software, systems, and networks policies.
While revealing more and more about the ethical hacking the journey may stuck up at the point where human mind is made thinking about how a hacker and a normal guy differs in approaches when both of them knows same coding patterns and technologies. But the truth turns a little lifeway that turns us to believe how a black or white hat guy breaks the boundaries of the programming.
A typical developer’s methodology[12]:
Developers are under pressure to follow standard solutions, or the path of least resistance to ―just making it works.‖ As long as a trick works, detailed understanding is often considered optional. Consequently, they might not realize the effects of deviating from the beaten path.
Developers tend to be implicitly trained away from exploring underlying APIs because the extra time investment rarely pays off.
Developers often receive a limited view of the API, with few or hardly any details about its implementation.
Developers are de facto trained to ignore or avoid infrequent border cases and might not understand their effects.
Developers might receive explicit directions to ignore specific problems as being in other developer‘s domains.
Developers often lack tools for examining the full state of the system, let alone changing it outside of the limited API.
A Hackers methodology:
Hackers tends to treat special and border cases of standards as essential and invest significant time in reading the appropriate documentation (which is not a good survival skill for most industrial or curricular tasks).
Hackers insist on understanding the underlying API‘s implementation and exploring it to confirm the documentation‘s claims.
As a matter of course, hackers secondguess the implementer‘s logic (this is one reason for preferring developer-addressed RFCs to other forms of documentation). Hackers reflect on and explore the effects of deviating from standard tutorials.
Hackers insist on tools that let them examine the full state of the system across interface layers and modify this state, bypassing the standard development API. If such tools do not exist, developing them becomes a top priority.
4. Understanding the need to hack your own system
To catch a thief, think like a thief.t that‘s the basis for ethical hacking. Protecting your systems from the bad guys and not just the generic vulnerabilities that everyone knows about is the need of the hour and is absolutely critical. When you know hacker tricks, you can understand how vulnerable your systems are. Hacking preys on weak security practices and undisclosed vulnerabilities. An exploit is a piece of malware code that takes advantage of a newly-announced or otherwise unpatched vulnerability in a software application ex; OS, web browsers, plug-ins etc. When ―ethical‖ is placed in front of the term hacking it denotes the moral activity. Unethical hacking has no permission to intrude the systems. Ethical hacking includes permissions to intrude such as contracted consulting services, hacking contests, and beta testing of information security or any IT project.
HACKING IN LINUX OPERATING SYSTEMS[7]
In the last decade the open source movement has been a vital source of innovation affecting software development. However, open source community practices have provoked a Debate on software quality—namely, is open source software‘s quality better than that of its closed source counterpart? Studies have attempted to correlate metrics with software performance or validate that metrics can actually predict software systems‘ fault proneness.
Open Source Software
Where you can define closed-source software as a product created using traditional software development methods, the definition of open source software isn‘t always straightforward. This is because a software product can take at least three paths to become open source. For example, a collaborating open source community developed the Linux kernel; an individual created PGP (Pretty Good Privacy) and the Mozilla browser were originally developed as proprietary software. One implication of this is that any conclusions about Linux might not hold true for all open source products. But being an initiative taker, open source communities make society Linux strong system software. A hacker always needs to figure out the vulnerabilities in the victim system.
A)Local Access Control in Linux Environment From a Physical Security (PHYSSEC) perspective, problems do not really begin until attackers have their hands on a machine. Having suitable access controls to prevent direct access and policies in place to prevent social engineering will help ensure that attackers are kept at a safe distance. Linux is a robust OS, but it is still vulnerable to hardware dangers that may lead to damage on its physical drives or power losses that may cause data corruption. Therefore, in addition to access controls, server rooms should include the following items to ensure integrity and availability and provide protections from power outages, power anomalies, floods, and so on[7].
•Console Access
Stealing data using a Bootable Linux CD:
1. Reboot the system and configure it to boot from the CD-ROM.
2. Boot into the bootable Linux distro.
3. Open a root command shell.
4. Create a mount point by typing mkdir mountpoint, which will create a directory called mount point.
5. This is where the file system will be mounted.
6. Determine the type of hard disks (SCSI or IDE) on the system. [sda, sdb, sdc, and so on for SCSI, & hda, hdb, hdc, and so on for IDE] To determine the disk type, type fdisk –l or look through the output of the dmesg command.
7. Determine the partition on the disk to be mounted. Partitions on the disk are represented as sda1, sda2, sda2, and so on.
8. Identifying the correct partition that contains the /etc/shadow fi le (always the root ―/‖ partition). It is usually one of the first three partitions.
9. Type mount /dev/sda# mountpoint, where /dev/sda# is your root partition (sda1, sda2, sda3,…), and mountpoint is the directory you created.
10. Change to the /etc directory on your root partition by typing cd mountpoint/ etc
11. Use your favorite text editor (such as vi) to open the etc/shadow file for editing.
12. Scroll down to the line containing the root‘s information, which looks something like:
root:qDlrwz/E8RSKw:13659:0:99999:7:::
13. Delete everything between the first and second colons, so the line, resembles this one: root::13659:0:99999:7:::
14. Save the file and exit you editor.
15. Type cd to return to the home directory.
16. Type umount mountpoint to unmount the target file system.
17. Type reboot to reboot the system and remove the bootable Linux distribution CD from the drive.
18. Now the system can be accessed as root with no password (or the known password).
B)Chrooting Directory
The amount of work that goes into securing a system can be partially mitigated by taking advantage of the chrooting abilities built into certain applications or by using the chroot feature that is included or can be compiled into Linux. Chroot is a combination of two words: change and root. It creates a sandboxed, virtual directory that is used to provide a user or an application access to only a limited subset of resources. Certain daemons, such as FTP and SSH, have the built-in or add-in ability to sandbox users in a carefully crafted ―chrooted‖ environment.
Identifying Dependencies:The process of identifying and copying application dependencies and configuration files can be painstakingly performed using various Linux tools, such as the following.
Strace:A utility designed to trace all syscalls and executable makes. It will enumerate all files (configuration files, library dependencies, open files, output files) for a given executable. It shows voluminous output as it systematically steps through a binary as it executes.
•Privilege Escalations •File Permission and Attributes •Chrooting in system directories •Hacking Local Passwords •Disabling Bootable CD’s and Bios Password
C)Privilege Escalation
We have described ways that attackers can compromise a system due to lack of physical access controls on or surrounding a system. Instead of aiming only to prevent
physical access to the machine or direct access to its drives, you must also consider how to safely allow semitrusted users some level of access to a machine, but not give them greater permissions than necessary. You must try to prevent users from escalating their privileges themselves and gaining access to unintended resources. Having said that, Linux systems often require a user be able to elevate his or her own privileges from time to time, when executing certain commands. Sudo is a utility that grant granular access to commands that users can run with elevated permissions. When using or administering a Linux box, you frequently need to switch back and forth between performing administrative-type tasks requiring enhanced permissions and regular-type tasks only needing basic user permissions. It would be ineffective to operate using a basic user account all of the time and unwise to do everything as root. Due to the restrictions placed on standard user accounts and the number of steps involved in switching back and forth between accounts, not to mention the irritation caused by the path changing every time, the tendency is to just log in to the system as the superuser and perform all the tasks from start to finish. This is very problematic.
D)Restrict System Calls with Systrace
Interactive Policies
One of the most powerful system access controls is the Systrace utility that allows enforcement of interactive policies. Proper utilization of this utility can replace other access controls, or be added to them, as part of a defensein-depth architecture. It essentially creates a virtual chrooted environment where access to system resources can be specifically permitted or denied for a particular application. The Systrace utility has three primary functions:
• Intrusion detection
• Non-interactive policy enforcement
• Privilege elevation
Intrusion DetectionThe Systrace utility enables administrative personnel to monitor daemons (especially useful if done on remote machines) and generate warnings for system calls that identify operations not defined by an existing policy. This allows administrators to create profiles for normal daemon operations on a particular system and generate alerts for any abnormal activity.