Post on 15-Aug-2015
How to Fix A Broken Window
Outline
• Hacking• Penetration Testing.• Methodology• Foot printing.• Scanning.• Enumeration.• Gaining Access.• Escalating Privilege.• Covering track.• Creating Back door.• Denial of service.• Backtrack.
Hacking
Type of Hacking
• Black Hat• Grey Hat• White Hat
Black Hat vs White Hat
Black Hat vs White Hat
Pen Tester’s have prior approval from Senior Management while
Hackers are approved by themselves.
Black Hat vs White Hat
Pen Tester’s social engineering attacks are there to raise awareness.
Hackers social engineering attacks are there to trick the DMV into divulging sensitive information about the whereabouts of their estranged ex-spouse.
Penetration Testing
White Hat hacking is known as Penetration Testing or Pen Testing.
“A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a
malicious source, known as a Black Hat Hacker, or Cracker.”
- Wikipedia
Hacking methodology
An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al.
Scanning
Footprinting
Enumeration
Gaining Access
Escalating PrivilegePilferting
Covering Tracks
Creating Back Doors
Denial of Service
Footprinting
• Find out as much information as possible about the target host.
• Find out target IP address.• Find domain name, admin, name servers
• DNS transfer zone.
Techniques
Open Source search
Find domain name, admin, IP addresses, name servers
DNS zone transfer
Tools Google,search engine, Edgar
Whois NslookupSam Spade
Footprinting
Google - itself is very good hacking device
Techniques
Open Source search
Find domain name, admin, IP addresses, name servers
DNS zone transfer
Tools Google,search engine, Edgar
Whois NslookupSam Spade
Footprinting
Spyfu.com and Keywordspy.com
Techniques
Open Source search
Find domain name, admin, IP addresses, name servers
DNS zone transfer
Tools Google,search engine, Edgar
Whois NslookupSam Spade
Footprinting
www.sec.gov -> edgar database
Techniques
Open Source search
Find domain name, admin, IP addresses, name servers
DNS zone transfer
Tools Google,search engine, Edgar
Whois NslookupSam Spade
Footprinting
Steganography
Techniques
Open Source search
Find domain name, admin, IP addresses, name servers
DNS zone transfer
Tools Google,search engine, Edgar
Whois NslookupSam Spade
Reconnaissance
A way of collecting information physically.
Scanning
Three type scan-– Port– Network (live pc, pc name, OS).– Vulnerability scan.
Techniques Ping sweep TCP/UDP port scan
OS detection
Tools Fping, icmpenumWS_Ping ProPacknmap
NmapSuperscanfscan
Nmapquesosiphon
Scanning
Scanning step– Check live system– Open port– Service identification– OS finger printing(what os in server)– Vulnerability scan– draw network diagrams of vulnerable host– prepare proxy (ip spoofing)
Techniques Ping sweep TCP/UDP port scan
OS detection
Tools Fping, icmpenumWS_Ping ProPacknmap
NmapSuperscanfscan
Nmapquesosiphon
Enumeration
• Identify valid user accounts or poorly protected resource shares.
• Most intrusive probing than scanning step.
Techniques list user accounts
list file shares identify applications
Tools Null sessionsDumpACLSid2usreonSiteAdmin
ShowmountNATlegion
Banner grabing with telnet or netcat, rpcinfo
Gaining Access
Based on the information gathered so far, make an informed attempted to access the target.
Techniques
Password eavesdropping
File share brute forcing
Password File grab
Bufferoverflow
Tools Tcpdump/ssldumpL0phtcrackreadsmb
NATlegion
TftpPwddump2(NT)
Ttdb, bindIIS .HTR/ISM.DLL
Escalating Privilege
If only user-level access was obtained in the last step, seek to gain complete control of the system.
Techniques Password cracking Known Exploits
Tools John the ripperL0phtcrack
Lc_messages, Getadmin,sechole
Covering Tracks
Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp.
Techniques Clear Logs Hide tools
Tools Zap, Event Log GUI Rootkitsfile streaming
Creating Back Doors
• Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides.
Techniques Create rogue user accounts
Schedule batch jobs
Infect startup files
Tools Members of wheel, admin
Cron, AT rc, startup folder, registry keys
Techniques Plant remote control services
Install monitoring mechanisms
Replace appls with Trojans
Tools Netcat, remote.exeVNC, B02Kremote desktop
Keystroke loggers, add acct. to secadmin mail aliases
Login, fpnwcint.dll
Denial of Services
• If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort.
Techniques Syn flood ICMP techniques Identical src/dst SYN requests
Tools synk4 Ping to deathsmurf
LandLatierra
Techniques Overlapping fragment/offset bugs
Out of bounds TCP options (OOB)
DDoS
Tools Netcat, remote.exeVNC, B02Kremote desktop
Keystroke loggers, add acct. to sec admin mail aliases
TrinooTFNstacheldraht
Backtrack
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Question and Answer