1 / 21

System Hacking

System Hacking. Active System Intrusion. Aspects of System Hacking. System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in the middle DoS Buffer overflows Privilege escalation Remote control and backdoor Track covering Hide sensitive information.

maida
Download Presentation

System Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Hacking Active System Intrusion

  2. Aspects of System Hacking • System password guessing • Password cracking • Key loggers • Eavesdropping • Sniffers • Man in the middle • DoS • Buffer overflows • Privilege escalation • Remote control and backdoor • Track covering • Hide sensitive information

  3. Password Guessing • NetBIOS TCP port 139 open then guess admin, guest, john smith (NULL passswords) • Try connecting to shares C$ %systemdrive% admin$ guest$

  4. Password Cracking • Manual/automatic cracking (text file lists) • Dictionary attack • Brute Force • Keyloggers • Password Sniffing Legion Cain 7 Able LophtCrack Jack the Ripper Kerbcrack

  5. Examples • Administrator • User • Arcserve • Test • Lab • Username • Manager • Temp • ID number NULL, password, admin administrator, user, password, backup, temp, ID

  6. Examples • Easy to remember names • Use the same password for many accounts • High probability pairs www.mksecure.com/defpw

  7. LM Manager LM Early windows operating systems NTLM NT operating systems NTLMv2 Windows XP and 2000 (Kerberos 56bit 128bit encryption)

  8. Eavesdropping • Packet/Port filtering • Security scanners NTInfoScan

  9. Countermeasures Block TCP/UDP ports 135-139 445(netbios network bindings) Complex passwords Log failed login events (event viewer EVENTS 529, 539) Restrict rights to run system tools such as cmd.exe Firewall IPSec Passprop RK (default admin no lock ability) IDS

  10. Demo/Exercise • Cain & Able • Create a user account and crack password.

  11. SMB • Server Message Blocks Request Response

  12. Command line hacks • At 15:23 /interactive cmd.exe • Net use \\192.168.0.1\c$ * /u:administrator

  13. Vulnerabilities • RPC • LSASS • Stack/Buffer overflows • Buffer overflow attacks involve sending overly long input streams to the attacked server, causing the server to overflow parts of the memory and either crash the system or execute the attacker's arbitrary code as if it was part of the server's code. The result is full server compromise or denial of service. • Some of the well-known Internet worms, including Code Red, Slapper and Slammer, use buffer overflow attacks to propagate and execute payloads. Buffer overflow vulnerabilities are some of the most common programming errors.

  14. Man in the Middle SMBRelay server Because Windows automatically tries to log in as the current user if no other authentication information is explicitly supplied, if an attacker can force a NetBIOS connection from its target it can retrieve the user authentication information of the currently logged in user.

  15. Privilege Escalation Gain access to a system and give your self more privileges PipeupAdmin GetAdmin.exe Hk.exe Sechole Spoofing LPC Psexec

  16. Pilfering Grabbing information such as the SAM database NT Active Directory %windir%\windowsDS\ntds.dit

  17. www.winhackingexposed.com • In depth coverage of windows security and vulnerabilities

  18. Countermeasures • Deny Log on locally • Lock down IIS URLScan IISLockdown • Audit Logon events

  19. Events/Database Export • Dumpevt www.somarsoft.com • EventCombWindows

  20. IDS • Blackice blackice.iss.net • Entercept www.mcafeesecurity.com • Cisco security Agent www.cisco.com • Sentivist www.nfr.com • E-trust IDS www3.ca.com • ITA enterprisesecurity.com • Realsecure www.iss.net • Tripwire www.tripwiresecurity.com

  21. Exercise • Use command line tools to connect to another computer • Filter event logs

More Related