70 likes | 231 Views
Computer and Network System Administration. Fall 2004 Scott Daniels. CIS5906. The purpose of hack week is to understand the attack methods the hackers use. Not to make you hackers. There are different labels; hackers (white hat, black hat), cracker, script kiddy and phreeker.
E N D
Computer and Network System Administration Fall 2004 Scott Daniels
CIS5906 • The purpose of hack week is to understand the attack methods the hackers use. Not to make you hackers. • There are different labels; hackers (white hat, black hat), cracker, script kiddy and phreeker. • hackers were normally highly intelligent people who want to understand technology, have been expanded to include good and bad. • crackers and script kiddies are the bottom of the barrel who use the works of others to attack other systems. • Phreekers mainly deal with hacking into phone lines. • Always ask permissions before running hacking tools on any system.
CIS5906 • There are a couple of steps a hacker mainly takes during hacking • Reconnaissance • scanning • Exploiting • Keeping control • Hiding the fact the machine has been hacked
CIS5906 • When first trying to hack a hacker will do Reconnaissance; looking around to gather as much of information. • ARIN and Whois,DNS Interrogation, Web Site Search, Sam Spade, Web-based reconnaissance and attack tools. • American Registry for Internet Numbers contains information about who owns particular IP address ranges and domain names. • DNS Interrogation; By dumping all records from your DNS server a attackers can determine which machines are accessible on the internet • Web Site Search: search the target’s website • Sam Spade: general reconnaissance tool www.samspade.org • Lots of web-based reconnaissance and attack tools. • Dumpster diving and social engenering.
CIS5906 • After the reconnaissance comes the scanning of the systems • Wardialing with TBA and THC-Scan; Network Mapping with Cheops; NMAP; Firewalk; FragRouter;Nessus; Wisker; Enum& Dumpsec
CIS5906 • Next comes the Exploiting of the system. • IP address spoffing; Sniffing with sniffit, dniff and ethereal; Session Hijacking; DNS Cache Poisoning; NetCat; Buffer Overflows and other Errors; Password cracking (L0phtCrack and John the Ripper) and worms • Hackers are getting together, organized and writing modular code that can be used to hack a system. A example of this is metasploit www.metasploit.com
CIS5906 • Once you get on there you must cover your tracks and hide your activities. rootkits are for once you got root. • A hacker will go after the log files, either by trying to fill var before the attack with a denial of service attack or modifying it after having root. • Interesting feature of NTFS a malicious program can be copied to one of the multiple streams associated with a file. cp program from the NT Resource Kit (cp hacker.exe notepad.exe:stream1.exe). The hidden file will follow the other file around. Scary. • Admin hacker can clear the windows log files. Also WinZapper. • Reverse www shell, a placed daemon will at schedule times on port 80 and open a shell so for network monitors it will look like normal web traffic. • Loki gives an attacker the ability to tunnel shell sessions over innocuous-looking protocols. • Convert_TCP allows for transmiting information by entering ASCII data into the following TCP/IP header fields:TP Identification, TCP initial sequence number,TCP acknologment sequence number