Hacking Windows.

Slides:

Advertisements

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Week 5-1 Week 5: System Hacking Administrator Password Guessing.

Hacking Web Server Defiana Arnaldy, M.Si

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Module 8: Implementing Administrative Templates and Audit Policy.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.

System Hacking Techniques

Chapter 4 Hacking Windows Last modified: Reasons for Windows Security Problems Popularity & Complexity Backward Compatibility –Very important.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Troubleshooting Windows Vista Security Chapter 4.

IIS Security Sridurga Mavram. Contents -Introduction -Security Consideration -Creating a web page -Drawbacks -Security Tools -Conclusion -References.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Lesson 17-Windows 2000/Windows 2003 Server Security Issues.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.

© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.

System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.

Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.

Module 3 Configuring File Access and Printers on Windows 7 Clients.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Securing New Technology Dominique Brezinski. Introduction We all have a few questions about Windows NT security: Is it really secure Should we be deploying.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Chapter 4 Hacking Windows Part 2. Authenticated Attacks Privilege Escalation Pilfering –Grabbing the Password Hashes –Cracking Passwords –LSADump –Previous.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.

Hacking Windows What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.

TCOM Information Assurance Management System Hacking.

Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.

Announcements RSA Security Conference (extra credit) RSA Security Conference (extra credit) –April 7 through April 11, San Francisco –Visit the Forum for.

Module 10: Implementing Administrative Templates and Audit Policy.

System Hacking (Gaining Access) Additions to CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Chapter Objectives In this chapter, you will learn:

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

I have edited and added material.

Configuring Windows Firewall with Advanced Security

Chapter 5 : Designing Windows Server-Level Security Processes

Hacking Unix/Linux.

Remote Control and Advanced Techniques

Business Risks of Insecure Networks

Hands-On Ethical Hacking and Network Defense

Lesson 16-Windows NT Security Issues

Operating System Security

Implementing Client Security on Windows 2000 and Windows XP Level 150

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Hacking Windows

Windows Windows basic security: Net logon, no bypass of BIOS (HAL), No remote access to console (default), requires admin privileges for interactive login (Server), and has object-based security model: a security object can be any resource in the system: files, devices, processes, users, etc. server processes impersonate the client's security context (key for file servers) Windows is windows NT updated, with more security tools and patches . Quest for administrator Privilege Escalation Consolidation of power, and Covering tracks.

Quest for Administrator Remote password guessing. Net use can help. Nat guesses passwords using user and password lists (Cain and Abel) is similar). Countermeasures: close ports: use Disable NBT to disable 139 and File and Printer Sharing to disable 445. Use Account Policies to setup password length, lock, expiration, etc. Passfilt implements stronger passwords just activate. Read good and bad passwords and see how to reduce other password vulnerabilities. A database of hacked passwords Pwned Passwords (download do not use online). NIST authentication recommendations and this funny take on it. Use Nmap to exploit MSRPC. Eavesdropping on network password exchange and obtaining password hash values: Sniff tools and NT user authentication. Remote buffer overflows: local (interactive login users), LSASS, and remote using Web, FTP, DB servers and many others. Basic countermeasure: download and run Microsoft Baseline Security Advisor to check for patch vulnerabilities. Run administrative jobs from regular accounts.

Privilege Escalation Gathering information: logged as user (not admin), use enumeration tools. Basic countermeasure: set files/directory permissions properly. BIOS password!! Add to administrator group: getadmin and sechole - apply service packs and restrict FTP to server script directories. Also rogue DLLs. Spoofing LPC port requests: using LPC ports API to add to admin group. Again apply the corresponding patch. Trojans: Basic rule: do not use a Server as a workstation (no e-mail, no outside browsing), backup! See Symantec Trojan, Worm, virus list. Or this other with Trojans by ports. And how Trojans scan ports. Kerberos V5: only 2K and above machines have it, downgrades to LAN Manager authentication if older Windows are involved. EFS attack: deleting the SAM blanks the Administrator password. Set BIOS password and C: drive boot only. This allows to login as Administrator (the recovery agent) and decrypt the content of the files (just open and save in a regular folder). It is possible to backup the recovery keys .

Consolidation of Power Assumes that administrator-level access has been obtained. Cracking Passwords: See an introduction/FAQ. L0phtcrack is the key tool, graphical, good documentation and was acquired by Symantec. Again Abel and Cain , etc. Countermeasures: choosing strong passwords. Use SYSKEY SAM encryption, but Pwdump7 circumvents SYSKEY and dump hashes from SAM and Active Directory. Duplicate credentials: locally stored domain user credentials, local Administrator with same password as in the Domain. LSA Secrets: includes plain text service account passwords, cached passwords(last 10), FTP and web user plain text passwords, etc. DSScan detects LSA vulnerabilities. Keystroke loggers: record every keystroke to a (hidden) file. See a variety of Free Keyloggers at cnet to capture keystrokes and more. Sniffers again: See Sniff tools and also dsniff (Win32 version).

Consolidation of Power Remote control: Remote control applications (pcAnywhere, VNC, Windows RemoteDesktop, etc.) are useful, but a major security risk, even when configured properly. Rootkits: patching the OS kernel with rogue code, assuming control of the OS. See Rootkit in Wikipedia for now, more later. Port redirection: redirect from one IP number and port to another IP number and port at the gateway/firewall. See rinetd and fpipe. Man-in-middle-attacks: originally using SMBRelay and SMB Proxy, Abel and Cain MITM capabilities. Check security settings in Domain Controller ports 389 and 3268 (Active Directory). Remove Everyone group from access. Covering Tracks Disabling Auditing: using Auditpol and an example. Clearing the Event Log: use elsave to clear the Event Log. Hiding files: using attrib, NTFS file streaming. Use LNS to search for files hidden in streams.