Kennesaw State University How To Hack Windows Brent Williams MCSE, CNE, A+, N+, XP-MCP brwillia@kennesaw.edu Kennesaw State University (Atlanta, Georgia)

Agenda Why Talk About Hacking? Hacking Scenarios Utilities, Techniques, and Ideas Preventive Methods New Threats

Hackers Know… They Look for Targets of Opportunity Most System Administrators are Self-Taught Most Don’t Know of Basic Security Issues in Windows Many Systems are Left Vulnerable

Think Like a Hacker (or script-kiddie, if you prefer!)

Hacking Steps Casing the Establishment Public Sources Social Engineering Network Hacking (Attack a Server) Information Retrieval System Damage System Hacking (Attack a PC)

NETWORK ATTACK

Footprinting: Target Acquisition Visit Their Web Site http://www.kennesaw.edu http://its.kennesaw.edu/netsoft/prodnov.shtml http://its.kennesaw.edu/net/net.shtml Open Source Search – People www.allwhois.com www.arin.net (130.218) Sam Spade Nslookup Tracert Visual Route

Scanning Ping sweeps Look for Ping Ultrascan Superscan WS_Ping (Ipswitch) Look for Port 80 Port 139 and 445 Port 21

Protect and Check Firewall Software Shields Up? www.zonealarm.com www.networkice.com www.norton.com Shields Up? www.grc.com www.firewallcheck.com

Decide How to “Break in” Use a Web Browser and Exploit a Weakness Buffer overflow (plant Netcat) Unchecked Data Attach Use a Null Connection Net Use \\ip\ipc$ “” /u:”” Look for Shares \\ip address or \\server name

Example: Windows Enumeration (What You Want) Identify Valid User Accounts Identify Group Membership Find Poorly Protected Shares Tools… Winfingerprint Superscan Dumpsec

Example: Windows Enumeration (Windows Can be Vary Easy!) Get the User IDs, Groups, etc. DumpACL – www.somarsoft.com - Wow! LDAP query – Dump Accounts and Groups on a 2000 Server Tool is on the Windows 2000 Server CD!

Example: Get a Password Brute Force Attack More Elegant Tools L0PHTCRACK LC3/LC4

Easy Hacks Shares Most users don’t know how to use NTFS Default permission in NT/2000 is EVERYONE has FULL CONTROL Changed in XP to EVERYONE has READ

Protecting Windows Servers Get and Run the MS Baseline Security Analyzer Use Policies Latest Service Packs and patches Weekly or automatic http://windowsupdate.microsoft.com Firewall Software Learn how to use NTFS permissions

Wireless Hacking Wireless LANs are everywhere Business, Schools, Homes By Default, they are Open! Easy to Find – Netstumbler Warchalking Protection is limited WEP: Wired Equivalent Privacy – can be hacked - airsnort New Protection Methods 802.1x

WORKSTATION ATTACK

Basic Windows 95/98 PWL file Document Passwords Keystroke Logging Your Admin Password is All-Over-the-Place! Easily copied to a floppy Document Passwords www.lostpassword.com www.lostpasswords.com Keystroke Logging

Workstation Attack Prevention Firewall – especially on cable or DSL Limit Shares - Use Passwords Make Document Passwords LONG Be aware of PWL files

Windows XP Professional Attacks More secure out of the box Use Policies Know how to use NTFS Limit Shares Don’t turn on IIS Use the built in firewall (or other)

SpyWare New threat Visit to Web Site Installs SpyWare Used to Mine Personal Info Destabilizes PC Get SpyBot

Vendors and Politicians Fail Us Why do Email and Web Clients allow software to install (without a prompt)? Why not put network access in a “sandbox”? Why are web sites allowed present misleading “User Agreements” What will we do about HTML?

Web Sites for Tools www.2600.com www.hackersclub.net www.hackingexposed.com

Summary Get Some Training! Hacking Tools are Plentiful Simple to Use Evolving You Must Expect Attacks on All Systems Do the Basics – That Stops 99% of Attacks!

This Presentation Available Visit http://edtech.kennesaw.edu/brent See Our Course Schedule at http://edtech.kennesaw.edu

Add N-stealth Pest Patrol Nessus Retina Check Web Sites Check Edtech2000 server Install LC3/LC4 on laptop Keystroke Logger detection