Hacking Unix/Linux.

Slides:



Advertisements
Similar presentations
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Advertisements

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Forces that Have Brought the world to it’s knees over the centuries.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Linux Security An overview notes from Linux Network Security HowTO.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Hacking Web Server Defiana Arnaldy, M.Si
Telnet/SSH: Connecting to Hosts Internet Technology1.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Remote Control and Advanced Techniques. Remote Control Software What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Chapter 10 Networking and the Internet ITSC 1458.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran.
Honeypot and Intrusion Detection System
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Linux Networking and Security
How to Hack Primarily, hacking was used in the "good old days" for learning information about systems and IT in general. In recent years, thanks to a few.
Chapter 5 Hacking Unix Last modified Vulnerability Mapping Listing aspects of the target system and associated vulnerabilities –Online vulnerabilities.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
CHAPTER 9 Sniffing.
Cracking Techniques Onno W. Purbo
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
Chapter 5 Hacking Unix Last modified Vulnerability Mapping Listing aspects of the target system and associated vulnerabilities –Online vulnerabilities.
TCOM Information Assurance Management System Hacking.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Linux Services Configuration
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Footprinting and Scanning
SCSC 455 Computer Security Chapter 3 User Security.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
Filip Chytrý Everyone of you in here can help us improve online security....
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Hacking Windows.
Enumeration.
Footprinting and Scanning
Onno W. Purbo Cracking Techniques Onno W. Purbo
Hacking Unix/Linux.
Remote Control and Advanced Techniques
Footprinting and Scanning
Linux Security.
Crisis and Aftermath Morris worm.
Presentation transcript:

Hacking Unix/Linux

Footprinting, Scanning, Enumeration Footprinting: Similar to Windows but using different tools: Network enumeration: using whois and finding authoritative name server. DNS interrogation: using nslookup for zone transfer , host to find e-mail server, and traceroute for network reconnaissance. Also dig. Ubuntu: use System, Administration, Network Tools for ping, whois, traceroute, etc. Scanning: again similar to Windows with different tools : Nmap and Nmapfe: use sudo apt-get install nmap and sudo apt-get install nmapfe to setup. Use sudo nmapfe for graphical interface. ping sweeps, port scanning: tcp and udp, OS detection. Countermeasures: Snort and Psionic Port Sentry: documentation. (seen later in IPS/IDS) Enumeration: UNIX enumeration. UNIX Users and group enumeration: finger (see this example) and tftp should be disabled and killed. Basic daemons: sendmail, rpc, NFS, NIS -- all have known vulnerabilities, setup and latest security patches should be applied carefully.

Getting started Vulnerability mapping: identify specific software vulnerabilities (e.g. sendmail, telnet, ftp, NFS, apache). Quest for root: root or nothing ? Su - root. Remote access: gaining access via the network exploit a listening daemon/service a UNIX system performing routing with IP forwarding enabled user-initiated remote execution (hostile Web site, Trojan horses, etc) Local access: having access to a shell or login to the system privilege escalation attacks (from login to root) once a remote access exploits a vulnerability it gains local shell access Brute force attacks: (we will see John the Ripper but not Hydra) remote login programs: telnet, ftp, rlogin.rsh,ssh, http plus a tool to crack the username/password combination. The /etc/passwd file. You should use shadow passwords. Countermeasures: password education and software (e.g. checkpassd)

Remote access Data driven attacks: sending data to an active service that causes unintended results, generally allowing access to the system Buffer Overflow: same Windows vulnerabilities (C programs). Countermeasures: basically good programming practices, testing, auditing, safer compilers, etc. Input Validation: failure in validating input and accepting extraneous input (hack code!!!). Produces similar results to buffer overflow and the countermeasure is the same: safe programming. Shell access: after gaining access using a data driven attack the first objective is to open a shell window to enter commands. Traditional shell access: telnet, rlogin,ssh (admins can close most). Using X-Windows to run xterm in the remote (target) machine and display in the intruder machine, using its client/server features. Reverse telnet and back channels: admins can remove X, then what? Run nc (netcat) in the intruder and run malicious code in the target creating a telnet connection from target to intruder. Countermeasures: remove X (servers), chmod 750 telnet (Linux, root only), better yet only use ssh.

Common remote access attacks FTP: do not run anonymous FTP in the same server you have regular accounts and ftp with user authentication. Keep up to date with vulnerabilities (e.g. wu-ftpd, a popular ftp, had a vulnerability in exec). Better yet, only use ssh/scp. Sendmail: a very complex mail server (over 80,000 lines of code), which few understand. It is needed in almost all UNIX machines and in most cases should not be disabled. Qmail is a potential replacement. Remote Procedure Call: rpcinfo (as root) let us see the running rpc services. Best defense is to limit the use of RPC services to the minimum. NFS: do not export the file system to everyone, or enable NFS selectively (not active in the MISLab), files saved locally, not in the network. DNS: disable BIND in machines NOT used as DNS servers (type ps aux to see what processes are running, also look for /etc/name.boot). Discussing named is beyond the scope of this course (another difficult daemon to setup safely). Test for buffer overflow using dig @ipnumber version.bind chaos txt X Windows: use xhost to add, delete, names and hosts which can access X-Windows. Not a strong line of defense. Again, remove X-Windows from servers

Local access Password cracking: We cannot decrypt a password, we use a dictionary, or other type of algorithm to generate passwords, encrypt them using the crypt function, DES, etc, and compare with hash in the passwd file. Crack 5 and John the Ripper are two of “the best of the breed.” Local buffer overflow: same problems and countermeasures. Symlinks: ln -s /this /that, when you cat this you see that. Signals in UNIX: you re-start, start, stop daemons sending signals: SIGXXX. Core dump: memory (core) dumps are snapshots of the memory when an error occurs. Delete it or it stays. ulimit set to 0 cancel core dumps. Shared libraries: replace a standard library file with a rogue one, granting privileges to the intruder, when used. Kernel problems: upgrades to the kernel may create security flaws, which will be found, patched, etc. Linux particularly vulnerable (growing). File and directory permissions: SUID files -- a necessary evil. Some applications need to run as root and be used by regular users (solution: SUID). The find command list these files, and there are many of them. World writable files are another problem.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.