1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting.

Slides:



Advertisements
Similar presentations
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 Reading Log Files. 2 Segment Format
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Forces that Have Brought the world to it’s knees over the centuries.
Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
A Discussion In Penetration Testing Marcial White.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
1 cs691 chow C. Edward Chow Penetrate Testing. 2 cs691 chow Outline of The Talk Definition, Concepts on Penetration Testing/Hacking Anatomy of a Hack.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Hacking Unix/Linux.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
CS391 Computer & Network Security
Honeypot and Intrusion Detection System
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
SIM404. Question Source: Demotivation To prevent this.!
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
TCOM Information Assurance Management System Hacking.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website
Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website
Footprinting and Scanning
Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Ethical Hacking Keith Brooks CIO and Director of Services
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Filip Chytrý Everyone of you in here can help us improve online security....
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Hacking Windows.
Topic 5 Penetration Testing 滲透測試
Computer Security and Ethical Hacking
Footprinting and Scanning
Backdoor Attacks.
Hacking Unix/Linux.
Kennesaw State University
Remote Control and Advanced Techniques
Footprinting and Scanning
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
Presentation transcript:

1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service whois, nslookup Nmap, fping dumpACL, showmount legion, rpcinfo Tcpdump, Lophtcrack NAT Johntheripper, getadmin Rhosts, userdata Config files, registry zap, rootkits Cron,at, startup folder netcat, keystroke logger remote desktop Synk4, ping of death tfn/stacheldraht

2 cs591 chow Footprinting Information gathering. Sam Spade is window-based network query tool. Find out target IP address/phone number range Why check phone numbers? Namespace acquisition. Network Topology (visualRoute). It is essential to a “surgical” attack. The key here is not to miss any details. Note that for penetration tester, this step is to avoiding testing others instead of your client and to include all systems to be tested (sometime the organization will not tell you what their systems consist of). Defense: deploy NIDS (snort), RotoRouter Technique s Open Source search Find domain name, admin, IP addresses name servers DNS zone transfer ToolsGoogleGoogle, search engine, EdgarEdgar Whois (Network solution; arin)‏Network solution arin Nslookup (ls – d) Nslookup (ls – d) dig Sam Spade Sam Spade

3 cs591 chow Scanning Bulk Target assessment Which machine is up and what ports (services) are open Focus on most promising avenues of entry. To avoid being detect, these tools can reduce frequency of packet sending and randomize the ports or IP addresses to be scanned in the sequence. Note that some machine does not respond to ping but responds to requests to ports that actually open. Ardor is an example. Technique s Ping sweepTCP/UDP port scan OS detection ToolsFpingFping, icmpenum WS_Ping ProPack nmap Nmap Nmap Superscan fscan Nmap Nmap queso siphon

4 cs591 chow Enumeration Identify valid user accounts or poorly protected resource shares. Most intrusive probing than scanning step. Techniqueslist user accounts list file sharesidentify applications ToolsNull sessions DumpACL Sid2usre onSiteAdmin Showmount NAT legion Banner grabing with telnet or netcat, rpcinfo netcat

5 cs591 chow Gaining Access Based on the information gathered so far, make an informed attempted to access the target. Techniq ues Password eavesdroppin g File share brute forcing Password File grab Buffer overflow ToolsTcpdump/ssld ump L0phtcrack readsmb NAT legion Tftp Pwddump2(NT )‏ Ttdb, bind IIS.HTR/ISM. DLL

6 cs591 chow Escalating Privilege If only user-level access was obtained in the last step, seek to gain complete control of the system. TechniquesPassword cracking Known Exploits ToolsJohn the ripper L0phtcrack Lc_messages, Getadmin, sechole

7 cs591 chow Pilfering Webster's Revised Unabridged Dictionary (1913) Pilfer \Pil"fer\, v. i. [imp. & p. p. Pilfered; p. pr. & vb. n. Pilfering.] [OF. pelfrer. See Pelf.] To steal in small quantities, or articles of small value; to practice petty theft.PilferedPelf Gather info on identify mechanisms to allow access of trusted systems. TechniquesEvaluate TrustsSearch for cleartext passwords Toolsrhosts LSA secrets User data, Configuration files Registry

8 cs591 chow Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp. TechniquesClear LogsHide tools ToolsZap, Event Log GUI Rootkits file streaming

9 cs591 chow Creating Back Doors Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides. Technique s Create rogue user accounts Schedule batch jobs Infect startup files ToolsMembers of wheel, admin Cron, ATrc, startup folder, registry keys Technique s Plant remote control services Install monitoring mechanisms Replace appls with Trojans ToolsNetcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Login, fpnwcint.dll

10 cs591 chow Denial of Services If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort. Technique s Syn floodICMP techniquesIdentical src/dst SYN requests Toolssynk4Ping to death smurf Land Latierra Technique s Overlapping fragment/offse t bugs Out of bounds TCP options (OOB)‏ DDoS ToolsNetcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Trinoo TFN stacheldraht

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.