Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville

Published byEsmond Holland Modified over 8 years ago

Similar presentations

Presentation on theme: "Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville"— Presentation transcript:

1 Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville belljus@uwplatt.edu

2 Topics This presentation will explore some high-profile intrusions along with the general methodology behind hacking techniques. The presentation will also cover some specific examples of attacks and vulnerable services. Definitions Famous Hacks Breaking In Malicious Code Terminal Services Denial of Service

3 Definitions: Hacker: someone who attempts to gain unauthorized access into a computer system. Hacking: the process of attempting to gain and possibly achieving access to computer systems by an unauthorized user.

4 Famous Hacks Bank Hack – Johan, 20 years old from Estonia – Gained access through a limited “guest account” – Was able to access services that allowed him to download the SAM file – Once this file was decrypted Johan had login access to all the web accounts for the entire bank.

5 Famous Hacks Security firm – Two 22 year old hackers from London – Through enumeration found open ports – This told them it was a windows server. – Asked the server for user names then did a dictionary attack – Hacked into a personal laptop connected to the system through the guest account

6 Famous Hacks Hacking Comunities – Hackers Against Child Pornography Takes down child pornography rings after notifying international police. – Nashville 2600 – HAL2001 (Hackers At Large

7 Breaking In Profiling – “Casing the Place” – Finding a System To Hack into and figuring out what’s open and what is being used. – Foot-Printing – Scanning – Enumeration

8 Breaking In Footprinting – Finding out everything from the outside, before any access is actually gained – Documentation is extremely important Finding the Posture – Internet Posture – Intranet Posture – Extranet Posture

9 Breaking In – Footprinting whois info – Can be done manually – Services like www.ARIN.net www.ARIN.net University of Wisconsin – Platteville – Clients can do batch whois queries for hackers that don’t have a specific target

10 whois info – Company Name – Administrator’s name – Administrator’s Account Name Can deduce other account names – Site Creation Date Gives info on Legacy systems that may be running Breaking In – Footprinting

11 Internet Search Engines – Google is the easiest because of its massive size – Search for default file paths C:\inetpub TSweb/default.htm –Now the hacker knows the weaknesses of the site and what port to attack : 3389 Breaking In – Footprinting

12 Finding ports – Easiest way to access a system and establish a connection – Tools will scan all possible ports – If default ports are used the hacker can gain knowledge of services that are running If a hacker sees port 389 open he can assume the target is running an LDAP server Breaking In – Scanning

13 Find valid usernames or file shares – Takes advantage of default windows services Domain Controller lookup Exploited by a free Microsoft tool called nltest Breaking In – Enumeration

14 NLTEST Output –C:\>nltest /whowill:ESS bob [20:58:55] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC939) [20:58:55] Response 0: S:\\NET1 D:ESS A:bob (Act found) The command completed successfully –C:\>nltest /whowill:testd test [21:26:13] Response 0: S:\\TEST2 D:TESTD A:test (Act found) [21:26:15] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC295) The command completed successfully Breaking In – Enumeration

15 NLTEST Output –C:\>nltest /dclist:testd List of DCs in Domain testd \\TEST2 (PDC) \\TEST1 The command completed successfully Breaking In – Enumeration

16 Goal of all hacks Highest possible Escalation is the Domain or Forest Admin as well as the Local Admin All Windows Accounts are stored in the “SAM” (Security Accounts Manager) Stores valid users, groups and passwords in an encrypted database. Hashed, then encrypted with a 128 bit key called “SYSKEY” Breaking In – Privilege Escalation

17

18 More than one user can be running processes at any given time – Individual SIDs ( Security IDs) are given to each process so Windows knows the privilege level it can operate at. – Can be a user or “SYSTEM” “LOCAL SERVICE” or “DEFAULT LOGON” accounts

19 Breaking In – Privilege Escalation Because every process needs to access the SAM it has been the top target for Hackers. There have been numerous “bugs” in the encryption that have allowed the SAM to be cracked. Since this is just a file, it can be copied and moved to another system. Then it can either be cracked or have a brute force attack to find passwords.

20 Breaking In – Privilege Escalation Once a single account is broken the hacker will try to infiltrate many different accounts in case the one he knows is changed. This can be done by watching for keys typed or cracking network SAM files “John the Ripper” by “Solar Designer” Searching for files on the system containing the words “password,” “access,” “logon” or “Administrator”

21 Malicious Code Viruses Worms Trojan Horses

22 Malicious Code - Viruses “Segments of code that attach themselves to existing programs and perform some predetermined actions when the host program is executed.” Piggy-back other files, no way to spread on their own – needs a “host” The “host” passes the infected file to some new “host” who runs the file on another system.

23 Malicious Code - Viruses Usually try to copy themselves throughout a system making them difficult to remove. A single Virus can copy many different viruses to many different files. Can do things as harmless as report internet activity to an outside source Can do things as harmful as copy passwords, format a system, or replace words in e-mails. Chernobyl – Deletes Flash Bios Memory

24 Malicious Code - Worms Similar to Viruses, but they contain a mechanism to spread through a computer network without the assistance of other programs or people. Spread Extremely quickly Hard to remove because they re-install right away from other machines

25 Malicious Code - Worms Internet Worm – Installed repeatedly LoveBug – Flooded the Internet with e-mails in May 2000 with the subject, ILOVEYOU – When attachment was opened it sent itself to other systems and ruined system files

26 Malicious Code – Trojan Horses Malicious programs packaged within other seemingly useful programs Hidden like the Trojans waiting in the giant wooden horse Can perform the advertised function, or just the malicious code Hard to pin-point exactly what program the Trojan is hiding in.

27 Malicious Code – Trojan Horses RAT – Remote Access Tool – Installed through a web site – When executed, installs back door for the site administrator – Administrator just looks through the list of IP addresses that accessed the site

28 Terminal Services Provide Remote Access for Hacker Using the usernames gained through enumeration the only thing needed is a password. If the hacker cracked the SAM the system is open. Administrator accounts can not be locked out leaving them open to brute force attacks. ProbTS and TS Grinder help find and exploit Terminal Services Connections

29 Denial of Services (DoS) Over-load the server to render it unable to accept any additional connections Effectiveness of attacks are seriously limited by the hardware and internet connection of the attacker DoS attacks exploit the fact that the target can’t tell if it’s legitimate traffic or not, so it has to respond to everything

30 Distributed Denial of Services (DDoS) Perform the same functions as a DoS, but from many computers at the same time Performed through machines infested with Trojan Horses or Worms Limited only by the number of machines infected Feburary 2000 – first major DDoS – Targeted Google and Microsoft – Took down both sites for a little more than a day – Originated in computer labs from two major California Universities

31 Conclusion Hacking is a lucrative, multinational, criminal occupation As Computer Science or Software Engineering Professionals we must strive to make sure everything we produce is safe against hackers Through understanding the methodology of hackers it’s easier to protect systems from them

32 Questions???

Download ppt "Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Computer Viruses.

Computer Viruses.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Similar presentations

Ads by Google