Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.

Published byMelanie Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote."— Presentation transcript:

1 Hacking Windows and Windows Security Lesson 10

2 Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote Exploitation: 4 categories Direct connection to a shared resource Installation of backdoor server daemons Exploitation of known server application vulnerabilities Denial of service

3 Connection to Windows Shared Resources Most obvious & easiest way to gain unauthorized access to Windows systems is through the use of shared resources. Windows 9x provided 3 methods for direct access to the system: File and print sharing An optional dial-up server Remote Registry manipulation File and print sharing: Legion by the Rhino9 group, provides the ability to scan an IP range for Windows shares and also comes with a brute force password cracker. Countermeasure to this type of attack is to simply not utilize file sharing on your systems. If you must, make sure you pick good passwords

4 Windows 9x Dial-up Servers The issue is the ease in which anybody can install a modem and then use the Microsoft Plus! add-on package for Windows 95 (comes standard with 98) which includes the Dial-Up server. Chances are high that a system using this will also have file sharing turned on. Matter of guessing a password then. Countermeasure is to not utilize this package or at least select a good password.

5 Remotely attacking the Registry Windows 9x did not provide built-in capability for remotely managing the registry but if the MS Remote Registry Service is installed then it can be. If you are going to install this package, pick a good password. Best idea is probably just not to install it.

6 Windows Backdoors Most common delivery tool for backdoor client/server programs are trojan horses. Most famous of these tools is Back Orifice Like other programs of this sort billed as a “remote Windows 9x administration tool” Allows almost complete remote control of Windows 9x systems. So popular a version was released for Windows NT/2K, BO2K. The way it infects a system is by having the user execute the trojan which will install it. Best way to avoid this is through good malicious code practices NetBus is another, similar program but with more features and capabilities. SubSeven is possibly the most common backdoor program and includes the ability to communicate via IRC.

7 Denial of Service Attacks In addition to the host of other methods to conduct a denial of service attack, there are some Windows 9X specific attacks such as POD (ping of death), and WinNuke. Countermeasures include loading patches and software fixes and not attaching 9X systems directly to the Internet—some legacy systems use this fix.

8 Windows Local Exploits If others can gain physical access to a Windows box, then you are in trouble. Password protected screen-save can be circumvented with a reboot. Password screen as system reboots can simply be avoided using “cancel” button option. One possible way to increase difficulty of attacking these systems is to utilize a BIOS password since BIOS is first thing that is loaded. Other interesting tricks are available open source

9 Windows ME An updated version of Windows 98. From an attacker’s point of view, ME looks very much the same as 98. Remote attacks: file and print sharing disabled by default as is Remote Registry Service so will have to count on luck to have end user turn them on. Local Attacks: users may try to protect files by using password feature when compressing. Problem is that the passwords are kept in cleartext in the file c:\windows\dynazip.log and can thus be viewed by anybody. Countermeasure to this is education so folks don’t use this feature and count on it to protect files.

10 Windows NT OS family A very significant portion of networks run one of the Operating Systems in the Windows NT family (NT, 2000, 2003, XP). Microsoft has done good job of patching problems as they are found so it is possible to secure these systems! The issue, however, is that default installations and novice administrators don’t always result in the most secure of boxes. Another issue is legacy support. Microsoft in its desire to keep users happy has attempted to ensure newer systems can function with earlier SW, but this may result in less than secure systems. Many large systems still have “key” older MS OSes at core of legacy systems

11 Unauthenticated Attacks Two major mechanisms for compromising NT systems: Server Message Blocks (SMB) attacks The Windows file and print sharing service utilizes the SMB protocol. SMB accessed through 2 TCP ports Most effective method to attack SMB if accessible is password guessing Check textbook for discussion on this process Countermeasure: Block access to SMB at perimeter firewall, also set an account lockout threshold so account locked after too many guesses Internet Information Services (IIS) MS installed IIS by default with W2K (eventually MS stopped this) Three major types of attacks on IIS (check text for full discussions) Information Disclosure Directory Traversal Buffer Overflows Again, firewalls to limit inbound (and outbound) access and probably most importantly – PATCH!!!

12 Authenticated Attacks If an attacker succeeds in gaining access to an user account, the next step is to attempt escalation and obtain administrator privilege. getadmin family of attacks useful against unpatched NT4 systems W2K, though it has addressed the specific getadmin tools, is not that much more secure against escalation. Number of potential attacks discussed in text. Once escalated privileges have been obtained, the next goal is pilfering in which attackers grab as much stuff as they can The password hashes will be a common target (discussion in text) Why? The attacker has obtained admin already! Because you may eventually notice and them off, they’ll want to be able to get back in. Password cracking, LC (L0phtCrack) probably best program for this. Don’t forget to check for Remote Control programs and Back Doors!

13 Signs of Intrusion Check your log files Establish baseline metrics, know your system and its users! Watch for signs of an intrusion: Auditing has been disabled (and it wasn’t by you the administrator) Event log has been cleared Check occasionally for hidden files For NTFS file streams try using sfind

14 Security Features One of the most valuable things you can do for a client is to help them better secure their systems and networks. Thus, it is important for us to know as much about securing systems as possible. For Windows family of OS’s, PATCH!!! Become familiar with the large number of security configurations that are available through Group Policy Objects. IPSec implemented in W2K and later in the NT family, XP, Vista, Win7.0 Internet Connection Firewall (ICF) shipped with XP Encrypted File System (EFS) released with W2K More Security Tools finding way to OS--Sysinternals

15 Summary What is the importance and significance of this material? Windows-based systems are found throughout government, academia, and business. Very common and most common OS for home use. How does this topic fit into the subject of “Security Risk Analysis”? With the large number of Windows-based systems, we will undoubtedly come across them in performing a security assessment. We therefore need to know how to test for vulnerabilities and how to protect these systems.

Download ppt "Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote."

Similar presentations

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Similar presentations

Ads by Google