SlideShare a Scribd company logo

Ch07.ppt

Download as PPT, PDF
I
ImXaib

The document discusses various techniques used to gain unauthorized access to computer systems, including password cracking, privilege escalation, and covering tracks. Password cracking techniques include passive online attacks using sniffing tools, active online attacks like guessing passwords or using malware, and offline attacks with rainbow tables. Privilege escalation aims to increase access on a compromised system. Covering tracks involves removing evidence from log files and using alternate data streams to hide unauthorized activities. The goal is to provide an overview of hacking methods penetration testers may encounter.

Related slideshows

Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
1 of 24
© SYBEX Inc. 2016. All Rights Reserved. System Hacking Chapter 7
© SYBEX Inc. 2016. All Rights Reserved. Gaining Access • What is gaining access? – Breaking passwords – Opening up a system – Can lead to further actions
© SYBEX Inc. 2016. All Rights Reserved. Password Cracking Passwords are the most widely used form of authentication. Usernames and passwords are a commonly targeted item. Enumeration may have gathered usernames in some cases. Password cracking is used to obtain passwords. Password cracking refers to a group of techniques. It is an essential skill for penetration testers. The ability to crack passwords is a required skill to you as a penetration tester as passwords represent an effective way to gain access to a system.
© SYBEX Inc. 2016. All Rights Reserved. What Makes a Password Susceptible to Cracking? Passwords that contain letters, special characters, and numbers: stud@52 Passwords that contain only numbers: 23698217 Passwords that contain only special characters: &*#@!(%) Passwords that contain letters and numbers: meetl23 Passwords that contain only uppercase or only lowercase: POTHMYDE Passwords that contain only letters and special characters: rex@&ba Passwords that contain only special characters and numbers: 123@$4 Passwords of 11 characters or less Passwords are intended to be something that is easy to remember but at the same time not easily guessed or broken.
© SYBEX Inc. 2016. All Rights Reserved. Password Cracking Types Passive Online • Sniffing Active Online • Brute force • Guessing Offline • Rainbow tables Nonelectronic • Social engineering There are numerous techniques used to reveal or recover a password that you must explore, and each uses a different approach that can yield a password. Each method offers advantages and disadvantages that you should be familiar with.
© SYBEX Inc. 2016. All Rights Reserved. Passive Online Characteristics of passive online Passive attacks adopt a “sit back and wait” attitude. Packet sniffers are a common mechanism to gather passwords. Weak password protection schemes are at risk. Many protocols of older varieties are vulnerable. A passive online attack is any attack where the individual carrying out the process takes on a “sit back and wait” attitude.
© SYBEX Inc. 2016. All Rights Reserved. Protocols Vulnerable to Sniffing Telnet and rlogin (remote login): Using these protocols, anyone can access your keystrokes. HTTP: This protocol sends usernames and passwords in cleartext. SNMP: This is like HTTP; it sends passwords in cleartext. POP: This sends passwords in cleartext. FTP: This sends passwords in cleartext. NNTP: This sends passwords in cleartext. IMAP: This sends passwords in cleartext. There are thousands of protocols that allow people to communicate via networks while also being used to hack into them.
© SYBEX Inc. 2016. All Rights Reserved. Tools for Passive Attacks A network sniffers monitors data flowing over a network, which can be a software program or a hardware device with the appropriate software or firmware programming. • Wireshark • Network Miner • Network Monitor • Dsniff
© SYBEX Inc. 2016. All Rights Reserved. Man-in-the-Middle Designed to listen in on the communication between two parties Can be completely passive if attacker just listens to communication Could become active attack if an attacker takes over the session Some protocols vulnerable to sniffing This type of attack takes place when two different parties communicate with one another with a third party listening in.
© SYBEX Inc. 2016. All Rights Reserved. Active Online Attacks that fit into this category are those that require direct interaction with a system in an attempt to break a password. • Guessing • Malware
© SYBEX Inc. 2016. All Rights Reserved. Password Guessing Bad passwords Pet’s name Spouse’s name Data of birth Phone # Favorite show Best friend Password guessing is a valid and somewhat effective form of obtaining a password. During this process an attacker will attempt to gain a password by using a piece of software designed to test passwords.
© SYBEX Inc. 2016. All Rights Reserved. Using Malware In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. Malware is a class of software with no beneficial use.
© SYBEX Inc. 2016. All Rights Reserved. Using Malware • Keyloggers are a good example of malware. • Keyloggers can be used to gain countless pieces of information.
© SYBEX Inc. 2016. All Rights Reserved. Offline • Rainbow tables – Uses precomputed hashes to identify password
© SYBEX Inc. 2016. All Rights Reserved. What Is a Rainbow Table? Rainbow tables are the end result of a process where every possible combination of characters is generated within certain limits. • Reduces difficulty in brute- force methods • Generates hashes for every possible password • Takes time to create hash table • Faster than other types of attacks • Effective against LAN Manager systems
© SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Privilege escalation Increasing access for compromised account Typically, breached account will not have broad privileges Raising privileges to a level where more actions can take place Can be vertical or horizontal Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances, privilege escalation is required.
© SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Types Privilege escalation is the process where the access that is obtained is increased to a higher level where more actions can be carried out. The reality is that the account accessed typically will end up being a lower privileged one and therefore one with less access. • Vertical – Raising the privileges of an account that has already been compromised • Horizontal – Compromising one account and then another and another, each with an increased level of access
© SYBEX Inc. 2016. All Rights Reserved. Tools for Privilege Escalation Active@ Password Changer Trinity Rescue Kit ERD Commander Kali Linux Parrot OS Windows Recovery Environment (WinRE) Windows Password Recovery
© SYBEX Inc. 2016. All Rights Reserved. Opening a Shell LAN Turtle is a remote access pen testing tool Housed with USB network adapter Allows opening of a remote shell on a system With shell, open commands can be transmitted to remote system What LAN Turtle enables is the ability to perform several attacks such as man-in- the-middle, sniffing, and many others.
© SYBEX Inc. 2016. All Rights Reserved. Running Applications Backdoors Crackers Keyloggers Malware When an attacker is executing applications on a system, they are doing so with specific goals in mind.
© SYBEX Inc. 2016. All Rights Reserved. Covering Tracks Important step in removing evidence Leave no trace behind Eliminate or alter logs, error messages, and files More evidence or tracks means greater chance of being detected
© SYBEX Inc. 2016. All Rights Reserved. Working with Log Files Prevent leaving of information Disabling of auditing on a system May prevent or slow detection Surgical removal of entries in log files is possible
© SYBEX Inc. 2016. All Rights Reserved. Alternate Data Streams Feature of NTFS file system Allows for compatibility with Macintosh file system Stores data in a nearly undetectable resource fork Tough to reveal presence of data stream Special software required to detect files ADS was introduced into the Windows NTFS file system starting in Windows NT 3.1. This was implemented in order to allow compatibility with the Macintosh Hierarchical File System (HFS).
© SYBEX Inc. 2016. All Rights Reserved. Summary • What the process looks like • Steps to take • Tools to use • Information to be obtained

More Related Content

Ch07.ppt

  • 1. © SYBEX Inc. 2016. All Rights Reserved. System Hacking Chapter 7
  • 2. © SYBEX Inc. 2016. All Rights Reserved. Gaining Access • What is gaining access? – Breaking passwords – Opening up a system – Can lead to further actions
  • 3. © SYBEX Inc. 2016. All Rights Reserved. Password Cracking Passwords are the most widely used form of authentication. Usernames and passwords are a commonly targeted item. Enumeration may have gathered usernames in some cases. Password cracking is used to obtain passwords. Password cracking refers to a group of techniques. It is an essential skill for penetration testers. The ability to crack passwords is a required skill to you as a penetration tester as passwords represent an effective way to gain access to a system.
  • 4. © SYBEX Inc. 2016. All Rights Reserved. What Makes a Password Susceptible to Cracking? Passwords that contain letters, special characters, and numbers: stud@52 Passwords that contain only numbers: 23698217 Passwords that contain only special characters: &*#@!(%) Passwords that contain letters and numbers: meetl23 Passwords that contain only uppercase or only lowercase: POTHMYDE Passwords that contain only letters and special characters: rex@&ba Passwords that contain only special characters and numbers: 123@$4 Passwords of 11 characters or less Passwords are intended to be something that is easy to remember but at the same time not easily guessed or broken.
  • 5. © SYBEX Inc. 2016. All Rights Reserved. Password Cracking Types Passive Online • Sniffing Active Online • Brute force • Guessing Offline • Rainbow tables Nonelectronic • Social engineering There are numerous techniques used to reveal or recover a password that you must explore, and each uses a different approach that can yield a password. Each method offers advantages and disadvantages that you should be familiar with.
  • 6. © SYBEX Inc. 2016. All Rights Reserved. Passive Online Characteristics of passive online Passive attacks adopt a “sit back and wait” attitude. Packet sniffers are a common mechanism to gather passwords. Weak password protection schemes are at risk. Many protocols of older varieties are vulnerable. A passive online attack is any attack where the individual carrying out the process takes on a “sit back and wait” attitude.
  • 7. © SYBEX Inc. 2016. All Rights Reserved. Protocols Vulnerable to Sniffing Telnet and rlogin (remote login): Using these protocols, anyone can access your keystrokes. HTTP: This protocol sends usernames and passwords in cleartext. SNMP: This is like HTTP; it sends passwords in cleartext. POP: This sends passwords in cleartext. FTP: This sends passwords in cleartext. NNTP: This sends passwords in cleartext. IMAP: This sends passwords in cleartext. There are thousands of protocols that allow people to communicate via networks while also being used to hack into them.
  • 8. © SYBEX Inc. 2016. All Rights Reserved. Tools for Passive Attacks A network sniffers monitors data flowing over a network, which can be a software program or a hardware device with the appropriate software or firmware programming. • Wireshark • Network Miner • Network Monitor • Dsniff
  • 9. © SYBEX Inc. 2016. All Rights Reserved. Man-in-the-Middle Designed to listen in on the communication between two parties Can be completely passive if attacker just listens to communication Could become active attack if an attacker takes over the session Some protocols vulnerable to sniffing This type of attack takes place when two different parties communicate with one another with a third party listening in.
  • 10. © SYBEX Inc. 2016. All Rights Reserved. Active Online Attacks that fit into this category are those that require direct interaction with a system in an attempt to break a password. • Guessing • Malware
  • 11. © SYBEX Inc. 2016. All Rights Reserved. Password Guessing Bad passwords Pet’s name Spouse’s name Data of birth Phone # Favorite show Best friend Password guessing is a valid and somewhat effective form of obtaining a password. During this process an attacker will attempt to gain a password by using a piece of software designed to test passwords.
  • 12. © SYBEX Inc. 2016. All Rights Reserved. Using Malware In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. Malware is a class of software with no beneficial use.
  • 13. © SYBEX Inc. 2016. All Rights Reserved. Using Malware • Keyloggers are a good example of malware. • Keyloggers can be used to gain countless pieces of information.
  • 14. © SYBEX Inc. 2016. All Rights Reserved. Offline • Rainbow tables – Uses precomputed hashes to identify password
  • 15. © SYBEX Inc. 2016. All Rights Reserved. What Is a Rainbow Table? Rainbow tables are the end result of a process where every possible combination of characters is generated within certain limits. • Reduces difficulty in brute- force methods • Generates hashes for every possible password • Takes time to create hash table • Faster than other types of attacks • Effective against LAN Manager systems
  • 16. © SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Privilege escalation Increasing access for compromised account Typically, breached account will not have broad privileges Raising privileges to a level where more actions can take place Can be vertical or horizontal Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances, privilege escalation is required.
  • 17. © SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Types Privilege escalation is the process where the access that is obtained is increased to a higher level where more actions can be carried out. The reality is that the account accessed typically will end up being a lower privileged one and therefore one with less access. • Vertical – Raising the privileges of an account that has already been compromised • Horizontal – Compromising one account and then another and another, each with an increased level of access
  • 18. © SYBEX Inc. 2016. All Rights Reserved. Tools for Privilege Escalation Active@ Password Changer Trinity Rescue Kit ERD Commander Kali Linux Parrot OS Windows Recovery Environment (WinRE) Windows Password Recovery
  • 19. © SYBEX Inc. 2016. All Rights Reserved. Opening a Shell LAN Turtle is a remote access pen testing tool Housed with USB network adapter Allows opening of a remote shell on a system With shell, open commands can be transmitted to remote system What LAN Turtle enables is the ability to perform several attacks such as man-in- the-middle, sniffing, and many others.
  • 20. © SYBEX Inc. 2016. All Rights Reserved. Running Applications Backdoors Crackers Keyloggers Malware When an attacker is executing applications on a system, they are doing so with specific goals in mind.
  • 21. © SYBEX Inc. 2016. All Rights Reserved. Covering Tracks Important step in removing evidence Leave no trace behind Eliminate or alter logs, error messages, and files More evidence or tracks means greater chance of being detected
  • 22. © SYBEX Inc. 2016. All Rights Reserved. Working with Log Files Prevent leaving of information Disabling of auditing on a system May prevent or slow detection Surgical removal of entries in log files is possible
  • 23. © SYBEX Inc. 2016. All Rights Reserved. Alternate Data Streams Feature of NTFS file system Allows for compatibility with Macintosh file system Stores data in a nearly undetectable resource fork Tough to reveal presence of data stream Special software required to detect files ADS was introduced into the Windows NTFS file system starting in Windows NT 3.1. This was implemented in order to allow compatibility with the Macintosh Hierarchical File System (HFS).
  • 24. © SYBEX Inc. 2016. All Rights Reserved. Summary • What the process looks like • Steps to take • Tools to use • Information to be obtained