Presentation is loading. Please wait.

Presentation is loading. Please wait.

DoS on Competitor Web Site.  Phoenix has a “referral” from “Mr. Dobbs” ◦ Dobbs has threatened his girlfriend in the past ◦ Dobbs sent a “client” to Phoenix.

Similar presentations

Presentation on theme: "DoS on Competitor Web Site.  Phoenix has a “referral” from “Mr. Dobbs” ◦ Dobbs has threatened his girlfriend in the past ◦ Dobbs sent a “client” to Phoenix."— Presentation transcript:

1 DoS on Competitor Web Site

2  Phoenix has a “referral” from “Mr. Dobbs” ◦ Dobbs has threatened his girlfriend in the past ◦ Dobbs sent a “client” to Phoenix with a reminder about his girlfriend  Client ◦ Works for a computer parts company ◦ $9B annual revenues ◦ Asking that a whistleblower organization’s web site ( be down/inaccessible for a single day  Organization intends to splash damaging information on a specific day (day before the earnings statement release)  Client does not wish to have the company’s stock prices fall just prior to the earnings release

3  Recon ◦ Shows the site to be amateurish ◦ Google search indicates that HS students were allowed to get experience in designing and putting up the website  Phoenix hopes for poor design, maintenance/security and lower bandwidth

4  Find an unprotected wireless network to perform the hack  Use an anonymizer  Make a DDoS attack using Freak88 DDoS tool  Test the DDoS tool in lab  Infect unprotected hosts with the Server.exe Trojan Horse  Take control of the infected hosts and launch the DDoS on the target site

5  Download contains ◦ Clienttrinno.exe ◦ Server.exe ◦ Msbvm50.dll  Client controls the boxes which have the Trojan server running on them ◦ Servers will issue to pings ◦ These boxes are referred to as “zombies”  The more zombies in the field attacking the victim, the better for the attacker!

6  Shift from email phishing attacks to web based attacks ◦ Email filters are becoming more effective ◦ Web based attacks are more popular now because so much is being put into “business rich” web sites and browsers fail to handle such content  Their primary function is to render web pages  SQL injection  Cross site scripting  Inline frames  CSS  Ping attacks might be filtered ◦ Accomplish the same effect using a web based attack

7  Attack #1: Test  Attack #2: The one that worked  Gain access to Pawn Web site  Lab test the hack  Modify the Pawn site

8  Phoenix ◦ Sets up a victim machine ◦ Starts up Wireshark filtering ICMP traffic ◦ Fires up a server zombie on a machine ◦ Fires up the client software  Dialog box allows attacker to “stack” the IP’s and ports of the zombie machines  Indicates the IP of the victim  Buttons:  Connect, Disconnect, and “Takemout” ◦ Wireshark confirms ton of ICMP traffic

9  Just to be sure… ◦ Phoenix attempts to ping the webpage at  Gets Timed Out results  It turns out that the students have set up a PIX firewall to prevent pings to the web server!

10  Inline frames ◦ If small, but many, inline frames can be installed on a web page  Each frame can load the web page from a site  FORCE MULTIPLIER!  If you can constantly refresh each frame… better still

11  The trick is now to find a web site with lots of bandwidth and lots of traffic  Social engineer the web design company ◦ Phoenix needs write access to the server  Modify the home page ◦ Add inline frames calling the target’s homepage  If 10 frames are added, every time a user brings up the unknowing accomplice’s page, 10 HTML “get” requests are issued against the victime  If you “refresh” the inline request every 5 seconds…

12  Phoenix poses as a potential client ◦ Speaks with developers and requests a demonstration ◦ Representative shows Phoenix how quickly a page can be added  In doing so, the rep refers to a 3-ring binder for the information on sites (credentials, etc)  Phoenix notes the location of the binder  Phoenix bribes the cleaner to photocopy the contents of the 3-ring binder


Ads by Google