We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMadeleine Carson
Modified over 2 years ago
© Centre for Development of Advanced Computing, Hyderabad
Presentation Outline Theory about Hacker Some Common Attacks(Theory) Buffer Overflow Case Study: –Buffer Overflow in Microsoft RPC DCOM implementation Hacking Techniques Demonstration
© Centre for Development of Advanced Computing, Hyderabad We believe… Think like Hacker, to stop the intrusion in your own Network Protect your Network, before they(evil hacker) attack the vulnerabilities in your Network
© Centre for Development of Advanced Computing, Hyderabad What is hacking Hacking is exploring the details of programmable systems Stretching the capabilities of computer systems Sharing their computer expertise Can also mean breaking into computer systems(cracking) Hackers saw programming as a form of artistic expression and the computer was the instrument of their arts
© Centre for Development of Advanced Computing, Hyderabad Difference between Hackers and crackers HACKER –A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. –One who programs enthusiastically (even obsessively) or who enjoys programming rather than simply theorizing about programming. –Positive CRACKER –gaining access to important information that you have. Surely you are a V.I.P. in the computer world and you are being seriously hunted; –gaining access to your system resources. –interrupting your host’s efficiency (with no threat of exposure). This may be dangerous if your clients require uninterrupted service from your host; –forming a base to implement the above goals while attacking another computer. In this case, the logs of the attacked computer will show that the attack was performed from your address; –checking out the mechanism of attacks against other systems. –Negative
© Centre for Development of Advanced Computing, Hyderabad Hacking History 1969 - Unix ‘hacked’ together 1971 - Cap ‘n Crunch phone exploit discovered 1988 - Morris Internet worm crashes 6,000 servers 1994 - $10 million transferred from CitiBank accounts 1995 - Kevin Mitnick sentenced to 5 years in jail 2000 - Major websites succumb to DDoS 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) 2001 Code Red –exploited bug in MS IIS to penetrate & spread –probes random IPs for systems running IIS –had trigger time for denial-of-service attack –2 nd wave infected 360000 servers in 14 hours Code Red 2 - had backdoor installed to allow remote control Nimda -used multiple infection mechanisms email, shares, web client, IIS 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server 2003- MS Blast worm exploited the vulnerability in the MS RPC DCOM implementation 2004- My DOOM worm performing the DDOS against MS and SCO web site ……………………..
© Centre for Development of Advanced Computing, Hyderabad Hackers’s Motivations Fun Profit Extortion Technical Reputation Scorekeeping Revenge/maliciousness Intellectual Challenges Desire to embarrass Experimentation Self Gratification Problem Solving Exposing System Weakness Want to be Hero of Wild Internet
© Centre for Development of Advanced Computing, Hyderabad Types of hackers Professional hackers –Black Hats – the Bad Guys –White Hats – Professional Security Experts Script kiddies –Mostly kids/students User tools created by black hats, –To get free stuff –Impress their peers –Not get caught Underemployed Adult Hackers –Former Script Kiddies Can’t get employment in the field Want recognition in hacker community Ideological Hackers –hack as a mechanism to promote some political or ideological purpose –Usually coincide with political events Criminal Hackers –Real criminals, are in it for whatever they can get no matter who it hurts Corporate Spies –Are relatively rare Disgruntled Employees –Most dangerous to an enterprise as they are “insiders” –Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise
© Centre for Development of Advanced Computing, Hyderabad Types of Attacks Internal – like Technical attacks External – like Social Engineering
© Centre for Development of Advanced Computing, Hyderabad Without Hackers, Programming languages such as C and C++ would not exist Operating Systems such as Unix and Linux would not exist Microsoft might not been developed Basically, no one would be designing new types of software Antivirus Companies would not have became billionaire
© Centre for Development of Advanced Computing, Hyderabad With Hackers that crack, Security is thought of and efforts are put forward to making information more private Free software is made available because of these people These crackers create jobs for others to stop them Since home users are more vulnerable with less security they are an easy target for people to hack into for fun Software developers improve their software Hacking is healthy to the computer industry?
© Centre for Development of Advanced Computing, Hyderabad Threats to the Information System Autonomous Agents, Back Doors, Backup Theft, Call Forwarding Fakery, Condition Bombs, Covert Channels, Cracking, Data Aggregation, Data Diddling, Data Theft, Degradation of Service, Denial of Service, Dumpster Diving, E-mail Overflow, E-Mail Spoofing, Excess Privileges, False Updates, Get a Job, Hangup Hooking, Illegal Value Insertion, Invalid Values on Calls, Induced Stress Failures, Infrastructure Interference, Infrastructure Observation, Input Overflow, IP Spoofing, Logic Bombs, Login Spoofing, Masquerading, MIP Sucking, Network Services Attacks, Backup Information, Open Microphone Listening, Packet Insertion, Packet Sniffing, Password Cracking, Password Guessing, Password Sniffing, PABX Bugging, Phracking, Phreaking, Ping of Death, Piracy, Process Bypassing, Protection Limit Poking, Salami Technique, Scanning, Session Hijacking, Shoulder Surfing, Social Engineering, Spamming, Sympathetic Vibration, Time Bombs, Timing Attacks, Toll Fraud Networks, Traffic Analysis, Trap Doors, Trojan Horses, Tunneling, Use Bombs, Van Eck Bugging, Viruses, Wiretapping, Worms
© Centre for Development of Advanced Computing, Hyderabad How Hackers can Access Your NetworkWireless Internet Door Modem
© Centre for Development of Advanced Computing, Hyderabad Once inside, the hacker can... Modify logs –To cover their tracks –To mess with you Steal files –Sometimes destroy after stealing –A pro would steal and cover their tracks so to be undetected Modify files –To let you know they were there –To cause mischief Install back doors –So they can get in again Attack other systems
© Centre for Development of Advanced Computing, Hyderabad Some Common Attacks
© Centre for Development of Advanced Computing, Hyderabad SYN RQST SYN ACK client server Spoofed SYN RQST zombie victim Waiting buffer overflows Zombies SYN ACK TCP SYN flood
© Centre for Development of Advanced Computing, Hyderabad Zombies on innocent computers Server-level DDoS attacks Infrastructure-level DDoS attacks Bandwidth-level DDoS attacks Distributed Denial of Service
© Centre for Development of Advanced Computing, Hyderabad Smurf Amplification victim zombie amp/255.255.255.0 500 victimamp.255ping.rqst src dst 1 Direct broadcast address 500
© Centre for Development of Advanced Computing, Hyderabad Spoofing X Y Z Mr. Z is that you? Yes I’m here!
© Centre for Development of Advanced Computing, Hyderabad Social Engineering AttackerDevesh “social engineering is a term that is used by hackers and crackers to denote unauthorized access by methods other than cracking software” Good afternoon., Is this Mr. Devesh Yes Sorry to disturb you. I understand that you are very busy, but I cannot log into the network. And what does the computer tell you? “Wrong password.” Are you sure you are using the correct password? I don’t know. I don’t remember the password very well. What is your login name? Devesh OK, I’ll assign you a new password… Hmm…let it be art25. Got it? I’ll try. Thank you.
© Centre for Development of Advanced Computing, Hyderabad Passive Sniffing login: devesh passwd: india123 SNIFFER In Hub Networks
© Centre for Development of Advanced Computing, Hyderabad Active Sniffing Switch 1 23 Port 1- 00:00:00:AA:AA:AA Port 2- 00:00:00:BB:BB:BB Port 3- 00:00:00:CC:CC:CC 00:00:00:AA:AA:AA00:00:00:BB:BB:BB00:00:00:CC:CC:CC
© Centre for Development of Advanced Computing, Hyderabad How ARP Works IP -> 192.168.51.35 MAC -> 00:00:00:AA:AA:AA IP -> 192.168.51.36 MAC -> 00:00:00:BB:BB:BB Internal ARP Cache 192.168.51.35 – 00:00:00:AA:AA:AA Internal ARP Cache 192.168.51.36 – 00:00:00:BB:BB:BB Who has 192.168.51.36 ARP Request ARP Reply 192.168.51.36 is at 00:00:00:BB:BB:BB AB
© Centre for Development of Advanced Computing, Hyderabad ARP Cache Poisoning IP -> 192.168.51.36 MAC -> 00:00:00:BB:BB:BB Internal ARP Cache 192.168.51.35 – 00:00:00:CC:CC:CC System B IP -> 192.168.51.35 MAC -> 00:00:00:AA:AA:AA Internal ARP Cache 192.168.51.36 – 00:00:00:CC:CC:CC System A IP -> 192.168.51.37 MAC -> 00:00:00:CC:CC:CC Internal ARP Cache 192.168.51.36 – 00:00:00:BB:BB:BB 192.168.51.35 – 00:00:00:AA:AA:AA Attacker 192.168.51.36 is at 00:00:00:CC:CC:CC 192.168.51.35 is at 00:00:00:CC:CC:CC
© Centre for Development of Advanced Computing, Hyderabad Attack Methodology The Beginning – Goal : Decide why this system should be attacked. Steps 1. Gather the Information about the victim hosts 2. Locate the victim hosts by some scanning program 3. Identify the victim host vulnerability 4. Attack the victim host via this vulnerability 5. Establish backdoors for later access 6. After break-in, use this victim host to –Install rootkit to cover tracks –run sniffer to collect user password information –hack or attack other network –use this victim host resource to carry out their activities –Web page defacement for certain assertion
© Centre for Development of Advanced Computing, Hyderabad Buffer Overflow In general, buffer overflow attack involves the following steps: i.stuffing more data into a buffer than it can handle ii.overwrites the return address of a function iii.switches the execution flow to the hacker code
© Centre for Development of Advanced Computing, Hyderabad Case Study : Buffer Overflow Buffer Overflow Vulnerability in Windows RPC DCOM Implementation
© Centre for Development of Advanced Computing, Hyderabad About Vulnerability Vulnerability within the Microsoft’s RPC DCOM vulnerability was made public on July 16 th 2003 –Attackers can execute the code of their choice with system privilege by exploiting this buffer Overflow problem First version of the exploit was released on July 23, 2003 by XFOCUS(Only DOS by crashing the SVChost.exe) Second version of the exploit was released on July 25 th 2003 by Metasploit (Allow the spawn and binding of the Command shell with system privilege on remote machine) Backdoor trojan was found on the affected Machine on 2 nd August 2003 On august 11 th the worm known as MS Blast was discovered which infected hundred of thousands of machines within few hours
© Centre for Development of Advanced Computing, Hyderabad Reason for Buffer Overflow Problem due to unchecked parameter within a DCOM function – HRESULT CoGetInstanceFromFile ( IN COSERVERINFO * pServerInfo, IN CLSID * pClsid, IN IUnknown * punkOuter, // only relevant locally IN DWORD dwClsCtx, IN DWORD grfMode, IN OLECHAR * szName IN DWORD dwCount, IN OUT MULTI_QI * pResults ); This function is used to create a new object and initialize it from file The sixth parameter i..e. szName is allocated a space of 0x20(32 bytes) for the file name –Input is not checked here. When a larger value is input, anything beyond 0x20 space is overflowed and then allow the arbitrary code to get executed with system privilege hr = CoGetInstanceFromFile (pServerInfo, NULL, 0, CLSCTX_REMOTE_SERVER, STGM_READWRITE, " C:\\1234561111111111111111111111111.doc ",1,&qi);
© Centre for Development of Advanced Computing, Hyderabad Steps Performed by Exploit Code Attacker Victim 192.168.51.35(>1024) 192.168.51.36:135 Exploit establishes the connection to TCP port 135 on Victim Machine 192.168.51.35(>1024) Exploit send the DCE/RPC Bind Request for the file “\\victim\c$\1234561111111111111111111111.doc” to victim machine and uses the buffer overflow to spawn the shell on TCP port 4444 192.168.51.36:135 192.168.51.35(>1024) Exploits connects to shell on newly opened TCP port 4444 and has the System privilege 192.168.51.36:4444
© Centre for Development of Advanced Computing, Hyderabad Recently Announced buffer Overflow Problem in MS MSASN.1 Vulnerability Could allow the remote code execution Abstract Syntax Notation(ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platform MSASN1.dll is widely used by Windows security Subsystem. Announced on Feb 10, 2004 by Microsoft All the Microsoft OS Platform is affected Exploit released on feb 14 th But only crash the LSASS.exe service and force the system to reboot Next possible WORM will be under the Development.
© Centre for Development of Advanced Computing, Hyderabad Thank You
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Hackers, Crackers, and Network Intruders
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Hackers and their vocabulary Threats and risks Types of hackers Gaining access Intrusion detection and prevention Legal and ethical issues HACKING CLICKTECHSOLUTION.COM.
Lesson 3-Hacker Techniques
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Threats and Attacks Principles of Information Security, 2nd Edition
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
INDEX Ethical Hacking Terminology. What is Ethical hacking? Who are Ethical hacker? How many types of hackers? White Hats (Ethical hackers)
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Copyright © Center for Systems Security and Information Assurance
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
DoS/DDoS attack and defense
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
© 2017 SlidePlayer.com Inc. All rights reserved.