Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions

Published byConstance Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions"— Presentation transcript:

1 Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions http://www.sprintesolutions.com everett.r.howard@mail.sprint.com

2 Objective: zDiscuss the practice of hacking in general and demonstrate a few of the current common methods and exploits. zMainly a demonstration of some current web hacking methods.

3 Reasons to hack. zCuriosity. zRevenge. zNotoriety/Fame. zProfit ($$$ or other gain).

4 Hacker methodologies. zOxymoron? Not really. There is normally some method to this madness. zBased on systematically exploiting weaknesses in your security infrastructures, both physical and IT.

5 A common methodology is the following: z1. Gather target information. z2. Identify services offered by target to the public (whether intentional or not). z3. Research the discovered services for known vulnerabilities. z4. Attempt to exploit the services. z5. Utilize exploited services to gain additional privileges from the target. Reiterate steps 1-5 until goals are achieved.

6 Step 1: Gather target information. zDomain names, IP address ranges. zInterNIC contact information. zPhysical addresses. zOrganizational structures. zAlliances and financial information. zNames of officers, managers, technical staff. zNewsgroup posts.

7 Step 2: Identify services. zWeb servers. zFTP servers. zDNS servers. ze-mail gateways. zHelp desks/phone support. zOther (gopher, LDAP, irc, etc.)

8 Step 3: Research vulnerabilities. zVendor announcements. zDefault configurations. zPoor configurations. (i.e. passwords, cleartext protocols) zGather available exploits or develop new exploit. zDerived exploits. zSome original work.

9 Step 4: Exploit vulnerabilities. zAttempt to exploit vulnerabilities to gain access to the target. zContinue until successful.

10 Step 5: Utilize increased access. zExploit additional vulnerabilities to gain additional access and information to use in penetrating further into an organization. zThe hacker "becomes" a legitimate user (even an administrator).

11 Demo 1: IIS web exploit. zNote: yOnly requires normal web user access to an IIS webserver (i.e. port 80 or 443). yUsing non-standard ports for your web server only makes this marginally more difficult. You do publish how to access your webserver to someone, right? (also, you would be surprised what search engines contain about you.) yUsing SSL (https protocoll) will not prevent the exploit from succeeding.

12 Demo 1: Software levels zTarget: Windows NT Server 4.0sp6a, IIS 4.0 zAttacker: Linux 2.2.17-21mdk kernel, Window NT Worstation 4.0 sp6a

13 Demo 1: Target info. zTarget IP address is 192.168.168.125 zQuery whois database at ARIN.net to locate owner and domain information. zAlso try reverse DNS mappings for host/domain names.

14 Demo 1: Services infomation Use nmap to scan target for services of interest. $ nmap -sS -p 21-25,80,135-139,443 192.168.168.125 Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on (192.168.168.125): (The 7 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

15 Demo 1: Research services Use netcat or telnet commands to determine web server information. $ nc 198.168.168.125 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Content-Location: http://192.168.168.125/Default.htm Date: Mon, 06 Aug 2001 23:40:10 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 30 Jul 2001 15:28:47 GMT ETag: "c0bf6c53c19c11:b50" Content-Length: 4325

16 Demo 1: Exploit services to gain access zUnicode “dot dot” exploit to traverse filesystem. zDefault configuration of Inetpub\scripts directory is used to upload and execute commands of our choice. zGet target to fetch useful commands. zGet target to initiate a command session. zUse target to obtain additional information.

17 Demo 1: Prevention zStay current on patch levels for Microsoft's OS and web server. zImplement good firewalling. zUse an IDS system (or two!). zHost security is important (Microsoft's "Securing IIS” and “Securing Windows NT” documents). zPattern matching intercept proxies.

18 Summary: Prevention. zQ: How to prevent becoming a target? zA: You can't, if your company has an Internet presence (or remote access, or vendor/VAR networks, or employees). zS: The only reliable solution to reduce the risk of a successful intrusion attempt is staying current with your security infrastructure is. This is an ongoing dynamic process.

19 Useful security related links. zSANS Institute (www.sans.org) zSecurity Focus Archives (www.securityfocus.com) zSnort IDS home (www.snort.org) zSecurity archives (archives.neohapsis.com) z CERT Coordination Center (www.cert.org)

20 Mailing Lists zRisks Digest (www.risks.org) zBUGTRAQ (www.securityfocus.com/bugtraq/archive) zNTBugtraq (www.ntbugtraq.com) zWin2KSecurity Advice (www.ntsecurity.net)

21 Securing Webservers zApache project (www.apache.org) http://httpd.apache.org/docs/misc/tutorials.html zsupport.microsoft.com "Resources for Securing Internet Information Services”, Article ID Q282060.

Download ppt "Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions"

Similar presentations

Fetching a Web Page www.si.umich.edu Home computer The Internet.

Fetching a Web Page Home computer The Internet.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
CS682- Network Management and Security Prof. Katz.

CS682- Network Management and Security Prof. Katz.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
GROUP MEMBERS Chan Li Suman Lohani Prabhu Sundaram Hacking and its Defense.

GROUP MEMBERS Chan Li Suman Lohani Prabhu Sundaram Hacking and its Defense.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Web architecture Dr Jim Briggs Web architecture.

Web architecture Dr Jim Briggs Web architecture.
The World Wide Web and the Internet Dr Jim Briggs 1WUCM1.

The World Wide Web and the Internet Dr Jim Briggs 1WUCM1.
Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.

Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.
Network Address Translation (NAT) CS-480b Dick Steflik.

Network Address Translation (NAT) CS-480b Dick Steflik.

Similar presentations

Ads by Google