1. System Hacking Active System Intrusion

2. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in the middle DoS Buffer overflows Privilege escalation Remote control and backdoor Track covering Hide sensitive information

3. Password Guessing NetBIOS TCP port 139 open then guess admin, guest, john smith (NULL passswords) Try connecting to shares C$ %systemdrive% admin$ guest$

4. Password Cracking Manual/automatic cracking (text file lists) Dictionary attack Brute Force Keyloggers Password Sniffing Legion Cain 7 Able LophtCrack Jack the Ripper Kerbcrack

5. Examples Administrator User Arcserve Test Lab Username Manager Temp ID number NULL, password, admin administrator, user, password, backup, temp, ID

6. Examples Easy to remember names Use the same password for many accounts High probability pairs www.mksecure.com/defpw

7. LM Manager LM Early windows operating systems NTLM NT operating systems NTLMv2 Windows XP and 2000 (Kerberos 56bit 128bit encryption)

8. Eavesdropping Packet/Port filtering Security scanners NTInfoScan

9. Countermeasures Block TCP/UDP ports 135-139 445(netbios network bindings) Complex passwords Log failed login events (event viewer EVENTS 529, 539) Restrict rights to run system tools such as cmd.exe Firewall IPSec Passprop RK (default admin no lock ability) IDS

10. Demo/Exercise Cain & Able Create a user account and crack password.

11. SMB Server Message Blocks Request Response

12. Command line hacks At 15:23 /interactive cmd.exe Net use \\192.168.0.1\c$ * /u:administrator\\192.168.0.1\c$

13. Vulnerabilities RPC LSASS Stack/Buffer overflows Buffer overflow attacks involve sending overly long input streams to the attacked server, causing the server to overflow parts of the memory and either crash the system or execute the attacker's arbitrary code as if it was part of the server's code. The result is full server compromise or denial of service. Some of the well-known Internet worms, including Code Red, Slapper and Slammer, use buffer overflow attacks to propagate and execute payloads. Buffer overflow vulnerabilities are some of the most common programming errors.

14. Man in the Middle SMBRelay server Because Windows automatically tries to log in as the current user if no other authentication information is explicitly supplied, if an attacker can force a NetBIOS connection from its target it can retrieve the user authentication information of the currently logged in user.

15. Privilege Escalation Gain access to a system and give your self more privileges PipeupAdmin GetAdmin.exe Hk.exe Sechole Spoofing LPC Psexec

16. Pilfering Grabbing information such as the SAM database NT Active Directory %windir%\windowsDS\ntds.dit

17. www.winhackingexposed.com In depth coverage of windows security and vulnerabilities

18. Countermeasures Deny Log on locally Lock down IIS URLScan IISLockdown Audit Logon events

19. Events/Database Export Dumpevt www.somarsoft.com EventCombWindows

20. IDS Blackice blackice.iss.net Entercept www.mcafeesecurity.comwww.mcafeesecurity.com Cisco security Agent www.cisco.comwww.cisco.com Sentivist www.nfr.comwww.nfr.com E-trust IDS www3.ca.com ITA enterprisesecurity.com Realsecure www.iss.netwww.iss.net Tripwire www.tripwiresecurity.com

21. Exercise Use command line tools to connect to another computer Filter event logs