Onno W. Purbo Onno@indo.net.id Cracking Techniques Onno W. Purbo Onno@indo.net.id.

Slides:

Advertisements

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Advertisements

System Security Scanning and Discovery Chapter 14.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.

System and Network Security Practices COEN 351 E-Commerce Security.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Ana Chanaba Robert Huylo

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

13Computer Intrusions Dr. John P. Abraham Professor UTPA.

PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Network Security Onno W. Purbo Buku Keamanan Jaringan Internet Toko Buku Gramedia.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Bugs SATAN scans for It is interesting to look at the bugs SATAN scans for. They are easily detected by the scanners and therefore do not pose a threat.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Linux Networking and Security

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Safeguarding your Business Assets through Understanding of the Win32 API.

Operating System Security Fundamentals Dr. Gabriel.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

CHAPTER 9 Sniffing.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Cracking Techniques Onno W. Purbo

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Securing the Linux Operating System Erik P. Friebolin.

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Seminar On Ethical Hacking Submitted To: Submitted By:

Hacking Unix/Linux.

Security Scan melalui Internet

Security in Networking

6.6 Firewalls Packet Filter (=filtering router)

The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.

Chapter 27: System Security

OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)

OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)

Operating System Security

ICT Computing Lesson 4: Computing Network.

Crisis and Aftermath Morris worm.

6. Application Software Security

Presentation transcript:

Onno W. Purbo Onno@indo.net.id Cracking Techniques Onno W. Purbo Onno@indo.net.id

Referensi http://www.rootshell.com Front-line Information Security Team, “Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks,” fist@ns2.co.uk & http://www.ns2.co.uk

Referensi http://www.antionline.com/archives/documents/advanced/ http://www.rootshell.com/beta/documentation.html http://seclab.cs.ucdavis.edu/papers.html http://rhino9.ml.org/textware/

Introduction

Just who is vulnerable anyway? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various goverment agencies Multinational corporations

Profile of a typical 'system cracker' Usually male, aged 16-25. To improve their cracking skills, or to use network resources for their own purposes. Most are opportunists Run scanners for system vulnerabilities. Usually gain root access; then install a backdoor and patch the host from common remote vulnerabilities.

Networking methodologies adopted by many companies

Internet’s purposes .. The hosting of corporate webservers E-mail and other global communications via. the internet To give employees internet access

Network separation Firewall Application Proxies

Understanding vulnerabilities in such networked systems

Understanding vulnerabilities External mailserver must have access to mailservers on the corporate network. agressive-SNMP scanners & community string brute-force programs, turn router into bridge.

The attack

Techniques used to 'cloak' the attackers location Bouncing through previously compromised hosts via. telnet or rsh. Bouncing through windows hosts via. Wingates. Bouncing through hosts using misconfigured proxies.

Network probing and information gathering Using nslookup to perform 'ls <domain or network>' requests. View the HTML on your webservers to identify any other hosts. View the documents on your FTP servers. Connect to your mailservers and perform 'expn <user>' requests. Finger users on your external hosts.

Identifying trusted network components a trusted network component is usually an administrators machine, or a server that is regarded as secure. start out by checking the NFS export & access to critical directory /usr/bin, /etc and /home. Exploit a machine using a CGI vulnerability, gain access to /etc/hosts.allow

Identifying vulnerable network components Use Linux programs such as ADMhack, mscan, nmap and many smaller scanners. binaries such as 'ps' and 'netstat' are trojaned to hide scanning processes. If routers are present that are SNMP capable, the more advanced crackers will adopt agressive-SNMP scanning techniques to try and 'brute force‘ the public and private community strings of such devices.

Perform types of checks A TCP portscan of a host. A dump RPC services via. portmapper. A listing of exports present via. nfsd. A listing of shares via. samba / netbios. Multiple finger to identify default accounts. CGI vulnerability scanning. Identification of vulnerable versions of server daemons, including Sendmail, IMAP, POP3, RPC status & RPC mountd.

Taking advantage of vulnerable components Identify vulnerable network components  compromise the hosts. Upon executing such a program remotely to exploit a vulnerable server daemon Gain root access to your host.

Upon gain access to vulnerable components 'clean-up‘ operation of doctoring your hosts logs 'backdooring' service binaries. place an .rhosts file in the /usr/bin to allow remote bin access to the host via rsh & csh

Abusing access & privileges

Downloading sensitive information 'bridge' between the internet - corporate network. Abusing the trust with the external host.

Cracking other trusted hosts and networks Install trojans & backdoors + remove logs. Install sniffers on your hosts.

Installing sniffers Use 'ethernet sniffer' programs. To 'sniff' data flowing across the internal network  a remote root compromise of an internal host. To detect promiscuous network interfaces  the 'cpm' http://www.cert.org/ftp/tools/cpm/

Taking down networks rm -rf / & 'mission critical' routers & servers are always patched and secure.