Remote Control and Advanced Techniques

Slides:

Advertisements

Similar presentations

Network Security.

Advertisements

Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.

Week 6-1 Week 6: Trojans and Backdoors What is a Trojan Horse? Overt and Covert.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

System Security Scanning and Discovery Chapter 14.

Trojan Horse Program Presented by : Lori Agrawal.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

MIS Week 7 Site:

Telnet/SSH: Connecting to Hosts Internet Technology1.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Linux GUI Chapter 5. Graphical User Interface GUI vs. CLI Easier and more intuitive More popular and advanced Needed for graphics, web browsing Linux.

Remote Control and Advanced Techniques. Remote Control Software What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Chapter 34 Internet Applications (Telnet, FTP).

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.

Network Security Part III: Security Appliances Firewalls.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

TCOM Information Assurance Management System Hacking.

Protocols COM211 Communications and Networks CDA College Olga Pelekanou

XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

COEN 250 Computer Forensics Unix System Life Response.

Footprinting and Scanning

Unix Servers Used in This Class  Two Unix servers set up in CS department will be used for some programming projects  Machine name: eustis.eecs.ucf.edu.

File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.

Remote Control and Advanced Techniques Lesson 16.

Dial-up, VPN and Network Devices hacking. Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically.

1 Remote Installation Service Windows 2003 Server Prof. Abdul Hameed.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Hacking Windows.

BASIC CONCEPTS ON INTERNET &

CSCE 548 Student Presentation By Manasa Suthram

Malware and Computer Maintenance

Discovering Computers 2012: Chapter 8

Working at a Small-to-Medium Business or ISP – Chapter 8

Footprinting and Scanning

TECHNOLOGY GUIDE THREE

Backdoor Attacks.

HISTORY OF COMPUTERS AND TECHNOLOGY

Hacking Unix/Linux.

XWN740 X-Windows Configuring and Using Remote Access

Footprinting and Scanning

Windows Operating Systems (Cont.)

Telnet/SSH Connecting to Hosts Internet Technology.

Chapter 4 Core TCP/IP Protocols

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

A Distributed DoS in Action

Protocols 2 Key Revision Points.

Types of Software Mrs. S. Palmer Office Administration.

Hacking Windows Damian Gordon.

Internet Applications (Telnet, FTP)

Presentation transcript:

Remote Control and Advanced Techniques

Remote Control Software What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local machine (graphical) Allow running graphical, text-based application in remote machine, displaying the results in the local machine. A variety of applications, most with free download as demo. pcAnywhere is one of the pioneers and very popular. TCP 5631 and UDP 5632 VNC is very popular because it is cross-platform and free (history, video of hacking VNC and video of Kali Linux Armitage hacking VNC). TCP 5800,5801 …, 5900, 5901… (allows alternate ports) . See a free version here. Windows Remote Desktop (you have used it in this course) TCP 3389 and UDP 3389. Discovering and connecting to remote control software Use Nmap or Superscan to search for ports 22, 799, 800, 1494, 2000, 2001, 5631, 5632, 5800, 5801, 5900, 5901, 43188, 65301, and many others ... Once software is identified download free demo and try brute force. Major weakness: only password is encrypted, traffic is compressed, only. Countermeasures: strong password (again), encrypt traffic (SSL, SSN, etc.), limit and log login attempts, change default listening port.

Advanced Techniques Trojans: BO, NetBus and SubSeven and its many variations are the most common Trojan, backdoor hacker tools. TCP/IP ports: official , Internet services. Different from protocol ports. Trojan ports: list , more details, and resources. Port listening software: netstat, TcpView (seen in footprinting tools), BackOfficer Friendly (example). Checking and removing Trojans: F-secure on-line check , Moosoft Cleaner, Avast Trojan tool, Windows Defender. Weeding out rogue processes: Windows Task Manager, Linux ps –aux Be aware of traps: Whack-A-Mole (pseudo game), BoSniffer (BO in disguise), eLiTeWrap (packs Trojans as exe). Generic: download, scan for virus, then execute, do not run from Internet. Rootkits: Difficult to detect Windows 10 secure boot (requires recent hardware) keep a record of your files using Tripwire create image of your hard-drive: hardware (soho) and software solutions (AOMEI Backupper, Drive Image, and others). McAfee RootkitRemover and Sophos Anti-Rootkit.

Other Techniques TCP hijacking TFTP: Trivial File Transfer Protocol. Juggernaut: spy on a TCP connection and issue commands as the logged user. Hunt: spy on a TCP connection (works with shared and switched networks). Countermeasures: encrypted protocols such as IPSec, SSH. TFTP: Trivial File Transfer Protocol. Used by routers, and there are free servers for Windows. Available client in Windows : tftp.exe Prevent its use by Nimda (mostly obsolete) or similar: Edit the services file: %systemroot%/system32/drivers/etc/services Find this line: tftp 69/udp Replace it with: tftp 0/udp Social Engineering Help desk information: on the Web, e-mail, voice User information: on the Web, e-mail, voice Social Engineering in Kali Linux (SET): a tutorial.