Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions

Slides:

Advertisements

Similar presentations

Fetching a Web Page Home computer The Internet.

Advertisements

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

CS682- Network Management and Security Prof. Katz.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

System Security Scanning and Discovery Chapter 14.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

GROUP MEMBERS Chan Li Suman Lohani Prabhu Sundaram Hacking and its Defense.

Web Server Administration TEC 236 Securing the Web Environment.

Vulnerability Analysis Borrowed from the CLICS group.

Web architecture Dr Jim Briggs Web architecture.

The World Wide Web and the Internet Dr Jim Briggs 1WUCM1.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Computer Security and Penetration Testing

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

Hacking Web Server Defiana Arnaldy, M.Si

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.

Network Address Translation (NAT) CS-480b Dick Steflik.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Human-Computer Interface Course 5. ISPs and Internet connection.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Web Server Administration Chapter 10 Securing the Web Environment.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

FTP (File Transfer Protocol) & Telnet

Internet and Intranet Fundamentals Class 2 Session A.

CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

CIS 450 – Network Security Chapter 3 – Information Gathering.

DARPA OASIS PI Meeting – Hilton Head – March 12-15, 2002Slide 1 Aegis Research Corporation KARMA Kinetic Application of Redundancy to Mitigate Attacks.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.

1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Linux Networking and Security

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.

1-1 HTTP request message GET /somedir/page.html HTTP/1.1 Host: User-agent: Mozilla/4.0 Connection: close Accept-language:fr request.

LinuxChix Apache. Serving Webpages The layer 7 protocol (HTTP) is what our browsers talk to get us the websites we can't seem to live without. HTTP is.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!

CITA 310 Section 2 HTTP (Selected Topics from Textbook Chapter 6)

Retina Network Security Scanner

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

5 th ed: Chapter 17 4 th ed: Chapter 21

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

WEB1P webarch1 Web architecture Dr Jim Briggs. WEB1P webarch2 What is the web? Distributed system Client-server system Characteristics of clients and.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

You can easily passed the GPEN Penetration tester exam by the help of exams4sure.com exams4sure.com Get Complete File From

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Outline Securing your system before the IDS and some tools to help you

The Linux Operating System

Secure Software Confidentiality Integrity Data Security Authentication

Metasploit a one-stop hack shop

6.6 Firewalls Packet Filter (=filtering router)

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Securing web applications Externally

Presentation transcript:

Hacking Techniques and Countermeasures E. Ray Howard, Jr Sprint E|Solutions

Objective: zDiscuss the practice of hacking in general and demonstrate a few of the current common methods and exploits. zMainly a demonstration of some current web hacking methods.

Reasons to hack. zCuriosity. zRevenge. zNotoriety/Fame. zProfit ($$$ or other gain).

Hacker methodologies. zOxymoron? Not really. There is normally some method to this madness. zBased on systematically exploiting weaknesses in your security infrastructures, both physical and IT.

A common methodology is the following: z1. Gather target information. z2. Identify services offered by target to the public (whether intentional or not). z3. Research the discovered services for known vulnerabilities. z4. Attempt to exploit the services. z5. Utilize exploited services to gain additional privileges from the target. Reiterate steps 1-5 until goals are achieved.

Step 1: Gather target information. zDomain names, IP address ranges. zInterNIC contact information. zPhysical addresses. zOrganizational structures. zAlliances and financial information. zNames of officers, managers, technical staff. zNewsgroup posts.

Step 2: Identify services. zWeb servers. zFTP servers. zDNS servers. z gateways. zHelp desks/phone support. zOther (gopher, LDAP, irc, etc.)

Step 3: Research vulnerabilities. zVendor announcements. zDefault configurations. zPoor configurations. (i.e. passwords, cleartext protocols) zGather available exploits or develop new exploit. zDerived exploits. zSome original work.

Step 4: Exploit vulnerabilities. zAttempt to exploit vulnerabilities to gain access to the target. zContinue until successful.

Step 5: Utilize increased access. zExploit additional vulnerabilities to gain additional access and information to use in penetrating further into an organization. zThe hacker "becomes" a legitimate user (even an administrator).

Demo 1: IIS web exploit. zNote: yOnly requires normal web user access to an IIS webserver (i.e. port 80 or 443). yUsing non-standard ports for your web server only makes this marginally more difficult. You do publish how to access your webserver to someone, right? (also, you would be surprised what search engines contain about you.) yUsing SSL (https protocoll) will not prevent the exploit from succeeding.

Demo 1: Software levels zTarget: Windows NT Server 4.0sp6a, IIS 4.0 zAttacker: Linux mdk kernel, Window NT Worstation 4.0 sp6a

Demo 1: Target info. zTarget IP address is zQuery whois database at ARIN.net to locate owner and domain information. zAlso try reverse DNS mappings for host/domain names.

Demo 1: Services infomation Use nmap to scan target for services of interest. $ nmap -sS -p 21-25,80, , Starting nmap V by ( ) Interesting ports on ( ): (The 7 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

Demo 1: Research services Use netcat or telnet commands to determine web server information. $ nc HEAD / HTTP/1.0 HTTP/ OK Server: Microsoft-IIS/4.0 Content-Location: Date: Mon, 06 Aug :40:10 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 30 Jul :28:47 GMT ETag: "c0bf6c53c19c11:b50" Content-Length: 4325

Demo 1: Exploit services to gain access zUnicode “dot dot” exploit to traverse filesystem. zDefault configuration of Inetpub\scripts directory is used to upload and execute commands of our choice. zGet target to fetch useful commands. zGet target to initiate a command session. zUse target to obtain additional information.

Demo 1: Prevention zStay current on patch levels for Microsoft's OS and web server. zImplement good firewalling. zUse an IDS system (or two!). zHost security is important (Microsoft's "Securing IIS” and “Securing Windows NT” documents). zPattern matching intercept proxies.

Summary: Prevention. zQ: How to prevent becoming a target? zA: You can't, if your company has an Internet presence (or remote access, or vendor/VAR networks, or employees). zS: The only reliable solution to reduce the risk of a successful intrusion attempt is staying current with your security infrastructure is. This is an ongoing dynamic process.

Useful security related links. zSANS Institute ( zSecurity Focus Archives ( zSnort IDS home ( zSecurity archives (archives.neohapsis.com) z CERT Coordination Center (

Mailing Lists zRisks Digest ( zBUGTRAQ ( zNTBugtraq ( zWin2KSecurity Advice (

Securing Webservers zApache project ( zsupport.microsoft.com "Resources for Securing Internet Information Services”, Article ID Q