Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Published byIsaac Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002."— Presentation transcript:

1 Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002

2 Requirements: Hardware: -Two computers -One hub -Internet access Software: - Windows 98/2000 -Trojan horse (Glacier 6.0) -Sniffer ( password monitor) -Port scanner (Fluxay IV)

3 Case 1: Trojan Horse: Suppose a Trojan horse (server.exe) was installed on computer A already. One can execute a control program(client.exe) on computer B to control computer A.

4 Planting a Trojan Horse Direct execution of a Trojan horse Sent as an e-mail attachment Link an icon (as a “bait”) to a Trojan Horse Guess password of a user and then use remote execution

5 Hacking Remotely Run a client program to control the compromised system remotely

6 Searching... port delay time domain begin from to Victim found

7 All folders and files in computer A. We can copy, rename, run or delete them remotely. All folders and files in computer A. We can copy, rename, run or delete them remotely.

8 Computer A’s basic information System information of computer A. System information of computer A. Password related commands Control related commands Network related commands

9 All the passwords in computer A's cache. Password in cache

10 Monitoring computer A’s screen

11 Controlling Computer A’s screen

12 Other operations you can use to control computer A Find/copy/delete files from computer A Share a directory Kill a process Change the registry Record the keyboard Shut/restart the computer

13 All commands we can use

14 Case 2: Sniff a Password If computer A transmits some data frames to a server machine D via an Ethernet, every computer will receive a copy. Only computer D should accept it; others should discard the data frames. However, a sniffer running on machine B or C receives it and analyzes it even B or C is not the destination.

15

16 The URL computer A visiting user name password Computer A’s IP address log on time monitoring NIC When the password was detected, it will display here. When the password was detected, it will display here.

17 This file’s name is “webfilter.txt”, “pwmonitor” need this file to identify the URLs. That is to say, only when the URL computer A visiting is in this filter file can the passwords be sniffed. Because this sniffer is created in China, most of the URLs located in China, but we can find yahoo.com here. This file’s name is “webfilter.txt”, “pwmonitor” need this file to identify the URLs. That is to say, only when the URL computer A visiting is in this filter file can the passwords be sniffed. Because this sniffer is created in China, most of the URLs located in China, but we can find yahoo.com here.

18 Case 3: Hack a Server Computer A is a server, B is a client Scans the ports of computer A Guesses the password of admin. After the computer is compromised, a hacker can plant some backdoor software to the server and execute it remotely.

19 Hosts’ type usernamepasswordhosts Flaxuy is the most popular ports scanner used in China these days. It scans all services (ports) of the servers provide, once it finds a certain service (FTP, telnet...), it will try to find the users and guess the passwords... Flaxuy is the most popular ports scanner used in China these days. It scans all services (ports) of the servers provide, once it finds a certain service (FTP, telnet...), it will try to find the users and guess the passwords...

20 Scan from to Host type Guess password Display password if get

21 Scanning...

22 Now we get the password.

23 Computer 144.26.30.40’s Administrator is “TopTooler”, the password is “toptooler”, we can establish a IPC connection. Computer 144.26.30.40’s Administrator is “TopTooler”, the password is “toptooler”, we can establish a IPC connection. password

24 Using this command, we can log on to the server as an administrator. Using this command, we can log on to the server as an administrator. Then copy a Trojan horse to a server Then copy a Trojan horse to a server

25 The Trojan horse will be started automatically at 13:50p.m. on the server. The Trojan horse will be started automatically at 13:50p.m. on the server.

Download ppt "Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002."

Similar presentations

Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.

Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.
Botnets ECE 4112 Lab 10 Group 19.

Botnets ECE 4112 Lab 10 Group 19.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Internet Applications: Telnet, Ping and Traceroute.

Internet Applications: Telnet, Ping and Traceroute.
Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.

Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.
Using FileZilla to FTP CS10001 – Computer Literacy Kent State University.

Using FileZilla to FTP CS10001 – Computer Literacy Kent State University.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.

(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.

Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 Mapping a Drive on the USF IIS Server. 2 Mapping a Drive To map a drive to a network file directory in Windows you must be on a Microsoft local area.

1 Mapping a Drive on the USF IIS Server. 2 Mapping a Drive To map a drive to a network file directory in Windows you must be on a Microsoft local area.

Similar presentations

Ads by Google