The hacking attack can be delivered to the target system via a local area network LAN , either wired or wireless; local access to a PC; the Internet; or offline. Gaining access is known in the hacker world as owning the system because once a system has been hacked, the hacker has control and can use that system as they wish. Cracking a Password Manual password cracking involves attempting to log on with different passwords.
The hacker follows these steps: Find a valid user account such as Administrator or Guest. Create a list of possible passwords. Rank the passwords from high to low probability. Key in each password.
Try again until a successful password is found. Page 17 B. Understanding Keyloggers and Other Spyware Technologies If all other attempts to gather passwords fail, then a keystroke logger is the tool of choice for hackers. Keystroke loggers keyloggers can be implemented either using hardware or software. Hardware keyloggers are small hardware devices that connect the keyboard to the PC and save every keystroke into a file or in the memory of the hardware device.
In order to install a hardware keylogger, a hacker must have physical access to the system. Software keyloggers are pieces of stealth software that sit between the keyboard hardware and the operating system so that they can record every keystroke. Software Keyloggers can be deployed on a system by Trojans or viruses.
Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, root kits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks.
In this case, the owned system is sometimes referred to as a zombie system. Generally the hacker needs to have an account with administrator-level access in order to install programs, and that is why escalating privileges is so important. Executing Applications Once a hacker has been able to access an account with administrator privileges, the next thing they do is execute applications on the target system. The purpose of executing applications may be to install a backdoor on the system, install a keystroke logger to gather confidential information, copy files, or just cause damage to the system—essentially, anything the hacker wants to do on the system.
Once the hacker is able to execute applications, the system is considered owned and under the control of the hacker. Essentially, the buffer overflow attack sends too much information to a field variable in an application, which can cause an application error. Therefore, it either executes the command in the overflow data or displays a command prompt to allow the user to enter the next command. The command prompt or shell is the key for a hacker and can be used to execute other applications.
Page 18 Understanding Root kits A rootkit is a type of program often used to hide utilities on a compromised system. Rootkits include so-called backdoors to help an attacker subsequently access the system more easily. Doing so installs the rootkit device driver and starts it. EXE from the target machine. Hackers try to remove all traces of the attack, such as log files or intrusion detection system IDS alarms.
Examples of activities during this phase of the attack include: Steganography using a tunneling protocol Altering log files 2. Each type simulates an attacker with different levels of knowledge about the target organization.
These types are as follows: Black Box Black-box testing involves performing a security evaluation and testing with no prior knowledge of the network infrastructure or system to be tested. Black-box testing can take the longest amount of time and most effort as no information is given to the testing team.
Therefore, the information-gathering, reconnaissance, and scanning phases will take a great deal of time. The disadvantages are primarily the amount of time and consequently additional cost incurred by the testing team. White Box White-box testing involves performing a security evaluation and testing with complete knowledge of the network infrastructure such as a network administrator would have.
This testing is much faster than the other two methods as the ethical hacker can jump right to the attack phase, thus bypassing all the information-gathering, reconnaissance, and scanning phases. Many security audits consist of white-box testing to avoid the additional time and expense of black-box testing. Testing examines the extent of access by insiders within the network. The purpose of this test is to simulate the most common form of attack, those that are initiated from within the network.
The idea is to test or audit the level of access given to employees or contractors and see if those privileges can be escalated to a higher level. Page 19 The ethical hacker must follow certain rules to ensure that all ethical and moral obligations are met. Information gathered may contain sensitive information. No information about the test or company confidential data should ever be disclosed to a third party.
For example, DoS attacks should only be run as part of the test if they have previously been agreed upon with the client. Loss of revenue, goodwill, and worse could befall an organization whose servers or applications are unavailable to customers as a result of the testing.
These tests and evaluations have three phases. Preparation This phase involves a formal agreement between the ethical hacker and the organization. This agreement should include the full scope of the test, the types of attacks inside or outside to be used, and the testing types: white, black, or gray box.
Conduct Security Evaluation During this phase, the tests are conducted, after which the tester prepares a formal report of vulnerabilities and other findings. Conclusion The findings are presented to the organization in this phase, along with any recommendations to improve security. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these 'tiger teams' or 'ethical hackers' would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information.
Instead, they would evaluate the target systems' security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them. This method of evaluating the security of a system has been in use from the early days of computers. The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve.
They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U. With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies began to appear outside of the military establishment.
Most notable of these was the work by Farmer and Venema, which was originally posted to Usenet in December of They discussed publicly, perhaps for the first time, this idea of using the techniques of the hacker to assess the security of a system. With the goal of raising the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so.
They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client's systems, the ethical hacker may discover information about the client that should remain secret.
In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems e. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. There are different tools used for scanning war dialing and pingers were used earlier but now a days both could be detected easily and hence are not in much use.
Modern port scanning uses TCP protocol to do scanning and they could even detect the operating systems running on the particular hosts. Enumeration: Enumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack. By doing this the hacker aims to find what resources and shares can be found in the system, what valid user account and user groups are there in the network, what applications will be there etc.
Hackers may use this also to find other hosts in the entire network. Gaining access: This is the actual hacking phase in which the hacker gains access to the system.
The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords. System hacking can be considered as many steps. First the hacker will try to get in to the system. Once he gets in to the system the next thing he wants will be to increase his privileges so that he can have more control over the system.
As a normal user the hacker may not be able to see the confidential details or cannot upload or run the different hack tools for his own personal interest. Another way to crack in to a system is by the attacks like man in the middle attack. The simplest method is to guess the password. But this is a tedious work. But in order to make this work easier there are many automated tools for password guessing like legion.
Legion actually has an inbuilt dictionary in it and the software will automatically. That is the software itself generates the password using the dictionary and will check the responses.
That is the hacker may get in as an ordinary user. And now he tries to increase his privileges to that of an administrator who can do many things. There are many types of tools available for this. There are some tools like getadmin attaches the user to some kernel routine so that the services run by the user look like a system routine rather than user initiated program.
The privilege escalation process usually uses the vulnerabilities present in the host operating system or the software. There are many tools like hk. One such community of hackers is the metasploit. Maintaining Access: Now the hacker is inside the system by some means by password guessing or exploiting some of its vulnerabilities. This means that he is now in a position to upload some files and download some of them.
The next aim will be to make an easier path to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily.
This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here. Whenever a hacker downloads some file or installs some software, its log will be stored in the server logs. So in order to erase those the hacker uses man tools. This is a command line tool with which the intruder can easily disable auditing.
Another tool which eliminates any physical evidence is the evidence eliminator. Sometimes apart from the server logs some other in formations may be stored temporarily. The Evidence Eliminator deletes all such evidences. The nature of these tools differ widely. Here we describe some of the widely used tools in ethical hacking. This tool is very much helpful in finding the addresses, phone numbers etc The above fig 2.
In the text field in the top left corner of the window we just need to put the address of the particular host. Then we can find out various information available.
The information given may be phone numbers, contact We may think that what is the benefit of getting the phone numbers, email ids, addresses etc. But one of the best ways to get information about a company is to just pick up the phone and ask the details. Thus we can get much information in just one click. Email tracker is a software which helps us to find from which server does the mail actually came from.
But this is a tedious work. But in order to make this work easier there are many automated tools for password guessing like legion.
Legion actually has an inbuilt dictionary in it and the software will automatically. That is the software it self generates the password using the dictionary and will check the responses. Techniques used in password cracking are: 1.
The automated software will then make use of these words to make different combinations of these words and they will automatically try it to the system. Brute force cracking This is another type of password cracking which does not have a list of pre compiled words. In this method the software will automatically choose all the combinations of different letters, special characters, symbols etc and try them automatically. This process is of course very tedious and time consuming. Hybrid cracking This is a combination of both dictionary and hybrid cracking technique.
This means that it will first check the combination of words in it inbuilt dictionary and if all of them fails it will try brute force. In this technique the hacker will come in direct contact with the user through a phone call or some way and directly ask for the password by doing some fraud. That is the hacker may get in as an ordinary user. And now he tries to increase his privileges to that of an administrator who can do many things.
There are many types of tools available for this. There are some tools like getadmin attaches the user to some kernel routine so that the services run by the user look like a system routine rather than user initiated program. The privilege escalation process usually uses the vulnerabilities present in the host operating system or the software. There are many tools like hk. One such community of hackers is the metasploit. This means that he is now in a position to upload some files and download some of them.
The next aim will be to make an easier path to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily.
In the network scenario the hacker will do it by uploading some softwares like Trojan horses, sniffers , key stroke loggers etc.
Key stroke loggers are actually tools which record every movement of the keys in the keyboard. There are software and hardware keystroke loggers the directly records the movement of keys directly. For maintaining access and privilege escalation the hacker who is now inside the target network will upload the keystroke logging softwares in to the system.
The software keystroke loggers will stay as a middle man between the keyboard driver and the CPU. That is all the keystroke details will directly come to the software so that the tool keeps a copy of them in a log and forwarding them to the CPU. Unlike viruses , Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses on to your computer.
The term comes from a Greek story of the Trojan war in which the Greeks fie a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering.
The hackers will place these Trojan softwares inside the network and will go out. Then after sometimes when he come back the Trojan software either authenticate the hacker as a valid user or opens some other ports for the hacker to get in. There are many examples for trojans like Tini, netcat, subseven, barkorffice etc. Tini is a very tiny Trojan which just listens to the port Netcat is another Trogen which have the ability to connect to any local port and could start out bound or inbound TCP or UDP connections to or from any ports.
It can even return the command shell to the hacker through which the hacker can access the system. Subseven and barkorffice are other Trojans which have a client server architecture which means that the server part will reside in the target and the hacker can directly access the server with the knowledge of the user. In order to keep the softwares and other data to be hidden from the administrator and other usual user the hackers usually use wrapper software to wrap their contents to some pictures, greeting cards etc so that they seem usual data to the administrators.
What the wrapper softwares actually does is they will place the malicious data in to the white spaces in the harmless data. There are some tools like blindslide which will insert and extract the data into just jpeg or bmp pictures.
Actually what they does is that they will insert the data into the white spaces that may be present in the files. The most attractive thing is that most of the time they will not alter the size of the file. Elitewrap is a command line tool which wraps one or more Trojans in to a normal file.
After the processing the product will look like one program while it will contain many softwares. The speciality of this is that we can even make the Trojans,packed in to it, to get executed when the user open that file.
For example consider the case in which the netcat Trojan is packed to a flash greeting card. Now when the user opens the card, in the background, the netcat will start working and will start listening to some ports which will be exploited by the hackers. This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here. Whenever a hacker downloads some file or installs some software, its log will be stored in the server logs.
So in order to erase those the hacker uses man tools. This is a command line tool with which the intruder can easily disable auditing. Another tool which eliminates any physical evidence is the evidence eliminator. Sometimes apart from the server logs some other in formations may be stored temporarily. The Evidence Eliminator deletes all such evidences.
This tool will make a copy of the log and allows the hackers to edit it. Using this tool the hacker just need to select those logs to be deleted. Then after the server is rebooted the logs will be deleted. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience.
This makes the evaluation process. Submit a formal report to upper management or to your customer, outlining your results. Ethical hacking nowadays is the backbone of network security. No ethical hacker can ensure the system security by using the same technique repeatedly.
He would have to improve, develop and explore new avenues repeatedly. Tools used, need to be updated regularly and more efficient ones need to be developed. Ethical hacking tools and Methods Ethical hackers utilize and have developed variety of tools to intrude into different kinds of systems and to evaluate the security levels. The nature of these tools differ widely. Here we describe some of the widely used tools in ethical hacking.
Samspade is a simple tool which provides us information about a particular host. This tool is very much helpful in finding the addresses, phone numbers etc. The fig 2. In the text field in the top left corner of the window we just need to put the address of the particular host.
Then we can find out various information available. The information given may be phone numbers, contact names, IP addresses , email ids, address range etc. We may think that what is the benefit of getting the phone numbers, email ids, addresses etc. But one of the best way to get information about a company is to just pick up the phone and ask the details. Thus we can much information in just one click. Email tracker is a software which helps us to find from which server does the mail actually came from.
Evey message we receive will have a header associated with it. The email tracker use this header information for find the location. One of the options in the email tracker is to import the mail header. In this software we just need to import the mails header to it. Then the software finds from which area does that mail come from. That is we will get. To be more specific we can use another tool visual route to pinpoint the actual location of the server.
The option of connecting to visual route is available in the email tracker. Visual route is a tool which displays the location a particular server with the help of IP addresses.
0コメント