Cracking Techniques - PowerPoint PPT Presentation

Cracking techniques l.jpg
Download
1 / 29

Cracking Techniques. Onno W. Purbo Onno@indo.net.id. Referensi. http://www.rootshell.com Front-line Information Security Team, “Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks,” fist@ns2.co.uk & http://www.ns2.co.uk. Referensi.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Cracking Techniques

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cracking techniques l.jpg

Cracking Techniques

Onno W. Purbo

Onno@indo.net.id


Referensi l.jpg

Referensi

  • http://www.rootshell.com

  • Front-line Information Security Team, “Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks,” fist@ns2.co.uk & http://www.ns2.co.uk


Referensi3 l.jpg

Referensi

  • http://www.antionline.com/archives/documents/advanced/

  • http://www.rootshell.com/beta/documentation.html

  • http://seclab.cs.ucdavis.edu/papers.html

  • http://rhino9.ml.org/textware/


Introduction l.jpg

Introduction


Just who is vulnerable anyway l.jpg

Just who is vulnerable anyway?

  • Financial institutions and banks

  • Internet service providers

  • Pharmaceutical companies

  • Government and defense agencies

  • Contractors to various goverment agencies

  • Multinational corporations


Profile of a typical system cracker l.jpg

Profile of a typical 'system cracker'

  • Usually male, aged 16-25.

  • To improve their cracking skills, or to use network resources for their own purposes.

  • Most are opportunists

  • Run scanners for system vulnerabilities.

  • Usually gain root access; then install a backdoor and patch the host from common remote vulnerabilities.


Networking methodologies adopted by many companies l.jpg

Networking methodologies adopted by many companies


Internet s purposes l.jpg

Internet’s purposes ..

  • The hosting of corporate webservers

  • E-mail and other global communications via. the internet

  • To give employees internet access


Network separation l.jpg

Network separation

  • Firewall

  • Application Proxies


Understanding vulnerabilities in such networked systems l.jpg

Understanding vulnerabilities in such networked systems


Understanding vulnerabilities l.jpg

Understanding vulnerabilities

  • External mailserver must have access to mailservers on the corporate network.

  • agressive-SNMP scanners & community string brute-force programs, turn router into bridge.


The attack l.jpg

The attack


Techniques used to cloak the attackers location l.jpg

Techniques used to 'cloak' the attackers location

  • Bouncing through previously compromised hosts via. telnet or rsh.

  • Bouncing through windows hosts via. Wingates.

  • Bouncing through hosts using misconfigured proxies.


Network probing and information gathering l.jpg

Network probing and information gathering

  • Using nslookup to perform 'ls <domain or network>' requests.

  • View the HTML on your webservers to identify any other hosts.

  • View the documents on your FTP servers.

  • Connect to your mailservers and perform 'expn <user>' requests.

  • Finger users on your external hosts.


Identifying trusted network components l.jpg

Identifying trusted network components

  • a trusted network component is usually an administrators machine, or a server that is regarded as secure.

  • start out by checking the NFS export & access to critical directory /usr/bin, /etc and /home.

  • Exploit a machine using a CGI vulnerability, gain access to /etc/hosts.allow


Identifying vulnerable network components l.jpg

Identifying vulnerable network components

  • Use Linux programs such as ADMhack, mscan, nmap and many smaller scanners.

  • binaries such as 'ps' and 'netstat' are trojaned to hide scanning processes.

  • If routers are present that are SNMP capable, the more advanced crackers will adopt agressive-SNMP scanning techniques to try and 'brute force‘ the public and private community strings of such devices.


Perform types of checks l.jpg

Perform types of checks

  • A TCP portscan of a host.

  • A dump RPC services via. portmapper.

  • A listing of exports present via. nfsd.

  • A listing of shares via. samba / netbios.

  • Multiple finger to identify default accounts.

  • CGI vulnerability scanning.

  • Identification of vulnerable versions of server daemons, including Sendmail, IMAP, POP3, RPC status & RPC mountd.


Taking advantage of vulnerable components l.jpg

Taking advantage of vulnerable components

  • Identify vulnerable network components  compromise the hosts.

  • Upon executing such a program remotely to exploit a vulnerable server daemon

  • Gain root access to your host.


Upon gain access to vulnerable components l.jpg

Upon gain access to vulnerable components

  • 'clean-up‘ operation of doctoring your hosts logs

  • 'backdooring' service binaries.

  • place an .rhosts file in the /usr/bin to allow remote bin access to the host via rsh & csh


Abusing access privileges l.jpg

Abusing access & privileges


Downloading sensitive information l.jpg

Downloading sensitive information

  • 'bridge' between the internet - corporate network.

  • Abusing the trust with the external host.


Cracking other trusted hosts and networks l.jpg

Cracking other trusted hosts and networks

  • Install trojans & backdoors + remove logs.

  • Install sniffers on your hosts.


Installing sniffers l.jpg

Installing sniffers

  • Use 'ethernet sniffer' programs.

  • To 'sniff' data flowing across the internal network  a remote root compromise of an internal host.

  • To detect promiscuous network interfaces  the 'cpm' http://www.cert.org/ftp/tools/cpm/


Taking down networks l.jpg

Taking down networks

  • rm -rf / &

  • 'mission critical' routers & servers are always patched and secure.


  • Login