Remote control and advanced techniques
This presentation is the property of its rightful owner.
Sponsored Links
1 / 4

Remote Control and Advanced Techniques PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

Remote Control and Advanced Techniques. Remote Control Software. What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local machine ( graphical ) Allow running graphical, text-based application in remote machine, displaying the results in the local machine.

Download Presentation

Remote Control and Advanced Techniques

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Remote control and advanced techniques

Remote Control and Advanced Techniques


Remote control software

Remote Control Software

  • What do they do?

    • Connect through dial-in and/or TCP/IP.

    • Replicate remote screen on local machine (graphical)

    • Allow running graphical, text-based application in remote machine, displaying the results in the local machine.

  • A variety of applications, most with free download as demo.

    • pcAnywhere is one of the pioneers and very popular.

    • VNC is also very popular because it is cross-platform and free.

  • Discovering and connecting to remote control software

    • Use Nmap or Superscan to search for ports 22, 799, 800, 1494, 2000, 2001, 5631, 5632, 5800, 5801, 5900, 5901, 43188, 65301

    • Once software is identified download free demo and try brute force.

    • Major weakness: only password is encrypted, traffic is compressed, only.

  • Countermeasures: strong password (again), encrypt traffic (SSL, SSN, etc.), limit and log login attempts, change default listening port. In dial-in use: logoff user with call completion.


Advanced techniques

Advanced Techniques

  • Adding to what we have seen before:

    • Trojans: we have seen that BO, NetBus and SubSeven are the most common Trojan, backdoor hacker tools.

      • TCP/IP ports: official , Internet services. Different from protocol ports.

      • Trojan ports: list , more details, and resources.

      • Port listening software: netstat, Active Ports (example), BackOfficer Friendly (example).

      • Checking and removing Trojans: Symantec on-line check (example), Moosoft Cleaner shareware.

      • Weeding out rogue processes: Windows Task Manager, Linux ps –aux

      • Be aware of traps: Whack-A-Mole (pseudo game), BoSniffer (BO in disguise), eLiTeWrap (packs Trojans as exe). Generic: download, scan for virus, then execute, do not run from Internet.

    • Rootkits: Difficult to detect

      • keep a record of your files using Tripwire,

      • create image of your hard-drive: hardware and software solutions (Norton Ghost, Drive Image).


Other techniques

Other Techniques

  • TCP hijacking

    • Juggernaut: spy on a TCP connection and issue commands as the logged user.

    • Hunt: spy on a TCP connection (works with shared and switched nets).

    • Countermeasures: encrypted protocols such as IPSec, SSH.

  • TFTP: Trivial File Transfer Protocol.

    • Used by routers, and there are free servers for Windows.

    • Standard client in Windows 2000: tftp.exe protected by Windows File Protection so it can't be removed. See use here.

    • Prevent its use by Nimda :

      • Edit the services file: %systemroot%/system32/drivers/etc/services

      • Find this line: tftp 69/udp

      • Replace it with: tftp 0/udp

  • Social Engineering

    • Help desk information: on the Web, e-mail, voice

    • User information: on the Web, e-mail, voice


  • Login