1 / 39

- PowerPoint PPT Presentation

  • Updated On :

Exploits. Dalia Solomon. Categories. Trojan Horse Attacks Smurf Attack Port Scan Buffer Overflow FTP Exploits Ethereal Exploit Worm Virus Password Cracker DNS Spoofing. Trojan Horse attacks.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - parry

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Exploits l.jpg


Dalia Solomon

Categories l.jpg

  • Trojan Horse Attacks

  • Smurf Attack

  • Port Scan

  • Buffer Overflow

  • FTP Exploits

  • Ethereal Exploit

  • Worm

  • Virus

  • Password Cracker

  • DNS Spoofing

Trojan horse attacks l.jpg
Trojan Horse attacks

  • A computer becomes vulnerable to this attack when the user downloads and installs a file onto their system.

  • This opens a port without the knowledge of the user. The open port gives the remote user access to ones computer

Trojan horse netbus l.jpg
Trojan Horse - NetBus

  • NetBus is a tool that allows a remote user to gain administrative privileges

  • NetBus consists of two programs a server and a client.

Netbus server l.jpg
NetBus Server

  • To infect a computer, NetBus disguises itself as an ICQ executable file that a naive user install on their computer.

Netbus server6 l.jpg
NetBus Server

  • NetBus server – This application will open a backdoor on the target computer. This application can be configured to be either invisible or visible to the user.

Netbus client l.jpg
NetBus Client

  • NetBus - This application will connect to a computer that is running NetBus server. It allows the hacker to spy and take control of the infected computer.

Smurf attack l.jpg
Smurf Attack

  • A Smurf Attack occurs when a packet such as an ICMP echo frame (in this application) is sent to a group of machines.

  • The packet sent has the source address replaced by the target computer or network IP address. This causes a flurry of echo responses to be sent to the target machine, which can overflow the target computer.

Smurf attack9 l.jpg
Smurf Attack

  • Here we are attacking our computer

Port scan l.jpg
Port Scan

  • This program allows the hacker to scan a target computer to detect open ports.

  • This is primarily used to detect vulnerable applications using certain ports on the target computer.

Buffer overflow l.jpg
Buffer Overflow

  • Buffer Overflow

    • Most common form of exploits

    • Occurs when you put more data in the buffer than what it can hold

    • Occurs if bounds are not checked by program

    • Purpose of buffer overflow is to execute codes and gain special privileges

Ftp exploits l.jpg
FTP Exploits

  • This exploit shows how it is possible for somebody to get a shell (command prompt) from Serv-U FTP server.

  • This exploit causes a buffer overflow condition to occur in Serv-U FTP when it parses the MDTM command.

Ftp exploits17 l.jpg
FTP Exploits

  • The exploit required that the user have login access to a server.

Ftp exploits18 l.jpg
FTP Exploits

  • This shows how the hacker gains shell access to the target machine.

Ftp exploits20 l.jpg
FTP Exploits

  • Here is a segment of the code that causes the buffer overflow.

Ethereal exploit l.jpg
Ethereal Exploit

  • Vulnerability exist in Ethereal. By sending carefully crafted packets to the sniffed wire or by convincing someone to load a malicious packet capture file into Ethereal a user can overflow a buffer and execute malicious code

    • The vulnerability exist in the following packets: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP.

Ethereal example l.jpg
Ethereal - example

  • Ethereal IGAP message

    • This exploits a vulnerability in Ethereal when handling IGAP messages

    • Works on Ethereal 0.10.0 to Ethereal 0.10.2.

    • Will either crash Ethereal or open a port that allows a user to gain root privileges

Ethereal example23 l.jpg
Ethereal - example

  • This code will create a malformed IGAP header that when sent, causes the Ethereal application to crash because of its vulnerability in handling IGAP packets.

Slide24 l.jpg

  • A worm is a program that makes copies of itself and causes major damage to the files, software, and data

  • Method of replication include

    • Email

    • File sharing

Worm example l.jpg
Worm - example

  • W32/Bugbear-A

    • Is a network worm that spreads by emailing attachments of itself

    • It creates a thread which attempts to terminate anti-virus and security programs

    • The worm will log keystrokes and send this information when the user is connected online

    • The worm will open port 80 on the infected computer

Worm example26 l.jpg
Worm - example


Worm example27 l.jpg
Worm - Example

  • W32/MyDoom-A is a worm which spreads by email.

  • When the infected attachment is launched, the worm harvests email addresses from address books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL.

Worm example continue l.jpg
Worm – Example (continue…)

  • Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.

Worm example continue29 l.jpg
Worm – Example (continue…)

  • the worm will attempt a denial-of-service attack to www.sco.com, sending numerous GET requests to the web server.

  • Drops a file named shimgapi.dll to the temp or system folder. This is a backdoor program loaded by the worm that allows outsiders to connect to TCP port 3127.


Virus l.jpg

  • A virus is program that infect operating system and applications.

  • Replication methods

    • Application File (Word doc.)

    • Hard drive or Boot record (boot disk)

    • Scripts (batch file)

Virus example l.jpg
Virus - example

  • W97M/Marker Virus is a Word macro virus

  • It collects user information from Word and sends the information through FTP

  • It adds a log at the end of the virus body for every infected user.

    • This log contains information for system time, date, users name and address

Virus example32 l.jpg
Virus - example

  • When you open a document file it will display a message

  • Depending on the user’s response the user will get one of these messages

Password cracker l.jpg
Password Cracker

  • Some applications and web pages are vulnerable to remote password cracker tools.

  • Application such as HTTP, FTP and telnet that don’t handle login properly and have small size password are vulnerable to brute force password cracker tools.

Password cracker34 l.jpg
Password - cracker

  • Brutus is a remote password cracker tool, on an older Serv-U v 2.5 application it can crack a password by sequentially sending in all possible password combination

Dns spoofing l.jpg
DNS spoofing

  • A DNS attack that involves intercepting and sending a fake DNS response to a user.

  • This attack forwards the user to a different address than where he wants to be.

Dns spoofing37 l.jpg
DNS spoofing

  • WinDNSSpoof

    • spoof DNS packets

    • http://www.securesphere.net/download/papers/dnsspoof.htm

Dns exploitation tool l.jpg
DNS Exploitation Tool

  • Zodiac is a robust DNS protocol monitoring and spoofing program

  • Features:

    • Captures and decodes DNS packets

    • DNS local spoofing

    • DNS ID spoofing, exploiting a weakness within the DNS protocol itself.

    • Etc…