hacking linux n.
Skip this Video
Loading SlideShow in 5 Seconds..
Hacking Linux PowerPoint Presentation
Download Presentation
Hacking Linux

Loading in 2 Seconds...

play fullscreen
1 / 21

Hacking Linux - PowerPoint PPT Presentation

  • Uploaded on

Hacking Linux. Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2. Looking into Linux. Linux security overview Proactive measures and recovering. Stages of hacking – again. Mapping your machine and network Social Engineering, Trojans, and other tricks

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Hacking Linux' - paul

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hacking linux

Hacking Linux

Based on

Hacking Linux Exposed

Hatch, Lee, and Kurtz

ISBN 0-07-212773-2

looking into linux

Looking into Linux

Linux security overview

Proactive measures and recovering

stages of hacking again
Stages of hacking – again
  • Mapping your machine and network
  • Social Engineering, Trojans, and other tricks
  • Physical attacks
  • Attacking over the network
  • Abusing the network itself
  • Elevating user privilege
  • Password cracking
  • Maintaining access
server issues and vulnerabilities
Server issues and vulnerabilities
  • Mail and ftp
  • Web servers and dynamic content
  • Access control and firewalls
linux security overview
Linux security overview
  • Porque
    • You are easy
    • You can be used as anonymous access
    • You are Linux and thus open source
      • The OS source is available
      • But the developers are self-policing – developer culture and Bugtraq
    • Access control methods
      • Password security
      • Controls on users
      • Privileged ports
      • Virtual memory gets reclaimed
proactive measures and recovering
Proactive measures and recovering
  • Proactive measures
    • Insecurity scanners – finding your own weakness
    • Scan detectors – is someone eyeballing you?
    • Hardening your system
    • Log file analysis
    • File system integrity checks
  • Recovering from being hacked
    • Detecting if you have been hacked
    • What to do after a breakin
mapping your machine and network
Mapping your machine and network
  • Public domain looking
    • Online searches
    • Whois databases
    • Ping sweeps
    • DNS issues
    • Traceroutes
    • Port scanning
    • OS detection
      • Active stack fingerprinting
      • Passive stack fingerprinting
mapping continued
Mapping, continued
  • Enumerating RPC services
    • What authentication level is used
    • What services – NFS, NIS, other PRC
  • NFS file sharing
    • What is exportable – and to what users
  • SNMP possibilities
  • Network insecurity scanners
    • Canned stuff that combines all these approaches
social engineering trojans and other tricks
Social Engineering, Trojans, and other tricks
  • Social engineering
  • Trojan horses
  • Viruses and worms
  • IRC backdoors
physical attacks
Physical attacks
  • Attacking the office
    • Sneaky pete installs something
  • Boot access is root access
    • Boot passwords are in the flash ROM
    • Setup helps a little bit
  • Encrypted filesystems
attacking over the network
Attacking over the network
  • Using the network itself
    • TCP/IP
    • The public phone system
    • Default or bad configurations
    • NFS mounts
    • Netscape defaults
    • Squid
    • X-Windows system
tcp ip
  • Structure (header and function)
    • TCP
      • Flag bits (Urgent, Ack, Push, Reset, Syn, Fin)
    • UDP – less structure and functionality
    • ICMP – Control messages – many hacking possibilities
    • IP – Underlies these three protocols – host-to-host
the public phone system
The public phone system
  • Modem attacks
    • Wardialing – mechanized dialing used to find modems
    • Attacks on modem internal protocols – Hayes not-so-smart Modem
      • Idea was to shut off sound, store a new number, disconnect and redial Moldavia
    • Countermeasures
      • One-time-pad login modules
      • Passwording
      • Biometrics
more network attacks
More network attacks
  • Default passwords and password guessing
  • Sniffers
    • How they work
    • Common versions
  • Vulnerabilities
    • Buffer overflows
    • Vulnerable services
    • Vulnerable scripts
  • Unnecessary services and detecting them
    • Using netstat, lsof, nmap
    • How to turn them off – inetd.conf
abusing the network itself
Abusing the network itself
  • DNS Exploits
  • Routing issues
  • Advanced sniffing and session hijacking
    • Hunt
    • Dsniff
    • Man-in-the-middle attacks
  • Denial of service (DoS) attacks
    • Floods
    • TCP/IP attacks
more abuse and countermeasures
More abuse and countermeasures
  • Abusing trust relationships
  • Implementing egress filtering
elevating user privilege
Elevating user privilege
  • Users and privileges
    • Elevation of privilege
  • Trusted paths and trojan horses
  • Password storage and use
  • Special purpose groups and device access
  • Sudo
  • Suid programs
    • Hacker suids on mounted file systems
  • Countering poor programming
password cracking
Password cracking
  • How they work
  • More advanced algorithms
  • Cracking programs
  • Shadow passwords
  • Pluggable modules, etc.
maintaining access
Maintaining access
  • Using the r commands, rsh, rexe, etc.
  • Passwordless access using ssh
  • Network accessible root shells
  • Trojaned system programs
    • Back doors
    • Trail hiding
  • Kernel hacks
remote access methods unix
Remote access methods - Unix
  • Primary methods
    • Exploiting a listening service (TCP/IP)
      • System must be running services listening on some port
        • First enumerate, then specific exploit for that service
    • Using source routing to cross firewall or router
      • Router must have source routing disabled, or at least protected
    • User-triggered traps
      • Example: browsing as root and encountering malicious code
    • Exploiting system with network interface in promiscuous mode
      • Sniffer can sniff a malicious packet that was put there to catch any victim
brute force attacks
Brute force attacks
  • Password attacks
    • These can use any service that uses a logname/password for access
    • Many utilities exist for automating
    • Countermeasures are improved password analyzers, delay in login on incorrect passwords, detecting repeated login attempts
    • User password education – don’t use same password everywhere
  • Data driven attacks
    • Buffer and stack overflows work because of weak C libraries
    • Basic idea is to send an “egg” with code that goes on stack (used for local variables and return address)