Your SlideShare is downloading. ×
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Backtrack ppt
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Backtrack ppt

832

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
832
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
64
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PAGE 1Netwerk- endatabeveiliging3 SNBA – Groep 2xxx Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 2. Inhoudsopgave PAGE 2• WEP Hack + Theorie• Overzicht wireless beveiligingen• Windows 7 Hack• Slow Loris Hack• SSL Stripping Hack• Webcam Hack• Keylogger• WPA/WPA2 Hack Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 3. WEP Hack Theorie PAGE 3 Werking WEP • CRC32-checksum te verzenden data. • Checksum achter data geplakt • Plaintext = (Data + CRC32(Data)) wordt de plaintext genoemd • Nog niet leesbaar • Keystream = RC4(IV, sleutel). • IV = initiële vector ( willekeurig getallen die mogen) • Veranderen bij elk nieuw verzonden pakket • Sleutel = wachtwoord • Volledig pakket • Keystream + plaintext ge-XORd + IV voor data. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 4. WEP Hack Theorie PAGE 4 Samenvatting • pakket = IV + XOR(data + crc32(data), RC4(IV, sleutel)) Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 5. WEP Hack Theorie PAGE 5 Waarom kunnen we WEP kraken? • IV te klein en in cleartext • SSID, Mac, kanaalnummer, netwerksleutel • IV statisch • Herhaling in sleutel • IV maakt key stream kwetsbaar • De 802.11-standaard geeft niet aan hoe de IV’s worden ingesteld of gewijzigd • IV deel van RC4 encryptie sleutel • Geen crypto grafische integriteitsbescherming Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 6. Overzicht wireless beveiligingen PAGE 6 Item Wep WPA WPA2 “shared key” (zwak en Authenticatie 802.1X met EAP (sterk) 802.1X met EAP (sterk) gevaarlijk) Sleutellengte 64 bits 128 bits 128 bits Regelmatige automatisch Regelmatige automatisch Levensduur sleutel Handmatige aanpassing aanpassing (TKIP) aanpassing (TKIP) RC4 (op verschillende RC4 (op verschillende manieren gebroken, maar RC4 of AES (nog niet Encryptie manieren gekraakt) langere sleutels veel gebroken) moeilijker) CRC (gemakkelijk te Boodschap integriteit Mic (niet te vervalsen) Mic (niet vervalsen) vervalsen) Compatibiliteit / Software-upgrade Hardware-upgrade Peroide 1997 - 2003 2003 - 2004 Vanaf 2004 Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 7. Windows7 Hack + Logging PAGE 7 Gebruikte Windows tools? • Utility manager + cmd Hoe binnen breken? • Admin aanmaken via cmd Hoe anoniem blijven? • Kopiëren Utilman.exe • Kopiëren Logs Speciaal kopieer commando logs: • Cp –r –p … … Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 8. Slow Loris Hack PAGE 8Open-source Perl script • PyLoris (Python), PHP variant, EXE variant (Iran)Geen SYN-flood / ICMP (Ping of Death)• Lage bandbreedte  Lage serverload• Stuurt onvolledige HTTP GET requests • Vult cue op met GET requests • Houdt sockets open + hergebruikt dezeAlleen effectief tegen bepaalde webservers (vooral Apache)• Werkt niet tegen load balancers (bv. Visa, Youtube, …)Kan anoniem met ToR/Proxy Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 9. Slow Loris Hack PAGE 9DoS in het OSI model OSI Model Dos Attack 7 Application Slowloris – Onvolledige HTTP requests 6 Presentation 5 Session 4 Transport SYN Flood – Onvolledige TCP handshakes 3 Network 2 Data Link 1 Physical Kabel doorknippen  Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 10. SSL Stripping Hack PAGE 10SSL zit tussen de Applicatie en Transport laag Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 11. SSL Stripping Hack PAGE 11 Hijacking HTTPS communicatie en man-in-the-middle attack • Traffic between the client and web server is intercepted. • When an HTTPS URL is encountered sslstrip replaces it with an HTTP link and keeps a mapping of the changes. • The attacking machine supplies certificates to the web server and impersonates the client. • Traffic is received back from the secure website and provided back to the client. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 12. Webcam Hack PAGE 12Metasploit • Exploits • Penetratie • Patched• NetAPI32.dll  netapi• Payload• Zwakheid• Live stream Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 13. Keylogger PAGE 13• Metasploit• ps => migrate• Dump Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 14. WPA/WPA2 Hack PAGE 14• Monitor mode • Airmon-ng• Netwerk scan• Station • Wpa hand shake • Deauthentication • Reauthentication• Wordlist Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg

×