Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
765
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
60
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. PAGE 1Netwerk- endatabeveiliging3 SNBA – Groep 2xxx Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 2. Inhoudsopgave PAGE 2• WEP Hack + Theorie• Overzicht wireless beveiligingen• Windows 7 Hack• Slow Loris Hack• SSL Stripping Hack• Webcam Hack• Keylogger• WPA/WPA2 Hack Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 3. WEP Hack Theorie PAGE 3 Werking WEP • CRC32-checksum te verzenden data. • Checksum achter data geplakt • Plaintext = (Data + CRC32(Data)) wordt de plaintext genoemd • Nog niet leesbaar • Keystream = RC4(IV, sleutel). • IV = initiële vector ( willekeurig getallen die mogen) • Veranderen bij elk nieuw verzonden pakket • Sleutel = wachtwoord • Volledig pakket • Keystream + plaintext ge-XORd + IV voor data. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 4. WEP Hack Theorie PAGE 4 Samenvatting • pakket = IV + XOR(data + crc32(data), RC4(IV, sleutel)) Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 5. WEP Hack Theorie PAGE 5 Waarom kunnen we WEP kraken? • IV te klein en in cleartext • SSID, Mac, kanaalnummer, netwerksleutel • IV statisch • Herhaling in sleutel • IV maakt key stream kwetsbaar • De 802.11-standaard geeft niet aan hoe de IV’s worden ingesteld of gewijzigd • IV deel van RC4 encryptie sleutel • Geen crypto grafische integriteitsbescherming Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 6. Overzicht wireless beveiligingen PAGE 6 Item Wep WPA WPA2 “shared key” (zwak en Authenticatie 802.1X met EAP (sterk) 802.1X met EAP (sterk) gevaarlijk) Sleutellengte 64 bits 128 bits 128 bits Regelmatige automatisch Regelmatige automatisch Levensduur sleutel Handmatige aanpassing aanpassing (TKIP) aanpassing (TKIP) RC4 (op verschillende RC4 (op verschillende manieren gebroken, maar RC4 of AES (nog niet Encryptie manieren gekraakt) langere sleutels veel gebroken) moeilijker) CRC (gemakkelijk te Boodschap integriteit Mic (niet te vervalsen) Mic (niet vervalsen) vervalsen) Compatibiliteit / Software-upgrade Hardware-upgrade Peroide 1997 - 2003 2003 - 2004 Vanaf 2004 Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 7. Windows7 Hack + Logging PAGE 7 Gebruikte Windows tools? • Utility manager + cmd Hoe binnen breken? • Admin aanmaken via cmd Hoe anoniem blijven? • Kopiëren Utilman.exe • Kopiëren Logs Speciaal kopieer commando logs: • Cp –r –p … … Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 8. Slow Loris Hack PAGE 8Open-source Perl script • PyLoris (Python), PHP variant, EXE variant (Iran)Geen SYN-flood / ICMP (Ping of Death)• Lage bandbreedte  Lage serverload• Stuurt onvolledige HTTP GET requests • Vult cue op met GET requests • Houdt sockets open + hergebruikt dezeAlleen effectief tegen bepaalde webservers (vooral Apache)• Werkt niet tegen load balancers (bv. Visa, Youtube, …)Kan anoniem met ToR/Proxy Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 9. Slow Loris Hack PAGE 9DoS in het OSI model OSI Model Dos Attack 7 Application Slowloris – Onvolledige HTTP requests 6 Presentation 5 Session 4 Transport SYN Flood – Onvolledige TCP handshakes 3 Network 2 Data Link 1 Physical Kabel doorknippen  Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 10. SSL Stripping Hack PAGE 10SSL zit tussen de Applicatie en Transport laag Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 11. SSL Stripping Hack PAGE 11 Hijacking HTTPS communicatie en man-in-the-middle attack • Traffic between the client and web server is intercepted. • When an HTTPS URL is encountered sslstrip replaces it with an HTTP link and keeps a mapping of the changes. • The attacking machine supplies certificates to the web server and impersonates the client. • Traffic is received back from the secure website and provided back to the client. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 12. Webcam Hack PAGE 12Metasploit • Exploits • Penetratie • Patched• NetAPI32.dll  netapi• Payload• Zwakheid• Live stream Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 13. Keylogger PAGE 13• Metasploit• ps => migrate• Dump Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  • 14. WPA/WPA2 Hack PAGE 14• Monitor mode • Airmon-ng• Netwerk scan• Station • Wpa hand shake • Deauthentication • Reauthentication• Wordlist Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg