Your SlideShare is downloading. ×
0
PAGE 1Netwerk- endatabeveiliging3 SNBA – Groep 2xxx                                        Company Proprietary and Confide...
Inhoudsopgave                                                      PAGE 2• WEP Hack + Theorie• Overzicht wireless beveilig...
WEP Hack Theorie                                                                     PAGE 3  Werking WEP  • CRC32-checksum...
WEP Hack Theorie                                                               PAGE 4  Samenvatting  • pakket = IV + XOR(d...
WEP Hack Theorie                                                              PAGE 5  Waarom kunnen we WEP kraken?  • IV t...
Overzicht wireless beveiligingen                                                                                          ...
Windows7 Hack + Logging                                           PAGE 7  Gebruikte Windows tools?  • Utility manager + cm...
Slow Loris Hack                                                                            PAGE 8Open-source Perl script  ...
Slow Loris Hack                                                                                            PAGE 9DoS in he...
SSL Stripping Hack                                                         PAGE 10SSL zit tussen de Applicatie en Transpor...
SSL Stripping Hack                                                                              PAGE 11 Hijacking HTTPS co...
Webcam Hack                                                          PAGE 12Metasploit   • Exploits   • Penetratie   • Pat...
Keylogger                                                          PAGE 13• Metasploit• ps => migrate• Dump               ...
WPA/WPA2 Hack                                                     PAGE 14• Monitor mode   • Airmon-ng• Netwerk scan• Stati...
Upcoming SlideShare
Loading in...5
×

Backtrack ppt

845

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
845
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
64
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Backtrack ppt"

  1. 1. PAGE 1Netwerk- endatabeveiliging3 SNBA – Groep 2xxx Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  2. 2. Inhoudsopgave PAGE 2• WEP Hack + Theorie• Overzicht wireless beveiligingen• Windows 7 Hack• Slow Loris Hack• SSL Stripping Hack• Webcam Hack• Keylogger• WPA/WPA2 Hack Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  3. 3. WEP Hack Theorie PAGE 3 Werking WEP • CRC32-checksum te verzenden data. • Checksum achter data geplakt • Plaintext = (Data + CRC32(Data)) wordt de plaintext genoemd • Nog niet leesbaar • Keystream = RC4(IV, sleutel). • IV = initiële vector ( willekeurig getallen die mogen) • Veranderen bij elk nieuw verzonden pakket • Sleutel = wachtwoord • Volledig pakket • Keystream + plaintext ge-XORd + IV voor data. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  4. 4. WEP Hack Theorie PAGE 4 Samenvatting • pakket = IV + XOR(data + crc32(data), RC4(IV, sleutel)) Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  5. 5. WEP Hack Theorie PAGE 5 Waarom kunnen we WEP kraken? • IV te klein en in cleartext • SSID, Mac, kanaalnummer, netwerksleutel • IV statisch • Herhaling in sleutel • IV maakt key stream kwetsbaar • De 802.11-standaard geeft niet aan hoe de IV’s worden ingesteld of gewijzigd • IV deel van RC4 encryptie sleutel • Geen crypto grafische integriteitsbescherming Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  6. 6. Overzicht wireless beveiligingen PAGE 6 Item Wep WPA WPA2 “shared key” (zwak en Authenticatie 802.1X met EAP (sterk) 802.1X met EAP (sterk) gevaarlijk) Sleutellengte 64 bits 128 bits 128 bits Regelmatige automatisch Regelmatige automatisch Levensduur sleutel Handmatige aanpassing aanpassing (TKIP) aanpassing (TKIP) RC4 (op verschillende RC4 (op verschillende manieren gebroken, maar RC4 of AES (nog niet Encryptie manieren gekraakt) langere sleutels veel gebroken) moeilijker) CRC (gemakkelijk te Boodschap integriteit Mic (niet te vervalsen) Mic (niet vervalsen) vervalsen) Compatibiliteit / Software-upgrade Hardware-upgrade Peroide 1997 - 2003 2003 - 2004 Vanaf 2004 Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  7. 7. Windows7 Hack + Logging PAGE 7 Gebruikte Windows tools? • Utility manager + cmd Hoe binnen breken? • Admin aanmaken via cmd Hoe anoniem blijven? • Kopiëren Utilman.exe • Kopiëren Logs Speciaal kopieer commando logs: • Cp –r –p … … Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  8. 8. Slow Loris Hack PAGE 8Open-source Perl script • PyLoris (Python), PHP variant, EXE variant (Iran)Geen SYN-flood / ICMP (Ping of Death)• Lage bandbreedte  Lage serverload• Stuurt onvolledige HTTP GET requests • Vult cue op met GET requests • Houdt sockets open + hergebruikt dezeAlleen effectief tegen bepaalde webservers (vooral Apache)• Werkt niet tegen load balancers (bv. Visa, Youtube, …)Kan anoniem met ToR/Proxy Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  9. 9. Slow Loris Hack PAGE 9DoS in het OSI model OSI Model Dos Attack 7 Application Slowloris – Onvolledige HTTP requests 6 Presentation 5 Session 4 Transport SYN Flood – Onvolledige TCP handshakes 3 Network 2 Data Link 1 Physical Kabel doorknippen  Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  10. 10. SSL Stripping Hack PAGE 10SSL zit tussen de Applicatie en Transport laag Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  11. 11. SSL Stripping Hack PAGE 11 Hijacking HTTPS communicatie en man-in-the-middle attack • Traffic between the client and web server is intercepted. • When an HTTPS URL is encountered sslstrip replaces it with an HTTP link and keeps a mapping of the changes. • The attacking machine supplies certificates to the web server and impersonates the client. • Traffic is received back from the secure website and provided back to the client. Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  12. 12. Webcam Hack PAGE 12Metasploit • Exploits • Penetratie • Patched• NetAPI32.dll  netapi• Payload• Zwakheid• Live stream Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  13. 13. Keylogger PAGE 13• Metasploit• ps => migrate• Dump Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  14. 14. WPA/WPA2 Hack PAGE 14• Monitor mode • Airmon-ng• Netwerk scan• Station • Wpa hand shake • Deauthentication • Reauthentication• Wordlist Company Proprietary and Confidential Company Proprietary and Confidential PHL - Limburg
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×