Your SlideShare is downloading. ×
Ethical Hacking4
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ethical Hacking4

1,127
views

Published on

Published in: Education, Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,127
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
76
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Lulled : menidurkan/mematikan
  • Lulled : menidurkan/mematikan
  • Smb : protokol sharing windows
  • Transcript

    • 1. Ethical Hacking
      ILKOM
      2009 / 2010
    • 2. Trojan
      A trojan is a small program that runs hidden on an infected computer.
      Sebuah program atau code yang tanpa otorisasi yang menempel pada program sah. Program tanpa otorisasi ini melakukan aktivitas yang tidak diketahui dan tidak diinginkan oleh pengguna.
      Penyerang dapat mengakses sistem yang terkena trojan ketika sistem tersebut melakukan online.
    • 3. Trojan
      With the help of a trojan an attacker gets access to stored passwords in the trojaned computer and would be able to read personal documents, delete files, display pictures, and/or show messages on the screen.
      Transmitting to intruder any files that can be read, installing other program that provide unauthorized network access.
    • 4. Trojan
      Trojan jg berusaha utk mengexploit vulnerablility utk meningkatkan level akses dari belakang sistem user yang terkena trojan. Bila ini berhasil maka akan meningkatkan level hak akses.
      Bila user menggunakan akses level administrator pada OS maka trojan dapat melakukan apa saja sebagaimana yang dpt dilakukan administrator.
    • 5. Tipe Trojan
      Remote Access Trojans
      Password sending Trojans
      Keylogger
      Destructive Trojans
      Denial of service (DoS) attack Trojans
      Proxy Trojans
      FTP Trojans
      Security software disablers
    • 6. Remote Access Trojans
      Trojan ini biasanya tertuju pada media dan berakibat otoritas tinggi karena kemampuannya untuk memberikan kepada penyerang kekuatan untuk melakukan hal melebihi kemampuan dari korban itu sndiri.
      Biasanya kombinasi berbagai trojan.
      Password sending Trojans
      Trojan ini mengambil semua cache password dan menangkap pasword yang menuju ke korban dan meng-emailkan ke penyerang tanpa korban sadari.
    • 7. Keylogger
      Trojan menyalin tekanan pada keyboard korban dan membiarkan penyerang mencari password atau sensitif mesin di dalam log file.
      Destructive Trojans
      Trojan ini khusus untuk menghancurkan atau menghapus file utama sprt .dll, .ini, .exe
      Denial of service (DoS) attack Trojans
      Trojan ini digunakan penyerang utk melakukan DoS. Varian trojan ini yaitu mail-bomb trojan yang bertujuan utama menginfeksi sebanyak dan berurutan pada spesifik email/address dengan subjek dan konten acak tanpa bisa difilter.
    • 8. FTP trojan
      Trojan ini membuka port 21 dan memberikan siapa saja atau penyerang ke dalam mesin.
      Proxy Trojans
      Trojan ini mengubah menjadi sebuah proxy bagi seluruh dunia atau penyerang saja. Trojan ini digunakan untuk anonymous telnet, ICQ, IRC dan sebagainya.
      Security software disablers
      Ada sebuah fungsi dari trojan yaitu mendisable security software pada target, sehingga penyerang dapat melakukan explot lebih leluasa untuk keperluan ilegal lainnya.
    • 9. Pembuat trojan cari
      Credit card information, e-mail addresses.
      Accounting data (passwords, user names, etc.)
      Confidential documents
      Financial data (bank account numbers, Social Security numbers, insurance information, etc.)
      Using the victims computer for illegal purposes, such as to hack, scan, flood, or infiltrate other machines on the network or Internet.
    • 10. Indikasi terserang trojan
      CD-ROM drawer opens and closes by itself.
      Computer screen flips upside down or inverts.
      Wall paper or background settings change by themselves.
      Documents or messages print from the printer by themselves.
      Computer browser goes to a strange or unknown web page by itself.
      Windows color settings change by themselves.
      Screen saver settings change by themselves.
    • 11. Indikasi terserang trojan
      Right and left mouse buttons reverse their Functions
      Mouse pointer disappears.
      Mouse moves by itself.
      Windows Start button disappears.
      Strange chat boxes appear on the victim’s
      computer and the victim is forced to chat with a stranger.
      The ISP complains to the victim that their computer is IP scanning.
    • 12. Indikasi terserang trojan
      Computer shuts down and powers off by itself.
      Task bar disappears.
      The account passwords are changed or unauthorized persons can access legitimate accounts.
      Strange purchase statements in credit card bills.
      The computer monitor turns itself off and on.
      Modem dials, and connects, to the Internet by itself.
      Ctrl + Alt + Del stops working.
      While rebooting the computer a message flashes that there are other users still connected.
    • 13. Trojan launcher
      PhatBot
      This Trojan allows the attacker to control computers and link them into P2P networks that can then be used to send large amounts of spam e-mail messages, or flood Web sites with data, in an attempt to knock them offline.
      It can steal Windows Product Keys, AOL login names and passwords as well as the CD key of some famous games. It tries to disable antivirus and firewall software.
      Amitis
      The Server copies itself to the windows directory so even if the main file is deleted the victim is still infected.
      The server automatically sends the requested notification as soon as the victim goes online.
    • 14. Trojan launcher
      Senna Spy
      Senna Spy Generator 2.0 is a trojan generator. Senna Spy Generator is able to create Visual Basic source code for a trojan based on the selection of a few options.This trojan is compiled from generated source code, anything could be changed in it.
      Feature server diantaranya mengubah wallpaper, execute dos command, find filter, FTP server, hang up internet connection, mengambil kunci lisensi.
      Back orifice
      Back Orifice (BO) is a remote administration system which allows a user to control a computer across a TCP/IP connection using a simple console or GUI application. On a local LAN or across the internet, BO gives its user more control of the remote Windows machine than the person at the keyboard of the remote machine.
      Netbus
      NetBus is a Win32 based Trojan program. Like Back Orifice, NetBus allows a remote user to access and control the victim’s machine by way of its Internet link.
    • 15. Trojan launcher
      SubSeven
      Its symptoms include a slowing down the computer, and a constant stream of error messages. SubSeven is a trojan virus most commonly spread through file attachments in e-mail messages, and the ICQ program.
      Netcat
      Outbound or inbound connections, TCP or UDP, to, or from,any port.
      Ability to use any local source port.
      Ability to use any locally-configured network source address.
      Built-in port-scanning capabilities, with randomizer
      Built-in loose source-routing capability.
      Subroot Telnet Trojan
      It is a telnet remote administration tool.
      Donald Dick
      Donald Dick is a tool that enables a user to control another computer over a network. It uses a client-server architecture with the server residing on the victim's computer. The attacker uses the client to send command through TCP or SPX to the victim listening on a pre-defined port.Donald Dick uses default port either 23476 or 23477.
    • 16. Menghindari trojan
      Do not download blindly from people, or sites, if it is not 100% safe.
      Even if the file comes from a friend, be sure what the file is before opening it.
      Do not use features in programs that automatically get, or preview, files.
      Do not blindly type commands when told to type them, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts
    • 17. Menghindari trojan
      Do not be lulled into a false sense of security just because an antivirus program is running in the system.
      Ensure that the corporate perimeter defenses are kept continuously up-to-date.
      Filter and scan all content that could contain malicious content at the perimeter defenses.
      Run local versions of antivirus, firewall, and intrusion detection software at the desktop.
    • 18. Menghindari trojan
      Rigorously control user permissions within the desktop environment to prevent the installation of malicious applications.
      Manage local workstation file integrity through checksums, auditing and port scanning.
      Monitor internal network traffic for unusual open ports or encrypted traffic.
      Use multiple virus scanners.
    • 19. Sniffing
      Sniffer adalah sebuah software yang menangkap data informasi yang vital dari lalu lintas spesifik dalam jaringan tertentu.
      “data interception” tehcnology. (menangkap/mencegat)
      The objective of sniffing is to grab:
      Password (e-mail, web, SMB, ftp, SQL, telnet)
      Email text
      Files in transfer (e-mail, ftp, SMB)
    • 20. Sniffing
      Yang biasa menjadi cara yaitu pada ethernet / jaringan kabel. Dimana proses ethernet protokol bekerja dengan membroadcast paket ke semua host dlm jaringan, dengan header paket yang mengandung MAC address tujuan paket. Dan sniffer memanfaatkan kondisi ini untuk menjadi alamat palsu.
    • 21. Jenis Sniffing
      Passive sniffing : menangkap paket yang berjalan di dalam jaringan pada saat dilakukan broadcast.
      Active sniffing : menangkap paket yang ditujukan ke destination address dan sniffer meracuni ethernet dengan alamat palsu.
    • 22. Sniffing
      Sniffer tidak saja digunakan untuk proses penangkapan informasi penting bagi penyusup tetapi digunakan NIDS (network intrusion detection system) untuk menemukan paket-paket asing sehingga dapat memberikan alarm bagi sistem selain itu juga sebagai metrics dan analisis.
    • 23. Etherflood : memenuhi sebuah ethernet dengan random alamat dan kemudian ethernet mengirimkan informasi pada semua portnya. Sehingga semua jaringan dapat di sniff oleh penyerang dari semua port ethernet tersebut.
      ARP poisoning : meracuni paket ARP dari NIC penyerang sehingga memaksa NIC korban untuk mengirimkan data kepada penyerang (gateway). Dan jika pemaksaan dilakukan dengan MAC flooding terhadap switch maka akan menjadikan switch bersifat “hub”.
    • 24. Small Network
      Use of static IP addresses and static ARP tables which prevent hackers from adding spoofed ARP entries for machines in the network
      Large Networks
      Network switch "Port Security" features should be enabled
      Use of Arpwatch to monitor ethernet activity
      Mencegah spoof
    • 25. Ethereal
      Ethereal is a network protocol analyzer for UNIX and Windows.
      It allows the user to examine data from a live network or from a capture file on a disk.
      The user can interactively browse the captured data, viewing summary and detailed information of each packet captured.
      Dsniff
      Dsniff is a collection of tools for network auditing and penetration testing.
      ARPSPOOF, DNSSPOOF, and MACOF facilitate the interception of network traffic that is normally unavailable to an attacker.
    • 26. Sniffit
      Sniffit is a packet sniffer for TCP/UDP/ICMP packets.
      It provides detailed technical information about the packets and packet contents in different formats.
      Aldebaran
      Aldebaran is an advanced LINUX sniffer/network analyzer.
      It supports sending data to another host, dump file encryption, real-time mode, packet content scanning.
    • 27. Ntop
      Ntop is a network traffic probe that shows network usage.
      In webmode, it acts as a web server, creating an html dump of the network status.
      IPTraf
      IPTraf is a network monitoring utility for IP networks. It intercepts packets on the network and gives out various pieces of information about the currently monitored IP traffic.
      monitor the load on an IP network, the types of network services that are most in use.
    • 28. Network Probe
      This network monitor and protocol analyzer gives the user an instant picture of the traffic situation on the target network and can be sorted, searched, and filtered by protocols, hosts, conversations, and network interfaces.
      Snort
      Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console.
      Packet logger mode logs the packets to the disk.
      Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set.
    • 29. ensure that a packet sniffer cannot be installed.
      The best way to be secured against sniffing is to use encryption.
      ARP Spoofing is used to sniff a switched network. So the attacker will try to ARP spoof the gateway. This can be prevented by permanently adding the MAC address of the gateway to the ARP cache.
      Mencegah sniff
    • 30. Change the network to SSH.
      There are various tools to detect a sniffer in a network. They are as follows:
      ARP Watch
      Promiscan
      Antisniff
      Prodetect
      Mencegah sniff