• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Ethical Hacking4
 

Ethical Hacking4

on

  • 1,232 views

 

Statistics

Views

Total Views
1,232
Views on SlideShare
1,231
Embed Views
1

Actions

Likes
0
Downloads
74
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Lulled : menidurkan/mematikan
  • Lulled : menidurkan/mematikan
  • Smb : protokol sharing windows

Ethical Hacking4 Ethical Hacking4 Presentation Transcript

  • Ethical Hacking
    ILKOM
    2009 / 2010
  • Trojan
    A trojan is a small program that runs hidden on an infected computer.
    Sebuah program atau code yang tanpa otorisasi yang menempel pada program sah. Program tanpa otorisasi ini melakukan aktivitas yang tidak diketahui dan tidak diinginkan oleh pengguna.
    Penyerang dapat mengakses sistem yang terkena trojan ketika sistem tersebut melakukan online.
  • Trojan
    With the help of a trojan an attacker gets access to stored passwords in the trojaned computer and would be able to read personal documents, delete files, display pictures, and/or show messages on the screen.
    Transmitting to intruder any files that can be read, installing other program that provide unauthorized network access.
  • Trojan
    Trojan jg berusaha utk mengexploit vulnerablility utk meningkatkan level akses dari belakang sistem user yang terkena trojan. Bila ini berhasil maka akan meningkatkan level hak akses.
    Bila user menggunakan akses level administrator pada OS maka trojan dapat melakukan apa saja sebagaimana yang dpt dilakukan administrator.
  • Tipe Trojan
    Remote Access Trojans
    Password sending Trojans
    Keylogger
    Destructive Trojans
    Denial of service (DoS) attack Trojans
    Proxy Trojans
    FTP Trojans
    Security software disablers
  • Remote Access Trojans
    Trojan ini biasanya tertuju pada media dan berakibat otoritas tinggi karena kemampuannya untuk memberikan kepada penyerang kekuatan untuk melakukan hal melebihi kemampuan dari korban itu sndiri.
    Biasanya kombinasi berbagai trojan.
    Password sending Trojans
    Trojan ini mengambil semua cache password dan menangkap pasword yang menuju ke korban dan meng-emailkan ke penyerang tanpa korban sadari.
  • Keylogger
    Trojan menyalin tekanan pada keyboard korban dan membiarkan penyerang mencari password atau sensitif mesin di dalam log file.
    Destructive Trojans
    Trojan ini khusus untuk menghancurkan atau menghapus file utama sprt .dll, .ini, .exe
    Denial of service (DoS) attack Trojans
    Trojan ini digunakan penyerang utk melakukan DoS. Varian trojan ini yaitu mail-bomb trojan yang bertujuan utama menginfeksi sebanyak dan berurutan pada spesifik email/address dengan subjek dan konten acak tanpa bisa difilter.
  • FTP trojan
    Trojan ini membuka port 21 dan memberikan siapa saja atau penyerang ke dalam mesin.
    Proxy Trojans
    Trojan ini mengubah menjadi sebuah proxy bagi seluruh dunia atau penyerang saja. Trojan ini digunakan untuk anonymous telnet, ICQ, IRC dan sebagainya.
    Security software disablers
    Ada sebuah fungsi dari trojan yaitu mendisable security software pada target, sehingga penyerang dapat melakukan explot lebih leluasa untuk keperluan ilegal lainnya.
  • Pembuat trojan cari
    Credit card information, e-mail addresses.
    Accounting data (passwords, user names, etc.)
    Confidential documents
    Financial data (bank account numbers, Social Security numbers, insurance information, etc.)
    Using the victims computer for illegal purposes, such as to hack, scan, flood, or infiltrate other machines on the network or Internet.
  • Indikasi terserang trojan
    CD-ROM drawer opens and closes by itself.
    Computer screen flips upside down or inverts.
    Wall paper or background settings change by themselves.
    Documents or messages print from the printer by themselves.
    Computer browser goes to a strange or unknown web page by itself.
    Windows color settings change by themselves.
    Screen saver settings change by themselves.
  • Indikasi terserang trojan
    Right and left mouse buttons reverse their Functions
    Mouse pointer disappears.
    Mouse moves by itself.
    Windows Start button disappears.
    Strange chat boxes appear on the victim’s
    computer and the victim is forced to chat with a stranger.
    The ISP complains to the victim that their computer is IP scanning.
  • Indikasi terserang trojan
    Computer shuts down and powers off by itself.
    Task bar disappears.
    The account passwords are changed or unauthorized persons can access legitimate accounts.
    Strange purchase statements in credit card bills.
    The computer monitor turns itself off and on.
    Modem dials, and connects, to the Internet by itself.
    Ctrl + Alt + Del stops working.
    While rebooting the computer a message flashes that there are other users still connected.
  • Trojan launcher
    PhatBot
    This Trojan allows the attacker to control computers and link them into P2P networks that can then be used to send large amounts of spam e-mail messages, or flood Web sites with data, in an attempt to knock them offline.
    It can steal Windows Product Keys, AOL login names and passwords as well as the CD key of some famous games. It tries to disable antivirus and firewall software.
    Amitis
    The Server copies itself to the windows directory so even if the main file is deleted the victim is still infected.
    The server automatically sends the requested notification as soon as the victim goes online.
  • Trojan launcher
    Senna Spy
    Senna Spy Generator 2.0 is a trojan generator. Senna Spy Generator is able to create Visual Basic source code for a trojan based on the selection of a few options.This trojan is compiled from generated source code, anything could be changed in it.
    Feature server diantaranya mengubah wallpaper, execute dos command, find filter, FTP server, hang up internet connection, mengambil kunci lisensi.
    Back orifice
    Back Orifice (BO) is a remote administration system which allows a user to control a computer across a TCP/IP connection using a simple console or GUI application. On a local LAN or across the internet, BO gives its user more control of the remote Windows machine than the person at the keyboard of the remote machine.
    Netbus
    NetBus is a Win32 based Trojan program. Like Back Orifice, NetBus allows a remote user to access and control the victim’s machine by way of its Internet link.
  • Trojan launcher
    SubSeven
    Its symptoms include a slowing down the computer, and a constant stream of error messages. SubSeven is a trojan virus most commonly spread through file attachments in e-mail messages, and the ICQ program.
    Netcat
    Outbound or inbound connections, TCP or UDP, to, or from,any port.
    Ability to use any local source port.
    Ability to use any locally-configured network source address.
    Built-in port-scanning capabilities, with randomizer
    Built-in loose source-routing capability.
    Subroot Telnet Trojan
    It is a telnet remote administration tool.
    Donald Dick
    Donald Dick is a tool that enables a user to control another computer over a network. It uses a client-server architecture with the server residing on the victim's computer. The attacker uses the client to send command through TCP or SPX to the victim listening on a pre-defined port.Donald Dick uses default port either 23476 or 23477.
  • Menghindari trojan
    Do not download blindly from people, or sites, if it is not 100% safe.
    Even if the file comes from a friend, be sure what the file is before opening it.
    Do not use features in programs that automatically get, or preview, files.
    Do not blindly type commands when told to type them, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts
  • Menghindari trojan
    Do not be lulled into a false sense of security just because an antivirus program is running in the system.
    Ensure that the corporate perimeter defenses are kept continuously up-to-date.
    Filter and scan all content that could contain malicious content at the perimeter defenses.
    Run local versions of antivirus, firewall, and intrusion detection software at the desktop.
  • Menghindari trojan
    Rigorously control user permissions within the desktop environment to prevent the installation of malicious applications.
    Manage local workstation file integrity through checksums, auditing and port scanning.
    Monitor internal network traffic for unusual open ports or encrypted traffic.
    Use multiple virus scanners.
  • Sniffing
    Sniffer adalah sebuah software yang menangkap data informasi yang vital dari lalu lintas spesifik dalam jaringan tertentu.
    “data interception” tehcnology. (menangkap/mencegat)
    The objective of sniffing is to grab:
    Password (e-mail, web, SMB, ftp, SQL, telnet)
    Email text
    Files in transfer (e-mail, ftp, SMB)
  • Sniffing
    Yang biasa menjadi cara yaitu pada ethernet / jaringan kabel. Dimana proses ethernet protokol bekerja dengan membroadcast paket ke semua host dlm jaringan, dengan header paket yang mengandung MAC address tujuan paket. Dan sniffer memanfaatkan kondisi ini untuk menjadi alamat palsu.
  • Jenis Sniffing
    Passive sniffing : menangkap paket yang berjalan di dalam jaringan pada saat dilakukan broadcast.
    Active sniffing : menangkap paket yang ditujukan ke destination address dan sniffer meracuni ethernet dengan alamat palsu.
  • Sniffing
    Sniffer tidak saja digunakan untuk proses penangkapan informasi penting bagi penyusup tetapi digunakan NIDS (network intrusion detection system) untuk menemukan paket-paket asing sehingga dapat memberikan alarm bagi sistem selain itu juga sebagai metrics dan analisis.
  • Etherflood : memenuhi sebuah ethernet dengan random alamat dan kemudian ethernet mengirimkan informasi pada semua portnya. Sehingga semua jaringan dapat di sniff oleh penyerang dari semua port ethernet tersebut.
    ARP poisoning : meracuni paket ARP dari NIC penyerang sehingga memaksa NIC korban untuk mengirimkan data kepada penyerang (gateway). Dan jika pemaksaan dilakukan dengan MAC flooding terhadap switch maka akan menjadikan switch bersifat “hub”.
  • Small Network
    Use of static IP addresses and static ARP tables which prevent hackers from adding spoofed ARP entries for machines in the network
    Large Networks
    Network switch "Port Security" features should be enabled
    Use of Arpwatch to monitor ethernet activity
    Mencegah spoof
  • Ethereal
    Ethereal is a network protocol analyzer for UNIX and Windows.
    It allows the user to examine data from a live network or from a capture file on a disk.
    The user can interactively browse the captured data, viewing summary and detailed information of each packet captured.
    Dsniff
    Dsniff is a collection of tools for network auditing and penetration testing.
    ARPSPOOF, DNSSPOOF, and MACOF facilitate the interception of network traffic that is normally unavailable to an attacker.
  • Sniffit
    Sniffit is a packet sniffer for TCP/UDP/ICMP packets.
    It provides detailed technical information about the packets and packet contents in different formats.
    Aldebaran
    Aldebaran is an advanced LINUX sniffer/network analyzer.
    It supports sending data to another host, dump file encryption, real-time mode, packet content scanning.
  • Ntop
    Ntop is a network traffic probe that shows network usage.
    In webmode, it acts as a web server, creating an html dump of the network status.
    IPTraf
    IPTraf is a network monitoring utility for IP networks. It intercepts packets on the network and gives out various pieces of information about the currently monitored IP traffic.
    monitor the load on an IP network, the types of network services that are most in use.
  • Network Probe
    This network monitor and protocol analyzer gives the user an instant picture of the traffic situation on the target network and can be sorted, searched, and filtered by protocols, hosts, conversations, and network interfaces.
    Snort
    Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console.
    Packet logger mode logs the packets to the disk.
    Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set.
  • ensure that a packet sniffer cannot be installed.
    The best way to be secured against sniffing is to use encryption.
    ARP Spoofing is used to sniff a switched network. So the attacker will try to ARP spoof the gateway. This can be prevented by permanently adding the MAC address of the gateway to the ARP cache.
    Mencegah sniff
  • Change the network to SSH.
    There are various tools to detect a sniffer in a network. They are as follows:
    ARP Watch
    Promiscan
    Antisniff
    Prodetect
    Mencegah sniff