Your SlideShare is downloading. ×
System Hacking
Module 05
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

System H acking
Module 05

Engin...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Security News

CEH

(•itifwtf

m...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

passwords. This matter has been ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

M odule O bjectives
‫י‬

CEH

Ur...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Inform ation at Hand Before Syst...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Scanning M odule
Scanning is a p...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

System Hacking: Goals

C EH

(«>...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

r

Hacking-Stage

Technique/Expl...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

CEH Hacking Me

Copyright © by E...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

FIGURE 5.2: CEH Hacking Methodol...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

CEH System H acking Steps
*‫־‬
S...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Passw ord C racking

CEH

(•It'f...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Passw ord C om plexity

CEH

©

...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Password Cracking T echniques

C...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Methods to improve the success o...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

S yllable A ttack
A s y lla b le...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Types of Password Attacks
Should...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

|1gn,‫׳‬nd A ctive O n lin e A t...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Passive O nline A ttack: W ire
S...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Victim

Module 05 Page 537

Ethi...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

P a ssiv e O n lin e A ttacks: M...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Original Connection

M

r

Victi...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Active O nline Attack: Passw ord...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Attacker
FIGURE 5.5: Active Onli...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

_

Active O nline Attack:
Troj a...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Active O nline Attack: Hash
Inje...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

O ffline A ttack: Rainbow A ttac...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

r a i n b o w a tta c k , t h e ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Tools to C reate Rainbow Tables:...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Rainbow Table properties
Mr! Len...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Distributed Network Attack

C EH...
Ethical Hacking and Countermeasures
System Hacking

Q

Exam 312-50 Certified Ethical Hacker

C o n tr o ls t h e c lie n t...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

_

Elcom soft D istributed Passw...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

- L fJ

Elcomsoft Distributed Pa...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Non-Electronic Attacks
Looking a...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

S im p ly , t h e e x a m i n a ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Social e n g in e e r in g is t ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Default Passwords
J A default pa...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

FIGURE 5.10: Default Password Sc...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

M an u al Passw ord C rack in g
...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

M an u a l P assw o rd C ra c k ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

_

A utom atic Passw ord C rack ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

T h e r e a re p a s s w o r d l...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Stealing P assw ords Using
USB D...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

2.

C o p y t h e d o w n l o a ...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Stealing P assw ords Using
K eyl...
Ethical Hacking and Countermeasures
System Hacking

Exam 312-50 Certified Ethical Hacker

Domain
Server
Attacker gains acc...
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Upcoming SlideShare
Loading in...5
×

Ce hv8 module 05 system hacking

1,187

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,187
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
372
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Ce hv8 module 05 system hacking "

  1. 1. System Hacking Module 05
  2. 2. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System H acking Module 05 Engineered by Hackers. Presented by Professionals. i. / CEH P n! Ethical Hacking and Countermeasures v8 Module: 05 System Hacking Exam 312-50 Module 05 Page 518 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.
  3. 3. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Security News CEH (•itifwtf m - itkMl lUclwt September 26th, 2012 IE E E H a ck C o n firm ed , 100k Plain T e x t P assw o rd s V ulnerable After details were revealed by Radu Dragusin over at IEEEIog.com a few days ago that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organisation has now confirmed it in a communication to members, advising them to change their details immediately. The IEEE is an organisation that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organisation like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it was sent out yesterday and reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." http://www.kitguru.net Copyright © by EC-Caind. All Rights Reserved. Reproduction is Strictly Prohibited. Security N ew s IE E E Hack Confirm ed, 100k Plain Text Passwords Vulnerable Source: http://www.kitguru.net After details were revealed by Radu Dragusin over at IEEEIog.com recently that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organization confirmed this in a communication to members, advising them to change their details immediately. The IEEE is an organization that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle, and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organization like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and Module 05 Page 519 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  4. 4. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." The company continued saying though, that it was technically possible that during the time this information was available, that someone could have used it to access a user's account and therefore, as a "precautionary measure," the IEEE recommended all users change their account information. Until that time, users were not be able to access their account at all. In what seems like quite a bold move, the organization went on to explain to users that one of the best ways to protect themselves is to use a strong, unique password for their login. Considering it was an IEEE security blunder that caused the hack, advising other people on password strength seems a bit hypocritical. That said, in Mr Dragusin's reveal of the hacked information, he produced a graph detailing some of the most commonly used passwords. Almost 300 people used "123456" and other variations of numbers in that same configuration, while hundreds of others used passwords like "admin," "student," and "ieee2012." Considering the involvement of IEEE members in pushing the boundaries of current technology, you'd assume we wouldn't need to turn to Eugene "The Plague" Belford to explain the importance of password security. Copyright © 2010-2013 KitGuru Lim ited Author: Jon Martindale http://www.kitguru.net/channel/ion-rnartindale/ieee-hack-confirmed-100k-plain-textpasswords-vulnerable/ Module 05 Page 520 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  5. 5. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M odule O bjectives ‫י‬ CEH UrtilM itkKJl Nm Im ‫י‬ r J System Hacking: Goals J Types of Keystroke Loggers and Spywares J CEH Hacking Methodology (CHM) J Anti-Keylogger and Anti-Spywares J Password Cracking J Detecting Rootkits J Stealing Passwords Using Keyloggers J Anti-Rootkits J Microsoft Authentication J NTFS Stream Manipulation J How to Disable LM HASH J Classification of Steganography J How to Defend against Password Cracking J Steganalysis Methods/Attacks on Steganography J Privilege Escalation J Covering Tracks J Executing Applications J Penetration Testing ^ Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. M odule O bjectives The preceding modules dealt with the progressive intrusion that an attacker makes towards his or her target system(s). You should bear in mind that this does not indicate a culmination of the attack. This module familiarizes you with: System Hacking: Goals Types of Keystroke Loggers and Spywares CEH Hacking Methodology (CHM) Anti-Keylogger and Anti-Spywares Password Cracking Detecting Rootkits Stealing Passwords Using Keyloggers Anti-Rootkits Microsoft Authentication NTFS Stream Manipulation Howto Disable LM HASH Classification of Steganography How to Defend against Password Cracking Steganalysis Methods/Attacks on Steganography Privilege Escalation Covering Tracks Executing Applications Penetration Testing Module 05 Page 521 Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
  6. 6. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Inform ation at Hand Before System H acking Stage C EH (•rtifwtf itkitjl What you have at this stage: Copyright © by EG-Cowid. All Rights Reserved Reproduction is Strictly Prohibited. Inform ation at Hand Before System H acking Stage Before beginning with system hacking, let's go over the phases you went through and the information you collected so far. Prior to this module, we discussed: Footprinting M odule Footprinting is the process of accumulating data regarding a specific network environment. Usually this technique is applied for the purpose of finding ways to intrude into the network environment. Since footprinting can be used to attack a system, it can also be used to protect it. In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. Determining the objective and location of an intrusion is the primary step involved in footprinting. Once the objective and location of an intrusion is known, by using nonintrusive methods, specific information about the organization can be gathered. For example, the web page of the organization itself may provide employee bios or a personnel directory, which the hacker can use it for the social engineering to reach the objective. Conducting a Whois query on the web provides the associated networks and domain names related to a specific organization. Module 05 Page 522 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  7. 7. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Scanning M odule Scanning is a procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. In the scanning phase, the attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. Scanning is mainly concerned with the identification of systems on a network and the identification of services running on each computer. Some of the scanning procedures such as port scans and ping sweeps return information about the services offered by the live hosts that are active on the Internet and their IP addresses. The inverse mapping scanning procedure returns the information about the IP addresses that do not map to the live hosts; this allows an attacker to make suppositions about feasible addresses. Enum eration M odule Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. This is significant because the attacker crosses over the target territory to unearth information about the network, and shares users, groups, applications, and banners. The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public, such as a DNS address; however, it is possible that the attacker stumbles upon a remote IPC share, such as IPC$ in Windows, that can be probed with a null session allowing shares and accounts to be enumerated Module 05 Page 523 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  8. 8. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System Hacking: Goals C EH («>«1fw4 itkMjl IlMhM r ‫־‬ N Hacking-Stage Goal Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges T create a privileged user account o if the user level is obtained Password cracking, known exploits |» | A np 15■ h ■ ‫1 יי ׳ #יו*»י‬ To create and maintain backdoor access Hiding Files ‫■יין‬ Trojans To hide malicious files Rootkits To hide the presence of compromise Clearing logs Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. System Hacking: Goals Every criminal commits a crime to achieve certain goal. Likewise, an attacker can also have certain goals behind performing attacks on a system. The following may be some of the goals of attackers in committing attacks on a system. The table shows the goal of an attacker at different hacking stages and the technique used to achieve that goal. Module 05 Page 524 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  9. 9. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r Hacking-Stage Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges To create a privileged user account if the user level is obtained Password cracking, known exploits Executing Applications To create and maintain backdoor access Trojans Hiding Files To hide malicious files Rootkits Covering Tracks s Goal To hide the presence of compromise Clearing logs A ao FIGURE 5.1: Goals for System Hacking Module 05 Page 525 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  10. 10. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH Hacking Me Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. CEH H acking M ethodology (CHM) N —(£__4) ^ ‫ ^׳־־־‬Before hacking a system, an attacker uses footprinting, scanning, and enumeration techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. Once the attacker gains all the necessary information, he or she starts hacking. Similar to the attacker, an ethical hacker also follows the same steps to test a system or network. In order to ensure the effectiveness of the test, the ethical hacker follows the hacking methodology. The following diagram depicts the hacking methodology followed by ethical hackers: Module 05 Page 526 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  11. 11. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.2: CEH Hacking Methodology (CHM) Module 05 Page 527 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  12. 12. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH System H acking Steps *‫־‬ System hacking cannot be accomplished at a single go. It is accomplished through various steps that include cracking passwords, escalating privileges, executing applications, hiding files, covering tracks, and finally penetration testing. Now it's time to discuss these steps one by one thoroughly, to determine how the attacker hacks the system. In an attempt to hack a system, the attacker first tries to crack passwords. This section describes the first step, i.e., password cracking, that will tell you how and what types of different tools and techniques an attacker uses to crack the password of the target system. 121 IE.- Cracking Passwords Hiding Files ^ Escalating Privileges Covering Tracks Executing Applications Penetration Testing Module 05 Page 528 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  13. 13. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C racking CEH (•It'fwd ttkujl M ck * a • Password cracking techniques are used to recover passwords from computer systems Attackers use password cracking techniques to gain unauthorized access to the vulnerable system Victim Attacker Most of the password cracking techniques are successful due to weak or easily guessable passwords Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking —“ Password cracking is the process of recovering passwords from the data that has been transmitted by a computer system or stored in it. The purpose of password cracking might be to help a user recover a forgotten or lost password, as a preventive measure by the system administrators to check for easily crackable passwords or it can also be used to gain unauthorized access to a system. Many hacking attempts start with password cracking attempts. Passwords are the key piece of information necessary to access a system. Consequently, most attackers use password cracking techniques to gain unauthorized access to the vulnerable system. Passwords may be cracked manually or with automated tools such as a dictionary or brute-force method. The computer programs that are designed for cracking passwords are the functions of the number of possible passwords per second that can be checked. Often users, while creating passwords, select passwords that are predisposed to being cracked such as using a pet's name or choosing one that's simple so they can remember it. Most of the passwords cracking techniques are successful due to weak or easily guessable passwords. Module 05 Page 529 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  14. 14. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C om plexity CEH © Passwords that contain only letters P O TH M YD E ......... V © Passwords that contain only letters and special ..............v characters bob@&ba ^ Passwords that contain only special characters .......... I and numbers 123@$45 * 0 A+D+u = Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password C om plexity Password complexity plays a key role in improving security against attacks. It is the important element that users should ensure while creating a password. The password should not be simple since simple passwords are prone to attacks. The passwords that you choose should always be complex, long, and difficult to remember. The password that you are setting for your account must meet the complexity requirements policy setting. Password characters should be a combination of alphanumeric characters. Alphanumeric characters consist of letters, numbers, punctuation marks, and mathematical and other conventional symbols. See the implementation that follows for the exact characters referred to: 0 Passwords that contain letters, special characters, and numbers: apl@52 0 Passwords that contain only numbers: 23698217 0 Passwords that contain only special characters: & *# @ !(%) 0 Passwords that contain letters and numbers: meetl23 0 Passwords that contain only letters: POTHMYDE 0 Passwords that contain only letters and special characters: bob@&ba 0 Passwords that contain only special characters and numbers: 123@$4 Module 05 Page 530 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  15. 15. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Password Cracking T echniques CEH UrtifW A dictionary file The program tries is loaded into the cracking every combination of application that characters until runs against user accounts the password is broken ■ Dictionary Attack It works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password itkH il lUckw It is the This attack is used combination of both brute force when the attacker gets some attack and the information about dictionary attack the password ■ ■ B ru te Forcing H y b rid Syllable R u le -ba sed A ttacks A tta ck A tta ck A tta ck 0 * j Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking T echniques Password cracking is the technique used for discovering passwords. It is the classic way to gain privileges to a computer system or network. The common approach for cracking a password is to continually try guesses for the password with various combinations until you get the correct one. There are five techniques for password cracking, as follows. D ictionary Attacks In a dictionary attack, a dictionary file is loaded into the cracking application that runs against user accounts. This dictionary is the text file that contains a number of dictionary words. The program uses every word present in the dictionary to find the password. Dictionary attacks are more useful than brute force attacks. But this attack does not work with a system that uses passphrases. This attack can be applied under two situations: Q In cryptanalysis, it is used to find out the decryption key for obtaining plaintext from ciphertext. © In computer security, to avoid authentication and access the computer by guessing passwords. Module 05 Page 531 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  16. 16. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Methods to improve the success of a dictionary attack: 0 Use the number of dictionaries such as Technical dictionaries and foreign dictionaries which helps to retrieve the correct password © Use the string manipulation on the dictionary, means if dictionary contain the word "system" then try string manipulation and use "metsys" and others Brute Forcing Attacks The cryptographic algorithms must be sufficiently hardened in order to prevent a brute-force attack. The definition as stated by RSA: "Exhaustive key-search, or brute-force search, is the basic technique for trying every possible key in turn until the correct key is identified." When someone tries to produce each and every single encryption key for data until the needed information is detected, this is termed a brute force attack. Until this date, this type of attack was performed by those who had sufficient processing power. The United States government once believed (in 1977) that a 56-bit Data Encryption Standard (DES) was sufficient to deter all brute-force attacks, a claim that several groups across the world had tested. Cryptanalysis is a brute force attack on an encryption of a brute force search of the keyspace. In other words, testing all possible keys is done in an attempt to recover the plaintext used to produce a particular ciphertext. The detection of key or plaintext with a faster pace as compared to the brute force attack can be considered a way of breaking the cipher. A cipher is secure if no method exists to break that cipher other than the brute force attack. Mostly, all ciphers are deficient of mathematical proof of security. If the keys are originally chosen randomly or searched randomly, the plaintext will, on average, become available after half of all the possible keys are tried. Some of the considerations for brute-force attacks are as follows: © It is a time-consuming process © All passwords will eventually be found © Attacks against NT hashes are much more difficult than LM hashes Q P Hybrid Attack ‫ ׳ ־יי‬This type of attack depends upon the dictionary attack. There are chances that people — might change their password by just adding some numbers to their old password. In this type of attack, the program adds some numbers and symbols to the words from the dictionary and tries to crack the password. For example, if the old password is "system," then there is a chance that the person will change it to "systeml" or "system2." Module 05 Page 532 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  17. 17. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S yllable A ttack A s y lla b le a t t a c k is t h e c o m b i n a t i o n o f b o t h a b r u t e f o r c e a t t a c k a n d t h e d ic t io n a r y a tta c k . This c r a c k in g t e c h n i q u e is used w h e n t h e p a s s w o r d is n o t an e x is t in g w o r d . A t t a c k e r s use t h e d i c t i o n a r y a n d o t h e r m e t h o d s t o c ra c k it. It also uses t h e p o s s ib le c o m b i n a t i o n o f e v e r y w o r d p r e s e n t in t h e d ic t io n a r y . R u le-b ase d A ttack T his t y p e o f a t t a c k is used w h e n t h e a t t a c k e r g e ts s o m e i n f o r m a t i o n a b o u t th e p a s s w o r d . T his is t h e m o s t p o w e r f u l a t t a c k b e c a u s e t h e c r a c k e r k n o w s t h e t y p e o f p a s s w o r d . For e x a m p le , if t h e a t t a c k e r k n o w s t h a t t h e p a s s w o r d c o n t a in s a t w o - o r t h r e e - d i g i t n u m b e r , t h e n h e o r she w i ll use s o m e s p e c ific t e c h n i q u e s a n d e x t r a c t t h e p a s s w o r d in less t i m e . By o b t a i n i n g u s e fu l i n f o r m a t i o n such as use o f n u m b e r s , t h e le n g t h o f p a s s w o r d , a n d sp ec ial c h a r a c te r s , t h e a t t a c k e r can e a sily a d ju s t t h e t i m e f o r r e t r i e v i n g t h e p a s s w o r d t o t h e m i n i m u m a n d e n h a n c e t h e c r a c k in g t o o l t o r e t r i e v e p a s s w o r d s . T h is t e c h n i q u e in v o lv e s b r u t e fo r c e , d ic t io n a r y , a n d s y l l a b le a tta c k s . Module 05 Page 533 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  18. 18. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Types of Password Attacks Shoulder Surfing » e Social Engineering e Dumpster Diving 1. Passive Online Attacks C EH » Wire Sniffing tJ Man-in-the-Middle e Attacker performs password hacking without communicating with the authorizing party Replay 2. Active Online Attacks 4. Non-Electronic Attacks Attacker need not posses Attacker tries a list of technical knowledge to crack passwords one by one against the victim to crack password password, hence known as non-technical attack 6 Distributed Network « Rainbow 4 A 3. Offline Attack a Hash Injection Attacker copies the target's password file and then tries to crack passwords in his own system at different location « Trojan/Spyware/Keyloggers « Password Guessing w Phishing Pre-Computed Hashes » $ Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. it ‫וך‬ T ypes of P assw o rd A ttacks P a s s w o rd c r a c k in g is o n e o f t h e c ru c ia l sta ge s o f h a c k i n g a s y s t e m . P a s s w o rd c r a c k in g u sed f o r le g a l p u r p o s e s r e c o v e r s t h e f o r g o t t e n p a s s w o r d o f a u se r; if it is u sed b y i l l e g i t i m a t e users, it can ca use t h e m t o g a in u n a u t h o r i z e d p r i v i le g e t o t h e n e t w o r k o r s y s te m . P a s s w o rd a tta c k s a re c la s s ifie d b ase d o n t h e a t t a c k e r 's a c tio n s t o c ra c k a p a s s w o r d . U s u a lly t h e r e a re o f f o u r ty p e s . T h e y are: A 111A P a ssiv e O n lin e A ttacks A passive a t t a c k is an a t t a c k o n a s y s te m t h a t d o e s n o t r e s u lt in a c h a n g e t o t h e s y s te m in a n y w a y . T h e a t t a c k is t o p u r e l y m o n i t o r o r r e c o r d d a ta . A p a s s iv e a t t a c k o n a c r y p t o s y s t e m is o n e in w h i c h t h e c r y p t a n a l y s t c a n n o t i n t e r a c t w i t h a n y o f t h e p a r tie s in v o lv e d , a t t e m p t i n g t o b r e a k t h e s y s te m s o le ly b a se d u p o n o b s e r v e d d a ta . T h e r e a re t h r e e ty p e s o f p assive o n l i n e a tta c k s . T h e y are: Q W i r e s n if fin g Q M a n -in -th e -m id d le Q R ep lay Module 05 Page 534 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  19. 19. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker |1gn,‫׳‬nd A ctive O n lin e A ttacks n1 A n a c tiv e o n l i n e a t t a c k is t h e e a s ie s t w a y t o g ain u n a u t h o r i z e d a d m i n i s t r a t o r - l e v e l access t o t h e s y s te m . T h e r e a re t h r e e ty p e s o f A c t iv e O n lin e A tta c k s . T h e y are: 0 P a s s w o rd g ue ssin g 0 T r o j a n / s p y w a r e / k e y lo g g e r 0 Hash in je c t io n 0 Ph ishin g O ffline A ttacks O f f l i n e a t t a c k s o c c u r w h e n t h e i n t r u d e r ch e c k s t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d in t h e t a r g e t e d s y s t e m . If t h e u s e r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b le , it b e c o m e s easy f o r t h e i n t r u d e r t o g a in access t o t h e s y s te m . In o r d e r t o p r o t e c t y o u r p a s s w o r d s list t h e y s h o u ld a lw a y s be k e p t in an u n r e a d a b l e f o r m , w h i c h m e a n s t h e y h a v e t o be e n c r y p t e d . O ff li n e a tta c k s a re o f t e n t i m e c o n s u m in g . T h e y a re su c ce ssfu l b e c a u s e t h e L M h a s h e s are v u ln e r a b l e due to a s m a lle r keyspace and sh o rte r le n g t h . D iffe re n t p assw ord c r a c k in g t e c h n i q u e s a re a v a ila b le o n t h e I n t e r n e t . T h e t e c h n i q u e s t o p r e v e n t o r p r o t e c t f r o m o f f l i n e a tta c k s are: 0 Use g o o d p a s s w o rd s 0 R e m o v e LM hashes 0 A t t a c k e r has t h e p a s s w o r d d a ta b a s e 0 Use c r y p t o g r a p h ic a lly s e c u re m e t h o d s w h i l e r e p r e s e n t in g t h e p a s s w o rd s T h e r e are t h r e e t y p e s o f o f f l i n e a tta c k s . T h e y are: 0 P r e - c o m p u t e d hashes 0 D is t r ib u t e d n e t w o r k 0 R a in b o w ------ ------------------------------------------------ k n o w n as n o n - t e c h n ic a l a tta c k s . This k in d o f a t t a c k d o e s n ' t r e q u ir e a n y te c h n ic a l k n o w le d g e a b o u t t h e m e t h o d s o f i n t r u d i n g i n t o a n o t h e r 's s y s te m . T h e r e f o r e , it is c a lle d a n o n - e l e c t r o n i c a tta c k . T h e r e a re t h r e e ty p e s o f n o n - e l e c t r o n i c a tta c k s . T h e y are: 0 S h o u ld e r s u rfin g 0 Social e n g in e e r in g 0 D u m p s t e r d iv in g Module 05 Page 535 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  20. 20. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passive O nline A ttack: W ire Sniffing CEH Q Attackers run packet sniffer tools on the local area network (LAN) to access and record the raw network traffic Com putationally Com plex Victim Attacker Victim The captured data may include sensitive information such as passwords (Telnet, FTP, rlogin sessions, etc.) and emails Sniffed credentials are used to gain unauthorized access to the target system Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. -7—-1 P a ssiv e O n lin e A ttack: W ire Sniffing 7 M m ---------- - 3 A p a c k e t s n i f f e r t o o l is s e ld o m used f o r an a tta c k . T his is b e c a u s e a s n if f e r can w o r k o n l y in a c o m m o n c o llis io n d o m a i n . C o m m o n c o ll i s i o n d o m a i n s a re n o t c o n n e c t e d b y a s w it c h o r b rid g e . All t h e h o s ts o n t h a t n e t w o r k a re a lso n o t s w i t c h e d o r b r id g e d in t h e n e t w o r k s e g m e n t. As s n if fe r s g a t h e r p a c k e ts a t t h e D a ta L in k L a ye r, t h e y can g ra b all p a c k e ts o n t h e LAN o f th e m a c h in e t h a t is r u n n i n g t h e s n i f f e r p r o g r a m . T his m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d is c o m p u t a t io n a lly c o m p lic a te d . T his is b e c a u s e a n e t w o r k w i t h a h u b i m p l e m e n t s a b r o a d c a s t m e d i u m t h a t all s y s te m s s h a re o n t h e LAN. A n y d a ta s e n t acro ss t h e LAN is a c tu a lly s e n t t o e a c h a n d e v e r y m a c h in e c o n n e c t e d t o t h e LAN. If an a t t a c k e r r u n s a s n if f e r o n o n e s y s te m o n t h e LAN, he o r she can g a t h e r d a ta s e n t t o a n d f r o m a n y o t h e r s y s te m o n t h e LAN. T h e m a j o r i t y o f s n i f f e r t o o l s a re id e a lly s u it e d t o s n if f d a ta in a h u b e n v i r o n m e n t . T h e se t o o l s a re c a lle d p assive s n if fe r s as t h e y p a s s iv e ly w a i t f o r d a ta t o be s e n t, b e f o r e c a p t u r i n g t h e i n f o r m a t i o n . T h e y a re e f f i c i e n t a t i m p e r c e p t i b l y g a t h e r i n g d a t a f r o m t h e LAN. T h e c a p t u r e d d a ta m a y in c lu d e p a s s w o r d s s e n t t o r e m o t e s y s te m s d u r in g T e l n e t , FTP, r lo g i n se s s io n s , a nd e le c t r o n i c m a il s e n t a n d r e c e iv e d . S n i f f e d c r e d e n t i a l s a re used t o g ain u n a u t h o r i z e d access t o t h e t a r g e t s y s te m . T h e r e a re a v a r i e t y o f t o o ls a v a ila b le o n t h e I n t e r n e t f o r p a s s iv e w i r e s n if f i n g . Module 05 Page 536 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  21. 21. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Victim Module 05 Page 537 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  22. 22. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker P a ssiv e O n lin e A ttacks: M an-in-theM id d le a n d R eplay A ttack Victim CEH Web Server Attacker Considerations In a MITM attack, the attacker acquires access to the communication channels between victim and server to extract the information Relatively hard to perpetrate In a replay attack, packets and authentication tokens are captured using a sniffer. After the relevant info is extracted, thetokens are placed back on the network to gain access Must be trusted by one or both sides Can sometimes be broken by invalidating traffic Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. ^ P a ssiv e O n lin e A ttack: M a n ‫־‬in ‫־‬th e ‫־‬M id d le an d R ep lay A ttack ‫י‬ W h e n t w o p a r tie s a re c o m m u n i c a t i n g , t h e m a n - i n - m i d d l e a t t a c k can ta k e p la ce. In t h is case, a t h i r d p a r t y i n t e r c e p t s t h e c o m m u n i c a t i o n b e t w e e n t h e t w o p a r tie s , a s s u rin g t h e t w o p a r tie s t h a t t h e y are c o m m u n i c a t i n g w i t h e a ch o t h e r . M e a n w h i l e , t h e t h i r d p a r t y a lt e r s t h e d a ta o r e a v e s d r o p s a n d passes t h e d a ta a lo n g . T o c a r r y o u t th is , t h e m a n in m id d l e has t o s n i f f f r o m b o t h sides o f t h e c o n n e c t i o n s i m u l t a n e o u s ly . T his t y p e o f a t t a c k is o f t e n f o u n d in t e l n e t and w ir e le s s t e c h n o l o g i e s . It is n o t easy t o i m p l e m e n t such a tta c k s d u e t o t h e TCP s e q u e n c e n u m b e r s a n d s p e e d . This m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d can be b r o k e n s o m e t i m e s by in v a lid a tin g th e tra ffic . In a r e p la y a tta c k , p a c k e ts a re c a p t u r e d u sin g a s n if fe r . A f t e r t h e r e l e v a n t i n f o r m a t i o n is e x t r a c t e d , t h e p a c k e ts a re p la c e d b a ck o n t h e n e t w o r k . This t y p e o f a t t a c k can be u sed t o r e p la y b a n k t r a n s a c t i o n s o r o t h e r s i m i l a r ty p e s o f d a ta t r a n s f e r in t h e h o p e o f r e p l i c a t i n g o r c h a n g i n g a c tiv it ie s , such as d e p o s its o r tr a n s fe r s . Module 05 Page 538 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  23. 23. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Original Connection M r Victim ................... » .................... O ................ » .■........................... > Sniff MITM / Replay W eb Server Traffic FIGURE 5.4: Passive Online Attack by Using Man-in-the-Middle and Replay Attack Module 05 Page 539 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  24. 24. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Passw ord G uessing Network I The attacker takes a set of dictionary words and names, and tries all the possible combinations to crack the password C EH Network Server Network --------- /c n = < !_! Considerations Network - Time consuming 1 1 Requires huge amounts of network bandwidth J Easily detected Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: P assw o rd G u e ssin g E v e r y o n e k n o w s y o u r u s e r n a m e , b u t y o u r p a s s w o r d is a w e l l - k e p t s e c re t in o r d e r t o k e e p o t h e r s a w a y f r o m a c c e s s in g y o u r tr a n s a c t io n s . W i t h t h e aid o f d i c t i o n a r y a t t a c k m e t h o d o l o g i e s , an i n t r u d e r tr ie s m a n y m e a n s t o g u e s s y o u r p a s s w o r d . In th is m e t h o d o l o g y , an a t t a c k e r ta k e s a s e t o f d i c t i o n a r y w o r d s a n d n a m e s , a n d m a k e s all t h e p o s s ib le c o m b i n a t i o n s t o g e t y o u r p a s s w o r d . T h e a t t a c k e r p e r f o r m s t h is m e t h o d w i t h p r o g r a m s t h a t guess h u n d r e d s o r th o u s a n d s o f w o r d s p e r s e c o n d . T his m a k e s it e a s y f o r t h e m t o t r y m a n y v a r i a t i o n s : b a c k w a r d s w o r d s , d i f f e r e n t c a p i t a l i z a t i o n , a d d in g a d ig i t t o t h e e n d , e tc. T o f a c i li t a t e t h is f u r t h e r , t h e a t t a c k e r c o m m u n i t y has b u i l t large d i c t i o n a r i e s t h a t in c lu d e w o r d s f r o m f o r e i g n la n g u a g e s, o r n a m e s o f th in g s , places, a n d t o w n s m o d e l e d t o c ra c k p a s s w o r d s . A t t a c k e r s can also scan y o u r p r o f i le s t o lo o k f o r w o r d s t h a t m i g h t b r e a k y o u r p a s s w o r d . A g o o d p a s s w o r d is easy t o r e m e m b e r , b u t h a rd t o guess, so y o u n e e d t o p r o t e c t y o u r p a s s w o r d by m a k in g it a p p e a r r a n d o m by i n s e r t in g such t h in g s as d ig its a n d p u n c t u a t i o n . T h e m o r e i n t r i c a t e y o u r p a s s w o r d , t h e m o r e d i f f i c u l t it b e c o m e s f o r t h e i n t r u d e r t o b r e a k . Module 05 Page 540 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  25. 25. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Attacker FIGURE 5.5: Active Online Attack by Using Password Guessing Method S o m e o f t h e c o n s i d e r a t i o n s f o r p a s s w o r d g u e s s in g a re as f o l lo w s : 0 T akes a lo n g t i m e t o be g ue ss ed 0 R e q u ire s h u g e a m o u n t s o f n e t w o r k b a n d w i d t h 0 It can be e a sily d e t e c t e d Module 05 Page 541 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  26. 26. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Active O nline Attack: Troj an/Spy w are/K ey logger CEH Spyware is a type o f m alware th a t allows attackers to secretly gather inform ation about a person or organization W ith the help o f a Trojan, an attacker gets access to the stored passwords in the attacked com puter and is able to read personal documents, delete files, and display pictures A Keylogger is a program th a t runs in the background and allows rem ote attackers to record every keystroke vv/ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A ctive O n lin e A ttack: Troj an /S p y w a re /K e y lo g g e r A T r o ja n is a d e s t r u c t i v e p r o g r a m s t h a t s u b t e r f u g e as a b e n ig n a p p li c a t i o n . P r io r t o t h e in s t a l l a t i o n a n d / o r e x e c u t i o n , t h e s o f t w a r e i n i t i a ll y a p p e a rs t o p e r f o r m a d e s ir a b le f u n c t i o n , b u t in p r a c tic e it ste als i n f o r m a t i o n o r h a r m s t h e s y s te m . W i t h a T r o ja n , a t ta c k e r s m a y h a ve r e m o t e access t o t h e t a r g e t c o m p u t e r . A t t a c k e r s can h a ve access t o t h e c o m p u t e r r e m o t e l y a n d p e r f o r m v a r io u s o p e r a t i o n s t h a t a re l i m i t e d b y u s e r p r i v i le g e s o n t h e t a r g e t c o m p u t e r , by in s t a llin g t h e T r o ja n . S p y w a r e is a t y p e o f m a l w a r e t h a t can be in s t a lle d o n a c o m p u t e r t o g a t h e r i n f o r m a t i o n a b o u t t h e users o f t h e c o m p u t e r w i t h o u t t h e i r k n o w l e d g e . T his a llo w s a tt a c k e r s t o g a t h e r i n f o r m a t i o n a b o u t t h e u se r o r t h e o r g a n i z a t i o n s e c re tly . T h e p r e s e n c e o f s p y w a r e is t y p i c a l l y h id d e n f r o m t h e user, a n d can be d i f f i c u l t t o d e te c t. A k e y lo g g e r is a p r o g r a m t h a t re c o rd s all t h e k e y s t r o k e s t h a t a re t y p e d o n t h e c o m p u t e r k e y b o a r d w i t h o u t t h e k n o w l e d g e o f t h e user. O n c e k e y s tr o k e s a re lo g g e d , t h e y a re s h ip p e d t o t h e a t t a c k e r , o r h id d e n in t h e m a c h in e f o r l a t e r r e t r ie v a l. T h e a t t a c k e r t h e n s c r u t i n iz e s t h e m c a r e f u l l y f o r t h e p u r p o s e o f f i n d i n g p a s s w o r d s o r o t h e r u s e fu l i n f o r m a t i o n t h a t c o u ld be u sed t o c o m p r o m i s e t h e s y s te m . For e x a m p le , a k e y lo g g e r is c a p a b le o f r e v e a l i n g t h e c o n t e n t s o f all e m a ils c o m p o s e d b y t h e u s e r o f t h e c o m p u t e r s y s te m o n w h i c h t h e k e y lo g g e r has b e e n in s ta lle d . Module 05 Page 542 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  27. 27. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Hash Injection Attack A • CEH A hash injection attack allows an attacker to inject a compromised hash into a local session and use the hash to validate to network resources •• The attacker finds and extracts a logged on domain admin •• account hash ^ The attacker uses the extracted hash to log on to the domain controller Inject a compromised hash into a local session — v 1. ‫־ ״‬ 1 Attacker I k k Victim Computer Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: H ash In je c tio n A ttack A hash in j e c t i o n a t t a c k is t h e c o n c e p t o f i n j e c t i n g a c o m p r o m i s e d h a sh i n t o a local session a n d t h e n u sin g t h e hash t o a u t h e n t i c a t e t o t h e n e t w o r k re s o u rc e s . T his a t t a c k is d o n e s u c c e s s fu lly in f o u r s te p s . T h e y a re : © T h e h a c k e r c o m p r o m i s e s o n e w o r k s t a t i o n / s e r v e r u sin g a l o c a l / r e m o t e e x p l o i t © T h e h a c k e r e x tr a c ts lo g g e d - o n h ash e s a n d f in d s a lo g g e d - o n d o m a i n a d m in a c c o u n t hash © T h e h a c k e rs use t h e hash t o log o n t h e d o m a i n c o n t r o l l e r © T h e h a c k e r e x tr a c ts all t h e h ash es in t h e A c t i v e D i r e c t o r y d a t a b a s e a n d can n o w s a tiriz e a n y a c c o u n t in t h e d o m a i n Inject a com prom ised hash into a local session Attacker if Victim Computer FIGURE 5.6: Active Online Attack by Using Hash Injection Attack Module 05 Page 543 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  28. 28. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker O ffline A ttack: Rainbow A ttacks I CEH Convert huge word lists It is easy to recover list of possible passwords and compare it with the precomputed hash table. passwords by comparing captured password hashes to the techniques such as Compute the hash for a like dictionary files and brute force lists into password hashes using If a match is found then the password is cracked precomputed tables rainbow tables Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. O ffline A ttack: R ainbow A ttacks D-fra O f f lin e a tta c k s o c c u r w h e n t h e i n t r u d e r ch e cks t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d . If t h e u se r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b l e , it b e c o m e s easy f o r h im o r h e r t o g ain access t o t h e s y s te m . H e n ce , t h e p a s s w o r d s list m u s t be p r o t e c t e d a n d k e p t in an u n r e a d a b l e f o r m , such as an e n c r y p t e d f o r m . O ff li n e a tta c k s a re t i m e c o n s u m in g . T h e y a re su cce ssfu l b e c a u s e t h e L M h a s h e s a re v u ln e r a b l e d u e t o s m a lle r k e y s p a c e a nd s h o r t e r le n g t h . D iffe re n t p a ssw ord c r a c k in g t e c h n i q u e s are a v a ila b le o n t h e I n t e r n e t . T h e r e a re t w o t y p e s o f o f f l i n e a tta c k s t h a t an a t t a c k e r can p e r f o r m t o d is c o v e r t h e p a s s w o r d , e R a in b o w A t ta c k s 0 D i s t r i b u t e d n e t w o r k A t ta c k s ___ R ainbow A ttacks A r a i n b o w a t t a c k is t h e i m p l e m e n t a t i o n o f t h e c r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f t e c h n i q u e . C r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f is t h e m e t h o d t h a t r e q u ir e s less t i m e f o r c ry p ta n a ly s is . It uses a lr e a d y c a lc u la te d i n f o r m a t i o n s t o r e d in t h e m e m o r y t o c ra c k t h e c r y p t o g r a p h y . In t h e Module 05 Page 544 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  29. 29. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r a i n b o w a tta c k , t h e s a m e t e c h n i q u e is u se d ; t h e p a s s w o r d hash t a b l e is c r e a te d in a d v a n c e a nd s t o r e d i n t o t h e m e m o r y . Such a t a b l e is ca lle d a " r a i n b o w t a b l e . " R ainbow T ab le *Z A r a i n b o w t a b l e is a lo o k u p t a b l e s p e c ia lly u sed in r e c o v e r i n g t h e p l a i n t e x t p a s s w o r d f r o m a c i p h e r t e x t . The a t t a c k e r uses t h i s t a b l e t o lo o k f o r t h e p a s s w o r d a n d tr ie s t o r e c o v e r th e p a s s w o r d f r o m p a s s w o r d hashes. C o m p u ted H ash es — th e A n a t t a c k e r c o m p u t e s t h e hash f o r a list o f p o s s ib le p a s s w o r d s a n d c o m p a r e s it w i t h p re -c o m p u te d hash t a b l e ( r a i n b o w ta b le ) . If a m a t c h is f o u n d , t h e n t h e p a s s w o r d is cracked. C o m p are th e H ash es It is easy t o r e c o v e r p a s s w o r d s b y c o m p a r i n g c a p t u r e d p a s s w o r d h as h e s t o t h e p r e c o m p u t e d t a b le s . P re-C o m p u ted H ash es O n ly e n c r y p t e d p a s s w o r d s s h o u ld be s t o r e d in a f ile c o n t a i n i n g u s e r n a m e / e n c r y p t e d p a s s w o r d p a irs . T h e t y p e d p a s s w o r d is e n c r y p t e d u s in g t h e hash f u n c t i o n o f c r y p t o g r a p h y d u r in g t h e lo g o n p ro c e s s , a n d it is t h e n c o m p a r e d w i t h t h e p a s s w o r d t h a t is s t o r e d in t h e file . E n c r y p te d p a s s w o r d s t h a t a re s t o r e d can p r o v e useless a g a in s t d i c t i o n a r y a t t a c k s . If t h e file t h a t c o n t a in s t h e e n c r y p t e d p a s s w o r d is in a r e a d a b le f o r m a t , t h e a t t a c k e r can e asily d e t e c t t h e hash f u n c t i o n . He o r she can t h e n d e c r y p t e ach w o r d in t h e d i c t i o n a r y u sin g t h e hash f u n c t i o n , a n d t h e n c o m p a r e w i t h t h e e n c r y p t e d p a s s w o r d . T h u s t h e a t t a c k e r o b t a i n s all p a s s w o r d s t h a t a re w o r d s lis te d in t h e d ic t io n a r y . S to ra g e o f h ash e s r e q u ir e s la rg e m e m o r y sp ace such as LM " h a s h e s " r e q u i r e 3 1 0 T e r a b y te s a nd NT H ashes < 15 ch a rs r e q u ir e s 5 , 6 5 2 , 8 9 7 , 0 0 9 E x a b y te s . Use a t i m e - s p a c e t r a d e o f f t e c h n i q u e t o r e d u c e m e m o r y sp ace r e q u i r e d t o s to r e hashes. Iqazwed -> 4259cc34599c530b28a6a8f225d668590 hh021da -> c744bl716cbf8d4dd0ff4ce31al77151 9da8dasf -> 3cd696a8571a843cda453a229d741843 sodifo8sf -> 7ad7d6fa6bb4fd28ab98b3dd33261e8f Module 05 Page 545 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  30. 30. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Tools to C reate Rainbow Tables: W inrtgen and rtg en The rtgen program need several parameters to generate a rainbow table, the syntax of the command line is: Winrtgen is a graphical Rainbow Tables Generator that supports LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHAl, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384), and SHA-2 (512) hashes Syntax: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table index chain len chain num part index Administrator Command Prompt - rtgen ntJm loweralpha 1 7 0 1000 4000000 0 1 ~ i ° C :lls ers N ftd nin istpa tn rN D ou n lofldxNt'a inliawc t*sck‫ ־‬l . 5 ‫ ־‬u in 6 4 > rtg e n n t l n CEH Rainbow Table properties x laM cpulp ChainL ■ 1 C 24 O 1 »«lnbow ta b le n t 1™_lo1w1*dlu)M«l-y_0_l«UUx4UUlKWO_tt.rt param eters iMch a lg o r ith m : n t ln Itash le n g th : 16 :h a r o e t: ahcdof gh i.ih lm n o p a rc tu v u x v c ‫־‬hnr.net in he x : . 61 62 63 64 65 G G7 68 69 6 a 6h 6c 6d 6e 6 f 78 71 G 74 7S 76 77 78 77 7a cha rset le n g th : 26 |‫־‬h ka [#>6CO£FQHIJW.MNOPQRSrUWvW2 Key *oocf 8353C82502 keys DW. « « :• 610 :5 M 3 Succfzi tr l«I.Uy 0 978333 |978(K| loq uo nt 141 3 t a r t in tf p o in t b o gin from 0 <0x0090000000000000 < > k!»!»3fc o f 1MHHHHH ra in h o u r.h n in .1 ge ne rate d <H n 7 .6 a I 111vr: ‫ ״‬I •1M W M r » ‫ ו‬nhou f l w i n i M WU <U n V . 6 »< : 7M.HH o f 4W M M rn in h n u c ho i n i y r ‫ ««•. > ״‬r .l <8 it 7 .7 s MMW r tfc2144 o f 48W8888 m iu lw u ch« in« :!•■ ••ra te d < n 7 .6 •< 11 ( o f 4080090 rainb ow c ha lnu ge ne rate d <0 1• 7 .6 v 27680 < 41 . Oplitnil 0 4 ‫־‬ >t«p .p««d ‫ ז‬arte p‫׳‬rt‫(־‬n r1r*1pn hmr T0Ui (■•ccirpuUlun in•; M» rim «- B re w rk e *a h ttp ://w w w .o xid .it http://project-rainbowcrack.com Copyright© by E&GaUKfl. All Rights Reserved. Reproduction is Strictly Prohibited. Tools to C re a te R ainbow T ab les: W in rtg en a n d rtg e n A t t a c k e r s can c r e a te r a i n b o w t a b l e s b y u sin g f o l l o w i n g to o ls . W in rtg en v— ‫׳׳‬ S o u rc e : h t t p : / / w w w . o x i d . i t W i n r t g e n is a g ra p h ic a l R a in b o w T a b le s G e n e r a t o r t h a t h e lp s a tt a c k e r s t o c r e a t e r a i n b o w ta b le s f r o m w h i c h t h e y can c ra c k t h e h a s h e d p a s s w o r d . It s u p p o r t s L M , F a stL M , N T L M , LMCHALL, H alfL M C H A L L , N TLM C H A LL, MSCACHE, MD2, MD4, MD5, SHA1, R IP E M D 1 6 0 , M ySQL323, M y S Q L S H A l, CiscoPIX, ORACLE, SHA-2 (2 5 6 ), SHA-2 (38 4), a n d SHA-2 (5 1 2 ) hashes. Module 05 Page 546 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  31. 31. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Rainbow Table properties Mr! Len Max Len le n Index index Char* Len in Chain Count N* of tables ‫פ‬ Charset |a h lp a Edit [ABCDEFGHUKLMNOPQRSTUVWXYZ Table properties Key space: 8353082582 keys Disk space: 810.35 MB Success probab*ty: 0.978038 (97.80*) Benchmark Optional parameter Hash speed !Administrator Step speed Table precomputation time Total precomputation time: Max cryptanalysis time: jj Benchmark Cancel | FIGURE 5.7: Winrtgen Generate Rainbow Table in Window S o u rc e : h t t p : / / p r o 1 c t - r a in b o w c r a c k . c o m e R a in b o w C r a c k is a g e n e r a l p r o p o s e i m p l e m e n t a t i o n t h a t ta k e s a d v a n ta g e o f t h e t i m e - m e m o r y t r a d e - o f f t e c h n i q u e t o c ra c k hashes. T his p r o je c t a llo w s y o u t o c ra c k a h a s h e d p a s s w o r d . T he r tg e n t o o l o f t h is p r o j e c t is u sed t o g e n e r a t e t h e r a i n b o w ta b le s . T h e r tg e n p r o g r a m n e e d s s e v e ra l p a r a m e t e r s t o g e n e r a t e a r a i n b o w t a b l e ; y o u can use f o l l o w i n g s y n t a x o f t h e c o m m a n d lin e t o g e n e r a t e r a i n b o w ta b le s : Syntax: r tg e n h a s h _ a lg o r i t h m c h a r s e t p la i n t e x t _ l e n _ m i n p l a i n t e x t _ l e n _ m a x t a b l e j n d e x c h a i n j e n c h a in _ n u m p a r t j n d e x Administrator: Command Prompt - rtgen ntlm loweralpha 1 7 0 1000 4000000 0 _ □ X nistratorDownloadsrainbowcrack‫־‬l.5‫־‬win64>rtgen ntln loweralpha 1 MUM 0 ntlm_loweralphattl1000_0_7‫־‬x4000000_0.rt parameters n: ntln 16 abcdefghijklnnopqrstuvwxyz x: 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 78 79 7a h: 26 gth range: 1 - 7 : 0x00000000 al: 8353082582 arting point begin fron 0 <0x0000000000000000) 000 rainbow chains generated <0 n 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 7.6 s> n 7.6 s) n 7.7 s) n 7.6 s) n 7.6 s) n 7.6 s) FIGURE 5.8: rtgen Generate Rainbow Table in Window Module 05 Page 547 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  32. 32. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Distributed Network Attack C EH A Distributed N etw ork Attack (DNA) technique is used for recovering passwordprotected files using the unused processing pow er of m achines across th e ne tw o rk to decrypt passwords In this attack, a DN A m anager is installed in a central location w here machines running DN A clients can access it o v e rth e network / f ‫ץ‬ ^ f The D N A M a n a g e r DNA Manager is in s ta lle d in a coordinates th e attack and allocates small th e b a c k g ro u n d , c e n tra l lo c a tio n p o rtions o f th e key search to machines th a t are d is trib u te d over th e n e tw o rk w h e r e m a c h in e s ru n n in g o n D N A C lie n t can access it L . r D N A C lie n t ru ns in o v e r th e n e tw o rk c o n s u m in g o n ly ► un u se d p ro ce sso r ► tim e i ^ The program com bines th e processing capabilities o f all the clients connected to n e tw o rk and uses it to pe rfo rm key search to de crypt th e m j Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. D istrib u te d N etw ork A ttacks A D i s t r i b u t e d N e t w o r k A t t a c k (D N A ) is t h e t e c h n i q u e used f o r r e c o v e r i n g p a s s w o r d p r o t e c t e d file s . It u tiliz e s t h e u n u s e d p ro c e s s in g p o w e r o f m a c h in e s acro ss t h e n e t w o r k t o d e c r y p t p a s s w o r d s . In t h is a tta c k , a D N A m a n a g e r is in s t a lle d in a c e n t r a l l o c a tio n w h e r e m a c h in e s r u n n i n g D N A c lie n ts can access it o v e r t h e n e t w o r k . T h e D N A m a n a g e r c o o r d i n a t e s t h e a tta c k , a ssig n in g s m a ll p o r t i o n s o f t h e k e y s e a rc h t o m a c h in e s d i s t r i b u t e d t h r o u g h o u t t h e n e t w o r k . T h e D N A c l i e n t r u n s in t h e b a c k g r o u n d , o n l y t a k i n g u n u s e d p ro c e s s o r t i m e . T h e p r o g r a m c o m b in e s t h e p ro c e s s in g c a p a b ilit ie s o f all t h e c lie n ts c o n n e c t e d t o n e t w o r k a n d uses t h e m t o p e r f o r m a k e y s e a rch o n O ffic e 9 7 a n d 2 0 0 0 t o d e c r y p t t h e m . F ea tu res o f th e D N A : © Reads s ta tis tic s a nd g ra p h s e a sily © A d d s u s e r d ic t io n a r ie s t o c ra c k t h e p a s s w o r d © O p tim iz e s p a s s w o r d a tta c k s f o r s p e c ific la n g u a g e s © M o d i f i e s t h e u s e r d ic t io n a r ie s © C o m p r is e s o f s t e a lt h c l i e n t in s t a l l a t i o n f u n c t i o n a l i t y © A u t o m a t i c a l l y u p d a t e s c l i e n t w h i l e u p d a t i n g t h e D N A s e rv e r Module 05 Page 548 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  33. 33. Ethical Hacking and Countermeasures System Hacking Q Exam 312-50 Certified Ethical Hacker C o n tr o ls t h e c lie n ts a n d id e n t if ie s w o r k d o n e b y c lie n ts D N A is d iv id e d i n t o t w o m o d u le s : DNA S erver In te rfa c e T h e D N A s e r v e r i n t e r f a c e a llo w s users t o m a n a g e D N A f r o m a s e rv e r. T h e D N A s e rv e r m o d u l e p r o v id e s t h e u s e r w i t h t h e s ta tu s o f all j o b s t h a t t h e D N A s e r v e r is e x e c u tin g . T his in t e r f a c e is d iv i d e d in t o : Q C u rre n t jo bs: T h e c u r r e n t j o b q u e u e has all t h e j o b s t h a t h a ve b e e n a d d e d t o t h e list by t h e c o n t r o l l e r . T h e c u r r e n t j o b list has m a n y c o lu m n s , such as t h e i d e n t i f i c a t i o n n u m b e r t h a t has b e e n a ssig n e d b y t h e D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d file , t h e p a s s w o r d t h a t has b e e n used b y t h e user, t h e p a s s w o r d t h a t m a tc h e s a ke y w h i c h can u n lo c k d a ta , t h e s ta tu s o f t h e j o b , a n d v a r io u s o t h e r c o lu m n s . © Finished jo b s: T h e f in is h e d j o b list p r o v id e s i n f o r m a t i o n a b o u t t h e j o b s t h a t can be d e c r y p t e d b y in c lu d in g t h e p a s s w o r d . T h e f in is h e d j o b s list also has m a n y c o lu m n s t h a t a re s im ila r t o t h e c u r r e n t j o b list. T he se c o lu m n s in c lu d e t h e i d e n t i f i c a t i o n n u m b e r a ssig n e d by D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d f i l e , t h e d e c r y p t e d p a t h o f t h e file , t h e ke y used t o e n c r y p t a n d d e c r y p t t h e file , t h e d a t e a n d t i m e t h a t t h e D N A s e rv e r s t a r t e d w o r k i n g o n t h e j o b , t h e d a te a n d t i m e t h e D N A s e r v e r f in is h e d w o r k i n g o n t h e j o b , t h e e la p s e d t i m e , e tc. DNA C lie n t In te rfa c e T h e D N A c l i e n t i n t e r f a c e can be used f r o m m a n y w o r k s t a t i o n s . T h e c l i e n t s ta t is t ic s can b e e a sily c o o r d i n a t e d by u sin g t h e D N A c l i e n t in t e r fa c e . T his in t e r f a c e is a v a ila b le o n m a c h in e s w h e r e t h e D N A c l i e n t a p p li c a t i o n has b e e n in s ta lle d . T h e r e a re m a n y c o m p o n e n t s such as t h e n a m e o f t h e D N A c lie n t, t h e n a m e o f t h e g r o u p t o w h i c h t h e D N A c l i e n t b e lo n g s , t h e sta tis tic s a b o u t th e c u r r e n t jo b , and m a n y o th e r c o m p o n e n ts . N etw ork M a n a g e m e n t The N e t w o r k T r a ffic a p p li c a t i o n in W i n d o w s is u sed f o r t h e purpose o f n e tw o rk m a n a g e m e n t . T he N e t w o r k T r a ffic d ia lo g b o x is u sed t o f i n d o u t t h e n e t w o r k s p e e d t h a t D N A uses a n d e a ch w o r k u n i t le n g t h o f t h e D N A c l i e n t . U sing t h e w o r k u n i t le n g t h , a D N A c l i e n t can w o r k w i t h o u t c o n t a c t i n g t h e D N A s e rv e r. T h e D N A c l i e n t a p p li c a t i o n has t h e a b i l it y t o c o n t a c t t h e D N A s e r v e r a t t h e b e g in n in g a nd e n d in g o f t h e w o r k u n i t le n g t h . T h e u s e r can m o n i t o r t h e j o b s ta tu s q u e u e a nd t h e DNA. W h e n t h e d a ta is c o lle c te d f r o m t h e N e t w o r k T r a ffic d ia lo g box, m o d i f i c a t i o n t o t h e c l i e n t w o r k u n i t can be m a d e . W h e n t h e size o f t h e w o r k u n i t le n g t h in c re a se s, t h e s p e e d o f t h e n e t w o r k t r a f f i c d e cre a s e s . If t h e t r a f f i c has been decreased, th e c lie n t w o r k on th e jo b s w o u ld re q u ire a lo n g e r a m o u n t o f tim e . T h e re fo re , f e w e r r e q u e s ts t o t h e s e r v e r can be m a d e d u e t o t h e r e d u c t i o n in t h e b a n d w i d t h o f n e t w o r k tra ffic . Module 05 Page 549 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  34. 34. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Elcom soft D istributed Passw ord Recovery CEH Features: « Distributed password recovery over LAN, Internet, or both « Plug-in architecture allows for additional file formats » Schedule support for flexible load balancing » Install and remove password recovery clients remotely » Encrypted network communications [-!a ■ ■ IkomioA Dttnbut*! P mmokI te ovm >< v * - ‫•׳‬ ►tm 1■ a f 1 ‫ א‬MM<j + < f £ LU Elcomsoft Distributed Password Recovery breaks complex passwords, recovers strong encryption keys, and unlocks documents in a production environment _ n = n _ h ttp ://w w w . elcomsoft. com • ‫י׳יי ״י‬ ‫״־־״״־‬ • ‫"׳ ־‬ Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. E lcom soft D istrib u te d P assw o rd R eco v ery S o u rc e : h t t p : / / w w w . e l c o m s o f t . c o m E lc o m s o ft D i s t r i b u t e d stro n g e n c ry p tio n P a s s w o rd R e c o v e r y a llo w s y o u t o b re a k c o m p le x p a s s w o r d s , r e c o v e r keys, a nd u n lo c k d o c u m e n t s in a p r o d u c t i o n e n v i r o n m e n t . It a llo w s t h e e x e c u t i o n o f m a t h e m a t i c a l l y i n t e n s i v e p a s s w o r d r e c o v e r y c o d e o n t h e e n o r m o u s l y p a ra lle l c o m p u t a t i o n a l e le m e n t s f o u n d in m o d e r n g r a p h i c a c c e le r a t o r s . T his e m p lo y s an i n n o v a t i v e t e c h n o l o g y t o a c c e le r a te p a s s w o r d r e c o v e r y w h e n a c o m p a t i b l e ATI o r N V ID IA g r a p h ic s c a rd is p r e s e n t in a d d i t i o n w i t h t h e C P U -o n ly m o d e . W h e n c o m p a r e d w i t h t h e p a s s w o r d r e c o v e r y m e t h o d s t h a t o n l y use t h e c o m p u t e r ' s m a in CPU, t h e GPU a c c e le r a tio n u sed b y t h is t e c h n o l o g y m a k e s p a s s w o r d r e c o v e r y fa s te r . T his s u p p o r t s p a s s w o r d r e c o v e r y o f a v a r i e t y o f a p p li c a t i o n s a n d file f o r m a t s . F ea tu res & B en e fits Q R ed uc e s p a s s w o r d r e c o v e r y t i m e Q D i s t r i b u t e d p a s s w o r d r e c o v e r y o v e r LAN, I n t e r n e t , o r b o t h Q S o lace m a n a g e m e n t f o r f l e x i b l e c o n t r o l f r o m a n y n e t w o r k e d PC © P lu g-in a r c h i t e c t u r e a llo w s f o r a d d it io n a l f ile f o r m a t s Q F le xib le q u e u e c o n t r o l a llo w s easy j o b m a n a g e m e n t Q In sta ll a n d r e m o v e p a s s w o r d r e c o v e r y c lie n ts r e m o t e l y Module 05 Page 550 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  35. 35. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker - L fJ Elcomsoft Distributed Password Rccovcry & £ie fcdrt Apply y!«w ^ £ Agent Server Sr Add Files | Start II 1 h ‫צ‬ V ^ ^ process 0.983 % 1.087 % 0.526% S % .297 0.782 % 0.005% 0.549% filenam e S Testl.&x C Test2.>Jsx S M Test3.rfsx TcsM.xbx & TestS. >lcx 5 Reva.xisx 6 CSoft.&x Files * tjelp X Delete | ^ rena*mg tme (!) Enable (5 Doable dapsed tme 1rwi. lrwv Inn. current speed ~2h. lfimn. 121w. ? Inin. average speed 4S 6 423 219 470 42 ? 263 status recovered recovered recovered recovered notavpted recovered Connection Alerts m Cache And Log , total: 7, not started : 1 paused : 1, wartng : 0, ‫־‬ecovered : S not recovered: 0, net crypted : 1 , Attack object | Result [ C m om ent Character Groups y M utatton ® dictionary v| [Er^lish Prefix /Suffix s M a * 5>m60J: 1 1 l‫ ׳‬l □ abcdei^ttnrwpqrstuv.vxyz □ ABCDffG HJKLM PQ NO RSTLVW XYZ @ 1234567392 □ . • # U + - % ‫־‬a- « 0 0 / 1 <>0 ; : 4.? !‫׳‬ 0 Bask nSoac* ) Length no acttve tasks • onlne tocalmt .!‫|ם‬ Elcomsoft Distributed Password Recovery & Elk Ei dt ‫©י‬ yiew ^ ^ Lq Fls ie * Agents Agent Sre evr x Help , Add F l s ‫ ^ ן‬S a t v' ie tr II ■ | S flnm ieae Q| T s i j s et.dx £g T s 2 x s et.l* GS T * 3 ) s et.dx A Te M i s s.dx GiT s S.xin f et Q Rv.ix eaxs f O B pors rges 0.983% 1.067% 0.S26% 5.297% 0.782% 0.000 % X Odde | 4• 6 Enable ( > Obi * renvanng &ne • «2‫״‬h 1 mn. . 3 • ? dapsed tme l«n. 1-n. I*. 7«n. 1 2m. a/rent speed averagespeed 456 423 219 470 42 ? sau tts rcvrd eoee re o e e cvrd rcvrd eoee paused rcvrd eoee notavpted s Connection AJens m Cache And log t t l 7 n t *Ur t d: 1 C»u9cd :1, r»t1ng:0, r c v r d :5 no«re o e e :0 notcrrp«cd:l oa: , o e , eoee . cvrd , stuck | ojc bet | ReaJt ] Comment mm A n a f v to*s ocrt lchi oaot < orine * FIGURE 5.9: Elcomsoft Distributed Password Recovery Screenshot Module 05 Page 551 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  36. 36. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Non-Electronic Attacks Looking at either the user's keyboard or screen while he/she is logging in Searching for sensitive information at the user's trash-bins, printer trash bins, and user desk for sticky notes Convincing people to reveal the confidential information Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. I I N on-E lectronic A ttacks N o n - e l e c t r o n i c a tta c k s a re also t e r m e d d o e s n 't re q u ire any te c h n ic a l k n o w le d g e n o n - t e c h n i c a l a tta c k s . T his k in d o f a t ta c k a b o u t th e m e th o d s o f in tru d in g in to a n o t h e r 's s y s te m . T h e r e f o r e , it is n a m e d a n o n - e l e c t r o n i c a tta c k . T h e r e a re f o u r ty p e s o f n o n - e l e c t r o n i c a tta c k s , w h i c h a re : social e n g in e e r in g , s h o u ld e r s u rfin g , k e y b o a r d s n if fin g , a nd d u m p s t e r d iv in g . |1 ‫ןןןן‬ D u m p ste r D iving D u m p s t e r d iv in g is a k e y a t t a c k m e t h o d t h a t t a r g e t s u p o n a s u b s t a n t i a l f a i l u r e in c o m p u t e r s e c u r it y : t h e v e r y i n f o r m a t i o n t h a t p e o p le c ra ve , p r o t e c t , a n d d e v o t e d l y s e c u re can be a t t a in e d b y a lm o s t a n y o n e w i l l i n g t o s c r u t i n iz e g a r b a g e . It a llo w s y o u t o g a t h e r i n f o r m a t i o n a b o u t t h e t a r g e t 's p a s s w o r d s by l o o k in g t h r o u g h t h e tr a s h . This l o w - t e c h a t t a c k t y p e has m a n y i m p lic a t io n s . D ue t o less s e c u r it y t h a n t h e r e is t o d a y , d u m p s t e r d iv in g w a s a c t u a l ly q u i t e p o p u l a r in t h e 1 980s. T h e t e r m ‫ ״‬d u m p s t e r d iv i n g " r e fe r s t o a n y u s e fu l, g e n e r a l i n f o r m a t i o n t h a t is f o u n d a nd ta ke n fr o m a re as w h e r e it has b e e n d is c a r d e d . T h e se a re a s i n c lu d e tr a s h cans, c u r b s id e c o n t a in e r s , d u m p s t e r s , a n d t h e like, f r o m w h i c h t h e i n f o r m a t i o n can be o b t a i n e d f o r fr e e . C u r io u s a n d / o r m a lic io u s a tt a c k e r s m a y f i n d p a s s w o r d file s , m a n u a ls , s e n s itiv e d o c u m e n t s , r e p o r t s , re c e ip ts , c r e d i t c a rd n u m b e r s , o r d i s k e t t e s t h a t h a ve b e e n t h r o w n a w a y . Module 05 Page 552 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  37. 37. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S im p ly , t h e e x a m i n a t i o n o f w a s t e p r o d u c t s t h a t h a ve b e e n d u m p e d i n t o t h e d u m p s t e r a re a s m a y be h e l p f u l t o a tta c k e r s , a n d t h e r e is a m p le i n f o r m a t i o n t o s u p p o r t t h is c o n c e p t . Such u s e fu l i n f o r m a t i o n w a s d u m p e d w i t h n o t h o u g h t t o w h o s e h a n d s it m a y e n d u p in. T his d a ta can be u tiliz e d b y t h e a t ta c k e r s t o g a in u n a u t h o r i z e d access o n o t h e r s ' c o m p u t e r s y s te m s , o r t h e o b je c t s f o u n d can p r o m p t o t h e r ty p e s o f a tta c k s such as th o s e based o n so c ia l e n g in e e r in g . T H S h o u ld er Surfing '41 ‫ » — י‬S h o u ld e r ‫׳‬ s u r fin g is w h e n an in tru d e r is s t a n d in g in c o n s p ic u o u s ly , but near a l e g i t i m a t e user, w a t c h i n g as t h e p a s s w o r d is e n t e r e d . T h e a t t a c k e r s i m p l y lo o k s a t e i t h e r t h e u s e r's k e y b o a r d o r s c re e n w h i l e he o r she is lo g g in g in, a n d w a t c h e s t o see if t h e u se r is s ta r in g a t t h e d e s k f o r a p a s s w o r d r e m i n d e r o r t h e a c tu a l p a s s w o r d . T his can be p o s s ib le o n l y w h e n t h e a t t a c k e r is p h y s ic a lly close t o t h e t a r g e t . This t y p e o f a t t a c k can also o c c u r in a g r o c e r y s to r e c h e c k o u t lin e w h e n a p o t e n t i a l v i c t i m is s w i p i n g a d e b i t ca rd a n d e n t e r i n g t h e r e q u i r e d PIN. M a n y o f th e s e P e r s o n a l I d e n t i f i c a t i o n N u m b e r s a re o n l y f o u r d ig its lon g. E a v e s d r o p p i n g r e fe r s t o t h e a c t o f s e c r e tly lis te n in g t o s o m e o n e 's c o n v e r s a t i o n . P a s s w o rd s can be d e t e r m i n e d by s e c r e tly lis te n in g t o t h e p a s s w o r d e x c h a n g e s . If t h e h a c k e r fa ils t o g e t y o u r p a s s w o r d b y g u e ssin g , t h e r e are o t h e r w a y s he o r she can t r y t o g e t it. " P a s s w o r d s n i f f i n g " is an a lt e r n a t i v e used b y t h e h a c k e rs t o g e t t h e i r t a r g e t p a s s w o r d s . M o s t o f t h e n e t w o r k s use b r o a d c a s t t e c h n o l o g y , w h i c h m e a n s t h a t e v e r y m e ssa g e t h a t a c o m p u t e r o n t h e n e t w o r k t r a n s m i t s can be re a d b y e a c h a n d e v e r y c o m p u t e r c o n n e c t e d o n t h a t n e t w o r k . In p r a c tic e , e x c e p t t h e r e c i p i e n t o f t h e m essa ge , all o t h e r c o m p u t e r s w i ll n o tic e t h a t t h e m e s s a g e is n o t i n t e n d e d f o r t h e m , a n d i g n o r e it. H o w e v e r , c o m p u t e r s can be p r o g r a m m e d t o lo o k a t e v e r y m e s s a g e t r a n s m i t t e d by a s p e c ific c o m p u t e r o n t h e n e t w o r k . In t h is w a y , o n e can lo o k a t m essa ge s t h a t a re n o t in t e n d e d f o r t h e m . H a c ke rs h a v e t h e p r o g r a m s t o d o th is , a n d t h e n scan all t h e m essa ge s t r a v e r s e d o n t h e n e tw o rk lo o k in g fo r th e p assw ord. You m a y e n d u p g iv in g y o u r p a s s w o r d t o t h e a t t a c k e r if y o u a re lo g g in g i n t o a c o m p u t e r acro ss a n e tw o rk , and so m e c o m p u te rs on th e n e tw o r k have b een c o m p ro m is e d th is w ay. U sing t h is p a s s w o r d s n i f f i n g t e c h n i q u e , h a c k e rs h a v e c o lle c te d th o u s a n d s o f p a s s w o r d s b y b r e a k in g i n t o t h e c o m p u t e r s t h a t a re c o n n e c t e d o n a h e a v ily u sed n e t w o r k . Social E n g in e e rin g In c o m p u t e r s e c u r ity , social e n g in e e r in g is t h e t e r m t h a t r e p r e s e n ts a n o n - t e c h n i c a l k in d o f i n t r u s io n . T y p ic a lly , t h is re lie s h e a v ily o n h u m a n i n t e r a c t i o n a n d o f t e n in v o lv e s t r i c k in g o t h e r p e o p le i n t o b r e a k in g n o r m a l s e c u r it y p r o c e d u r e s . A social e n g in e e r r u n s a " c o n g a m e " t o b r e a k t h e s e c u r it y p r o c e d u r e s . For e x a m p le , an a t t a c k e r u sin g social e n g in e e r in g t o b r e a k i n t o a c o m p u t e r n e t w o r k w o u l d t r y t o g ain t h e t r u s t o f s o m e o n e w h o is a u t h o r i z e d t o access t h e n e t w o r k , a n d t h e n t r y t o e x t r a c t t h e i n f o r m a t i o n t h a t c o m p r o m i s e s t h e n e t w o r k s e c u r ity . Module 05 Page 553 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  38. 38. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Social e n g in e e r in g is t h e r u n - t h r o u g h o f p r o c u r i n g c o n f i d e n t i a l i n f o r m a t i o n b y d e c e iv in g o r s w a y in g p e o p le . A n a t t a c k e r can m i s r e p r e s e n t h im s e l f as a u s e r o r s y s te m a d m i n i s t r a t o r in o r d e r t o o b t a i n t h e p a s s w o r d f r o m a user. It is n a t u r a l f o r p e o p le t o be h e l p f u l a n d t r u s t i n g . A n y p e r s o n g e n e r a lly m a k e s an e f f o r t t o b u ild a m i c a b l e r e la t io n s h ip s w i t h his o r h e r f r i e n d s a nd c o lle a g u e s . Social e n g in e e r s t a k e a d v a n ta g e o f t h is t e n d e n c y . A n o t h e r t r a i t o f social e n g in e e r in g relie s o n t h e i n a b i l i t y o f p e o p le t o k e e p u p w i t h a c u lt u r e t h a t r e lie s h e a v i l y o n i n f o r m a t i o n t e c h n o l o g y . M o s t p e o p le are n o t a w a r e o f t h e v a lu e o f t h e i n f o r m a t i o n t h e y possess a n d f e w a re ca re le ss a b o u t p r o t e c t i n g it. A t t a c k e r s t a k e a d v a n ta g e o f t h is fa c t fo r th e i n t r u s io n . H a b itu a lly , social e n g in e e r s s e a rch d u m p s te rs fo r v a lu a b le i n f o r m a t i o n . A social e n g in e e r w o u l d h a ve a t o u g h e r t i m e g e t t i n g t h e c o m b i n a t i o n t o a safe, o r e v e n t h e c o m b i n a t i o n t o a h e a lt h c l u b lo c k e r , t h a n a p a s s w o r d . T h e b e s t d e f e n s e is t o e d u c a te , t r a i n , a n d c r e a te a w a re n e s s . K ey b o ard Sniffing I K e y b o a rd s n if fin g a llo w s y o u t o in te rp re t th e p a s s w o r d as t h e t a r g e t e n t e r s t h e k e y s tr o k e s u sin g k e y lo g g e r s . Module 05 Page 554 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  39. 39. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Default Passwords J A default password is a password supplied by the m anufacturer w ith new equipm ent that is password protected Online tools to search default passwords: The Default Password List http://cirt.net http://default-password.info h ttp :/ / w w w .d e fa u ltp a s s w o rd .u s http://www.passwordsdatabase.com https://w3dt.net h t tp :/ / w w w .v iru s .o rg *ccrv.8■***: 000‫ יי‬B 8I *!'Connect * « » wm < doscic < 0000/4007 8 http://open-sez.me http://securityoverride.org • Tot•! % t U ‫ ׳‬i 7.24$ ■NtowlHinib(‫׳‬ : d n * 0 9 a d jrM 2 http://www.routerpasswords.com http://www.fortypoundhead.com http://securityoverride.org Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. ' A D efault P assw o rd s S o u rc e : h t t p : / / s e c u r i t y o v e r r i d e . o r g D e f a u lt p a s s w o r d s a re p a s s w o r d s s u p p lie d b y m a n u f a c t u r e r s w i t h n e w e q u i p m e n t . U s u a lly t h e d e f a u l t p a s s w o r d p r o v id e d by t h e m a n u f a c t u r e r s f o r p a s s w o r d p r o t e c t e d d e v ic e s a llo w s t h e d e v ic e t o be a ccessed d u r in g its in itia l s e tu p . O n l in e t o o l s t h a t can be used t o s e a rch f o r d e f a u l t p a s s w o r d s in c lu d e : 0 h ttp ://c irt.n e t 0 h ttp ://d e fa u lt-p a s s w o rd .in fo 0 h ttp ://w w w .d e fa u ltp a s s w o rd .u s 0 h ttp ://w w w .p a s s w o rd s d a ta b a s e .c o m 0 h ttp s ://w 3 d t.n e t 0 h ttp ://w w w .v iru s .o rg 0 h ttp ://o p e n -s e z .m e 0 h ttp ://s e c u rity o v e rrid e .o rg 0 h ttp ://w w w .ro u te rp a s s w o rd s .c o m 0 h ttp ://w w w .fo rty p o u n d h e a d .c o m Module 05 Page 555 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  40. 40. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.10: Default Password Screenshot Access User- Type name 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Debug Synnet CoreBuilder 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Tech Tech 3COM HiPerARC v4.1.x Telnet Adm (none) 3COM LANplex 2500 Telnet Debug Synnet 3COM LANplex 2500 Telnet Tech Tech 3COM LinkSwitch 2 00 0 /2 7 0 0 Telnet Tech Tech Huawei E960 A dm in A dm in 3COM NetBuilder SNMP N e tbu ild er M u lti A dm in (none) 5x0 Telnet n/a PASSWORD 2200 Telnet debug Synnet 2700 Telnet tech Tech M u lti a d m in ttd a d m in ttd Vendor M odel Version 3COM CoreBuilder 3COM 3COM 3COM 3COM 3COM 3COM Office Connect ISDN Routers SuperStack II Switch SuperStack II Switch OfficeConnect 812 ADSL Password ILMI TABLE 5.1: Online Tools To Search Default Password Module 05 Page 556 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  41. 41. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u al Passw ord C rack in g (G uessing) Frequency of attacks is less r Eu 1 E !! The failure rate is high Create a list of possible passwords Key in each password, until correct password is discovered Rank passwords from high probability to low a I ‫פ‬ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. M an u al P assw o rd C ra c k in g (G u essin g ) M anual passw ord c r a c k in g encom passes a tte m p tin g to log on w ith d iffe re n t p a s s w o r d s . G u e s sin g is t h e k e y e l e m e n t o f m a n u a l p a s s w o r d c ra c k in g . T h e p a s s w o r d is t h e key v a lu e o f d a ta t h a t is n e e d e d t o access t h e s y s te m . M o s t p a s s w o r d s can be c r a c k e d u sin g d iffe re n t e s c a l a t io n p r iv ile g e s , e x e c u t in g a p p lic a tio n s , h id in g file s, a nd c o v e r in g tra c k s . A t t a c k e r s t r y m a n y a t t e m p t s t o c ra c k p a s s w o r d s t o i n t r u d e i n t o a t a r g e t 's s y s te m . P a s s w o rd s can be c ra c k e d m a n u a l ly o r u sin g s o m e a u t o m a t e d t o o l s , m e t h o d s , a n d a l g o r i t h m s . P a s s w o rd c ra c k in g can be a u t o m a t e d u sin g a s im p le FOR lo o p also. M a n u a l p a s s w o r d c ra c k in g in v o lv e s d i f f e r e n t a t t e m p t s t o log in t h e f o l l o w i n g w a y s : 0 Find a v a lid u se r 0 C re a te a list o f p o s s ib le p a s s w o r d s 0 Rank p a s s w o r d s f r o m h igh p r o b a b i l i t y t o l o w 0 Key in e ach p a s s w o r d , u n til t h e c o r r e c t p a s s w o r d is d is c o v e r e d A h a c k e r can also c r e a te a s c r ip t file t h a t tr ie s e a c h p a s s w o r d in a list. Still t h is is still c o n s id e r e d m a n u a l c ra c k in g . T h e fa i lu r e r a te o f th is t y p e o f a t t a c k is hig h. Module 05 Page 557 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  42. 42. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u a l P assw o rd C ra c k in g A lgorithm In its s i m p l e s t f o r m , p a s s w o r d g u e s s in g can be a u t o m a t e d u sin g a s im p le FOR lo o p . In t h e e x a m p le t h a t f o l lo w s , an a t t a c k e r c r e a te s a s im p le t e x t file w i t h u s e r n a m e s a n d p a s s w o r d s t h a t a re i t e r a t e d u s in g t h e FOR l o o p . T h e m a in FOR lo o p can e x t r a c t t h e u s e r n a m e s a n d p a s s w o r d s f r o m t h e t e x t f i l e t h a t se rv e s as a d i c t i o n a r y as it i t e r a t e s t h r o u g h e v e r y line : [file: credentials.txt] administrator "" administrator password administrator administrator [Etc. ] F ro m a d i r e c t o r y t h a t can access t h e t e x t file , t h e c o m m a n d is t y p e d as f o l lo w s : c:>FOR /F 1tokens=l,2* ‫% ״‬i in (credentials .txt) A 1 More? do net use victim.comlPC$ %j /u:victim.com%iA More? 2 » n u l A More? && echo %time% %date% » outfile.txtA More? && echo Wvictim.com acct: %i pass: %j » outfile.txt c:>type outfile.txt T h e o u t f i l e . t x t c o n t a i n s t h e c o r r e c t u s e r n a m e a nd p a s s w o r d if t h e u s e r n a m e a n d p a s s w o r d in c r e d e n t i a l s . t x t a re c o r r e c t . A n o p e n s e s s io n can be e s ta b lis h e d w i t h t h e v i c t i m s e r v e r u s in g t h e a t t a c k e r 's s y s te m . Module 05 Page 558 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  43. 43. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ A utom atic Passw ord C rack in g A lgorithm Find the algorithm used for encryption Create a list of the possible passwords CEH Verify whether there is a match for each user ID Repeat the cycle until the correct password is discovered Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A utom atic P assw o rd C ra c k in g A lg o rith m As s e c u r it y a w a r e n e s s in c re a s e d , m o s t s y s te m s b e g a n r u n n i n g p a s s w o r d s t h r o u g h s o m e t y p e o f a l g o r i t h m t o g e n e r a t e a hash. This hash is u s u a lly m o r e t h a n j u s t r e a r r a n g in g t h e o rig in a l p a s s w o r d . It is u s u a lly a o n e - w a y h a s h . T h e o n e - w a y hash is a s tr in g o f c h a r a c te r s t h a t c a n n o t b e r e v e rs e d i n t o its o rig in a l te x t . H o w e v e r , t h e v u l n e r a b i l i t y d o e s n o t a ris e f r o m t h e h a s h in g p ro ce ss, b u t f r o m p a s s w o r d s to ra g e . T h e p a s s w o r d t h a t is s to r e d a t t h e t i m e o f a u t h e n t i c a t i o n is n o t d e c r y p t e d b y m o s t o f th e s y s te m s . Such s y s te m s s to r e o n l y o n e - w a y hashes. D u r in g t h e local log in p ro ce ss, t h e p a s s w o r d e n t e r e d is r u n t h r o u g h t h e a l g o r i t h m g e n e r a t in g a o n e - w a y hash a n d c o m p a r i n g i t t o t h e hash s t o r e d o n t h e s y s te m . If t h e y a re f o u n d t o be s im ila r , it is a s s u m e d t h a t t h e p r o p e r p a s s w o r d w a s used. T h e r e f o r e , all t h a t an a t t a c k e r has t o d o in o r d e r t o c ra c k a p a s s w o r d is t o g e t a c o p y o f t h e o n e w a y hash s t o r e d o n t h e s e rv e r, a nd t h e n use t h e a l g o r i t h m t o g e n e r a t e his o r h e r o w n hash u n t i l he o r she g e ts a m a tc h . M o s t s y s t e m s — M i c r o s o f t , UNIX, a n d N e t w a r e — h a ve p u b lic ly a n n o u n c e d t h e i r h a s h in g a l g o r i t h m s . A t t a c k e r s can use a c o m b i n a t i o n o f a t t a c k m e t h o d s t o r e d u c e t h e t i m e in v o lv e d in c r a c k in g a p a s s w o r d . T h e I n t e r n e t p r o v id e s f r e e w a r e p a s s w o r d c r a c k e rs f o r NT, N e t w a r e , a n d UNIX. Module 05 Page 559 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  44. 44. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker T h e r e a re p a s s w o r d lists t h a t can be fe d t o th e s e c ra c k e rs t o c a r r y o u t a d i c t i o n a r y a t t a c k . In its s i m p l e s t f o r m , a u t o m a t i o n in v o lv e s f i n d i n g a v a lid u s e r a n d t h e p a r t i c u l a r e n c r y p t i o n a l g o r i t h m b e in g used , o b t a i n i n g e n c r y p t e d p a s s w o r d s , c r e a t in g a list o f all p o s s ib le p a s s w o r d s , e n c r y p t i n g e ach w o r d , a n d c h e c k in g f o r a m a t c h f o r e ach u s e r ID k n o w n . T his p ro c e s s is r e p e a t e d u n t i l t h e d e s ire d re s u lts a re o b t a i n e d o r all o p t i o n s a re e x h a u s t e d . A u t o m a t i c p a s s w o r d c r a c k in g a l g o r i t h m s s h o u ld in c lu d e t h e f o l l o w i n g s te p s: e Find a v a lid u se r e Find e n c r y p t i o n a l g o r i t h m used 0 O b t a in e n c r y p t e d p a s s w o r d s Q C re a te a list o f p o s s ib le p a s s w o r d s Q E n c r y p t e ach w o r d © See if t h e r e is a m a tc h f o r e ach u s e r ID P erfo rm in g A u to m ated P assw o rd G u e ssin g If t h e a t t a c k e r fa ils in a m a n u a l a t t a c k , h e o r she can c h o o s e t o a u t o m a t e t h e pro ces s. T h e r e a re s e v e ra l fr e e p r o g r a m s t h a t can assist in t h is e f f o r t . S o m e o f th e s e f r e e p r o g r a m s are Leg io n, Jack t h e R ip p e r, N etB IO S A u d i t i n g T o o l (NAT), e tc . T h e s i m p l e s t o f th e s e a u t o m a t i o n m e t h o d s ta k e a d v a n ta g e o f t h e n e t c o m m a n d . T his in v o lv e s a s im p le l o o p u sin g t h e N T / 2 0 0 0 s h ell f o r c o m m a n d . All t h e a t t a c k e r has t o d o is t o c r e a te a s im p le u s e r n a m e a n d p a s s w o r d file . He o r sh e can t h e n r e f e r e n c e t h i s file w i t h i n a FOR c o m m a n d . C:> FOR /F "token=l, 2*" %i in (credentials.txt) do net use targetlPC$ %i /u: %j A u t o m a t e d p a s s w o r d a tta c k s can be c a te g o r iz e d as f o l lo w s : © A s im p le d ic t io n a r y a t ta c k in v o lv e s lo a d in g a d i c t i o n a r y file (a t e x t file f u ll o f d i c t i o n a r y w o r d s ) i n t o a c ra c k in g a p p li c a t i o n such as L O p h tC ra c k o r J o h n t h e R ip p e r , a n d r u n n i n g it a g a in s t u se r a c c o u n ts t h a t t h e a p p li c a t i o n loc a te s . D i c t i o n a r y a tta c k s a re m o r e e f f e c t i v e w i t h lo n g w o r d s . Q T h e b r u t e f o r c e m e t h o d is t h e m o s t in c lu s iv e , a lt h o u g h s lo w . U s u a lly it tr i e s e v e r y p o s s ib le l e t t e r a n d n u m b e r c o m b i n a t i o n in its a u t o m a t e d e x p l o r a t i o n . 0 A h y b r id a p p r o a c h is o n e t h a t c o m b in e s f e a t u r e s o f b o t h m e t h o d s . It u s u a lly s ta r t s w i t h a d ic t io n a r y , a n d t h e n tr i e s c o m b i n a t i o n s such as t w o w o r d s t o g e t h e r o r a w o r d a nd n um be rs. Users t e n d t o h a ve w e a k p a s s w o r d s b e c a u s e t h e y d o n o t k n o w w h a t c o n s t i t u t e s a s t r o n g p a s s w o r d a n d , t h e r e f o r e , d o n o t k n o w h o w t o c r e a te s t r o n g p a s s w o r d s f o r t h e i r a c c o u n ts . As s h o w n , t h i s lea ves p a s s w o r d s o p e n t o a tta c k . Module 05 Page 560 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  45. 45. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using USB D rive 1 Attacker c EH U rtifM User itkMjl IlMhM Passwords PassView is executed in th e background and passwords w ill be stored in th e .TXT files in th e USB drive Inse rt th e USB drive and th e autorun w in d o w w ill pop-up ( if enabled) C ontents o f launch, bat D ownload PassView, a start p s p v .exe/stext p s p v .txt password hacking to o l Create autorun.inf in USB drive Copy th e downloaded files to [autorun] e n = l a u n c h .b a t USB drive Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. £ W < S tealing P a ssw o rd s U sing USB D rives ‫>־‬ z J S te a lin g p a s s w o r d s u sin g a USB d r i v e is a p h y s ic a l a p p r o a c h f o r h a c k in g p a s s w o r d s sto re d in a c o m p u te r. A tta cke rs can ste a l passw ord s u s in g a USB d r iv e and d iffe re n t a p p lic a tio n s . P e o p le w h o h a ve m u l t i p l e o n l i n e a c c o u n ts u s u a lly s to r e t h e i r u s e r n a m e s and p a s s w o r d s as a b a c k u p t o use if t h e y f o r g e t t h e m . You can r e c o v e r o r s te a l such c r e d e n t i a l s u sin g a USB d riv e . T h e p h y s ic a l a p p r o a c h m a t t e r s a l o t f o r h a c k in g p a s s w o r d s . O n e can ste a l p a s s w o r d s u sin g a USB d r iv e a n d a p p lic a tio n s . This m e t h o d is a p p lic a b le f o r h a c k in g s t o r e d p a s s w o r d s in a n y c o m p u t e r . M o s t o f t h e p e o p le s ig n in g u p f o r a la rg e n u m b e r o f w e b s i t e s u s u a lly s to r e t h e i r passw ords on th e c o m p u te r in o r d e r t o re m e m b e r th e m . O n e can t r y re c o v e rin g th e m a u t o m a t i c a l l y u sin g a USB d riv e . T his r e q u ir e s p lu g g in g t h e USB in a n y p o r t o f t h e c o m p u t e r in w h i c h t h e p a s s w o r d s h a v e b e e n s t o r e d . T his t r i c k is a p p lic a b le f o r W i n d o w s XP, W i n d o w s 7, W i n d o w s V is ta , a n d W i n d o w s 2 0 0 0 . All t h e a p p li c a t i o n s i n c lu d e d a re p o r t a b l e a n d l ig h t e n o u g h t h a t t h e y can be d o w n l o a d e d in th e USB d is k in f e w se c o n d s . You can also h a c k s t o r e d M e s s e n g e r p a s s w o r d s . U sing t o o l s a n d a USB p e n d r i v e y o u can c r e a te a r o o t k i t t o h a c k p a s s w o r d s f r o m t h e t a r g e t c o m p u t e r . S te a lin g p a s s w o r d s u s in g a USB d e v ic e is c a r r ie d o u t w i t h t h e h e lp o f t h e f o l l o w i n g s te p s : 1. You n e e d a p a s s w o r d h a c k in g t o o l Module 05 Page 561 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  46. 46. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker 2. C o p y t h e d o w n l o a d e d .exe file s o f p a s s w o r d h a c k in g t o o l s t o USB d riv e . 3. C re a te a n o t e p a d d o c u m e n t a n d p u t t h e f o l l o w i n g c o n t e n t o r c o d e in t h e n o t e p a d [a u to ru n ] e n = la u n c h .b a t A f t e r w r i t i n g th is c o n t e n t i n t o N o t e p a d , save t h e d o c u m e n t as a u t o r u n . i n f a n d c o p y th is f ile t o t h e USB d riv e . 4. O pen N o te p a d and w rite th e fo llo w in g c o n te n t in to N otep ad : s t a r t p s p v . e x e / s t e x t p s p v .t x t A f t e r t h a t , save file as la u n c h . b a t a n d c o p y t h is f ile t o t h e USB d r iv e 5. 6. In s e r t t h e USB d r i v e a n d t h e a u t o r u n w i n d o w p o p - u p ( if e n a b le d ) . A p a s s w o r d - h a c k i n g t o o l is e x e c u t e d in t h e b a c k g r o u n d a nd p a s s w o r d s can be s t o r e d in t h e .TXT file s in t h e USB d riv e . In t h i s w a y , y o u can c r e a te y o u r o w n USB p a s s w o r d r e c o v e r y t o o l k i t a n d use it t o ste a l sto re d p a s s w o r d s o f y o u r f r i e n d s o r c o lle a g u e s w i t h o u t t h e k n o w l e d g e o f t h e th e p e r s o n . This p ro c e s s ta k e s o n l y a f e w s e c o n d s t o r e t r i e v e p a s s w o r d s . Attacker FIGURE 5.11: Stealing Passwords Using USB Drives Module 05 Page 562 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  47. 47. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using K eyloggers CEH J Keyloggers provide an easiest and most effective means of stealing a all victinVs user names and passwords J If an attacker is successful in infecting a victim's machine with a Trojan that have keylogging features he can instruct the Trojan server to log and send back all user credentials to his machine Attacker infects victim’s local PC with a software keylogger Victim logs on to the domain server with his credentials © ................... > .........& Attacker Keylogger sends login credentials to hacker . Victim Domain Server Attacker gains access to domain server Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. S tealing P a ssw o rd s U sing K ey lo g g ers W h e n e v e r an a t t a c k e r n e e d s t o c ra c k s o m e t h i n g , he o r she u s u a lly t h i n k s a b o u t th e p o s s ib le l o o p h o l e s in t h e w h o l e p ro ce ss . P a s s w o rd s a re t h e p ie ce o f d a ta used t o access an a c c o u n t o r a s y s te m . C h o o s in g c o m p le x p a s s w o r d s m a k e s y o u r a c c o u n ts s e c u r e a n d t h e j o b o f t h e a t t a c k e r d if f i c u l t . A c o m p le x p a s s w o r d m a k e s t h e a tt a c k e r 's j o b d i f f i c u l t b u t n o t im p o s s ib le . P a s s w o rd s a re t h e p ie c e o f d a ta t o be s u b m i t t e d t o a s y s te m o r a p p li c a t i o n t o g ain access t o it. P a s s w o rd s a re u s u a lly e n t e r e d t h r o u g h t h e k e y b o a r d . H e n c e , if an a t t a c k e r has s o f t w a r e o r a m e c h a n is m t h a t can log t h e k e y s tr o k e s a n d se nd t h e r e p o r t t o h im o r h er, t h e n t h e a t t a c k e r can d e t e r m i n e t h e p a s s w o r d s easily. T h e p r o g r a m s t h a t a l l o w t h e m t o d o th is a re k e y lo g g e rs , a k in d o f m a l w a r e . K e y lo g g e rs can e x p o s e all t h e k e y s tr o k e s e n t e r e d by t h e t a r g e t in c lu d in g u s e r n a m e s a n d p a s s w o r d s f o r a n y w e b s ite s . A r e m o t e k e y lo g g e r can g iv e an a t t a c k e r access n o t o n l y t o y o u r e m a il a n d o n l i n e a c c o u n ts , b u t it can c o m p r o m i s e y o u r f i n a n c ia l d e ta ils as w e ll. K e y lo g g e rs a re u sed by p e o p le t o f i n d a c e r ta in p ie c e o f i n f o r m a t i o n such as a u s e r n a m e o r p a s s w o r d . T h e p ic t o r ia l r e p r e s e n t a t i o n c le a rly e x p la in s t h e w a y a t ta c k e r s ste a l p a s s w o r d s using k e y lo g g e rs . Module 05 Page 563 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  48. 48. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Domain Server Attacker gains access to domain server FIGURE 5.12: Stealing Passwords Using Keyloggers W hen s te a lin g p a s s w o r d s , t h e k e y lo g g e r . W h e n t h e v i c t i m a t t a c k e r f i r s t i n f e c ts t h e v i c t i m ' s local PC w i t h a s o ftw a re logs o n t o t h e d o m a i n s e r v e r w i t h his o r h e r c r e d e n tia ls , t h e k e y lo g g e r a u t o m a t i c a l l y s e n d s lo g in c r e d e n t i a l s (u s e r n a m e , p a s s w o r d s ) t o t h e a t t a c k e r w i t h o u t t h e k n o w l e d g e o f t h e v i c t i m . O n c e t h e a t t a c k e r g e ts t h e v i c t i m ' s lo g in c r e d e n tia ls , he o r she logs o n t o t h e d o m a i n s e r v e r a n d m a y p e r f o r m a n y a c tio n . Module 05 Page 564 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

×