Network Security
NCTU CSCC xatier
2012.12.10
Security?
Security?
True Story
After about 2 weeks ...
I shared the vulnerability with my friend, Crboy
Some injection tests ...
Some injection tests ...
Another hacker, renoGGG :
他手上拿著盾牌可是沒穿褲子
只好我幫您穿上褲子惹...
getting start
ESR how to become a hacker
http://www.catb.org/esr/faqs/hacker-howto.html
The Hacker Attitude
1. The world is full of fascinating
problems waiting to be solved.
2. No problem should ever have to b...
Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source Unixes
and learn to use and run it.
3. Learn h...
Status in the hacker Culture
1. Write open-source software
2. Help test and debug open-source
software
3. Publish useful i...
Be Ethical !
scanning
孫子:知己知彼,百戰百勝
nmap http://nmap.
org/
nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine
nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine
what hosts are available on the network,
what s...
nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine
what hosts are available on the network,
what s...
google hacking
google hacking
http://www.exploit-db.com/google-dorks/
潮爽的,撿到一個 Web Shell
拿到 root (?)
plain text password
http://plainpass.com/
http://plaintextoffenders.com
[忘記密碼] (按下去!)
您的密碼為:XXXXXX
sniffing 封包過濾呼吸法
sniffing 封包過濾呼吸法
sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network.
sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network...
sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network...
tcpdump / wireshark
MITM
in which the attacker makes independent
connections with the victims and relays
messages between them,
making them be...
MITM
arp spoofing
帥哥帥哥,這是我的 MAC address 啊
你拿著一下啦
拿著啦
拿啦拿啦拿啦拿啦拿啦
拿啦拿啦拿啦拿啦拿啦
拿啦拿啦拿啦拿啦拿啦
ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.
ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.
runs on various Un...
ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.
runs on various Un...
The Zen poem
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
beco...
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
Upcoming SlideShare
Loading in …5
×

[NCTU] [CCCA] Network Security I

341 views
277 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
341
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

[NCTU] [CCCA] Network Security I

  1. 1. Network Security NCTU CSCC xatier 2012.12.10
  2. 2. Security?
  3. 3. Security?
  4. 4. True Story
  5. 5. After about 2 weeks ... I shared the vulnerability with my friend, Crboy
  6. 6. Some injection tests ...
  7. 7. Some injection tests ... Another hacker, renoGGG : 他手上拿著盾牌可是沒穿褲子
  8. 8. 只好我幫您穿上褲子惹...
  9. 9. getting start ESR how to become a hacker http://www.catb.org/esr/faqs/hacker-howto.html
  10. 10. The Hacker Attitude 1. The world is full of fascinating problems waiting to be solved. 2. No problem should ever have to be solved twice. 3. Boredom and drudgery are evil. 4. Freedom is good.
  11. 11. Basic Hacking Skills 1. Learn how to program. 2. Get one of the open-source Unixes and learn to use and run it. 3. Learn how to use the World Wide Web and write HTML. 4. If you don't have functional English, learn it.
  12. 12. Status in the hacker Culture 1. Write open-source software 2. Help test and debug open-source software 3. Publish useful information 4. Help keep the infrastructure working 5. Serve the hacker culture itself
  13. 13. Be Ethical !
  14. 14. scanning 孫子:知己知彼,百戰百勝
  15. 15. nmap http://nmap. org/
  16. 16. nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine
  17. 17. nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version), what operating systems (and OS versions), what type of packet filters/firewalls are in use ...
  18. 18. nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version), what operating systems (and OS versions), what type of packet filters/firewalls are in use ... it's designed to rapidly scan large networks, but works fine against single hosts.
  19. 19. google hacking
  20. 20. google hacking http://www.exploit-db.com/google-dorks/
  21. 21. 潮爽的,撿到一個 Web Shell
  22. 22. 拿到 root (?)
  23. 23. plain text password http://plainpass.com/ http://plaintextoffenders.com [忘記密碼] (按下去!) 您的密碼為:XXXXXX
  24. 24. sniffing 封包過濾呼吸法
  25. 25. sniffing 封包過濾呼吸法
  26. 26. sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network.
  27. 27. sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet,
  28. 28. sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
  29. 29. tcpdump / wireshark
  30. 30. MITM in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
  31. 31. MITM
  32. 32. arp spoofing 帥哥帥哥,這是我的 MAC address 啊 你拿著一下啦 拿著啦 拿啦拿啦拿啦拿啦拿啦 拿啦拿啦拿啦拿啦拿啦 拿啦拿啦拿啦拿啦拿啦
  33. 33. ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN.
  34. 34. ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. runs on various Unix-like operating systems , and on Microsoft Windows.
  35. 35. ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. runs on various Unix-like operating systems , and on Microsoft Windows. capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
  36. 36. The Zen poem To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master.

×