• Save
[NCTU] [CCCA] Network Security I
Upcoming SlideShare
Loading in...5
×
 

[NCTU] [CCCA] Network Security I

on

  • 248 views

 

Statistics

Views

Total Views
248
Views on SlideShare
248
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

[NCTU] [CCCA] Network Security I [NCTU] [CCCA] Network Security I Presentation Transcript

  • Network Security NCTU CSCC xatier 2012.12.10
  • Security?
  • Security?
  • True Story
  • After about 2 weeks ... I shared the vulnerability with my friend, Crboy
  • Some injection tests ...
  • Some injection tests ... Another hacker, renoGGG : 他手上拿著盾牌可是沒穿褲子
  • 只好我幫您穿上褲子惹...
  • getting start ESR how to become a hacker http://www.catb.org/esr/faqs/hacker-howto.html
  • The Hacker Attitude 1. The world is full of fascinating problems waiting to be solved. 2. No problem should ever have to be solved twice. 3. Boredom and drudgery are evil. 4. Freedom is good.
  • Basic Hacking Skills 1. Learn how to program. 2. Get one of the open-source Unixes and learn to use and run it. 3. Learn how to use the World Wide Web and write HTML. 4. If you don't have functional English, learn it.
  • Status in the hacker Culture 1. Write open-source software 2. Help test and debug open-source software 3. Publish useful information 4. Help keep the infrastructure working 5. Serve the hacker culture itself
  • Be Ethical !
  • scanning 孫子:知己知彼,百戰百勝
  • nmap http://nmap. org/
  • nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine
  • nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version), what operating systems (and OS versions), what type of packet filters/firewalls are in use ...
  • nmap http://nmap. org/ Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version), what operating systems (and OS versions), what type of packet filters/firewalls are in use ... it's designed to rapidly scan large networks, but works fine against single hosts.
  • google hacking
  • google hacking http://www.exploit-db.com/google-dorks/
  • 潮爽的,撿到一個 Web Shell
  • 拿到 root (?)
  • plain text password http://plainpass.com/ http://plaintextoffenders.com [忘記密碼] (按下去!) 您的密碼為:XXXXXX
  • sniffing 封包過濾呼吸法
  • sniffing 封包過濾呼吸法
  • sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network.
  • sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet,
  • sniffing 封包過濾呼吸法 A packet analyzer is a computer program that can intercept and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
  • tcpdump / wireshark
  • MITM in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
  • MITM
  • arp spoofing 帥哥帥哥,這是我的 MAC address 啊 你拿著一下啦 拿著啦 拿啦拿啦拿啦拿啦拿啦 拿啦拿啦拿啦拿啦拿啦 拿啦拿啦拿啦拿啦拿啦
  • ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN.
  • ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. runs on various Unix-like operating systems , and on Microsoft Windows.
  • ettercap Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. runs on various Unix-like operating systems , and on Microsoft Windows. capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
  • The Zen poem To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master.