SlideShare a Scribd company logo

Ch07.ppt

Download as PPT, PDF
I
ImXaib

Is

Education
1 of 24
© SYBEX Inc. 2016. All Rights Reserved. System Hacking Chapter 7
© SYBEX Inc. 2016. All Rights Reserved. Gaining Access • What is gaining access? – Breaking passwords – Opening up a system – Can lead to further actions
© SYBEX Inc. 2016. All Rights Reserved. Password Cracking Passwords are the most widely used form of authentication. Usernames and passwords are a commonly targeted item. Enumeration may have gathered usernames in some cases. Password cracking is used to obtain passwords. Password cracking refers to a group of techniques. It is an essential skill for penetration testers. The ability to crack passwords is a required skill to you as a penetration tester as passwords represent an effective way to gain access to a system.
© SYBEX Inc. 2016. All Rights Reserved. What Makes a Password Susceptible to Cracking? Passwords that contain letters, special characters, and numbers: stud@52 Passwords that contain only numbers: 23698217 Passwords that contain only special characters: &*#@!(%) Passwords that contain letters and numbers: meetl23 Passwords that contain only uppercase or only lowercase: POTHMYDE Passwords that contain only letters and special characters: rex@&ba Passwords that contain only special characters and numbers: 123@$4 Passwords of 11 characters or less Passwords are intended to be something that is easy to remember but at the same time not easily guessed or broken.
© SYBEX Inc. 2016. All Rights Reserved. Password Cracking Types Passive Online • Sniffing Active Online • Brute force • Guessing Offline • Rainbow tables Nonelectronic • Social engineering There are numerous techniques used to reveal or recover a password that you must explore, and each uses a different approach that can yield a password. Each method offers advantages and disadvantages that you should be familiar with.
© SYBEX Inc. 2016. All Rights Reserved. Passive Online Characteristics of passive online Passive attacks adopt a “sit back and wait” attitude. Packet sniffers are a common mechanism to gather passwords. Weak password protection schemes are at risk. Many protocols of older varieties are vulnerable. A passive online attack is any attack where the individual carrying out the process takes on a “sit back and wait” attitude.
© SYBEX Inc. 2016. All Rights Reserved. Protocols Vulnerable to Sniffing Telnet and rlogin (remote login): Using these protocols, anyone can access your keystrokes. HTTP: This protocol sends usernames and passwords in cleartext. SNMP: This is like HTTP; it sends passwords in cleartext. POP: This sends passwords in cleartext. FTP: This sends passwords in cleartext. NNTP: This sends passwords in cleartext. IMAP: This sends passwords in cleartext. There are thousands of protocols that allow people to communicate via networks while also being used to hack into them.
© SYBEX Inc. 2016. All Rights Reserved. Tools for Passive Attacks A network sniffers monitors data flowing over a network, which can be a software program or a hardware device with the appropriate software or firmware programming. • Wireshark • Network Miner • Network Monitor • Dsniff
© SYBEX Inc. 2016. All Rights Reserved. Man-in-the-Middle Designed to listen in on the communication between two parties Can be completely passive if attacker just listens to communication Could become active attack if an attacker takes over the session Some protocols vulnerable to sniffing This type of attack takes place when two different parties communicate with one another with a third party listening in.
© SYBEX Inc. 2016. All Rights Reserved. Active Online Attacks that fit into this category are those that require direct interaction with a system in an attempt to break a password. • Guessing • Malware
© SYBEX Inc. 2016. All Rights Reserved. Password Guessing Bad passwords Pet’s name Spouse’s name Data of birth Phone # Favorite show Best friend Password guessing is a valid and somewhat effective form of obtaining a password. During this process an attacker will attempt to gain a password by using a piece of software designed to test passwords.
© SYBEX Inc. 2016. All Rights Reserved. Using Malware In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. Malware is a class of software with no beneficial use.
© SYBEX Inc. 2016. All Rights Reserved. Using Malware • Keyloggers are a good example of malware. • Keyloggers can be used to gain countless pieces of information.
© SYBEX Inc. 2016. All Rights Reserved. Offline • Rainbow tables – Uses precomputed hashes to identify password
© SYBEX Inc. 2016. All Rights Reserved. What Is a Rainbow Table? Rainbow tables are the end result of a process where every possible combination of characters is generated within certain limits. • Reduces difficulty in brute- force methods • Generates hashes for every possible password • Takes time to create hash table • Faster than other types of attacks • Effective against LAN Manager systems
© SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Privilege escalation Increasing access for compromised account Typically, breached account will not have broad privileges Raising privileges to a level where more actions can take place Can be vertical or horizontal Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances, privilege escalation is required.
© SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Types Privilege escalation is the process where the access that is obtained is increased to a higher level where more actions can be carried out. The reality is that the account accessed typically will end up being a lower privileged one and therefore one with less access. • Vertical – Raising the privileges of an account that has already been compromised • Horizontal – Compromising one account and then another and another, each with an increased level of access
© SYBEX Inc. 2016. All Rights Reserved. Tools for Privilege Escalation Active@ Password Changer Trinity Rescue Kit ERD Commander Kali Linux Parrot OS Windows Recovery Environment (WinRE) Windows Password Recovery
© SYBEX Inc. 2016. All Rights Reserved. Opening a Shell LAN Turtle is a remote access pen testing tool Housed with USB network adapter Allows opening of a remote shell on a system With shell, open commands can be transmitted to remote system What LAN Turtle enables is the ability to perform several attacks such as man-in- the-middle, sniffing, and many others.
© SYBEX Inc. 2016. All Rights Reserved. Running Applications Backdoors Crackers Keyloggers Malware When an attacker is executing applications on a system, they are doing so with specific goals in mind.
© SYBEX Inc. 2016. All Rights Reserved. Covering Tracks Important step in removing evidence Leave no trace behind Eliminate or alter logs, error messages, and files More evidence or tracks means greater chance of being detected
© SYBEX Inc. 2016. All Rights Reserved. Working with Log Files Prevent leaving of information Disabling of auditing on a system May prevent or slow detection Surgical removal of entries in log files is possible
© SYBEX Inc. 2016. All Rights Reserved. Alternate Data Streams Feature of NTFS file system Allows for compatibility with Macintosh file system Stores data in a nearly undetectable resource fork Tough to reveal presence of data stream Special software required to detect files ADS was introduced into the Windows NTFS file system starting in Windows NT 3.1. This was implemented in order to allow compatibility with the Macintosh Hierarchical File System (HFS).
© SYBEX Inc. 2016. All Rights Reserved. Summary • What the process looks like • Steps to take • Tools to use • Information to be obtained

Recommended

Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 

Recommended

Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+Infosec Train
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf filedebmajumder741249
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Metasploit
MetasploitMetasploit
MetasploitParth Sahu
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 
Windows network
Windows networkWindows network
Windows networkJithesh Nair
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptxImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxImXaib
 

More Related Content

Similar to Ch07.ppt

Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf filedebmajumder741249
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 

Similar to Ch07.ppt (20)

Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Metasploit
MetasploitMetasploit
Metasploit
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Windows network
Windows networkWindows network
Windows network
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 

More from ImXaib

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptxImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxImXaib
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxImXaib
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxImXaib
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXImXaib
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.pptImXaib
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.pptImXaib
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.pptImXaib
 
ch12.ppt
ch12.pptch12.ppt
ch12.pptImXaib
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.pptImXaib
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.pptImXaib
 
rooster-ipsecindepth.ppt
rooster-ipsecindepth.pptrooster-ipsecindepth.ppt
rooster-ipsecindepth.pptImXaib
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.pptImXaib
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptxImXaib
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptImXaib
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptImXaib
 

More from ImXaib (20)

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptx
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptx
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptx
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptx
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTX
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.ppt
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.ppt
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.ppt
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.ppt
 
rooster-ipsecindepth.ppt
rooster-ipsecindepth.pptrooster-ipsecindepth.ppt
rooster-ipsecindepth.ppt
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.ppt
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptx
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.ppt
 

Recently uploaded

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 

Recently uploaded (20)

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 

Ch07.ppt

  • 1. © SYBEX Inc. 2016. All Rights Reserved. System Hacking Chapter 7
  • 2. © SYBEX Inc. 2016. All Rights Reserved. Gaining Access • What is gaining access? – Breaking passwords – Opening up a system – Can lead to further actions
  • 3. © SYBEX Inc. 2016. All Rights Reserved. Password Cracking Passwords are the most widely used form of authentication. Usernames and passwords are a commonly targeted item. Enumeration may have gathered usernames in some cases. Password cracking is used to obtain passwords. Password cracking refers to a group of techniques. It is an essential skill for penetration testers. The ability to crack passwords is a required skill to you as a penetration tester as passwords represent an effective way to gain access to a system.
  • 4. © SYBEX Inc. 2016. All Rights Reserved. What Makes a Password Susceptible to Cracking? Passwords that contain letters, special characters, and numbers: stud@52 Passwords that contain only numbers: 23698217 Passwords that contain only special characters: &*#@!(%) Passwords that contain letters and numbers: meetl23 Passwords that contain only uppercase or only lowercase: POTHMYDE Passwords that contain only letters and special characters: rex@&ba Passwords that contain only special characters and numbers: 123@$4 Passwords of 11 characters or less Passwords are intended to be something that is easy to remember but at the same time not easily guessed or broken.
  • 5. © SYBEX Inc. 2016. All Rights Reserved. Password Cracking Types Passive Online • Sniffing Active Online • Brute force • Guessing Offline • Rainbow tables Nonelectronic • Social engineering There are numerous techniques used to reveal or recover a password that you must explore, and each uses a different approach that can yield a password. Each method offers advantages and disadvantages that you should be familiar with.
  • 6. © SYBEX Inc. 2016. All Rights Reserved. Passive Online Characteristics of passive online Passive attacks adopt a “sit back and wait” attitude. Packet sniffers are a common mechanism to gather passwords. Weak password protection schemes are at risk. Many protocols of older varieties are vulnerable. A passive online attack is any attack where the individual carrying out the process takes on a “sit back and wait” attitude.
  • 7. © SYBEX Inc. 2016. All Rights Reserved. Protocols Vulnerable to Sniffing Telnet and rlogin (remote login): Using these protocols, anyone can access your keystrokes. HTTP: This protocol sends usernames and passwords in cleartext. SNMP: This is like HTTP; it sends passwords in cleartext. POP: This sends passwords in cleartext. FTP: This sends passwords in cleartext. NNTP: This sends passwords in cleartext. IMAP: This sends passwords in cleartext. There are thousands of protocols that allow people to communicate via networks while also being used to hack into them.
  • 8. © SYBEX Inc. 2016. All Rights Reserved. Tools for Passive Attacks A network sniffers monitors data flowing over a network, which can be a software program or a hardware device with the appropriate software or firmware programming. • Wireshark • Network Miner • Network Monitor • Dsniff
  • 9. © SYBEX Inc. 2016. All Rights Reserved. Man-in-the-Middle Designed to listen in on the communication between two parties Can be completely passive if attacker just listens to communication Could become active attack if an attacker takes over the session Some protocols vulnerable to sniffing This type of attack takes place when two different parties communicate with one another with a third party listening in.
  • 10. © SYBEX Inc. 2016. All Rights Reserved. Active Online Attacks that fit into this category are those that require direct interaction with a system in an attempt to break a password. • Guessing • Malware
  • 11. © SYBEX Inc. 2016. All Rights Reserved. Password Guessing Bad passwords Pet’s name Spouse’s name Data of birth Phone # Favorite show Best friend Password guessing is a valid and somewhat effective form of obtaining a password. During this process an attacker will attempt to gain a password by using a piece of software designed to test passwords.
  • 12. © SYBEX Inc. 2016. All Rights Reserved. Using Malware In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. Malware is a class of software with no beneficial use.
  • 13. © SYBEX Inc. 2016. All Rights Reserved. Using Malware • Keyloggers are a good example of malware. • Keyloggers can be used to gain countless pieces of information.
  • 14. © SYBEX Inc. 2016. All Rights Reserved. Offline • Rainbow tables – Uses precomputed hashes to identify password
  • 15. © SYBEX Inc. 2016. All Rights Reserved. What Is a Rainbow Table? Rainbow tables are the end result of a process where every possible combination of characters is generated within certain limits. • Reduces difficulty in brute- force methods • Generates hashes for every possible password • Takes time to create hash table • Faster than other types of attacks • Effective against LAN Manager systems
  • 16. © SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Privilege escalation Increasing access for compromised account Typically, breached account will not have broad privileges Raising privileges to a level where more actions can take place Can be vertical or horizontal Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances, privilege escalation is required.
  • 17. © SYBEX Inc. 2016. All Rights Reserved. Privilege Escalation Types Privilege escalation is the process where the access that is obtained is increased to a higher level where more actions can be carried out. The reality is that the account accessed typically will end up being a lower privileged one and therefore one with less access. • Vertical – Raising the privileges of an account that has already been compromised • Horizontal – Compromising one account and then another and another, each with an increased level of access
  • 18. © SYBEX Inc. 2016. All Rights Reserved. Tools for Privilege Escalation Active@ Password Changer Trinity Rescue Kit ERD Commander Kali Linux Parrot OS Windows Recovery Environment (WinRE) Windows Password Recovery
  • 19. © SYBEX Inc. 2016. All Rights Reserved. Opening a Shell LAN Turtle is a remote access pen testing tool Housed with USB network adapter Allows opening of a remote shell on a system With shell, open commands can be transmitted to remote system What LAN Turtle enables is the ability to perform several attacks such as man-in- the-middle, sniffing, and many others.
  • 20. © SYBEX Inc. 2016. All Rights Reserved. Running Applications Backdoors Crackers Keyloggers Malware When an attacker is executing applications on a system, they are doing so with specific goals in mind.
  • 21. © SYBEX Inc. 2016. All Rights Reserved. Covering Tracks Important step in removing evidence Leave no trace behind Eliminate or alter logs, error messages, and files More evidence or tracks means greater chance of being detected
  • 22. © SYBEX Inc. 2016. All Rights Reserved. Working with Log Files Prevent leaving of information Disabling of auditing on a system May prevent or slow detection Surgical removal of entries in log files is possible
  • 23. © SYBEX Inc. 2016. All Rights Reserved. Alternate Data Streams Feature of NTFS file system Allows for compatibility with Macintosh file system Stores data in a nearly undetectable resource fork Tough to reveal presence of data stream Special software required to detect files ADS was introduced into the Windows NTFS file system starting in Windows NT 3.1. This was implemented in order to allow compatibility with the Macintosh Hierarchical File System (HFS).
  • 24. © SYBEX Inc. 2016. All Rights Reserved. Summary • What the process looks like • Steps to take • Tools to use • Information to be obtained