SlideShare a Scribd company logo
DEEP KNOWLEDGE ON
NETWORK HACKING PHILOSOPY




ATIK PILIHANTO
MAKASAR, DEC 2010
http://ipsecs.com
PHILOSOPY

  Pengetahuan secara general dan fundamental mengenai
      g                g                         g
  objective dari sebuah masalah
  Network Hacking Philosopy??
  Dasar dan pemahaman fundamental mengenai j  jaringan
  komputer dan vulnerability pada protokol komunikasi
  Let s
  Let’s start to understand our network!
OSI MODEL
OSI MODEL

 OSI model 7 layer : physical, data link, network, transport,
                  y     p y                             p
 session, presentation, dan application
RELASI HACKING DAN OSI

                OSI mendeskripsikan secara general
                dan fundamental bagaimana komunikasi
                                  g
                digital bekerja
                Teknologi pada setiap layer??
                Is this technology exist in your
                network? Or which technology is used?
                Vulnerability,
                Vulnerability attack vector impact dan
                                     vector, impact,
                how to exploit?
OSI : Layer #1 ‐
OSI : Layer #1 
OSI : Layer #1 ‐ Physical

  Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16;
  SONET/SDH, ADSL
          /
  Attack vector; apakah attacker mungkin mengakses teknologi
  pada Layer #1? physical access?
  Impact; sebagian besar besar Denial of Service.
  Contoh Vulnerability; N/A
  How to exploit; pemotongan kabel fiber dan wireless
  (802.11/802.16) signal jamming
  Not so interesting, but sometimes occurred!
OSI : Layer #2 –
OSI : Layer #2  Data Link
OSI : Layer #2 – Data Link

  Contoh T k l i L
  C t h Teknologi; Layer 2 switch (IEEE 802 3) ARP ATM d
                             it h       802.3), ARP, ATM, dan
  frame relay.
  Attack vector; apakah attacker mungkin mengakses teknologi pada
  Layer #2? Local Area Network?
  Impact; Pelanggaran confidentiality dan integrity, Denial of Service
  Contoh Vulnerability; Limitasi switch CAM table dan ARP cache
  poisoning
  How to exploit; Flooding CAM table dan ARP cache poisoning dengan
  tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit
  Exploitasi d l
  E l i i pada layer #2 sering di k bi ik d
                       #       i     kombinasikan dengan b b i
                                                         berbagai
  serangan lain misalnya sniffing dan replay attack.
OSI : Layer #3 –
OSI : Layer #3 
OSI : Layer #3 – Network

  Contoh Teknologi; IP ICMP IPSEC d R i protocol.
  C    h T k l i IP, ICMP, IPSEC, dan Routing  l
  Attack vector; apakah attacker mungkin mengakses teknologi pada
  Layer #3? Remotely accessible?
  Impact; Pelanggaran confidentiality dan integrity, Denial of Service
  Contoh Vulnerability; packet spoofing, celah keamanan routing protocol,
  dan celah kemanan ipsec
  How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGP
  man in the middle, BGP NLRI injection, LDP injection on MPLS, GRE
  traffic tunneling, dan loki project
  Exploitasi pada layer #3 sering di kombinasikan dengan berbagai
  serangan lain misalnya sniffing
OSI : Layer #4 –
OSI : Layer #4 
OSI : Layer #4 – Transport

  Contoh Teknologi; UDP TCP, SCTP
  C    h T k l i UDP, TCP
  Attack vector; apakah attacker mungkin mengakses teknologi
  p
  pada Layer #4? Remotely accessible?
         y                y
  Impact; Pelanggaran confidentiality dan integrity, Denial of
  Service, dan gaining access.
  Contoh Vulnerability; packet spoofing, d session hij ki
  C    h l      bili       k       fi dan      i hijacking
  How to exploit; SYN flooding, UDP flooding, TCP session
  hijacking, SCTP scanning to find SS7 network entry point
    j     g,             g f                       yp
OSI : Layer #5 –
OSI : Layer #5  Session 
OSI : Layer #5 – Session

  Contoh Teknologi; N BIOS L TP PPTP
  C    h T k l i NetBIOS, L2TP,
  Attack vector; apakah attacker mungkin mengakses teknologi
  p
  pada Layer #5? Remotely accessible?
         y                y
  Impact; Pelanggaran confidentiality dan gaining access.
  Contoh Vulnerability; User enumeration
  How to exploit; Enumerate user using NetBIOS
OSI : Layer #6 –
OSI : Layer #6 
OSI : Layer #6 – Presentation

  Contoh Teknologi; SSL, TLS
  C    h T k l i SSL
  Attack vector; apakah attacker mungkin mengakses teknologi
  p
  pada Layer #6? Remotely accessible?
         y                y
  Impact; Pelanggaran confidentiality dan integrity, dan gaining
  access.
  Contoh Vulnerability; SS Man i The Middle
  C    h l      bili SSL       in h iddl
  How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip
  Exploitasi pada layer #6 sering di kombinasikan dengan
  berbagai serangan lain misalnya sniffing
OSI : Layer #7 –
OSI : Layer #7 
OSI : Layer #7 – Application

  Contoh Teknologi; HTTP SMTP, DNS, SSH, FTP
  C    h T k l i HTTP, SMTP DNS SSH
  Attack vector; apakah attacker mungkin mengakses teknologi
  p
  pada Layer #7? Remotely accessible?
         y                y
  Impact; Pelanggaran confidentiality dan integrity, Denial of
  Service, dan gaining access.
  Contoh Vulnerability; b ff overflow, f
  C      h l       bili buffer   fl    format string, web
                                                 i      b
  application vulnerability.
  How to exploit; Exploiting buffer overflow /format string to gain
              p         p     g ff          f     f           g g
  access or doing service denial, exploiting web application to gain
  access
KNOWING YOURSELF 
KNOWING YOURSELF


 In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7
 or all?
 The more you close to lowest layer, the more your chance
            o          lo est la er            o r
 to win the war
KNOWING YOUR ENEMY
KNOWING YOUR ENEMY


 Reconaisance to gain as much as possible information
 about the enemy
 Scanning to gain information which host is ali e and
                               hich         alive
 which service is running
 The more you have information about your enemy the
                                          enemy,
 more your chance to win the war
IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY – YOU 
IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY –
WILL WIN IN MANY WARS ‐
WILL WIN IN MANY WARS ‐ SUNTZU
THINGS TO REMEMBER 
THINGS TO REMEMBER

  Transport set vulnerability:
       p                    y
    Easy to prevent (Firewall, ACL)
    Hard to fix (Update, Patch)
  Application set vulnerability:
    Hard to prevent (Firewall, ACL)
    Easy to fix (Update, Patch)
THINGS TO REMEMBER
THINGS TO REMEMBER


 Keep anonymous and stealth, don’t be so rough!
 Man in the middle example on Layer #2 :
   ARP cache poisoning OR CAM table flooding?
 Exploiting remote buffer overflow on Layer #7:
   Evading IDS/IPS/IDP
   Polymorphic, Encoded shell code OR IP fragmentation??
AN EXAMPLE




Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses dari
laptop attacker dan admin
Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan dengan
router A,B,C, dan D
KNOWING YOUR ENEMY

 Attacker (you) want to compromise VPN MPLS network
 He can’t directly attack administrator computer
 After doing host enumeration, he knows that there’s four
           g
 routers on the network
 After doing service scanning, he knows all routers
 activating SSH and BGP as its service
    i i            d        i       i
 After doing vulnerability scanning, he knows some routers
 has vulnerability
 Attacker search in search engine all information related to
 administrator, email address, and many others
KNOWING YOURSELF
KNOWING YOURSELF

 Do you have access to layer #1? No
    y                    y
 Do you have access to layer #2? No
 Do you have access to layer #3? Yes, useful for exploitation
    y                    y #        ,              p
 Do you have access to layer #4? Yes, useful for exploitation
 Do you have access to layer #5? Yes, Not Applicable
                                 Yes
 Do you have access to layer #6? Yes, Not Applicable
 Do you have access to layer #7? Yes useful for exploitation
                                 Yes,
 SO WHAT??
LAYER #3 ATTACK

  Border Gateway Attack?
    BGP Man In The Middle
    BGP NLRI injection to reroute traffic
    BGP MD5 crack if applicable
  MPLS Attack?
    LDP i j i to rewrite label
        injection    i l b l
  ICMP?
    ICMP flooding and denial of service
  Will be really useful if one router has been compromised!
LAYER #4 ATTACK
LAYER #4 ATTACK

  TCP?
    SYN Flooding to SSH and BGP port causing denial of service
    TCP FIN/RST to close BGP Established session
  UDP and others layer #4 protocol is not applicable
LAYER #7 ATTACK
LAYER #7 ATTACK

  Exploiting routers vulnerability to gain access
    p      g                     y g
    Buffer overflow?
    Format string?
    Denial of service?
  Guessing routers user and password to gain access
    NCRAK?
    THC-Hydra
  YES! You can use social engineering but it’s different topic from
  hacking the network!
QUESTION AND ANSWER 
THANK YOU

More Related Content

Similar to Deep Knowledge on Network Hacking Philosopy

Cisel1 d
Cisel1 dCisel1 d
Cisel1 d
chandu_sai
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
Outhai SAIOUDOM
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
AbhishekPatwardhan10
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
ip spoofing
ip spoofingip spoofing
ip spoofing
vipin soni
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Os Saintandre
Os SaintandreOs Saintandre
Os Saintandre
oscon2007
 
Secure Communications with Jabber
Secure Communications with JabberSecure Communications with Jabber
Secure Communications with Jabber
stpeter
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
charankumarreddy muddarla
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
Akhil Kumar
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
Rizky Ariestiyansyah
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
guestd05b31
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
swang2010
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 .  A covert channel is a communication channel that vio.docxRaphel 1 .  A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docx
catheryncouper
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
Wail Hassan
 
Sectools
SectoolsSectools
Sectools
securedome
 
aaa
aaaaaa
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
RAVI RAJ
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 

Similar to Deep Knowledge on Network Hacking Philosopy (20)

Cisel1 d
Cisel1 dCisel1 d
Cisel1 d
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Presentation1
Presentation1Presentation1
Presentation1
 
Os Saintandre
Os SaintandreOs Saintandre
Os Saintandre
 
Secure Communications with Jabber
Secure Communications with JabberSecure Communications with Jabber
Secure Communications with Jabber
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 .  A covert channel is a communication channel that vio.docxRaphel 1 .  A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docx
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 

More from Don Anto

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
Don Anto
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
Don Anto
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
Don Anto
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP Vulnerability
Don Anto
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
Don Anto
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
Don Anto
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
Don Anto
 

More from Don Anto (7)

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP Vulnerability
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
 

Recently uploaded

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 

Recently uploaded (20)

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 

Deep Knowledge on Network Hacking Philosopy

  • 2. PHILOSOPY Pengetahuan secara general dan fundamental mengenai g g g objective dari sebuah masalah Network Hacking Philosopy?? Dasar dan pemahaman fundamental mengenai j jaringan komputer dan vulnerability pada protokol komunikasi Let s Let’s start to understand our network!
  • 3. OSI MODEL OSI MODEL OSI model 7 layer : physical, data link, network, transport, y p y p session, presentation, dan application
  • 4. RELASI HACKING DAN OSI OSI mendeskripsikan secara general dan fundamental bagaimana komunikasi g digital bekerja Teknologi pada setiap layer?? Is this technology exist in your network? Or which technology is used? Vulnerability, Vulnerability attack vector impact dan vector, impact, how to exploit?
  • 5. OSI : Layer #1 ‐ OSI : Layer #1  OSI : Layer #1 ‐ Physical Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16; SONET/SDH, ADSL / Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #1? physical access? Impact; sebagian besar besar Denial of Service. Contoh Vulnerability; N/A How to exploit; pemotongan kabel fiber dan wireless (802.11/802.16) signal jamming Not so interesting, but sometimes occurred!
  • 6. OSI : Layer #2 – OSI : Layer #2  Data Link OSI : Layer #2 – Data Link Contoh T k l i L C t h Teknologi; Layer 2 switch (IEEE 802 3) ARP ATM d it h 802.3), ARP, ATM, dan frame relay. Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #2? Local Area Network? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; Limitasi switch CAM table dan ARP cache poisoning How to exploit; Flooding CAM table dan ARP cache poisoning dengan tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit Exploitasi d l E l i i pada layer #2 sering di k bi ik d # i kombinasikan dengan b b i berbagai serangan lain misalnya sniffing dan replay attack.
  • 7. OSI : Layer #3 – OSI : Layer #3  OSI : Layer #3 – Network Contoh Teknologi; IP ICMP IPSEC d R i protocol. C h T k l i IP, ICMP, IPSEC, dan Routing l Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #3? Remotely accessible? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; packet spoofing, celah keamanan routing protocol, dan celah kemanan ipsec How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGP man in the middle, BGP NLRI injection, LDP injection on MPLS, GRE traffic tunneling, dan loki project Exploitasi pada layer #3 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
  • 8. OSI : Layer #4 – OSI : Layer #4  OSI : Layer #4 – Transport Contoh Teknologi; UDP TCP, SCTP C h T k l i UDP, TCP Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #4? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; packet spoofing, d session hij ki C h l bili k fi dan i hijacking How to exploit; SYN flooding, UDP flooding, TCP session hijacking, SCTP scanning to find SS7 network entry point j g, g f yp
  • 9. OSI : Layer #5 – OSI : Layer #5  Session  OSI : Layer #5 – Session Contoh Teknologi; N BIOS L TP PPTP C h T k l i NetBIOS, L2TP, Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #5? Remotely accessible? y y Impact; Pelanggaran confidentiality dan gaining access. Contoh Vulnerability; User enumeration How to exploit; Enumerate user using NetBIOS
  • 10. OSI : Layer #6 – OSI : Layer #6  OSI : Layer #6 – Presentation Contoh Teknologi; SSL, TLS C h T k l i SSL Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #6? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, dan gaining access. Contoh Vulnerability; SS Man i The Middle C h l bili SSL in h iddl How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip Exploitasi pada layer #6 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
  • 11. OSI : Layer #7 – OSI : Layer #7  OSI : Layer #7 – Application Contoh Teknologi; HTTP SMTP, DNS, SSH, FTP C h T k l i HTTP, SMTP DNS SSH Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #7? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; b ff overflow, f C h l bili buffer fl format string, web i b application vulnerability. How to exploit; Exploiting buffer overflow /format string to gain p p g ff f f g g access or doing service denial, exploiting web application to gain access
  • 12. KNOWING YOURSELF  KNOWING YOURSELF In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7 or all? The more you close to lowest layer, the more your chance o lo est la er o r to win the war
  • 13. KNOWING YOUR ENEMY KNOWING YOUR ENEMY Reconaisance to gain as much as possible information about the enemy Scanning to gain information which host is ali e and hich alive which service is running The more you have information about your enemy the enemy, more your chance to win the war
  • 15. THINGS TO REMEMBER  THINGS TO REMEMBER Transport set vulnerability: p y Easy to prevent (Firewall, ACL) Hard to fix (Update, Patch) Application set vulnerability: Hard to prevent (Firewall, ACL) Easy to fix (Update, Patch)
  • 16. THINGS TO REMEMBER THINGS TO REMEMBER Keep anonymous and stealth, don’t be so rough! Man in the middle example on Layer #2 : ARP cache poisoning OR CAM table flooding? Exploiting remote buffer overflow on Layer #7: Evading IDS/IPS/IDP Polymorphic, Encoded shell code OR IP fragmentation??
  • 17. AN EXAMPLE Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses dari laptop attacker dan admin Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan dengan router A,B,C, dan D
  • 18. KNOWING YOUR ENEMY Attacker (you) want to compromise VPN MPLS network He can’t directly attack administrator computer After doing host enumeration, he knows that there’s four g routers on the network After doing service scanning, he knows all routers activating SSH and BGP as its service i i d i i After doing vulnerability scanning, he knows some routers has vulnerability Attacker search in search engine all information related to administrator, email address, and many others
  • 19. KNOWING YOURSELF KNOWING YOURSELF Do you have access to layer #1? No y y Do you have access to layer #2? No Do you have access to layer #3? Yes, useful for exploitation y y # , p Do you have access to layer #4? Yes, useful for exploitation Do you have access to layer #5? Yes, Not Applicable Yes Do you have access to layer #6? Yes, Not Applicable Do you have access to layer #7? Yes useful for exploitation Yes, SO WHAT??
  • 20. LAYER #3 ATTACK Border Gateway Attack? BGP Man In The Middle BGP NLRI injection to reroute traffic BGP MD5 crack if applicable MPLS Attack? LDP i j i to rewrite label injection i l b l ICMP? ICMP flooding and denial of service Will be really useful if one router has been compromised!
  • 21. LAYER #4 ATTACK LAYER #4 ATTACK TCP? SYN Flooding to SSH and BGP port causing denial of service TCP FIN/RST to close BGP Established session UDP and others layer #4 protocol is not applicable
  • 22. LAYER #7 ATTACK LAYER #7 ATTACK Exploiting routers vulnerability to gain access p g y g Buffer overflow? Format string? Denial of service? Guessing routers user and password to gain access NCRAK? THC-Hydra YES! You can use social engineering but it’s different topic from hacking the network!