Hackers Strategies Revealed

1
Hackers Strategies Revealed

• WEST CHESTER UNIVERSITY
• Computer Science Department
• Yuchen Zhou
• March 22, 2002

2
Requirements

• Hardware
• -Two computers
• -One hub
• -Internet access
• Software
• -Windows 98/2000
• -Trojan horse (Glacier 6.0)
• -Sniffer ( password monitor)
• -Port scanner (Fluxay IV)

3
Case 1 Trojan Horse

• Suppose a Trojan horse (server.exe) was installed
  on computer A already.
• One can execute a control program(client.exe) on
  computer B to control computer A.

4
Planting a Trojan Horse

• Direct execution of a Trojan horse
• Sent as an e-mail attachment
• Link an icon (as a bait) to a Trojan Horse
• Guess password of a user and then use remote
  execution

5
Hacking Remotely

• Run a client program to control the compromised
  system remotely

6
Searching...
port
delay time
domain
Victim found
begin from
to
7
All folders and files in computer A. We can copy,
rename, run or delete them remotely.
8
Computer As basic information
System information of computer A.
Password related commands
Control related commands
Network related commands
9
All the passwords in computer A's cache.
Password in cache
10
Monitoring computer As screen
11
Controlling Computer As screen
12
Other operations you can use to control computer A

• Find/copy/delete files from computer A
• Share a directory
• Kill a process
• Change the registry
• Record the keyboard
• Shut/restart the computer

13
All commands we can use
14
Case 2 Sniff a Password

• If computer A transmits some data frames to a
  server machine D via an Ethernet, every computer
  will receive a copy.
• Only computer D should accept it others should
  discard the data frames.
• However, a sniffer running on machine B or C
  receives it and analyzes it even B or C is not
  the destination.

15
(No Transcript)
16
monitoring
NIC
The URL computer A visiting
password
log on time
user name
Computer As IP address
When the password was detected, it will display
here.
17
This files name is webfilter.txt, pwmonitor
need this file to identify the URLs. That is to
say, only when the URL computer A visiting is in
this filter file can the passwords be sniffed.
Because this sniffer is created in China, most
of the URLs located in China, but we can find
yahoo.com here.
18
Case 3 Hack a Server

• Computer A is a server, B is a client
• Scans the ports of computer A
• Guesses the password of admin.
• After the computer is compromised, a hacker can
  plant some backdoor software to the server and
  execute it remotely.

19
Hosts type
Flaxuy is the most popular ports scanner used in
China these days. It scans all services (ports)
of the servers provide, once it finds a certain
service (FTP, telnet...), it will try to find the
users and guess the passwords...
username
password
hosts
20
Scan from
to
Host type
Guess password
Display password if get
21
Scanning...
22
Now we get the password.
23
password
Computer 144.26.30.40s Administrator is
TopTooler, the password is toptooler, we can
establish a IPC connection.
24
Using this command, we can log on to the server
as an administrator.
Then copy a Trojan horse to a server
25
The Trojan horse will be started
automatically at 1350p.m. on the server.