Ethical Hacking: Tools, Techniques and Methodologies

1
Ethical Hacking Tools, Techniques and
Methodologies
Jay Ferron ADMT, CEH, CISM, CISSP, MCDBA, MCITP
MCT, NSA-IAM jferron_at_interactiveactivesecuritytra
ining.com
2
Threats to Security
Internal Threatssuch as Internal Attacksor
Code Vulnerabilities
External Threatssuch as Social Engineering or
Viruses
3
External Threats
Social Engineering
Organizational Attacks
Improper permissions can result in access to
restricted data
Harmful code, malicious programs, self replicating
Uses Script Kiddie software to gain network
access
Blocks access to data or services
Acquire confidential information to gain a
business or competitive advantage
Automated Attacks
Bypasses Technology to gain network access
DoS
Connection Fails
Viruses, Trojan Horses, and Worms
Denial of Service (DoS)
Accidental Breaches in Security
4
Business is Changing
Yesterday
Today
INTERNAL FOCUS Access is Granted to Employees Only
EXTERNAL FOCUS Suppliers, Customers,
and Prospects all need some form of access
CENTRALIZED ASSETS Applications and data are
centralized in fortified bunkers
DISTRIBUTED ASSETS Applications and data are
distributed across servers, locations, and
business units
PREVENT LOSSES The goal of security is to protect
against confidentiality breaches
GENERATE REVENUE The goal of security is to
enable electronic commerce
IT CONTROL Security Manager decideswho gets
access
BUSINESS CONTROL Business Units want the
authorityto grant access
Source Forrester Research, Inc.
5
What Have done for Security Today?
YOU
6
Sheep Waiting to be lead
Defcon 2008
7
Assessment of Assets Risk

• Multi-level process
• Identifying the assets
• Document Business value

ASSETS?
RISKS?
8
The Enemy knows Assessment
Teleport Pro
Cheops/NMAP
New Sploit
Kmap
QuietTargetAttack
Database
Query
NTOP
OS, Service, Application
RetinaScanner
BusinessIntelligence
9
Business Intelligence

• Businesses do SWOT analysis often
• (Strength, Weakness, Opportunity Threats)
• You ARE being watched by competitors
• Crackers know where to click
• Information may be more public
• than you thought

10
Focus of Business Security

• Never lose sight of the factthat the objective
  of Information Securityis to support the
  business of the enterprise.
• Security for securitys sake is of no value.
• Tom Peltier, CISSP

11
Hacker Methodology

• Focus through the storm...

12
Hacker Methodology

• Overview
• Methodology, methodology, methodology...
• It is very easy to get overwhelmed, distracted,
  and/or confused throughout the intricacies of
  hacking. Especially when the target organization
  is large or complex.
• There are an infinite number of possible
  approaches and tangents.
• Having a consistent methodology or framework to
  work within helps keep you focused, thorough and
  effective!
• Plan your work and work your plan.

13
Hacker Methodology

• Overview
• There are as many hacker methodologies as there
  are hackers but the methodology we will be
  covering in class is straight forward,
  field-tested, concise and lethal.
• Each step can be broken into infinite sub-steps
  that may change over time but this high-level
  methodology should serve you well.
• Not all steps have to be performed in the exact
  sequence listed but should be done whenever
  possible (e.g. Pillage, Expand Influence)
• If you find yourself lost in the details, you
  can always fall back to the methodology and
  regain your bearing.

14
Hacker Methodology

• Footprint
• Scan
• Enumerate
• Penetrate
• Escalate
• Pillage
• Get Interactive
• Expand Influence
• Cleanup

15
Hacker Methodology

• Footprint
• Definition
• footprint
• the area over which something occurs or is
  effective
• The surface space occupied by a structure or
  device
• Our Connotation
• Information reconnaissance against the target
  organization.
• Looking for actionable information as well as an
  over all feel for their security posture and
  operations.
• Physical presence, personnel, etc.
• Determine the targets overall presence on the
  net.
• Registered domains, IP address space, network
  topology, BGP AS numbers, DNS host names, etc.
• Business partners, divisions, subsidiaries,
  holdings, mergers, acquisitions, divestitures,
  etc.
• Etc.

16
Hacker Methodology

• Scan
• Definition
• scan
• to subject something to a thorough examination
• to look through or read something quickly
• to search a region for something, e.g. aircraft,
  by systematically sweeping a radar or sonar beam
  across it
• Our Connotation
• To sweep across a targets footprint looking for
  various items
• Live hosts
• Open ports
• Security devices
• Network Topology
• Etc.

17
Hacker Methodology

• Enumerate
• Definition
• enumerate
• to name a number of things on a list one by one
• to count how many things there are in something
• Our Connotation
• Find as many details as possible from each host
  and/or service we discover to determine items of
  the following nature
• Specific version information (OS, services,
  software, etc.)
• Usernames
• Group information
• Password policies
• Roles
• Trust relationships
• Etc.

18
Hacker Methodology

• Penetrate
• Definition
• penetrate
• to enter or pass through something by forcing a
  way in
• to enter something such as an organization or
  country, usually secretly, in order to influence
  or gather information from within
• to see into or through something that is dark or
  obscuring
• to understand or discover the meaning of
  something
• Our Connotation
• Unauthorized access
• Use the information from other steps to identify
  various attack vectors and attempt to exploit
  them
• Circumvent a defensive measure
• Gain some sort of foothold on a target system
• Etc.

19
Hacker Methodology

• Escalate
• Definition
• escalate
• to become or cause something to become greater,
  more serious, or more intense
• Our Connotation
• This step involves the process of moving from one
  privilege level to another
• Vertical Privilege Escalation
• Move from a low privilege level to a higher
  privilege level
• Horizontal Privilege Escalation
• Assume another users identity with similar
  privilege level

20
Hacker Methodology

• Pillage
• Definition
• pillage
• to rob a place using force, especially during a
  war
• Our Connotation
• To steal various items of interest throughout
  the process
• Typical items of interest
• Configuration details
• Password data
• Databases
• Source code
• Scripts
• Etc.

21
Hacker Methodology

• Get Interactive
• Definition
• interactive
• allowing or involving the exchange of information
  or instructions between a person and a machine
• operating on instructions entered by somebody at
  a keyboard or other input device
• Our Connotation
• Generically speaking, getting interactive
  refers to gaining the ability to execute commands
  on a victim system
• Ideally this is done at a high privilege level

22
Hacker Methodology

• Expand Influence
• Definition
• influence
• to have the power to affect something
• the effect of something on a person, thing, or
  event
• somebody or something able to affect the course
  of events or somebody's thinking or action
• Our Connotation
• The process of infiltrating deeper into an
  organizations inner sanctum
• Once an initial beachhead is established, it is
  used to gather additional intelligence and to
  serve as a base to launch additional attacks to
  achieve additional objectives
• This is iterative process repeated throughout the
  methodology anywhere the opportunity presents
  itself

23
Hacker Methodology

• Cleanup
• Definition
• cleanup
• a thorough cleaning
• an elimination of something unpleasant or
  unwanted
• a large and often illicit acquisition of assets
  (slang)
• Our Connotation
• The victim says, What hacker? We havent been
  hacked!
• The goal is to go undetected and leave as little
  trace as possible
• If a hacker does not cause a disturbance or leave
  any sort of trace how would you know they were
  even there?
• All is quiet on the Western front. - Are you
  sure?

24
Hacker Methodology

• Footprint
• Scan
• Enumerate
• Penetrate
• Escalate
• Pillage
• Get Interactive
• Expand Influence
• Cleanup

This should serve you well!
25
Where have we come from . . .
and where are we going ?
26
Web threats are increasing dramatically
evidence is mounting that significant new
threats are gathering force. -The 12th Annual
Computer Crime and Security Survey 2007
1564 increase since 2005.
20052007
Web Threats Total Growth of Newly Created Web
Threats Since 2005
27
Conventional security methodology unsustainable
Criminals have pushed the state of malware to a
point where signature (traditional) detection is
less and less effective. Source 2007 CSI
Computer Crime and Security Survey
12/13/2009
27
Classification
28
Conventional security insufficient

• Security technologies used
• 98 antivirus software
• 97 firewall
• 80 anti-spyware software
• Attacks still experienced
• 52 report virus detected
• Over 1 in 3 (37) reported suffering 6 or more
  attacks
• Source The 12th Annual Computer Crime and
  Security Survey 2007

29
How they get Your Information

• Stealing your mail and dumpster diving
• Phishing
• Internet scams
• Spyware
• Public Computers and Networks
• Inadequate computer security
• You actually give it them

30
Oracle chief defends Microsoft snooping

• By Wylie Wong
• Staff Writer, CNET News.com
• June 28, 2000, 310 PM PT
• Oracle chief executive Larry Ellison today
  defended his company's decision to hire
  detectives to investigate two research groups
  that supported Microsoft during the antitrust
  trial.
• Oracle hired Investigative Group International to
  probe two research organizations, the
  Independence Institute and the National Taxpayers
  Union. The company sought to verify links between
  Microsoft and the organizations during its
  antitrust trial--and even tried to buy trash from
  another research group with close ties to
  Microsoft.
• Oracle told Bloomberg News today it discovered
  that the two organizations were misrepresenting
  themselves as independent advocacy groups when
  they were in fact funded by Microsoft. Oracle
  said the company hired the detective agency
  because the organizations were releasing studies
  supporting Microsoft during the antitrust trial.
  The financial ties between the organizations were
  reported by The Wall Street Journal and The
  Washington Post.

31

• Phishing
• Sample E-mail Below is a sample of a fraudulent
  e-mail that's been sent to Citibank customers. It
  purports to be from Citibank, but it is not. Its
  intent is to get you to enter sensitive
  information about your account and to then use
  this information to commit fraud.

32
Internet scams
33
Simple Attack

• DNS

34
Keyboard Logger
35
Questions