Cracking%20Techniques - PowerPoint PPT Presentation

About This Presentation
Title:

Cracking%20Techniques

Description:

Title: Cracking Techniques Author: Onno W. Purbo Last modified by: Onno W. Purbo Created Date: 11/22/2000 10:44:21 PM Document presentation format – PowerPoint PPT presentation

Number of Views:114
Avg rating:3.0/5.0
Slides: 30
Provided by: Onn47
Category:

less

Transcript and Presenter's Notes

Title: Cracking%20Techniques


1
Cracking Techniques
  • Onno W. Purbo
  • Onno_at_indo.net.id

2
Referensi
  • http//www.rootshell.com
  • Front-line Information Security Team, Techniques
    Adopted By 'System Crackers' When Attempting To
    Break Into Corporate or Sensitive Private
    Networks, fist_at_ns2.co.uk http//www.ns2.co.uk

3
Referensi
  • http//www.antionline.com/archives/documents/advan
    ced/
  • http//www.rootshell.com/beta/documentation.html
  • http//seclab.cs.ucdavis.edu/papers.html
  • http//rhino9.ml.org/textware/

4
Introduction
5
Just who is vulnerable anyway?
  • Financial institutions and banks
  • Internet service providers
  • Pharmaceutical companies
  • Government and defense agencies
  • Contractors to various goverment agencies
  • Multinational corporations

6
Profile of a typical 'system cracker'
  • Usually male, aged 16-25.
  • To improve their cracking skills, or to use
    network resources for their own purposes.
  • Most are opportunists
  • Run scanners for system vulnerabilities.
  • Usually gain root access then install a backdoor
    and patch the host from common remote
    vulnerabilities.

7
(No Transcript)
8
Networking methodologies adopted by many companies
9
Internets purposes ..
  • The hosting of corporate webservers
  • E-mail and other global communications via. the
    internet
  • To give employees internet access

10
Network separation
  • Firewall
  • Application Proxies

11
(No Transcript)
12
Understanding vulnerabilities in such networked
systems
13
Understanding vulnerabilities
  • External mailserver must have access to
    mailservers on the corporate network.
  • agressive-SNMP scanners community string
    brute-force programs, turn router into bridge.

14
(No Transcript)
15
The attack
16
Techniques used to 'cloak' the attackers location
  • Bouncing through previously compromised hosts
    via. telnet or rsh.
  • Bouncing through windows hosts via. Wingates.
  • Bouncing through hosts using misconfigured
    proxies.

17
Network probing and information gathering
  • Using nslookup to perform 'ls ltdomain or
    networkgt' requests.
  • View the HTML on your webservers to identify any
    other hosts.
  • View the documents on your FTP servers.
  • Connect to your mailservers and perform 'expn
    ltusergt' requests.
  • Finger users on your external hosts.

18
Identifying trusted network components
  • a trusted network component is usually an
    administrators machine, or a server that is
    regarded as secure.
  • start out by checking the NFS export access to
    critical directory /usr/bin, /etc and /home.
  • Exploit a machine using a CGI vulnerability, gain
    access to /etc/hosts.allow

19
Identifying vulnerable network components
  • Use Linux programs such as ADMhack, mscan, nmap
    and many smaller scanners.
  • binaries such as 'ps' and 'netstat' are trojaned
    to hide scanning processes.
  • If routers are present that are SNMP capable, the
    more advanced crackers will adopt agressive-SNMP
    scanning techniques to try and 'brute force the
    public and private community strings of such
    devices.

20
Perform types of checks
  • A TCP portscan of a host.
  • A dump RPC services via. portmapper.
  • A listing of exports present via. nfsd.
  • A listing of shares via. samba / netbios.
  • Multiple finger to identify default accounts.
  • CGI vulnerability scanning.
  • Identification of vulnerable versions of server
    daemons, including Sendmail, IMAP, POP3, RPC
    status RPC mountd.

21
Taking advantage of vulnerable components
  • Identify vulnerable network components ?
    compromise the hosts.
  • Upon executing such a program remotely to exploit
    a vulnerable server daemon
  • Gain root access to your host.

22
Upon gain access to vulnerable components
  • 'clean-up operation of doctoring your hosts logs
  • 'backdooring' service binaries.
  • place an .rhosts file in the /usr/bin to allow
    remote bin access to the host via rsh csh

23
(No Transcript)
24
Abusing access privileges
25
Downloading sensitive information
  • 'bridge' between the internet - corporate
    network.
  • Abusing the trust with the external host.

26
Cracking other trusted hosts and networks
  • Install trojans backdoors remove logs.
  • Install sniffers on your hosts.

27
Installing sniffers
  • Use 'ethernet sniffer' programs.
  • To 'sniff' data flowing across the internal
    network ? a remote root compromise of an internal
    host.
  • To detect promiscuous network interfaces ? the
    'cpm' http//www.cert.org/ftp/tools/cpm/

28
Taking down networks
  • rm -rf /
  • 'mission critical' routers servers are always
    patched and secure.

29
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com