Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany

Attack Frameworks and Tools

Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet Technologies and Mobile Communication WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München Overview

 Introduction

 Overview of Tools

 Password Crackers

 Network Poisoners

 Network Security Tools

 Denial of Service Tools

 Concluding remarks

AttackTitel Frameworks and Tools 2 Introduction

 Network Security – perhaps the most important aspect of communications in todays world

 How easy it is to attack a target system or network today?

. Tools automate most of the work

. From fingerprinting your target to attacking

. Knowledge requirements decrease day by day

AttackTitel Frameworks and Tools 3 Introduction

 The CIA Triangle

Confidentiality

Integrity Availability

AttackTitel Frameworks and Tools 4 Overview of the Tools

 Password Crackers

• Free • Free • Free • Windows • Various • Linux, Only GUI Platforms OSX and

Hashcat Windows

Cain and Abel and Cain John the Ripper the John

AttackTitel Frameworks and Tools 5 Overview of the Tools

 Network Poisoners

• Free • Free • Python • Various

ZARP Script Platforms Ettercap

AttackTitel Frameworks and Tools 6 Overview of the Tools

 Network Security Tools

• Free • Free • Free • Various (Signup • Python Nmap Platforms Required) Script • Windows Sqlmap

Metasploit and Linux

AttackTitel Frameworks and Tools 7 Overview of the Tools

 Denial of Service Tools

• Free • Free

• Windows • Python LOIC Only GUI HULK Script

AttackTitel Frameworks and Tools 8 Password Crackers

 Attack: Confidentiality

 Crack passwords or keys

 Crack various kind of hashes

 Initially used to crack local system passwords like for Windows and Linux

 Have extended to include numerous kinds of hashes

 New versions are faster and use different kind of cracking methods

. GPU based password cracking also possible and is faster than CPU based

 Primarily: Brute forcing or Dictionary based attacks

AttackTitel Frameworks and Tools 9 Password Crackers

 Cain and Abel . Windows based

. Widely used to crack Windows Passwords (LM Hashes and NTLM Hashes)

. Has built-in sniffer

• Can sniff web session passwords

• Can analyse SSH-1 or HTTPS traffic

. Needs:

• Rainbow tables for effective hash cracking

• Size of table – impediment!

– However, this is an issue with all password crackers and related to password lengths and reverse hash lookups

AttackTitel Frameworks and Tools 10 Password Crackers

 John the Ripper . Like Cain and Abel - Dictionary based and Brute force methods available

. Comes with various character sets

. Can crack numerous kinds of hashes

. Brute force can for obvious reasons take a huge amount of time

• Dictionaries could go up to petabytes

• Cracking time could be in excess of decades for even a 8 character password

• Normal machines: Impossible

– Solution: Good dictionaries?

AttackTitel Frameworks and Tools 11 Password Crackers

 Hashcat . Like the previous tools – However claims to be “fastest password cracker” with proprietary cracking algorithms . Vs. Cain and Abel & John the Ripper - Offers various kinds of attacks • 8 kinds of attacks • Example: Combinator attack – combine each word in dictionary to every other word in it • Example: Hybrid attack – Half of password from dictionary and rest from brute force • HENCE, INCREASES EFFECTIVENESS OF A DICTIONARY . A GPU Based cracker – “oclHashcat” available - faster

AttackTitel Frameworks and Tools 12 Network Poisoners

 Attack: Integrity of the Network . Can lead to loss of confidentiality and availability too

 Prime goal : ARP Poisoning . Pose as another machine on the Network

AttackTitel Frameworks and Tools 13 Network Poisoners

 Once done: . Pose as DNS Server . Pose as DHCP Server . Pose as the default gateway . Perform Data Sniffing . Man in the Middle Attacks (MITM) . and a lot more…

 Even HTTPS traffic is not safe (tool called SSLStrip) – yet another tool that can be used without much insights.

AttackTitel Frameworks and Tools 14 Network Poisoners

 ZARP

. Suite of Poisoners

. Includes Sniffers

. Plans to be a central network poisoning/administration tool

. Can manage active sessions of poisoning/sniffing

. Still being developed

AttackTitel Frameworks and Tools 15 Network Poisoners

 Ettercap . GUI available too! . Plugins offer support for further complex attacks like: • DNS Poisoning

• DHCP Poisoning

AttackTitel Frameworks and Tools 16 Network Security Tools

 Covers wide array of tools

 Most were created for vulnerability testing and easing the job of network administrators

 Today are used to test how secure a system is

 But are also infamous for their misuse by hackers

AttackTitel Frameworks and Tools 17 Network Security Tools

 Nmap

. Network Scanner

. A powerful tool to scan networks

. Used for (not exclusive list): • OS fingerprinting • Host Discovery • Port Scanning

AttackTitel Frameworks and Tools 18 Network Security Tools

 Metasploit Framework

. A database of exploits . Provides information about security vulnerabilities . Goal: Aid in penetration testing and IDS signature development

. In the wrong hands: • Can be used to exploit those same vulnerabilities with relative ease

. Exploits for almost every kind of system – from Mac OSX to Windows to Linux to Android phones

. Has a GUI available too – Armitage

AttackTitel Frameworks and Tools 19 Network Security Tools

 Metasploit Framework

. How easy it is? • Select an exploit from the database • Select a payload • Decide upon an obfuscation or encoding scheme • ANY EXPLOIT CAN BE ATTACHED WITH ANY PAYLOAD

. Types of exploits: • Passive – wait for targets to connect in and then try to exploit their systems • Active – target system attacked directly

. “Autopwn” feature – tries to automatically exploit and inject itself into target system • Makes life easy for an attacker!

AttackTitel Frameworks and Tools 20 Network Security Tools

 Metasploit Framework

. Problems?

• Exploits caught by anti-virus software (primarily of E-Mail providers) if not local systems anti-virus

– SPREADING THE PAYLOAD BECOMES DIFFICULT!

• Many exploits released after the vulnerabilities have been patched in software updates

AttackTitel Frameworks and Tools 21 Network Security Tools

Where the  SQLMap vulnerability exists . SQL Injection Vulnerabilities • Script checks possible SQL injection inputs on the Web Control Data application Channel Channel • Vulnerability scanning

 Many such scanners exist like, . JoomScan – Joomla CMS Scanner . WPScan – Wordpress Scanner

AttackTitel Frameworks and Tools 22 Denial Of Service Tools

 Attacks : Availability

Bandwidth

Server Server

Bandwidth

AttackTitel Frameworks and Tools 23 Denial Of Service Tools

 Attacks : Availability

. Other scenarios exist too  Example: IPv6 DOS Attack . Effects on Organziations:  Loss of revenues in recent years  Loss of user trust on organisations  Recently: Christmas Day 2014 DOS Attacks on Playstation Networks and XBOX Live

AttackTitel Frameworks and Tools 24 Denial Of Service Tools

 LOIC – “Low Orbit Ion Cannon”

. “Hivemind” feature – Distributed Denial Of Service

. Favourite of “Hacktivists”

. Minimal knowledge of networks required

. Flood Multiple requests to the Server

AttackTitel Frameworks and Tools 25 AttackTitel Frameworks and Tools 26 Denial Of Service Tools

 HULK – “HTTP Unbearable Load King”

. Generate unique requests every single time

• Additional random page names added

• Random Query Strings appended

• Source Client information changed

AttackTitel Frameworks and Tools 27 Conclusions

 Is it that easy to hack? . Probably not • Password crackers – Require massive computing power • Metasploit Payloads – Detected by anti-virus software – Patches before vulnerabilities published (usually) • Nmap Fingerprinting – Can be blocked by active monitoring • SQL Injection becoming less common as developers become more aware • Denial of Service – still can occur – Difficult to mitigate – Used extensively by “hactivist” groups . Unpatched systems and old websites may still be vulnerable

AttackTitel Frameworks and Tools 28 Conclusions

 However new tools are always available . Example: Dendroid – Android Hijack Tool • Available/Leaked on the Deep Web with ease • Simple web based interface • Patch might still take time to come – Google not patching older Android OSs • More users becoming aware of .onion, .i2p, etc domains – Once again: Ease of use and easy availability leads to anyone using the tools

 Black hat community will always have new tools  Normal users do not need massive know-how to carry out attacks . Success however can be limited

AttackTitel Frameworks and Tools 29 Thank you! Your questions and comments are welcomed…

AttackTitel Frameworks and Tools 30