Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany
Attack Frameworks and Tools
Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet Technologies and Mobile Communication WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München Overview
Introduction
Overview of Tools
Password Crackers
Network Poisoners
Network Security Tools
Denial of Service Tools
Concluding remarks
AttackTitel Frameworks and Tools 2 Introduction
Network Security – perhaps the most important aspect of communications in todays world
How easy it is to attack a target system or network today?
. Tools automate most of the work
. From fingerprinting your target to attacking
. Knowledge requirements decrease day by day
AttackTitel Frameworks and Tools 3 Introduction
The CIA Triangle
Confidentiality
Integrity Availability
AttackTitel Frameworks and Tools 4 Overview of the Tools
Password Crackers
• Free • Free • Free • Windows • Various • Linux, Only GUI Platforms OSX and
Hashcat Windows
Cain and Abel and Cain John the Ripper the John
AttackTitel Frameworks and Tools 5 Overview of the Tools
Network Poisoners
• Free • Free • Python • Various
ZARP Script Platforms Ettercap
AttackTitel Frameworks and Tools 6 Overview of the Tools
Network Security Tools
• Free • Free • Free • Various (Signup • Python Nmap Platforms Required) Script • Windows Sqlmap
Metasploit and Linux
AttackTitel Frameworks and Tools 7 Overview of the Tools
Denial of Service Tools
• Free • Free
• Windows • Python LOIC Only GUI HULK Script
AttackTitel Frameworks and Tools 8 Password Crackers
Attack: Confidentiality
Crack passwords or keys
Crack various kind of hashes
Initially used to crack local system passwords like for Windows and Linux
Have extended to include numerous kinds of hashes
New versions are faster and use different kind of cracking methods
. GPU based password cracking also possible and is faster than CPU based
Primarily: Brute forcing or Dictionary based attacks
AttackTitel Frameworks and Tools 9 Password Crackers
Cain and Abel . Windows based
. Widely used to crack Windows Passwords (LM Hashes and NTLM Hashes)
. Has built-in sniffer
• Can sniff web session passwords
• Can analyse SSH-1 or HTTPS traffic
. Needs:
• Rainbow tables for effective hash cracking
• Size of table – impediment!
– However, this is an issue with all password crackers and related to password lengths and reverse hash lookups
AttackTitel Frameworks and Tools 10 Password Crackers
John the Ripper . Like Cain and Abel - Dictionary based and Brute force methods available
. Comes with various character sets
. Can crack numerous kinds of hashes
. Brute force can for obvious reasons take a huge amount of time
• Dictionaries could go up to petabytes
• Cracking time could be in excess of decades for even a 8 character password
• Normal machines: Impossible
– Solution: Good dictionaries?
AttackTitel Frameworks and Tools 11 Password Crackers
Hashcat . Like the previous tools – However claims to be “fastest password cracker” with proprietary cracking algorithms . Vs. Cain and Abel & John the Ripper - Offers various kinds of attacks • 8 kinds of attacks • Example: Combinator attack – combine each word in dictionary to every other word in it • Example: Hybrid attack – Half of password from dictionary and rest from brute force • HENCE, INCREASES EFFECTIVENESS OF A DICTIONARY . A GPU Based cracker – “oclHashcat” available - faster
AttackTitel Frameworks and Tools 12 Network Poisoners
Attack: Integrity of the Network . Can lead to loss of confidentiality and availability too
Prime goal : ARP Poisoning . Pose as another machine on the Network
AttackTitel Frameworks and Tools 13 Network Poisoners
Once done: . Pose as DNS Server . Pose as DHCP Server . Pose as the default gateway . Perform Data Sniffing . Man in the Middle Attacks (MITM) . and a lot more…
Even HTTPS traffic is not safe (tool called SSLStrip) – yet another tool that can be used without much insights.
AttackTitel Frameworks and Tools 14 Network Poisoners
ZARP
. Suite of Poisoners
. Includes Sniffers
. Plans to be a central network poisoning/administration tool
. Can manage active sessions of poisoning/sniffing
. Still being developed
AttackTitel Frameworks and Tools 15 Network Poisoners
Ettercap . GUI available too! . Plugins offer support for further complex attacks like: • DNS Poisoning
• DHCP Poisoning
AttackTitel Frameworks and Tools 16 Network Security Tools
Covers wide array of tools
Most were created for vulnerability testing and easing the job of network administrators
Today are used to test how secure a system is
But are also infamous for their misuse by hackers
AttackTitel Frameworks and Tools 17 Network Security Tools
Nmap
. Network Scanner
. A powerful tool to scan networks
. Used for (not exclusive list): • OS fingerprinting • Host Discovery • Port Scanning
AttackTitel Frameworks and Tools 18 Network Security Tools
Metasploit Framework
. A database of exploits . Provides information about security vulnerabilities . Goal: Aid in penetration testing and IDS signature development
. In the wrong hands: • Can be used to exploit those same vulnerabilities with relative ease
. Exploits for almost every kind of system – from Mac OSX to Windows to Linux to Android phones
. Has a GUI available too – Armitage
AttackTitel Frameworks and Tools 19 Network Security Tools
Metasploit Framework
. How easy it is? • Select an exploit from the database • Select a payload • Decide upon an obfuscation or encoding scheme • ANY EXPLOIT CAN BE ATTACHED WITH ANY PAYLOAD
. Types of exploits: • Passive – wait for targets to connect in and then try to exploit their systems • Active – target system attacked directly
. “Autopwn” feature – tries to automatically exploit and inject itself into target system • Makes life easy for an attacker!
AttackTitel Frameworks and Tools 20 Network Security Tools
Metasploit Framework
. Problems?
• Exploits caught by anti-virus software (primarily of E-Mail providers) if not local systems anti-virus
– SPREADING THE PAYLOAD BECOMES DIFFICULT!
• Many exploits released after the vulnerabilities have been patched in software updates
AttackTitel Frameworks and Tools 21 Network Security Tools
Where the SQLMap vulnerability exists . SQL Injection Vulnerabilities • Script checks possible SQL injection inputs on the Web Control Data application Channel Channel • Vulnerability scanning
Many such scanners exist like, . JoomScan – Joomla CMS Scanner . WPScan – Wordpress Scanner
AttackTitel Frameworks and Tools 22 Denial Of Service Tools
Attacks : Availability
Bandwidth
Server Server
Bandwidth
AttackTitel Frameworks and Tools 23 Denial Of Service Tools
Attacks : Availability
. Other scenarios exist too Example: IPv6 DOS Attack . Effects on Organziations: Loss of revenues in recent years Loss of user trust on organisations Recently: Christmas Day 2014 DOS Attacks on Playstation Networks and XBOX Live
AttackTitel Frameworks and Tools 24 Denial Of Service Tools
LOIC – “Low Orbit Ion Cannon”
. “Hivemind” feature – Distributed Denial Of Service
. Favourite of “Hacktivists”
. Minimal knowledge of networks required
. Flood Multiple requests to the Server
AttackTitel Frameworks and Tools 25 AttackTitel Frameworks and Tools 26 Denial Of Service Tools
HULK – “HTTP Unbearable Load King”
. Generate unique requests every single time
• Additional random page names added
• Random Query Strings appended
• Source Client information changed
AttackTitel Frameworks and Tools 27 Conclusions
Is it that easy to hack? . Probably not • Password crackers – Require massive computing power • Metasploit Payloads – Detected by anti-virus software – Patches before vulnerabilities published (usually) • Nmap Fingerprinting – Can be blocked by active monitoring • SQL Injection becoming less common as developers become more aware • Denial of Service – still can occur – Difficult to mitigate – Used extensively by “hactivist” groups . Unpatched systems and old websites may still be vulnerable
AttackTitel Frameworks and Tools 28 Conclusions
However new tools are always available . Example: Dendroid – Android Hijack Tool • Available/Leaked on the Deep Web with ease • Simple web based interface • Patch might still take time to come – Google not patching older Android OSs • More users becoming aware of .onion, .i2p, etc domains – Once again: Ease of use and easy availability leads to anyone using the tools
Black hat community will always have new tools Normal users do not need massive know-how to carry out attacks . Success however can be limited
AttackTitel Frameworks and Tools 29 Thank you! Your questions and comments are welcomed…
AttackTitel Frameworks and Tools 30