The Ethical Hacker's Guide To System Hacking Attacker acquires information through techniques such as foot printing, scanning and enumeration to hack the target system. 1 Footprinting Scanning Enumeration Module Vulnerability Analysis It is the process of accumulating data Vulnerability Assessment is an This is a procedure for identifying This is a method of intrusive probing, Footprinting Scanning System Hacking regarding a specific network environment. active hosts, open ports, and unnecessary through which attackers gather examination of the ability of a system or In this phase, the attacker creates a profile services enabled on ports. Attackers use information such as network user lists, application, including current security CEH concepts of the target organization, obtaining different types of scanning, such as port routing tables, security flaws, and procedures, and controls to with stand 2 information such as its IP address range, scanning network scanning, and simple network protocol data (SNMP) assault. Attackers perform this analysis Methodology Vulnerability namespace and employees. Enumeration vulnerability, scanning of target networks data. to identify security loopholes, in the target Analysis Footprinting eases the process of or systems which help in identifying organization’s network, communication system hacking by revealing its possible vulnerabilities. infrastructure, and end systems. vulnerabilities 3 Clearing Logs Maintaining Access Gaining Access Hacking Stage Escalating Privileges Hacking Stage Gaining Access It involves gaining access to To maintain future system access, After gaining access to the target low-privileged user accounts by To acquire the rights of To bypass access CEH Hacking attackers attempt to avoid recognition system, attackers work to maintain cracking passwords through Goal another user or Goal controls to gain System Hacking by legitimate system users. To remain high levels of access to perform techniques such as brute forcing, and admin access to the system 4 Methodology Goals undetected, Attackers wipe out the malicious activities, such as stealing, password guessing, and social entries corresponding to their hiding or tampering with sensitive Exploiting known Password cracking, engineering and then escalate their (CHM) Technique used Technique used activities in the system log. files. system vulnerabilities Social engineering privileges to administrative levels, to perform a protected operation. Non- Electronic Active Online Attack – Dictionary, Hacking Stage Executing Applications Hacking Stage Hiding Files Hacking Stage Covering Tracks Social Engineering Brute Forcing and Rule Based attack Password Cracking Convincing people to reveal passwords Social Engineering To create and maintain Convincing people to reveal passwords To hide attackers Types of Shoulder Surfing Goal remote access Goal Goal To hide the evidence Attackers use this technique to gain Shoulder Surfing malicious activities of compromise 5 Looking at either the user’s keyboard or screen Looking at either the user’s keyboard or screen and data theft unauthorized access to vulnerable system. while he/she is logging in Such a technique is mostly successful due Password attacks while he/she is logging in Dumpster diving to weak or easy passwords. Dumpster diving Trojans, spywares, Searching for sensitive information in the Searching for sensitive information in the Technique used Technique used Rootkits, stenography Technique used Clearing logs backdoors, keyloggers user’s trash-bins, printer trash bins, and user’s trash-bins, printer trash bins, and user desk for sticky notes. user desk for sticky notes. Active Online Attack Active Online Attack – Password Guessing Active Online Attack – Dictionary, Passive Online Attack Passive Online Attack – Wire Sniffing Active Online Attack – LLMNR/NBT-NS Poisoning Active Online Attack – Hash Injection Attack – Trojan/Spyware /Keylogger The attacker creates a list of all possible passwords Brute Forcing and Rule Based attack Man in the Middle and replay attack from the information collected through social • Attacker run packet sniffer tools on the local area engineering or any other way and tries them Dictionary • In a MITM attack, the attacker acquires access to the network (LAN) to access and record the raw network • A hash injection attack allows an attacker to inject a A dictionary file is loaded into the cracking • LLMNR/NBT are two main elements of windows compromised hash into a local session and use the manually on the victim’s machine to crack the communication channels between victim and server to traffic. • Attacker installs Trojan/spyware/keylogger passwords. application that runs against user accounts extract the information • The captured data may include sensitive information operating systems used to perform name resolution hash to validate network resources on victim’s machine to collect victim’s usernames • In a replay attack, packets and authentication tokens for hosts present on the same link such as passwords (FTP, rlogin sessions, etc.) and • The attacker finds and extracts a logged-on and passwords Find a valid user Brute Forcing are captured using a sniffer. After the relevant info is emails. • The attacker cracks the NTLMv2 hash obtained from domain admin account hash the victim’s authentication process • Trojan/spyware/keylogger runs in the background Create a list possible password The program tries every combination of extracted, the tokens are placed back on the network • Sniffed credentials are used to gain unauthorized • The attacker uses the extracted hash to log on • The extracted credentials are used to log on to the and sends back all user credentials to the attacker. characters until the password is broken to gain access. access to the target system to the domain controller. Rank passwords from host system in the network high probability to low Rule Based attack Key in each password until correct This attack is used when the attacker gets password is discovered some information about the password Offline Online Attack – Rainbow table attack Offline Online Attack 1.Enable information security audit to monitor and track password attacks 2.Do not use the same password during password change • DNA technique is used for recovering passwords Distributed Network Attack •An attacker can gain access to the network using a non-admin user 3.Do not share passwords •An attacker can gain access to the network using a non-admin user from hashes or password protected files using the account and the next step would be to gain administrative privileges. 4.Do not share passwords that can be found in a dictionary account and the next step would be to gain administrative privileges. unused processing power of machines across the These 5.Do not cleartext protocols and protocols with weak encryption These network to decrypt passwords •These privileges allow attacker to view critical/ sensitive information, 6.Set the password change policy to 30 days •These privileges allow attacker to view critical/ sensitive information, • The DNA manager is installed in a central location where • A Rainbow table attack is a precomputed table delete files, or install malicious programs such as viruses, trojans, worms How to Defend against 7.Avoid storing passwords in an unsecured location Escalating delete files, or install malicious programs such as viruses, trojans, worms machines running on DNA client can access it over the which contains word lists like dictionary files and brute etc. 8.Do not use any systems default passwords etc. network force lists and their hash values. 6 •Attacker performs privilege escalation attack which takes advantage of 9.Make passwords hard to guess. 7 •Attacker performs privilege escalation attack which takes advantage of • DNA manager coordinates the attack and allocates Password Cracking Privileges design flaws, programming errors, bugs, and configuration oversights in 10.Ensure that applications neither store passwords to memory nor write them design flaws, programming errors, bugs, and configuration oversights in small portions of the key search to machines that are the OS and to disk in clear text. the OS and distributed over the network software application to gain administrative access to the network and 11.Use a random string or prefix or suffix with the password before encrypting software application to gain administrative access to the network and • DNA client runs in the background consuming only its associated applications. unused processor time 12.Monitor servers’ logs for brute force attacks on user accounts its associated applications. • The program combines processing capabilities of 13.Lock out an account subjected to too many incorrect password guesses all the clients connected to network and use it to 14.Enable SYSKEY with strong password to encrypt and protect SAM database crack the password Scheduled Task - Access token Manipulation – Other privilege Techniques •Windows task scheduler along with utilities such as ‘at’ and ‘schtasks’ can be used Type of privileges 1.Restrict the interactive logon privileges to schedule programs that can be executed at a specific date and time. •Windows operating system uses access tokens to determine the security 11.Change user account control settings to “Always Notify” 2.Use encryption technique to protect sensitive data •Attacker can use this technique to execute malicious programs at system startup, context of a process or thread Access token Manipulation – 12.Restrict users from writing
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages1 Page
-
File Size-