Chapter 4: System Hacking

Get Started. It's Free
or sign up with your email address
Rocket clouds
Chapter 4: System Hacking by Mind Map: Chapter 4: System Hacking

1. 4.1.1 Rules of Password

1.1. -A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.

1.2. example of passwords that lend themselves to cracking:

1.2.1. -password that use only numbers / only letters -password that are all upper- or lowercase

1.3. -has to be at least 6 characters long. -must contain at least one lower case letter -one upper case letter, -one digit -and one of these special characters [email protected]#$%^&*()_+

2. 4.1.2 Types of Password Attacks

2.1. a. Passive online attacks -the attacker goal is just to obtain information -does not modify data or harm the system

2.2. b. Active online attacks -may change the data or harm the system -easier to detect than to prevent

2.3. c. Offline attacks -are performed from a location other than the target where these passwords reside or are used -require physical access to the computer and copying the password

3. 4.1.3 Manual Password Cracking

3.1. Default passwords

3.1.1. -a password which is set by a manufacterer or provider -Such passwords are usually extremely easy to guess, or are otherwise known by those seeking to take advantage of individuals or entities that don't bother to change them.

3.1.2. - | Suspicion Breeds Confidence - - -

3.2. Guessing passwords

3.2.1. -attacker knows a login (from email/web page etc

3.2.2. -attempts to guess password for it -try default passwords shipped with system -try all short passwords -search dictionaries of common words

4. 4.1.4 Attacks that can be used to gain password

4.1. Redirecting SMB Logon to attacker

4.1.1. Eavesdropping on LM responses becomes much easier if the attacker can trick the victim to attempt Windows authentication of the attacker's choice.

4.1.2. Basic trick is to send an message to the victim with an embedded hyperlink to a fraudulent SMB server.

4.1.3. When the hyperlink is clicked, the user unwittingly sends his credentials over the network.

4.2. SMB relay MITM

4.2.1. SMBRelay is essentially a SMB server that can capture usernames and password hashes from incoming SMB traffic.

4.2.2. It can also perform man-in-the-middle (MITM) attacks.

4.3. NetBIOS DOS attack

4.3.1. Sending a 'NetBIOS Name Release' message to the NetBIOS Name Service (NBNS, UDP 137) on a target NT/2000 machine forces it to place its name in conflict so that the system will no longer will be able to use it.

4.3.2. This will block the client from participating in the NetBIOS network.

4.3.3. Tool: nbname

4.3.4. NBName can disable entire LANs and prevent machines from rejoining them.

4.3.5. Nodes on a NetBIOS network infected by the tool will think that their names already are being used by other machines.

5. 4.1.5 Password cracking attacks using tool such as Hydra

5.1. How To Crack Passwords Using THC Hydra ? | HACKEROYALE

5.2. Bruteforcing with Hydra - Kali Linux

6. 4.1.6 password cracking countermeasures

6.1. Enforce 7-12 character alpha-numeric passwords.

6.2. Set the password change policy to 30 days.

6.3. Physically isolate and protect the server.

6.4. Use SYSKEY utility to store hashes on disk.

6.5. Monitor the server logs for brute force attacks on user accounts.

7. 4.2.1 Privilege escalation

7.1. -A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.

7.2. -There are two kinds of privilege escalation: vertical and horizontal.

7.3. Types of Privilege escalation

7.3.1. Vertical Privilege escalation -Requires granting higher privileges or higher level of access than administrator. -This is accomplished by doing kernel-level operations that permit to run unauthorized code

7.3.2. Horizontal Privilege escalation -Requires using same privileges or higher level of access that already has been granted but assuming the identity of another user with similar privileges.

8. 4.2.5 rootkit countermeasures

8.1. Back up critical data (not binaries!) Wipe everything clean and reinstall OS/applications from trusted source.

8.2. Don’t rely on backups, because you could be restoring from trojaned software.

8.3. Keep a well documented automated installation procedure.

8.4. Keep availability of trusted restoration media.

9. 4.3 Perform system attack

9.1. 4.3.1 Hiding files purpose and the techniques.

9.1.1. -Personal, Private Data. -Sensitive Data. -Confidential Data, Trade Secrets. -To avoid Misuse of Data. -Unintentional damage to data, human error, accidental deletion. -Monetary, Blackmail Purposes. -Hide Traces of a crime.

9.1.2. There are two ways to hide files in Windows. The first is to use the attrib command.

9.2. 4.3.2 NTFS file streaming

9.2.1. -The second way to hide a file in Windows is with NTFS alternate data streaming.

9.2.2. NTFS file systems used by Windows NT, 2000, and XP have a feature called alternate data streams that allow data to be stored in hidden files linked to a normal, visible file.

9.3. 4.3.3 NTFS countermeasures

9.3.1. Deleting a stream file involves copying the 'front' file to a FAT partition, then copying back to NTFS.

9.3.2. Streams are lost when the file is moved to FAT Partition.

9.3.3. LNS.exe from (http://nt can detect streams.

9.4. 4.3.4 Steganography technologies

9.4.1. The process of hiding data in images is called Steganography.

9.4.2. The most popular method for hiding data in files is to utilize graphic images as hiding place.

9.4.3. Attackers can embed information such as:

9.4.4. 1.Source code for hacking tool

9.4.5. 2.List of compromised servers

9.4.6. 3.Plans for future attacks

9.4.7. 4..your grandma/s secret cookie recipe

9.5. 4.3.5 Buffer overflow attack

9.5.1. -A buffer overrun is when a program allocates a block of memory of a certain length and then tries to stuff too much data into the buffer, with extra overflowing and overwriting possibly critical information crucial to the normal execution of the program.