CHAPTER 4 SYSTEM ATTACK

Get Started. It's Free
or sign up with your email address
CHAPTER 4 SYSTEM ATTACK by Mind Map: CHAPTER 4  SYSTEM ATTACK

1. ATTACKS THAT CAN BE USED TO GAIN PASSWORD

1.1. 1. Redirecting the SMB Logon to the Attacker

1.1.1. SMB stand for Server Message Block, protocol for sharing files, printers and serial port.

1.1.2. Several automated hacking tools can implement SMB redirection:

1.1.2.1. SMBRelay

1.1.2.2. SMBRelay2

1.1.2.3. pwdump2

1.1.2.4. Samdump

1.1.2.5. C2MYAZZ

1.2. 2. SMB relay MITM

1.2.1. Computer program that can be used to carry out SMB man- in-the-middle (mitm) attacks on Window machines.

1.2.2. Hacking Tools:

1.2.2.1. SMBGrind

1.2.2.2. SMBDie

1.3. 3. NetBIOS DOS attack

1.3.1. A NetBIOS Denial of Service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS Name Service on a target Windows systems and forces the system to place its name in conflict so that the name can no longer be used. This essentially blocks the client from participating in the NetBIOS network and creates a network DoS for that system.

1.3.2. Hacking Tools:

1.3.2.1. NBName can disable entire LANs and prevent machines from rejoining them.

2. PASSWORD CRACKING ATTACKS USING TOOL SUCH AS:

2.1. Hydra

2.2. Brutus

2.3. RainbowCrack

2.4. Wfuzz

2.5. THC Hydra

3. PASSWORD CRACKING COUNTERMEASURES

3.1. The strongest passwords possible should be implemented to protect against password cracking.

3.2. Systems should enforce 8–12 character alphanumeric passwords.

3.3. To protect against cracking of the hashing algorithm for passwords stored on the server, you must take care to physically isolate and protect the server.

3.4. A systems administrator can implement the following security precautions to decrease the effectiveness of a brute-force password-cracking attempt:

3.4.1. 1. Never leave a default password.

3.4.2. 2. Never use a password that can be found in a dictionary.

3.4.3. 3. Never use a password related to the host name, domain name, or anything else that can be found with whois.

3.4.4. 4. Never use a password related to your hobbies, pets, relatives, or date of birth.

3.4.5. 5. Use a word that has more than 21 characters from a dictionary as a password.

4. PERFORMS PRIVILEGE ESCALATION

4.1. Privilege Escalation

4.1.1. -One of the tactics that hackers use to gain unauthorized access to a network

4.1.2. Two type of privilege escalation: horizontal and vertical

4.1.2.1. Horizontal- occurs when a malicious user attempts to access resource and function that belong to peer users, who have similar access permissions.

4.1.2.2. Vertical- Occurs when a malicious user attempt to access resources and functions that belong to a user with higher privileges, such as application or site administrator.

4.2. Rootkit Countermeasures

5. ROOTKIT CONTERMEASURE

5.1. A root kit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that is not otherwise allowed and often masks its existence or the existence of other software.

5.2. prevent users from receiving accurate information about what is taking place on the computer.

5.3. The increased popularity of rootkits is partly due to the fact that the source code of many rootkits is now openly available on the Internet.

5.4. Anti rootkit software of the trade

5.4.1. GMER

5.4.2. RootkitRevealer

5.4.3. Rootkit Unhooker

5.4.4. IceSword

5.5. Type of rootkit

5.5.1. Kernel rootkit. This type of rootkit is designed to function at the level of the operating system itself.

5.5.2. Hardware or firmware rootkit.

5.5.3. Hypervizor or virtualized rootkit.

5.5.4. Bootloader rootkit or bootkit.

5.5.5. Memory rootkit.

5.5.6. User-mode or application rootkit.

5.5.7. ZeroAccess rootkit.

5.5.8. Necurs.

6. RULES OF PASSWORD

6.1. Design to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.

6.2. Example of password that lend themselves to crack:

6.2.1. 1. Password that use only number

6.2.2. 2. Password that use only letters

6.2.3. 3. Password that are all upper or lower case

6.2.4. 4. Password that proper names

6.2.5. 5. Password that use dictionary words

6.2.6. 6. Short passwords

6.3. Rules for creating a strong password are good line of defense against the attacks:

6.3.1. 1. Password that contain letters, special character and number: stud@52

6.3.2. 2. Password that contain only number: 23431

6.3.3. 3. Password that contain only special character: $#@&

7. TYPE OF PASSWORD ATTACKS

7.1. 1. Passive online attacks

7.1.1. Tapping

7.1.2. Traffic Analysis

7.1.3. Scanning

7.1.4. Encryption

7.2. 2. Active online attacks

7.2.1. Keyloggers

7.2.2. Trojans

7.2.3. Spyware

7.2.4. Hash Injection

7.3. 3. Offline attacks

7.3.1. Dictionary attack

7.3.2. Hybrid attack

7.3.3. Brute-force attack

8. MANUAL PASSWORD CRACKING

8.1. Default password- set by manufacturer when the device or system is built.

8.2. Guessing password

8.2.1. An attacker may target a system by doing:-

8.2.2. -locate a valid user.

8.2.3. - determine a list of potential passwords

9. PERFORM SYSTEM ATTACK

9.1. Hiding files purpose and the techniques

9.1.1. Reasons Behind Hiding Data - Personal, Private Data. - Sensitive Data. - Confidential Data, Trade Secrets. - To avoid Misuse of Data. - Unintentional damage to data, human error, accidental deletion. - Monetary, Blackmail Purposes. - Hide Traces of a crime.

9.1.2. Two ways to hide files in Windows

9.1.2.1. 1. attrib command

9.1.2.2. 2. NTFS alternate data streaming

9.2. NTFS file streaming

9.2.1. NTFS file systems used by Windows NT, 2000, and XP have a feature called alternate data streams that allow data to be stored in hidden files linked to a normal, visible file.

9.3. NTFS countermeasures

9.3.1. Countermeasure Tool: lns.exe to detect NTFS streams.

9.4. Steganography technologies

9.4.1. Steganography is used to conceal information inside of other information, thus making it difficult to detect.

9.4.2. Make it difficult to attack

9.4.3. Steganography tools:

9.4.3.1. OpenStego

9.4.3.2. StegaMail

9.4.3.3. Steghide

9.4.3.4. ImageSpyer G2

9.4.3.5. MP3Stego

9.5. Buffer overflow attack

9.5.1. A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows.

9.5.2. It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.

9.5.3. Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input.

9.5.4. Countermeasures against Buffer- Overflow Attack

9.5.4.1. Disable unneeded services.

9.5.4.2. Protect your Linux systems with either a firewall or a host-based intrusion prevention system (IPS).

9.5.4.3. Enable another access control mechanism, such as TCP Wrappers, that authenticates users with a password.