1. Attacks that can be used to gain password
1.1. a. Redirecting SMB Logon to attacker
1.1.1. SMB stands for Server Message Block, and is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.
1.1.2. While SMB password guessing is still the most effective method for gaining access to Windows systems, an unsuccessful attacker might attempt to eavesdrop on SMB logon exchanges / authentication using sniffing techniques.
1.2. b. SMB relay MITM
1.2.1. Computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines.
1.3. c. NetBIOS DOS attack
1.3.1. The Network Basic Input/Output System (NetBIOS) attack are all new reflection attack vectors that abuse UDP.
1.3.2. The victim could be any device on the Internet that exposes a reflectable UDP service.
1.3.3. For malicious actors looking to bring a website or web service offline, distributed reflection denial of service (DrDoS) attacks have been a popular weapon for years.
2. Password cracking attacks using tool such as Hydra
2.1. What is hydra?
2.1.1. Hydra is a very well-known and respected network log on cracker (password cracking tool) which can support many different services.
2.2. How does Hydra work?
2.2.1. Hydra is a brute force password cracking tool. In information security (IT security), password cracking is the methodology of guessing passwords from databases that have been stored in or are in transit within a computer system or network.
3. Password cracking countermeasures
3.1. The first best counter measure against password cracking is using strong password.
3.2. Possible strong password should be implemented to protect you against password cracking.
3.3. Network Administrator must use “syskey” feature to protect password database.
3.4. Network administrator can enable syskey feature by any of following ways.
4. Performs privilege escalation
4.1. Privilege escalation.
4.1.1. One of the tactics that hackers use to gain unauthorized access to a network is known as privilege escalation.
4.1.2. There are two common types of privilege escalation — horizontal and vertical.
4.1.2.1. Horizontal
4.1.2.1.1. Occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
4.1.2.2. Vertical
4.1.2.2.1. Occurs when a malicious user attempts to access resources and functions that belong to a user with higher privileges, such as application or site administrators.
4.2. Rootkits.
4.2.1. The term ‘rootkit’ originated in the UNIX world; however, today it’s often used to describe stealth technologies utilized by the authors of Windows Trojans.
4.3. Rootkits countermeasures.
4.3.1. In order to do this, executable system files (such as login, ps, ls, netstat etc) or system libraries (libproc.a) are replaced, or a kernel module is installed.
5. Perform System Attack
5.1. Hiding files purpose and the techniques.
5.2. NTFS file streaming.
5.3. NTFS countermeasures.
5.4. Steganography technologies.
5.5. Buffer overflow attack.
6. Perform System Attack
6.1. Hiding files purpose and the techniques
6.1.1. There are two ways to hide files in Windows. The first is to use the attrib command. To hide a file with the attrib command, type the following at the command prompt: attrib +h [file/directory]
6.2. NTFS file streaming
6.2.1. The second way to hide a file in Windows is with NTFS alternate data streaming.
6.3. NTFS countermeasures
6.3.1. To delete a stream file, copy the first file to a FAT partition, and then copy it back to an NTFS partition.
6.4. Steganography technologies
6.4.1. used to conceal information inside of other information, thus making it difficult to detect.
6.5. Buffer overflow attack
6.5.1. A buffer is a temporary area for data storage.
7. Rules of password
7.1. Designed to be something an individual can remember easily and not easy to guessed or broken.
7.2. Example
7.2.1. Numbers
7.2.2. Letters
7.2.3. all upper- or lowercase
7.2.4. Proper names
7.2.5. Dictionary words
7.2.6. Short password(fewer than eight characters)
7.3. Rules for creating a strong password(avoid)
7.3.1. Contain letters, special characters, and numbers: stud@52
7.3.2. Passwords that contain only numbers: 23698217
7.3.3. Passwords that contain only special characters: &*#@!(%)
7.3.4. Passwords that contain letters and numbers: meetl23
7.3.5. Passwords that contain only letters: POTHMYDE
7.3.6. Passwords that contain only letters and special characters: rex@&ba
8. Types of password attacks
8.1. a. Passive online attacks
8.1.1. A passive online attack, the attacker tends to be not engaged or less engaged than they would be during other kinds of attacks.
8.2. b. Active online attacks
8.2.1. These attacks use a more aggressive form of penetration that is designed to recover passwords.
8.2.2. Examples: Using password guessing, Trojans, Spyware, Hash Injection and Keyloggers
8.3. c. Offline attacks
8.3.1. Offline attacks represent yet another form of attack that is very effective and difficult to detect in many cases.
9. Manual password cracking
9.1. a. Default passwords
9.1.1. Set by the manufacturer when the device or system is built.
9.1.2. They are documented and provided to the final consumer of the product and are intended to be changed.
9.1.3. Look up your default password at any of the sites:
9.1.3.1. ■ CIRT.net | Suspicion Breeds Confidence ■ http://default-password.info ■ www.defaultpassword.us ■ www.passwordsdatabase.com
9.2. b. Guessing passwords
9.2.1. an attacker may target a system by doing:
9.2.1.1. 1. Locate a valid user. 2. Determine a list of potential passwords. 3. Rank possible passwords from least to most likely. 4. Try passwords until access is gained or the options are exhausted.