1. ATTACKS THAT CAN BE USED TO GAINS PASSWORD
1.1. a. Redirecting SMB logon to attacker
1.2. SMB stands for Server Message Block, and is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.
1.3. The vulnerability is that in the case of SMB, these things are done over the network
1.4. b. SMB relay MITM
1.5. Computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines.
1.6. c. NetBIOS DOS attack
1.7. The Network Basic Input/Output System (NetBIOS) attack are all new reflection attack vectors that abuse UDP.
2. PASSWORD CRACKING COUNTERMEASURES
2.1. The first best counter measure against password cracking is using strong password.
2.2. Possible strong password should be implemented to protect you against password cracking.
2.3. password must be at least 8-12 characters long and should be made of uppercase, lowercase, alphabets as well as numerals and special characters.
2.4. To protect against hashing of the algorithms for password stored on the server it should be physically isolated and even passwords should be salted (randomized).
3. PERFORM SYSTEM ATTACK
3.1. a. Hiding files purpose and the techniques.
3.1.1. Reasons Behind Hiding Data Personal, Private Data. Sensitive Data. Confidential Data, Trade Secrets. To avoid Misuse of Data. Unintentional damage to data, human error, accidental deletion. Monetary, Blackmail Purposes. Hide Traces of a crime.
3.2. b. NTFS file streaming.
3.2.1. - The second way to hide a file in Windows is with NTFS alternate data streaming. NTFS file systems used by Windows NT, 2000, and XP have a feature called alternate data streams that allow data to be stored in hidden files linked to a normal, visible file.
3.3. c. NTFS countermeasures.
3.3.1. - To delete a stream file, copy the first file to a FAT partition, and then copy it back to an NTFS partition. - Streams are lost when the file is moved to a FAT partition because they're a feature of NTFS and therefore exist only on an NTFS partition. - Countermeasure Tool: lns.exe to detect NTFS streams.
3.4. d. Steganography technologies.
3.4.1. - Steganography is used to conceal information inside of other information, thus making it difficult to detect. - Data is first encrypted by the usual means and then inserted, using a special algorithm, into redundant (that is, provided but unneeded) data that is part of a particular file format such as a JPEG image.
3.5. e. Buffer overflow attack.
3.5.1. A buffer is a temporary area for data storage.
4. PASSWORD CRACKING TECHNIQUES
4.1. Rules of password
4.1.1. A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.
4.1.1.1. Examples of password that lend themselves to cracking
4.1.1.2. Contain letters, special characters and numbers
4.2. Types of password attacks
4.2.1. 1. Passive online attacks
4.2.2. 2. Active online attacks
4.2.2.1. Examples: Using password guessing, Trojans, Spyware, Hash injection and keyloggers
4.2.3. 3. Offline attacks
4.3. Manual password cracking
4.3.1. 1. Default password
4.3.2. 2. Guessing password
5. PERFORMS PRIVILEGE ESCALATION
5.1. a. Privilege escalation
5.1.1. tactics that hackers use to gain unauthorized access to a network is known as privilege escalation.
5.1.2. two common types of privilege escalation — horizontal and vertical.
5.1.2.1. Privilege Escalation (Horizontal)
5.1.2.1.1. Occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
5.1.2.2. Privilege Escalation (Vertical)
5.1.2.2.1. Occurs when a malicious user attempts to access resources and functions that belong to a user with higher privileges, such as application or site administrators.
5.2. b. Rootkits
5.3. Several types of rootkits such as: Rootkits countermeasure
5.3.1. The term ‘rootkit’ originated in the UNIX world. however, today it’s often used to describe stealth technologies utilized by the authors of Windows Trojans.
5.3.2. ‘Rootkit’ was used to mean a collection of programs which made it possible for a hacker to evade detection.