1. PASSWORD CRACKING TECHNIQUES
1.1. Rules of password
1.1.1. Designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken
1.1.2. Creating a strong password are a good line of defense against the attacks:
1.1.2.1. ■ Passwords that contain letters, special characters, and numbers: stud@52
1.1.2.2. ■ Passwords that contain only numbers: 23698217
1.1.2.3. ■ Passwords that contain only special characters: &*#@!(%)
1.1.2.4. ■ Passwords that contain letters and numbers: meetl23
1.1.2.5. ■ Passwords that contain only letters: POTHMYDE
1.1.2.6. ■ Passwords that contain only letters and special characters: rex@&ba
1.1.2.7. ■ Passwords that contain only special characters and numbers: 123@$4
1.2. Type of password attacks
1.2.1. Passive online attacks
1.2.2. Active online attacks
1.2.3. Offline attacks
1.3. Manual password cracking
1.3.1. Default password
1.3.2. Guessing password
1.4. Attacks that can be used to gain password
1.4.1. Redirecting SMB logon to attacker
1.4.1.1. The hacker must sniff the NTLM responses from the authentication server and trick the victim into attempting Windows authentication with the attacker’s computer.
1.4.1.1.1. Victim logon credential -> Victim click on the link in receive email -> corrupted file transmitted over the network -> An attacker cracks those hashes using L0phcrack -> Connect establish to the victim's pc using hashed credential
1.4.2. SMB relay MITM
1.4.2.1. The attacker sets up a fraudulent server with a relay address.
1.4.2.2. When a victim client connects to the fraudulent server, the MITM server intercepts the call, hashes the password, and passes the connection to the victim server.
1.4.3. NetBIOS DOS attack
1.4.3.1. A NetBIOS Denial of Service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS Name Service on a target Windows systems and forces the system to place its name in conflict so that the name can no longer be used.
1.4.3.2. This essentially blocks the client from participating in the NetBIOS network and creates a network DoS for that system
1.5. Password cracking attacks using tool such as Hydra
1.5.1. Hydra is a brute force password cracking tool. In information security (IT security), password cracking is the methodology of guessing passwords from databases that have been stored in or are in transit within a computer system or network.
1.5.2. Brute force just means that the program launches a relentless barrage of passwords at a log in to guess the password.
1.6. Password cracking countermeasures
1.6.1. The first best counter measure against password cracking is using strong password.
1.6.2. To protect against hashing of the algorithms for password stored on the server it should be physically isolated and even passwords should be salted (randomized).
2. PERFORMS PRIVILEGE ESCALATION
2.1. Privilege escalation
2.1.1. The tactics that hackers use to gain unauthorized access to a network is known as privilege escalation
2.1.2. There are two common types of privilege escalation:
2.1.2.1. Horizontal:- Occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
2.1.2.2. Vertical:- Occurs when a malicious user attempts to access resources and functions that belong to a user with higher privileges, such as application or site administrators
2.2. Rootkits
2.2.1. A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence.
2.2.2. Collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
2.3. Several type of rootkits
2.3.1. Kernel rootkit
2.3.2. Memory rootkit
2.3.3. Zeroaccess rootkit
2.4. Rootkits countermeasures
2.4.1. Easy for virus writers to make small modification to such code.
2.4.2. Windows users use the administrator's account influence to had this attack.
2.4.3. Use rootkit detector to secure from rootkit attack
3. PERFORM SYSTEM ATTACK
3.1. Hiding files purpose and the techniques
3.1.1. Use attrib command(windows):- attrib +[file/directory]
3.2. NTFS file streaming
3.2.1. Allow data to be stored in hidden files linked to a normal, visible file.
3.3. NTFS countermeasures
3.3.1. Delete stream files, copy the first file to a FAT partition and then copy it back to an NTFS partition.
3.3.2. LNS reports the existence and location of files that contain alternate data stream.
3.4. Steganography technologies
3.4.1. Used to conceal information inside of other information, thus making it difficult to detect.
3.4.2. Data first encrypted by the usual means and then inserted using a special algorithm into a redundant data that is a part of a particular file format such as JPEG.
3.5. Buffer overflow attack
3.5.1. Temporary area for data storage. Gets placed by a program or system process, the extra data overflow.
3.5.2. The extra data sometimes hold a specific instruction for action intended by a hacker or malicious code user