1. Manual password cracking: ~Default passwords -Set by the manufacturer when the device or system is built. -They are documented and provided to the final consumer of the product and are intended to be changed. Look up your default password at any of the following sites: ■ CIRT.net | Suspicion Breeds Confidence ■ http://default-password.info ■ www.defaultpassword.us ■www.passwordsdatabase.com
1.1. Guessing passwords Simply put, an attacker may target a system by doing the following: 1. Locate a valid user. 2. Determine a list of potential passwords. 3. Rank possible passwords from least to most likely. 4. Try passwords until access is gained or the options are exhausted. This process can be automated through the use of scripts created by the attacker, but it still qualifies as a manual attack.
2. Attacks that can be used to gain password a. Redirecting SMB Logon to attacker b. SMB relay MITM c. NetBIOS DOS attack
2.1. a.Another way to discover passwords on a network is to redirect the Server Message Block (SMB) logon to an attacker's computer so that the passwords are sent to the hacker. In order to do this, the hacker must sniff the NTLM responses from the authentication server and trick the victim into attempting Windows authentication with the attacker's computer. A common technique is to send the victim an email message with an embedded link to a fraudulent SMB server. When the link is clicked, the user unwittingly sends their credentials over the network.
3. Password cracking attacks using tool such as Hydra
3.1. Password cracking countermeasures The first best counter measure against password cracking is using strong password. Possible strong password should be implemented to protect you against password cracking. This means a password must be at least 8-12 characters long and should be made of uppercase, lowercase, alphabets as well as numerals and special characters. Also network administrator should encourage users to change their passwords at regular intervals and ask them to never leave their consoles or desktop unlocked since they can invite troubles like key loggers, spy wares, Trojans and sniffers.
4. Rootkit countermeasures The term ‘rootkit’ originated in the UNIX world; however, today it’s often used to describe stealth technologies utilized by the authors of Windows Trojans. In order to do this, executable system files (such as login, ps, ls, netstat etc) or system libraries (libproc.a) are replaced, or a kernel module is installed. Never use the Internet as Administrator (or any privileged account), run anti-spyware to block suspicious installation activities, and avoid installing software from unknown sources. Choose a rootkit detector and start scanning with it as part of your regularly scheduled security task list.
5. NTFS file streaming The second way to hide a file in Windows is with NTFS alternate data streaming. NTFS file systems used by Windows NT, 2000, and XP have a feature called alternate data streams that allow data to be stored in hidden files linked to a normal, visible file.
6. Steganography technologies Steganography is used to conceal information inside of other information, thus making it difficult to detect. Data is first encrypted by the usual means and then inserted, using a special algorithm, into redundant (that is, provided but unneeded) data that is part of a particular file format such as a JPEG image.
7. Rules of password ~A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.
7.1. Some examples of passwords that lend themselves to cracking: ■ Passwords that use only numbers ■ Passwords that use only letters ■ Passwords that are all upper- or lowercase ■ Passwords that use proper names ■ Passwords that use dictionary words ■ Short passwords (fewer than eight characters)
8. Types of password attacks a. Passive online attacks A passive online attack, the attacker tends to be not engaged or less engaged than they would be during other kinds of attacks. b. Active online attacks These attacks use a more aggressive form of penetration that is designed to recover passwords. c. Offline attacks Offline attacks represent yet another form of attack that is very effective and difficult to detect in many cases.
9. Performs privilege escalation
9.1. One of the tactics that hackers use to gain unauthorized access to a network is known as privilege escalation. Successful privilege escalation attacks grant hackers privileges that normal users don't have.
9.2. Privilege escalation — horizontal Occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
9.3. Privilege escalation — vertical Occurs when a malicious user attempts to access resources and functions that belong to a user with higher privileges, such as application or site administrators.
10. NTFS countermeasures To delete a stream file, copy the first file to a FAT partition, and then copy it back to an NTFS partition. Streams are lost when the file is moved to a FAT partition because they're a feature of NTFS and therefore exist only on an NTFS partition. Countermeasure Tool: lns.exe to detect NTFS streams.
10.1. Hiding files purpose and the techniques. Reasons Behind Hiding Data Personal, Private Data. Sensitive Data. Confidential Data, Trade Secrets. To avoid Misuse of Data. Unintentional damage to data, human error, accidental deletion. Monetary, Blackmail Purposes. Hide Traces of a crime.
11. Buffer overflow attack A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. For example, the data could trigger a response that damages files, changes data or unveils private information.
