Discussion 5.1 and 5.2

profileShrikaa
AdvancedPersistentThreatHacking-Chapter7.pptx

Advanced Persistent Threat Hacking Chapter 7

By

Professor Henry A. McKelvey

Remote Presence Reconnaissance

Finding remote users

Wi-Fi (with and Without VPN)

VPN Connected (DSL, Cable Modem)

Information

Home Addresses

Travel Habits

Places Frequented

Associations (Business and Personal)

Information on People

Where to look

Spokeo

Intelius

People Finder

Many public and private databased

Place People Go (Easier Said Than Done)

Happy Hour

Team Functions

After Hours get away

Social Spear Phishing

Uses secondary targets as entry vectors

Family members

Friends

Associates

Target goal

Compromise computers of

Friends (Why)

Family (Why)

Wireless Attack Phases

Wireless Reconnaissance

Frequency Determination

Frequency Use

Attack wireless access points

Jamming

Reassignment (AKA Re-Association)

Attack wireless clients

Rouge use

Gather information

APT Wireless Tools

Wireless Cards

Wireless Standards Supported

802.11b, g, n (2.4GHz)

802.11a, ac (5-5.950 GHz)

Antenna Supported

Dipole

Yagi (log periodic)

Monopole

Connection Type

(BNC, TNC, SMA, SMB, N-Type, F)

Power

Wattage requirements (sensitivity input) (Power Output)

Chipset Type

PRISM

Broadcom

Atheros

See pages 217-240 for additional information on attack tools

vulnerabilities hackers use to attack wireless networks

Old encryption standards

WEP (Flaw found by retransmitted initialization Vectors)

WPA (flaw found by generation of default passwords)

SSID (Service Set Identifier)

Can be reversed engineered to determine possible default passwords (see page 242)

vulnerabilities hackers use to attack wireless networks (Cont.)

Post –Exploitation Exploration

Goal to find other connections

Make sure you are undetected

Gather information about the network

Client Hacking

After all else has failed, go in through the front door

Hack the Client instead of the network

Possible targets

Smart Phones

Tablets

E-readers

Point of Sale Systems

Specialized handheld systems

Client Hacking (Cont)

Steps

Setup Rouge Access Point

Identify device

Keep record of MAC Addresses

Attack insecure protocols

Use Social Engineering to gather additional data

Deploy Rouge Access Point to main network

Force client to connect to rouge network

Some will connect automatically some have to be coerced

Attack clients once they are on the rouge network

See pages 248 – 258 for attack method

HTTP Attack

Proxy the user’s connection to the legitimate site

Record all GET and POST Requests

Inject hidden iframes to steal cookies

Inject hidden iframe to gather Windows credentials

Inject hidden iframe with signed JAVA applet

Inject hidden iframe with browser_auotpwn

Host malicious executable and prompt user to install to use hotspot