week7 CS-DB

profilemary29
easttom_ppt_06_final.ppt
Home>Computer Science homework help>week7 CS-DB

Computer Security Fundamentals

by Chuck Easttom

Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

Chapter 6 Objectives

  • Understand the basic methodology used by hackers
  • Be familiar with some of the basic tools
  • Understand the hacking mentality

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

Introduction

  • Basic Terminology
  • Reconnaissance
  • Passive Scanning

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

This chapter provides the essential steps of a vulnerability assessment:

  • Not a comprehensive treatment
  • Not a substitute for an expert consultant
  • A basic blueprint

There are many procedures to implement secure computing:

  • This chapter presents some overall procedures.
  • This is not step-by-step instructions.

Netcraft.com

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Archive.org

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

Port Scanning

  • NMap

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

This chapter provides the essential steps of a vulnerability assessment:

  • Not a comprehensive treatment
  • Not a substitute for an expert consultant
  • A basic blueprint

There are many procedures to implement secure computing:

  • This chapter presents some overall procedures.
  • This is not step-by-step instructions.

NMAP Flags

  • -O detects operating system
  • -sP is a ping scan
  • -sT TCP connect scan
  • -sS SYN scan
  • -sF FIN scan
  • -sX XMAS Tree scan
  • -sN NULL scan
  • -sU UDP scan
  • -sO Protocol scan
  • -sA ACK Scan
  • -sW Windows scan
  • -sR RPC scan
  • -sL List/DNS scan
  • -sI Idle scan
  • -Po Don’t ping
  • -PT TCP ping
  • -PS SYN ping
  • -PI ICMP ping
  • -PB TCP and ICMP ping
  • -PM ICMP netmask
  • -oN Normal output
  • -oX XML output
  • -oG Greppable output
  • -oA all output
  • -T timing
  • -T0 paranoid
  • -T 1 Sneaking
  • -T 2 Polite
  • -T 3 Normal
  • -T 4 Aggressive
  • -T 5 Insane

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

Scan Types

  • Ping
  • Connect
  • Syn
  • Fin

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

T

Ping Scan

  • The ping scan sends a single ICMP echo request from the source to the destination device. A response from an active device returns an ICMP echo reply, unless the IP address is not available on the network or the ICMP protocol is filtered.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Connect Scan

  • Fully connect to the target ip address and port. Does a complete TCP handshake. This is the most reliable but will absolutely be detected.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Syn Scan

  • Sends syn (synchronize) requests to the target to gather information about open ports without completing the TCP handshake process. When an open port is identified, the TCP handshake is reset before it can be completed. This technique is sometimes called to as "half open" scanning.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Fin Scan

  • Sends a FIN (or finish) packet to target.
  • If that port is not listening, no response.
  • If it is listening an error response is received.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Enumeration

  • Sid2User
  • Cheops (Linux only)
  • UserInfo
  • UserDump
  • DumpSec
  • Netcat
  • NBTDump

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Cain and Abel

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

SQL Injection

  • One of the most common attacks
  • Depends on knowledge of SQL
  • Basics are easy
  • Versatile and can do a lot more than many realize

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

What Is SQL?

  • A relational database contains one or more tables identified each by a name.
  • Tables contain records (rows) with data.
  • For example, the following table is called "users" and contains data distributed in rows and columns:
  • SQL (Structured Query Language) uses commands like such as SELECT, UPDATE, DELETE, INSERT, WHERE, and others. Example:
    SELECT * FROM tblUsers WHERE USERNAME = ‘admin’

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

More on SQL

  • Web sites are written in some programming language such as PHP, ASP, JSP, ASP.net. Those programming languages have their own syntax (NOT SQL). So programmers put the SQL into their code in strings. So lets say you type your username into a text field called txtUsername and your password into a text field called txtPassword. The code in their program has to put SQL statements into a string and append whatever you entered in those two text fields. It will look something like this:
  • string sSQLstatement;
  • sSQLstatement = “SELECT * FROM tblUSERS WHERE UserName = ‘ “

+ txtUsername.Text +’” + “ AND Password = ‘” + txtPassword.Text +”’”;

so the string will contain

‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password = ‘password’’;

However whatever you type in, gets put into the text field.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

SQL Script Injection

  • Single quote added to password:
  • Add the following to the username box and the password:
  • ' or ‘1' =‘1
  • OR
  • ' or 'a' ='a
  • Also try password’ or (1=1)
  • Or people try
  • anything' OR 'x'='x
  • or people try
  • password:’1=1- -
  • Try using double quote (") if single quote (') is not working

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

What Does This Cause?

  • Well you would have had

‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password = ‘password’’;

Instead you have

‘SELECT * FROM tblUSERS WHERE UserName =‘' or ‘1' =‘1

’ AND Password = ‘' or ‘1' =‘1

’’;

So now it says to get all entries from table = tblUsers if the username is ‘’ (blank) OR IF 1 =1. And if password = ‘’ (blank) OR IF 1=1!

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Cross Site Scripting

An attacker injects client-side script into web pages viewed by other users. The term cross-site scripting originally referred to the act of loading the attacked, third-party web application from an unrelated attack site, in a manner that executes a fragment of JavaScript prepared by the attacker in the security context of the targeted domain

Essentially you enter scripts into an area that other users interact with. So that when they go to that part of the site, you have your own script run, rather than the intended Web site functionality. This can include redirecting them.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

OphCrack- How It Works

  • Download OphCrack and burn the image to a CD.
  • Put the CD in the target computer and boot through CD.
  • It boots as Linux, grabs the Windows password file, and then uses cracking tools to crack that file and produces a text file with username and passwords.
  • You cannot even consider yourself a hacker without this tool in your toolkit.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Malware Creation

  • GUI tools
  • Batch Files
  • Writing your own

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Malware Creation

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Other Attacks

  • Pass the hash
  • Scripts

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

Pen Testing

  • NIST 800-115
  • National Security Agency Information Assessment Methodology
  • PCI Penetration Testing Standard

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers

*

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers