S y s t e m
H
a c k
i n
g
M o d u le 05
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
S y s te m
H a c k in g M o d u le 0 5
Engineered by Hackers. Presented by Professionals.
i.
/
CEH
P n !
E th ic a l H a c k in g a n d C o u n t e r m e a s u r e s v 8 M o d u le : 0 5 S y s te m H a c k in g E x am 3 1 2 - 5 0
M odule 05 Page 518
Ethical Hacking and Co un term eas ure s Copyright © by EC-C0l EC-C0lin inCi Cill All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
S e c u r it y N e w s
CEH
UrtifW itkMl lUclwt
\ m
September 26th, 2012
IEEE Hack Confirmed, 100k Plain Text Passwords Vulnerable Af te r det ails we re rev eal ed by Radu Dra gu sin ov er at IEEE Iog.c om a fe w day s ago tha t passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organisation has now confirmed it in a communication to members, advising advising them to change their details immediately. The IEEE IEEE is an organisation that is designed to advance technology and has over 400,000 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 802.11 Wireless Netwo rking standard. At an organisation like this, this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it was sent out yesterday and reads: "IEEE has become aware of an incident regarding inadvertent access to unencry pted log files files containin g user IDs and passwo rds. This matter has been addressed and resolved. None o f your financial information w as made accessible in this situation." situation." http://www.kitguru.net
Copyright © by EC-Cai nd. Al l Rights Reserve Reserved. d. Reproduction is Strictly Prohibited.
S e c u rity N e w s IE E E H a c k C o n f irm e d , 1 0 0k P la in T e x t P a s s w o r d s V u l n e ra b l e Source: http://www.kitguru.net A ft e r de ta il s w e re re ve al ed by Rad u Dr ag us in ov er at IEEE Iog.c Io g.c om re ce nt ly th a t pa ss w or ds an d user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organization confirmed this in a communication to members, advising them to change their details immediately. The IEEE is an organization that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle, and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organization like this, you'd expect security to be high. high. Still, this hack was no hoax. The official announcement of it reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and
M o d u l e 0 5 P a g e 5 19 19
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." The comp any co ntinued saying saying though, that it was techn ically possible possible that during the time this information was available, that someone could have used it to access a user's account and therefore, as a "pr ecau tion ary m easure, " the IEE IEEE recom men ded all all users change their account information. Until that time, users were not be able to access their account at all. In what seems like quite a bold move, the organization went on to explain to users that one of the best ways to protect themselves is to use a strong, unique password for their login. Considering it was an IEEE security blunder that caused the hack, advising other people on password strength seems a bit hypocritical. That said, in Mr Dragusin's reveal of the hacked information, he produced a graph detailing some of the most commonly used passwords. Almost 300 people used "123456" and other variations of number s in that same configuration, while hundreds of others used passwords like like "admin," "student," and "ieee2012." Considering the involvement of IEEE members in pushing the boundaries of current technology, you'd assume we wouldn't need to turn to Eugene "The Plague" Belford to explain the im portance of password security. security.
Copy right © 2010-2013 KitGuru KitGuru L imited Au th o r: Jo n M a rt in d a le
http://www.kitguru.net/c http://www.kitguru.net/channel/ion-ma hannel/ion-martindale/ieee-hac rtindale/ieee-hack-confirmed k-confirmed-100k-p -100k-plain-textlain-textpasswords-vulnerable/
M o d u l e 0 5 P a g e 5 20 20
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
M o d u le
Exam 312-50 Certified Ethical Hacker
O b je c tiv e s
C EH
UrtilM itkKJl NmIm
r J
System Hacking: Goals
J
Types of Keystroke Loggers and Spywares
J
CEH CEH Hacking Hacking M ethodo llogy ogy (CHM)
J
Anti-K eyl ogger and Anti-Spywares Anti-Spywares
J
Password Cracking
J
Detecting Rootkits Rootkits
J
Stealing Passwords Using Keyloggers
J
Anti-Rootkits Anti-R ootki ts
J
M i c r o s o f t A u t h e n t i c a titi o n
J
NTFS Stream Manipulation
J
How to Disable LM HASH HASH
J
Classification of Steganography
J
How to Defend against Password
J
Steganal Steganalysi ysiss Met Metho ho ds/ ds/Attacks Attacks on
^
C r a c k in g
S t e g a n o g ra p h y
J
Privilege Escalation
J
Covering Tracks
J
Executing Applications
J
Penetration Testing
Copyright © by EC-G*ancil. EC-G*ancil. All Rights Reserved. Reserved. Reproduction is Strictly Stric tly Prohibited. Prohibi ted.
M o d u l e O b j e c tiv e s The preceding modules dealt with the progressive intrusion that an attacker makes towards his or her target system(s). You should bear in mind that this does not indicate a culm inatio n o f the the attack. attack. This This modu le familiarizes you with: with: System Hacking: Goals
Types of Keystroke Loggers Loggers and Spywares
CEH Hacking Methodology (CHM)
An ti-K ti -Key ey lo gg er a nd An ti-S ti -S py wa re s
Password Cracking Stealing Passwords Using Keyloggers Keyloggers
Detecting Rootkits An ti -Roo -R oo tkit tk it s
Microsoft Authentication
NTFS Stream Manipulation
Howto Disable LM HASH
Classification of Steganography
How to Defend against Password
Steganalysis Methods/Attacks on
Cracking
Steganography
Privilege Escalation
Covering Tracks
Executing Executing Application s
Penetration Testing
Mod ule 05 Page 521
Ethical Hacking and C oun term eas ure s Copyright © by EC-C0 EC-C0l1 l1nC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
In fo rm a tio n H a c k in g
a t H a n d B e fo re S y s te m C E H
S ta g e
(•rtifwtf itkitjl
Wh at you have at this stage stage::
Copyright © by EG-Cowid. All Rights Reserved Reproduction is Strictly Prohibited.
In f o rm a tio n
a t H a n d B e fo r e S y s te m
H a c k in g S ta g e
Before beginning with system hacking, let's go over the phases you went through and the inf ormation you collected so far. far. Prior to this module, we discuss discussed: ed:
F o o t p r in t i n g M o d u le Footprinting
is
the
process
of
accumulating
data
regarding
a
specific
network
environment. Usually this technique is applied for the purpose of finding ways to intrude into the network environment. Since footprinting can be used to attack a system, it can also be used to protect it. In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. Determining the objective and location of an intrusion is the primary step involved in footprinting. Once the objective and location of an intrusion is known, by using nonintrusive methods, specific info rm atio n abo ut the organization can can be gathered. For example, the web page of the organization itself itself may provide em ployee bios or a personnel directory, which the hacker can use it for the social engineering to reach the objective. Conducting a Whois query on the web provides the associated networks and domain names related to a specific organization.
Mod ule 05 Page 522
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
S c a n n in g M o d u le Scanning is a procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. In the scanning phase, the attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. Scanning is mainly concerned with the identification of systems on a netwo rk and the identification of services services running on each each computer. Some of the scanning pr ocedures such as port scans scans and and ping sweeps return in formation about the services offered by the live hosts that are active on the Internet and their IP addresses. The inverse mapping scanning procedure returns the information about the IP addresses that do not map to the live hosts; this allows an attacker to make suppositions abou t feasible addresses.
E n u m e r a tio n M o d u le Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. This is significant because the attacker crosses over the target territory to unearth information about the network, and shares users, groups, applications, and banners. The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public, such as a DNS address; howe ver, it is is possible that the attacker
stumb les
upon a remote IPC share, such as IPC$ in Windows, that can be probed with a null session allowing shares and and accounts to be enumera ted
Mod ule 05 Page 523
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
S y s t e m
H a c k i n g :
G o a l s
C («>«1fw4
E H itkMjl IlMhM
r
N
Hacki ng-Stage |» | A np
G oa l
Gain Gainin ing g Access
Escalating Privileges
15■ ■ » * h Hiding Files
■
Technique/Exploit Used Used
T o c o l le le c t e n o u g h i n f o r m a t i o n
Password eavesdropping,
to gain access
brute forcing
To create a privileged user account if the user level level is obtained
Password cracking,
To create and maintain
#
1
b a c k d o o r a c c e ss ss
known exploits
Trojans
To hide malicious files
Rootkits
To hide the presence of compromise
Clearing logs
Copyright © by E&Cauactl. E&Cauactl. All Rights Rese Reserved. rved. Reproduction Reproduction isStri ctly Prohibited.
S y s te m
H a c k in g :
G o a ls
Every criminal commits a crime to achieve certain goal. Likewise, an attacker can also have certain goals behind performing attacks on a system. The following may be some of the goals of attackers in committing attacks on a system. The table shows the goal of an attacker at different hacking stages and the tech niq ue used to achieve that goal. goal.
M o d u l e 0 5 P a g e 5 24 24
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
Exam 312-50 Certified Ethical Hacker
r
s
Hacking-Stage
Go al
T e c h n i q u e / E x p l o i t U se d
Gaining Access
To collect enough information to gain access
Password eavesdropping, brute forcing
Escalating Privileges
To create a privileged user account if the user level is obtained
Password cracking,
Executing Applications
To create and maintain backdoor access
Trojans
Hiding Files Files
To hide malicious files
Rootkits
Covering Tracks
To hide the presence of compromise
Clearing logs
A
ao
known exploits
FIGURE 5.1: Goals for System Hacking
M o d u l e 0 5 P a g e 5 25 25
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .
E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking
C E H
H a c k in g
Exam 312-50 Certified Ethical Hacker
M e
Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited.
C E H H a c k i n g M e th o d o lo g y ( C H M ) N—(£_ (£__4) _4) ^
^ Before hacking hacking a system, system, an an attacker use usess footp rinting , scanning, and enum era tion
techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. Once the attacker gains all the necessary information, he or she starts hacking. hacking. Similar to the attacker, attacker, an ethical h acke r also follo ws the same steps to test a system or network. In order to ensure the effectiveness of the test, the ethical hacker follows the hacking methodology. The following diagram depicts the hacking methodology followed by ethical hackers: hackers:
M o d u l e 0 5 P a g e 5 26 26
Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .