CEHv8 Module 05 System Hacking

S y s t e m

H

a c k

i n

g

M o d u le 05

E t hi hi ca ca l H a c k in in g a n d C o u n t e r m e a s u r e s System Hacking

Exam 312-50 Certified Ethical Hacker

S y s te m

H a c k in g M o d u le 0 5

Engineered by Hackers. Presented by Professionals.

i.

/

CEH

P n !

E th ic a l H a c k in g a n d C o u n t e r m e a s u r e s v 8 M o d u le : 0 5 S y s te m H a c k in g E x am 3 1 2 - 5 0

M odule 05 Page 518

Ethical Hacking and Co un term eas ure s Copyright © by EC-C0l EC-C0lin inCi Cill All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .



S e c u r it y N e w s

CEH

UrtifW itkMl lUclwt

\ m

September 26th, 2012

IEEE Hack Confirmed, 100k Plain Text Passwords Vulnerable Af te r det ails we re rev eal ed by Radu Dra gu sin ov er at IEEE Iog.c om a fe w day s ago tha t passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organisation has now confirmed it in a communication to members, advising advising them to change their details immediately. The IEEE IEEE is an organisation that is designed to advance technology and has over 400,000 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 802.11 Wireless Netwo rking standard. At an organisation like this, this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it was sent out yesterday and reads: "IEEE has become aware of an incident regarding inadvertent access to unencry pted log files files containin g user IDs and passwo rds. This matter has been addressed and resolved. None o f your financial information w as made accessible in this situation." situation." http://www.kitguru.net

Copyright © by EC-Cai nd. Al l Rights Reserve Reserved. d. Reproduction is Strictly Prohibited.

S e c u rity N e w s IE E E H a c k C o n f irm e d , 1 0 0k P la in T e x t P a s s w o r d s V u l n e ra b l e Source: http://www.kitguru.net A ft e r de ta il s w e re re ve al ed by Rad u Dr ag us in ov er at IEEE Iog.c Io g.c om re ce nt ly th a t pa ss w or ds an d user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organization confirmed this in a communication to members, advising them to change their details immediately. The IEEE is an organization that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle, and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organization like this, you'd expect security to be high. high. Still, this hack was no hoax. The official announcement of it reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and

M o d u l e 0 5 P a g e 5 19 19

Ethical Hacking and C oun term eas ure s Copyright © by EC-C EC-C0U 0UnC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .



passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." The comp any co ntinued saying saying though, that it was techn ically possible possible that during the time this information was available, that someone could have used it to access a user's account and therefore, as a "pr ecau tion ary m easure, " the IEE IEEE recom men ded all all users change their account information. Until that time, users were not be able to access their account at all. In what seems like quite a bold move, the organization went on to explain to users that one of the best ways to protect themselves is to use a strong, unique password for their login. Considering it was an IEEE security blunder that caused the hack, advising other people on password strength seems a bit hypocritical. That said, in Mr Dragusin's reveal of the hacked information, he produced a graph detailing some of the most commonly used passwords. Almost 300 people used "123456" and other variations of number s in that same configuration, while hundreds of others used passwords like like "admin," "student," and "ieee2012." Considering the involvement of IEEE members in pushing the boundaries of current technology, you'd assume we wouldn't need to turn to Eugene "The Plague" Belford to explain the im portance of password security. security.

Copy right © 2010-2013 KitGuru KitGuru L imited Au th o r: Jo n M a rt in d a le

http://www.kitguru.net/c http://www.kitguru.net/channel/ion-ma hannel/ion-martindale/ieee-hac rtindale/ieee-hack-confirmed k-confirmed-100k-p -100k-plain-textlain-textpasswords-vulnerable/

M o d u l e 0 5 P a g e 5 20 20



M o d u le


O b je c tiv e s

C EH

UrtilM itkKJl NmIm

r J

System Hacking: Goals

J

Types of Keystroke Loggers and Spywares

J

CEH CEH Hacking Hacking M ethodo llogy ogy (CHM)

J

Anti-K eyl ogger and Anti-Spywares Anti-Spywares

J

Password Cracking

J

Detecting Rootkits Rootkits

J

Stealing Passwords Using Keyloggers

J

Anti-Rootkits Anti-R ootki ts

J

M i c r o s o f t A u t h e n t i c a titi o n

J

NTFS Stream Manipulation

J

How to Disable LM HASH HASH

J

Classification of Steganography

J

How to Defend against Password

J

Steganal Steganalysi ysiss Met Metho ho ds/ ds/Attacks Attacks on

^

C r a c k in g

S t e g a n o g ra p h y

J

Privilege Escalation

J

Covering Tracks

J

Executing Applications

J

Penetration Testing

Copyright © by EC-G*ancil. EC-G*ancil. All Rights Reserved. Reserved. Reproduction is Strictly Stric tly Prohibited. Prohibi ted.

M o d u l e O b j e c tiv e s The preceding modules dealt with the progressive intrusion that an attacker makes towards his or her target system(s). You should bear in mind that this does not indicate a culm inatio n o f the the attack. attack. This This modu le familiarizes you with: with: System Hacking: Goals

Types of Keystroke Loggers Loggers and Spywares

CEH Hacking Methodology (CHM)

An ti-K ti -Key ey lo gg er a nd An ti-S ti -S py wa re s

Password Cracking Stealing Passwords Using Keyloggers Keyloggers

Detecting Rootkits An ti -Roo -R oo tkit tk it s

Microsoft Authentication

NTFS Stream Manipulation

Howto Disable LM HASH

Classification of Steganography

How to Defend against Password

Steganalysis Methods/Attacks on

Cracking

Steganography

Privilege Escalation

Covering Tracks

Executing Executing Application s

Penetration Testing

Mod ule 05 Page 521

Ethical Hacking and C oun term eas ure s Copyright © by EC-C0 EC-C0l1 l1nC nCil il All Rights Rights Reserved. Repro duction is Strictly Strictly Prohibited .



In fo rm a tio n H a c k in g

a t H a n d B e fo re S y s te m C E H

S ta g e

(•rtifwtf itkitjl

Wh at you have at this stage stage::

Copyright © by EG-Cowid. All Rights Reserved Reproduction is Strictly Prohibited.

In f o rm a tio n

a t H a n d B e fo r e S y s te m

H a c k in g S ta g e

Before beginning with system hacking, let's go over the phases you went through and the inf ormation you collected so far. far. Prior to this module, we discuss discussed: ed:

F o o t p r in t i n g M o d u le Footprinting

is

the

process

of

accumulating

data

regarding

a

specific

network

environment. Usually this technique is applied for the purpose of finding ways to intrude into the network environment. Since footprinting can be used to attack a system, it can also be used to protect it. In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. Determining the objective and location of an intrusion is the primary step involved in footprinting. Once the objective and location of an intrusion is known, by using nonintrusive methods, specific info rm atio n abo ut the organization can can be gathered. For example, the web page of the organization itself itself may provide em ployee bios or a personnel directory, which the hacker can use it for the social engineering to reach the objective. Conducting a Whois query on the web provides the associated networks and domain names related to a specific organization.

Mod ule 05 Page 522




S c a n n in g M o d u le Scanning is a procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. In the scanning phase, the attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. Scanning is mainly concerned with the identification of systems on a netwo rk and the identification of services services running on each each computer. Some of the scanning pr ocedures such as port scans scans and and ping sweeps return in formation about the services offered by the live hosts that are active on the Internet and their IP addresses. The inverse mapping scanning procedure returns the information about the IP addresses that do not map to the live hosts; this allows an attacker to make suppositions abou t feasible addresses.

E n u m e r a tio n M o d u le Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. This is significant because the attacker crosses over the target territory to unearth information about the network, and shares users, groups, applications, and banners. The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public, such as a DNS address; howe ver, it is is possible that the attacker

stumb les

upon a remote IPC share, such as IPC$ in Windows, that can be probed with a null session allowing shares and and accounts to be enumera ted

Mod ule 05 Page 523




S y s t e m

H a c k i n g :

G o a l s

C («>«1fw4

E H itkMjl IlMhM

r

N

Hacki ng-Stage |» | A np

G oa l

Gain Gainin ing g Access

Escalating Privileges

15■ ■ » * h Hiding Files

■

Technique/Exploit Used Used

T o c o l le le c t e n o u g h i n f o r m a t i o n

Password eavesdropping,

to gain access

brute forcing

To create a privileged user account if the user level level is obtained

Password cracking,

To create and maintain

#

1

b a c k d o o r a c c e ss ss

known exploits

Trojans

To hide malicious files

Rootkits

To hide the presence of compromise

Clearing logs

Copyright © by E&Cauactl. E&Cauactl. All Rights Rese Reserved. rved. Reproduction Reproduction isStri ctly Prohibited.

S y s te m

H a c k in g :

G o a ls

Every criminal commits a crime to achieve certain goal. Likewise, an attacker can also have certain goals behind performing attacks on a system. The following may be some of the goals of attackers in committing attacks on a system. The table shows the goal of an attacker at different hacking stages and the tech niq ue used to achieve that goal. goal.

M o d u l e 0 5 P a g e 5 24 24




r

s

Hacking-Stage

Go al

T e c h n i q u e / E x p l o i t U se d

Gaining Access

To collect enough information to gain access

Password eavesdropping, brute forcing

Escalating Privileges

To create a privileged user account if the user level is obtained

Password cracking,

Executing Applications

To create and maintain backdoor access

Trojans

Hiding Files Files

To hide malicious files

Rootkits

Covering Tracks

To hide the presence of compromise

Clearing logs

A

ao

known exploits

FIGURE 5.1: Goals for System Hacking

M o d u l e 0 5 P a g e 5 25 25



C E H

H a c k in g


M e

Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited.

C E H H a c k i n g M e th o d o lo g y ( C H M ) N—(£_ (£__4) _4) ^

^ Before hacking hacking a system, system, an an attacker use usess footp rinting , scanning, and enum era tion

techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. Once the attacker gains all the necessary information, he or she starts hacking. hacking. Similar to the attacker, attacker, an ethical h acke r also follo ws the same steps to test a system or network. In order to ensure the effectiveness of the test, the ethical hacker follows the hacking methodology. The following diagram depicts the hacking methodology followed by ethical hackers: hackers:

M o d u l e 0 5 P a g e 5 26 26


CEHv8 Module 05 System Hacking

Recommend Documents