Easttom PPT 06 Final

Computer Security
Fundamentals
by Chuck Easttom
Chapter 6 Techniques Used by Hackers

Chapter 6 Objectives
 Understand the basic methodology used by

hackers
 Be familiar with some of the basic tools
 Understand the hacking mentality
© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 2

Introduction
 Basic Terminology
 Reconnaissance
 Passive Scanning

Netcraft.com

Archive.org

Port Scanning
 NMap

NMAP Flags
 -O detects operating system  -Po Don’t ping
 -sP is a ping scan  -PT TCP ping
 -sT TCP connect scan
 -PS SYN ping
 -sS SYN scan
 -PI ICMP ping
 -sF FIN scan
 -PB TCP and ICMP ping
 -sX XMAS Tree scan
 -PM ICMP netmask
 -sN NULL scan
 -sU UDP scan  -oN Normal output
 -sO Protocol scan  -oX XML output
 -sA ACK Scan  -oG Greppable output
 -sW Windows scan  -oA all output
 -sR RPC scan  -T timing
 -sL List/DNS scan
 -T0 paranoid
 -sI Idle scan
 -T 1 Sneaking
 -T 2 Polite
 -T 3 Normal
 -T 4 Aggressive
 -T 5 Insane

Scan Types
 Ping
 Connect
 Syn
 Fin

Ping Scan
 The ping scan sends a single ICMP echo

request from the source to the destination
device. A response from an active device
returns an ICMP echo reply, unless the IP
address is not available on the network or the
ICMP protocol is filtered.

Connect Scan
 Fully connect to the target ip address and

port. Does a complete TCP handshake. This
is the most reliable but will absolutely be
detected.

Syn Scan
 Sends syn (synchronize) requests to the

target to gather information about open ports
without completing the TCP handshake
process. When an open port is identified, the
TCP handshake is reset before it can be
completed. This technique is sometimes
called to as "half open" scanning.

Fin Scan
 Sends a FIN (or finish) packet to target.

 If that port is not listening, no response.
 If it is listening an error response is received.

Enumeration
 Sid2User
 Cheops (Linux only)
 UserInfo
 UserDump
 DumpSec
 Netcat
 NBTDump

Cain and Abel

SQL Injection
 One of the most common attacks

 Depends on knowledge of SQL
 Basics are easy
 Versatile and can do a lot more than many
realize

What Is SQL?
 A relational database contains one or more tables
identified each by a name.
 Tables contain records (rows) with data.
 For example, the following table is called "users" and
contains data distributed in rows and columns:
 SQL (Structured Query Language) uses commands like
such as SELECT, UPDATE, DELETE, INSERT,
WHERE, and others. Example:
SELECT * FROM tblUsers WHERE USERNAME =
‘admin’

More on SQL
 Web sites are written in some programming language such as PHP, ASP,
JSP, ASP.net. Those programming languages have their own syntax (NOT
SQL). So programmers put the SQL into their code in strings. So lets say
you type your username into a text field called txtUsername and your
password into a text field called txtPassword. The code in their program has
to put SQL statements into a string and append whatever you entered in
those two text fields. It will look something like this:
 string sSQLstatement;
 sSQLstatement = “SELECT * FROM tblUSERS WHERE UserName = ‘ “
+ txtUsername.Text +’” + “ AND Password = ‘” + txtPassword.Text +”’”;
so the string will contain
‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password =
‘password’’;
However whatever you type in, gets put into the text field.

SQL Script Injection
 Single quote added to password:
 Add the following to the username box and the password:
 ' or ‘1' =‘1
 OR
 ' or 'a' ='a
 Also try password’ or (1=1)
 Or people try
 anything' OR 'x'='x
 or people try
 password:’1=1- -
 Try using double quote (") if single quote (') is not working

What Does This Cause?
 Well you would have had
‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND
Password = ‘password’’;
Instead you have
‘SELECT * FROM tblUSERS WHERE UserName =‘' or ‘1' =‘1
’ AND Password = ‘' or ‘1' =‘1
’’;
So now it says to get all entries from table = tblUsers if the username is
‘’ (blank) OR IF 1 =1. And if password = ‘’ (blank) OR IF 1=1!

Cross Site Scripting
An attacker injects client-side script into web pages

viewed by other users. The term cross-site scripting
originally referred to the act of loading the attacked,
third-party web application from an unrelated attack site,
in a manner that executes a fragment of JavaScript
prepared by the attacker in the security context of the
targeted domain
Essentially you enter scripts into an area that other users
interact with. So that when they go to that part of the site,
you have your own script run, rather than the intended
Web site functionality. This can include redirecting them.

OphCrack- How It Works
 Download OphCrack and burn the image to a
CD.
 Put the CD in the target computer and boot
through CD.
 It boots as Linux, grabs the Windows password
file, and then uses cracking tools to crack that
file and produces a text file with username and
passwords.
 You cannot even consider yourself a hacker
without this tool in your toolkit.

Malware Creation
 GUI tools
 Batch Files
 Writing your own

Malware Creation

Other Attacks
 Pass the hash
 Scripts

Pen Testing
 NIST 800-115
 National Security Agency Information Assessment
Methodology
 PCI Penetration Testing Standard

Easttom PPT 06 Final

Uploaded by

Copyright:

Available Formats

You might also like

Easttom PPT 06 Final

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Easttom PPT 06 Final

Uploaded by

Copyright:

Available Formats

Computer Security

Chapter 6 Techniques Used by Hackers

 Understand the basic methodology used by

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 2

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 3

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 4

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 5

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 6

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 7

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 8

 The ping scan sends a single ICMP echo

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 9

 Fully connect to the target ip address and

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 10

 Sends syn (synchronize) requests to the

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 11

 Sends a FIN (or finish) packet to target.

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 12

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 13

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 14

 One of the most common attacks

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 15

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 16

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 17

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 18

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 19

An attacker injects client-side script into web pages

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 20

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 21

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 22

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 23

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 24

© 2016 Pearson, Inc. Chapter 6 Techniques Used by Hackers 25

You might also like