P. 1
Hacking Exposed Diagram

Hacking Exposed Diagram

|Views: 309|Likes:

More info:

Published by: Fabio 'Elettrico' Moretti on May 29, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less






The Objective Methodology The Techniques The Tools
Target address range and naming acquisition and information gathering are estential to a surgical attack. The key here is not to miss any details. Bulk Target Assessment and identification if listening services focuses the attackers attention on most promising avenues of entry. More intrusive probing now begins as attackers are identifying valid user accounts or poorly resource shares. Enough data has been gathered at this point to make an informed attempt to access the target. If only user-level access was in the last step, the attacker will seek to gain complete control of the system. The information-gathering process beings again to identify mechanisms to gain access to trusted
Open Source Search Whois Web Interface to Whois ARIN Whois DNS Zone Transfer USENet, Search Engines, Edgar Any UNIX Client http://www.networksolutions.com/cgibin/whois/whois http://www.arin.net/whois



Ping Sweep TCP/UDP Port Scan

fping, WS_Ping ProPack nmap, scan.exe


List User Accounts List File Shares Identify Application

DumpACL, sid2user, null sessions, OnSite Admin showmount, NAT, Legion banner grabbing with telnet or netcat, rcpinfo

Gaining Access

Password eavesdropping File Share Brute Forcing Password File Grab Buffer Overflows

tcpdump, l0phtcrack, readsmb NAT, Legion tftp, pwdump2 (NT) ttdb, eEye, IISHack

Escalating Privilege

Password Cracking Known Exploits

crack, l0phtcrack rdist, getadmin, sechole


Evaluate Trusts rhosts, LSA Secrets Search for cleartext passwords user data, configuration files, Registry

Once total ownership of the target is secured, hiding this fact from the system administrators becomes paramount, lest they end the romp Trap doors will be laid in various parts of the system to ensure privileged access is easily regained at the whim of the intruder. If an attacker is unsuccessful gaining access, they may use readily available exploit code to disable a target as a last resort.

Covering Tracks

Clear Logs Hide tools Create Rogue User Accounts Schedule Batch Jobs Infect Startup Files Plant Remote Control Services Install Monitoring Mechanisms Replace apps with trojans

zap, Event Log GUI, elsave hidden directories, file streaming members of wheel, Administrators cron, AT rc, startup folder, Registry keys netcat, remote.exe, VNC keystroke loggers, add acct. to secadmin mail aliases

Creating Back Doors

Denial of Service

SYN Flood synk3 ICMP Techniques ping of death, smurf Identical src/dst SYN Requests land, latierra Overlapping Fragment/Offset bugs teardrop, bonk, newtear Out of Bounds, TCP supernuke.exe

Source: “ Hacking Exposed: Network Security Secrets and Solutions” S. , McClure, J. Scambray & G. Kurtz, Osborne/McGraw Hill, 1999

rusers. Osborne/McGraw Hill. groups. 1999 . Software that is unpatched. FTP. 3. User or test accounts with excessive privileges. outdated. DNS. Weak. SMTP) leaves a way in. telnet. and detection capabilities at the network and host level Internet Border Router Firewall 8. vulnerable or left in default configurations. 5. . especially. McClure. Kurtz. finger. Scambray & G. Lack of accepted and wellpromulgated security policies. IP NetBIOS. UNIX NFS Exports. shares. 7. Unsecured and unmonitored remote access points provides one of the easiest means of access to your corporate network. easily guessed. and lead to unauthorized access to services on your DMZ Servers. Internal Router Circ ted dica uits 1. Excessive file and directory access controls (NT/95 Shares. Inadequate logging. Information leakage can provide the attacker with operating system and application versions. Misconfigured firewall or router ACL can allow access to internal systems directly or once a DMZ server is compromised. and reused passwords at the workstation level can doom your servers to compromise. 13.TOP 14 SECURITY VULNERBILITIES 4. procedures. Laptop computer Di alu p Source: “ Hacking Exposed: Network Security Secrets and Solutions” S. and minimum baseline standards. 11. CGI scripts on web servers. Inadequate router access control: Misconfigured router ACLs can allow information leakage through ICMP. 6. monitoring. users. Misconfigured Internet servers.) 14. SMTP. guidelines. sunrpc and NetBIOS 12.Hosts running unnecessary services (such as sunpc.equiv files can provide attackers with unauthorized access to sensitive systems 9. Excessive trust relationships such as NT Domain Trusts and UNIX .rhosts and hosts. DNS information via zone transfers and running services like SNMP. and anonymous FTP. Unauthenticated services like X Windows Workstation Internet DMZ Servers Internal LAN 10. J. De Internal LAN Workstation Branch Office Tower box 2.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->