. _~_— a y ; Certified Ethical Hacker LY Cfo [U [tel shs System HackingEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ‘System Hacking Module Objectives 2 Overview of CEH Hacking Methodlony * LUnserstanaingTeenniquesta Gai Acces tthe System % Understanding rege Excaletion Techniques 2) 4 net eno pl Understanding Tehniques to Hide the Evidence of Compromise Understanding Diferent System Hacking Countermeasures Module Objectives ‘System hacking is one of the most important, and sometimes, the ultimate goal of an attacker. The attacker acquires information through techniques such as footprinting, scanning, enumeration, and vulnerability analysis and then uses this information to hack the target system. This module will focus on the tools and techniques used by an attacker to hack the target system. The module begins with an overview of the hacking methodology. Next, it discusses in detail the various hacking stages, such as gaining and maintaining access and clearing logs. At the end of this module, you will be able to do the following: "Describe the Certified Ethical Hacker hacking methodology Explain the different techniques to gain access to a system = Apply privilege escalation techniques "Explain different techniques to gain and maintain remote access to a system "Describe different types of rootkits = Explain steganography and steganalysis techniques "Apply different techniques to hide the evidence of compromise Apply various system hacking countermeasures Module 06 Page 585 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel ProhiatedEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Sytem Hacking Module Flow System Hacking Concepts 3 escalating Privileges 2 Gaining Recess © smaintatning Necess Bo 8 System Hacking Concepts ‘An attacker engages in system hacking attempts using information collected in earlier footprinting, scanning, enumeration, and vulnerability analysis phases. The following is an overview of these phases and the information collected so far. We have already discussed the following in our previous modules: Footprinting Module: Footprinting is the process of accumulating data about a specific network environment. In the footprinting phase, the attacker creates a profile of the ‘target organization and obtains information such as its IP address range, namespace, and employees. Footprinting facilitates the process of system hacking by revealing its vulnerabilities. For example, the organization’s website may provide employee bios or a personnel directory, which the hacker can use for social engineering purposes. Conducting a Whois query on the web can provide information about the associated networks and domain names related to a specific organization. Scanning Module: Scanning is a procedure used for identifying active hosts, open ports, ‘and unnecessary services enabled on particular hosts. Attackers use different types of scanning methods for host discovery, port and service discovery, operating system (OS) discovery, and evading endpoint security devices such as intrusion detection systems (IDSs) and firewalls. These techniques help attackers identify possible vulnerabilities. Scanning procedures such as port scanning and ping sweeps return information about the services offered by the live hosts that are active on the Internet, and their IP addresses, Module 06 Page 586 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel ProhiatedEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ‘System Hacking Enumeration Module: Enumeration is a method of intrusive probing, through which attackers gather information such as network user lists, routing tables, security flaws, and Simple Network Management Protocol (SNMP) data. This is of significance, because the attacker ranges over the target territory to glean information about the network, and shared users, groups, applications, and banners. Enumeration involves making active connections to the target system or subjecting it to direct queries. Normally, an alert and secure system logs such attempts. Often, the information gathered, such as a DNS address, is publicly available; however, itis possible that the attacker might stumble upon a remote IPC share, such as IPCS in Windows, that can be probed with a null session, thereby allowing shares and accounts to be ‘enumerated. Vulnerability Analysis Module: Vulnerability assessment is an examination of the ability of a system or application, including its current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels. Attackers perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems. The identified vulnerabilities are used by the attackers to perform further exploitation on that target network, Module 06 Page 587 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel ProhiatedEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ‘System Hacking CEH Hacking Methodology (CHM) el = (_vtrerabinyxponaton —) Escalating Privileges f { ( ing les ) (Clearing Legs Covering Tracks ) CEH Hacking Methodology (CHM) Attackers follow a certain methodology to hack a system. They first obtain information during the footprinting, scanning, enumeration, and vulnerability analysis phases, which they then use to exploit the target system. The figure shows the steps and flow mechanisms between steps in the CEH hacking methodology (CHM). — Gaining Recess Cracking Passwords ) Vulnerability Exploitation | Escalating Privileges ‘Maintaining Kecess | Enumeration t Executing Applications | Hiding Files ) oy Welnerability Analysis Clearing Loge t Covering Tacks Figure 6.1: CEH hacking methodology Modle 06 Page 548 thie Hacking and Countermeasures Copniht © by EECouncll ‘Al Rights Reserved. Reproduction Sel ProhiatedEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ‘System Hacking There are four steps in the CHM: Gaining Access The previous phases of hacking, including footprinting and reconnaissance, scanning, ‘enumeration, and vulnerability assessment, help attackers to identify security loopholes and vulnerabilities that exist in the target organizational IT assets. Attackers use this information, along with techniques such as cracking passwords and exploiting vulnerabilities such as buffer overflows, to gain access to the target organizational system. Password cracking involves gaining access to low-privileged user accounts by cracking passwords using techniques such as brute-forcing, password guessing, and social ‘engineering. Attackers exploit the identified vulnerabilities, such as buffer overflows, to gain root-level access to the target system Escalating Privileges After gaining access, attackers then escalate their privileges to administrative levels, to perform a protected operation. Attackers exploit vulnerabilities that exist in OSs and software applications to escalate privileges. Maintaining Access After successfully gaining access and escalating privileges to the target system, attackers ‘ensure that high levels of access are maintained to perform malicious activities such as ‘executing malicious applications and stealing, hiding, or tampering with sensitive system files. Clearing Logs To maintain future system access, attackers attempt to avoid recognition by legitimate system users. To remain undetected, attackers wipe out the entries corresponding to their activities in the system logs, thus avoiding detection by users. Module 06 Page 589 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel ProhiatedEthical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ‘System Hacking | System Hacking Goals CEH Hacking Stage Goat Technique/Exploit Used © Gaining acess p] [ection | | | Saiseisreaticeteee” © Escalating privieges >| a= © Evcangappaions |») Periasnteattnmtnacen || ton mre edn © Hising ries | Tole acer’ matious actos, | | peas, earogrnhy @ Covering tracks >| Tohide ne evidence ot compromise || >| | clearing gs System Hacking Goals Every criminal has a certain goal that they intend to achieve. Likewise, attackers can have certain goals for performing system attacks. The following are some examples of the goals of system attackers. The following diagram shows these goals at different hacking stages and the techniques used to achieve them. ~ r ~ Backing Stage Goat ] Technique/Exploit Used oun Dopo wancmwate nn, | (Panes cing winery a Access: access to the system: | exploitation, social engineering. Seal Ai © Escalating Privi ee >) Stherttes Taraaca esos] |, | sanyrearane © ExacutngAppications | [>| (Bewres >| me © Hiane ries |] (Eames mee | [5 we meme © Covering Tracks |) tonide ne evidencectcompromse || ceringioes L JK UK J igure 6.2: Hacking stags, goals, an techniques = Gaining Access In system hacking, the attacker first tries to gain access to a target system using information obtained and loopholes found in the access control mechanism of the Module 06 Page 550 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated