MWNS – Network Security

Steps in Cracking a System

 Informa on Gathering:

 This involves collec ng data from public sources or using tools designed to gather informa on
about the target network. This step aims to gather as much informa on as possible about the
network, including IP addresses, domain names, and network configura ons.

 Port Scanning:

 This step involves scanning the network to find/Iden fy open [TCP] ports. Open ports can
provide insights into what services or applica ons are running on the network and may present
vulnerabili es that can be exploited.

 Network Enumera on:

 In this phase, the a acker maps the network [ Mapping out the network means crea ng a
detailed representa on of the network's structure, including all connected devices, their
interconnec ons, and the flow of data between them. This process involves iden fying and
documen ng the various components and their rela onships within the network. Example :
Wireshark ] , iden fying servers, worksta ons, routers, switches, and firewalls. The goal is to
understand the structure and devices within the network, which helps in planning further
a acks.

 Gaining Access:

 This involves exploi ng vulnerabili es or using other techniques to gain root or administrator
access to the network. Obtaining such access provides the a acker with high-level control over
the network.

 Modifying:

 Once access is gained, the a acker may use their privileges to modify informa on within the
network. This could involve changing configura ons, adding or dele ng files, or installing
malicious so ware.

 Leaving a Backdoor:

 To ensure they can return to the network at a later date, a ackers o en leave a backdoor. This
could be a hidden user account, a piece of so ware, or a modified configura on that allows
them re-entry without having to go through the ini al steps again.

 Covering :

 The final step involves covering their tracks to avoid detec on. This could include dele ng logs,
restoring modified files to their original state, or other ac ons that help erase evidence of the
a ack.
Malware
Malware : Malware is short for "malicious so ware," and it refers to any so ware designed to harm,
exploit, or otherwise compromise the integrity, confiden ality, or availability of data, applica ons, or
opera ng systems. Malware can take various forms and perform a wide range of harmful ac vi es, such
as stealing sensi ve informa on, damaging or disabling systems, spreading to other devices, and more.

malicious so ware or malware classifies malware into two broad categories,

a).how it spreads or Propagates to reach the desired targets Ex : virus ,worms, spam-email , trojans
b).then on the ac ons or payloads it performs once a target is reached. Ex: system corrup on , zombie ,
bots , keyloggers , phishing , spyware ,backdoors, rootkits.

Unit-3_-MgG-q9oyvx
PWpRGmUhF.pdf
Refer:

 Viruses: A ach themselves to legi mate programs or files and spread when these are executed.

 Worms: Self-replica ng malware that spreads across networks without needing a host file.

 Trojan Horses: Disguised as legi mate so ware, they trick users into installing them to perform
malicious ac vi es.

 Spyware: Collects informa on from a computer without the user's knowledge.

 Adware: Automa cally delivers unwanted adver sements.

 Ransomware: Encrypts data and demands payment for its release.

 Rootkits: Gain unauthorized root or administra ve access and hide the presence of other malware.

 Keyloggers: Record keystrokes to steal sensi ve informa on like passwords.

 Bots/Zombies: Infected devices controlled remotely by a ackers, o en used in botnets for large-scale
a acks.

 Logic Bombs: Malicious code that triggers harmful ac ons when certain condi ons are met.

Types of Malware

1. Viruses:

o Descrip on: Code that a aches itself to programs, disks, or memory to propagate itself.

o Behavior: Requires user ac on to spread, such as opening an infected file. Once

ac vated, it can replicate and infect other files or systems.

2. Worms:

o Descrip on: Malware that installs copies of itself on other machines in a network.

o Behavior: Can spread autonomously without user interac on by exploi ng

vulnerabili es in network protocols. Examples include spreading through email or
network shares.
3. Trojan Horses:

o Descrip on: Malicious so ware disguised as a legi mate u lity or so ware.

o Behavior: Convince users to install it, o en by pretending to be a useful tool. Once

installed, it can perform harmful ac ons such as stealing data or crea ng backdoors.

4. Rootkits:

o Descrip on: Malware designed to gain root or administra ve privileges.

o Behavior: O en hides its presence and the presence of other malware by modifying the
opera ng system. Difficult to detect and remove, as it operates at a low level within the
system.

5. Spyware:

o Descrip on: Malware that collects informa on from a user's system.

o Behavior: Can be used legally by employers for monitoring, but also used maliciously to
steal sensi ve informa on such as passwords, credit card numbers, and personal data.

6. Key Loggers:

o Descrip on: So ware or hardware that records keystrokes on a keyboard.

o Behavior: Captures and logs every keystroke made by the user, o en used to steal
sensi ve informa on like login creden als.

7. Hoaxes:

o Descrip on: Malware that uses emo onal manipula on to propagate.

o Behavior: Spreads by convincing users to take ac on based on false informa on, such as
a child’s last wish or urgent fake warnings.

8. Trap Doors (Backdoors):

o Descrip on: Undocumented entry points into a system created for debugging or other
purposes.

o Behavior: Allows a ackers to bypass normal authen ca on procedures, giving them

unauthorized access to the system.

9. Logic Bombs:

o Descrip on: Malicious code that triggers under specific condi ons.

o Behavior: Executes a predefined ac on when certain condi ons are met, such as a
specific date or event. Used to sabotage systems by dele ng files or corrup ng data.

10. Zombies:

o Descrip on: Malicious code that can be remotely controlled.

 o Behavior: Turns infected computers into bots that can be controlled by the a acker.
O en used in botnets to carry out coordinated a acks like Distributed Denial of Service
(DDoS).

Types of Viruses

1. Boot Sector Virus:

o Descrip on: A virus that infects the master boot record of a hard disk or the boot sector
of a floppy disk.

o Behavior: It ac vates when the system is booted from the infected disk. Historically
spread through floppy disks, but now less common due to the decline in their use.
 2. Macro Virus:

o Descrip on: A virus wri en in the macro language of applica ons like Microso Word or
Excel.

o Behavior: It infects documents and templates, spreading when users open the infected
files. Common in office documents.

3. Email Malware:

o Descrip on: Malicious so ware delivered through email a achments.

o Behavior: Spreads when users open infected email a achments. Can include viruses,
worms, or other types of malware.

4. Website Malware:

o Descrip on: Malicious scripts embedded in websites, o en using JavaScript.

o Behavior: Executes when users visit the infected website, poten ally downloading
malware onto their systems or exploi ng browser vulnerabili es.

Types of A acks

1. Malware:

o Descrip on: General term for malicious so ware designed to harm, exploit, or
otherwise compromise a computer system.

2. Security Breach:

o Descrip on: Unauthorized access to data, applica ons, services, networks, or devices.

o Behavior: Can result in data the , data loss, or other malicious ac vi es.

3. Denial of Service (DoS):

o Descrip on: An a ack that floods a network or service with excessive traffic or requests.

o Behavior: Overwhelms resources, causing the targeted service to become unavailable to

legi mate users.

4. Web A ack: SQL Injec on:

o Descrip on: An a ack that exploits vulnerabili es in a web applica on's database query
interface.

o Behavior: Injects malicious SQL code to manipulate the database, poten ally accessing
or altering data without authoriza on.

5. Cross-Site Scrip ng (XSS):

 o Descrip on: An a ack that injects malicious scripts into web pages viewed by other
users.

o Behavior: Redirects users to malicious sites or executes scripts in their browsers to steal
informa on or perform other malicious ac ons.

6. Session Hijacking:

o Descrip on: Taking over an ac ve session between a user and a web applica on.

o Behavior: Exploits the session to gain unauthorized access to the user's account and
data.

7. DNS Poisoning:

o Descrip on: An a ack that alters DNS records to redirect users to malicious sites.

o Behavior: Can lead users to fraudulent websites, o en used for phishing a acks.

8. Brute Force:

o Descrip on: An a ack that systema cally tries all possible password combina ons to
gain access.

o Behavior: A empts to log in by trying a large number of passwords un l the correct one
is found.

9. Port Scanning:

o Descrip on: Scanning a network to iden fy open ports and services running on a target
system.

o Behavior: Used to discover vulnerabili es and poten al entry points for a acks.

10. Network Mapping:

o Descrip on: The process of discovering devices and services on a network.

o Behavior: Helps a ackers understand the network structure and iden fy targets for
further a acks.

11.  Cyber Stalking: This involves using the internet to harass or threaten someone
persistently. It can include tracking, monitoring, or even sending threatening messages.
12.  Cyber Frauds: An example given is a scam where a person, often claiming to be a
Nigerian official, says they need your help to transfer large sums of money, usually
requesting access to your bank account or a transfer fee to process the transaction.
13.  Identity Theft: This involves stealing someone’s personal information, such as their
Social Security number, to open credit cards or other accounts in their name.
14.  Phishing: A form of online fraud where attackers pretend to be a legitimate entity (like
a bank, employer, or government agency) in an email to trick victims into providing
sensitive information like passwords or bank details.
Buffer Overflows

A buffer overflow is a common vulnerability in computer systems and can lead to security risks. Here’s a
breakdown of the points:

 The return address (the loca on in the code to return to a er a func on is executed) is saved at
the top of the stack in memory.

 Parameters for the func on are then placed on the stack.

 If too much data is wri en onto the stack (beyond what it's meant to hold), a stack overflow
occurs, which can overwrite adjacent memory loca ons, including the return address.

 By exploi ng this overflow, an a acker may alter the return address, allowing them to redirect
program execu on to a malicious code segment they have inserted, poten ally taking control of
the system.