HACKING STAGE

 Gaining Access: password cracking, social engineering;

 Escalating Privileges: Exploiting known system

vulnerabilities;

 Executing Applications: Trojan, spyware, backdoors,

keyloggers;

 Hiding Files: Rootkit, steganography

 Covering Tracks: Clearing logs

WINDOWS BASICS:
 Controlling Access: who gets access to what resources;
 Users context for processes:
 Local services: greater access to local system but limited access to
network;
 Network services: greater access to network but limited access to local
systems;
 System: super-user style, unlimited access to the local system, performs
actions on local system with no restriction
 Current user: currently logged-in user, can run applications and tasks but
subject to restrictions even if administrative account.
WINDOWS BASICS:
On Windows systems, user account information physically is stored in:
 SAM (Security Account Manager):
 A database on local systems that store user accounts information;
 Stores hashed versions of user’s passwords used to authenticate user
accounts.
 Active Directory: is used in large network environments.
WINDOWS BASICS:
 Groups: to grant access to resources and simplify management of multiple
users;
 SID (Security Identifier):
 Each user account has a unique ID assigned to it;
 Identifies the account and group;
 If usernames are the same => their SIDs are different.
LINUX BASICS:
 Tree-like structure => Directory tree;
 Like a family tree each directory has a parent, except the root

directory shown as (/);

 Linux is a multiple user environment: each user is given a

directory under home directory;

home

John Sara

Document
Music
s
txt
file
LINUX BASICS:
LINUX BASICS:
 /etc: holds all sort of configuration files for the system;
 /etc/passwd: is a text file that contains a list of the systems'
account and information for each account such as User ID and
Group ID
 System users such as :root, daemon, bin, sys….
 Normal users such as: Richard, Chris, Marian…
 Passwords are not in /passwd anymore, this file is insecure;
 Password are in /shadow file which is only readable by root
user;
LINUX BASICS:
The /etc/passwd contains one entry per line for each user:
username:X:1001:1002:UserName:/home/username:/bin/bash
 1. Username: It is used when user logs in. It should be between 1
and 32 characters in length.
 2. Password: An x character indicates that encrypted password is
stored in /etc/shadow file.
 3. User ID (UID): Each user must be assigned a user ID (UID).
UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for
other predefined accounts. Further UID 100-999 are reserved by
system for administrative and system accounts/groups.
 4. Group ID (GID): The primary group ID (stored in /etc/group
file)
LINUX BASICS:
The /etc/passwd contains one entry per line for each user:
username:X:1001:1002:UserName:/home/username:/bin/bash
 5. User ID Info: The comment field. It allows you to add extra
information about the users such as user’s full name, phone
number etc. This field is used by finger command.
 6. Home directory: The absolute path to the directory the user
will be in when they log in. If this directory does not exist, then
user’s directory becomes /
 7. Command/shell: The absolute path of a command or shell
(/bin/bash).
LINUX BASICS:
The /etc/group file contains one line per group. Each record has 4
fields:
groupname:X:1001:username1,username2,usernam3…
1. Groupname: It is defines a user readable group name
2. Password: An x character
3. Group ID (GID): The group ID
4. Username(s): one or more usernames (From the /etc/passwd file)
that are members of the group
PASSWORD CRACKING METHODS:
 Passwords are something :
 Individual can easily remember;
 Not being too easy to guess.
 In reality people use passwords that are easy to guess.
 Four password cracking methods:
 Passive Online Attacks;
 Active Online Attacks;
 Offline Attacks;

 Non-technical Attacks.
PASSWORD CRACKING METHODS:
 Passive Online Attacks: sniffers
 Active Online Attacks:
 Dictionary and Brute-force Attacks;
• Dictionary attack: trying hundreds or sometimes millions of
likely possibilities, such as words in a dictionary until the correct
words are discovered;
• Hybrid attacks: adds letters and numbers to every word in a
dictionary;
• Inserting numbers
• Duplication: catcat
• Symbol substitution: Password becomes Pa$$w0rd
• Reversing: Mike becomes ekiM
• Appending characters such as 4u, ed, ing…
PASSWORD CRACKING METHODS:
• Brute-force attack: all possible combinations of characters from
keyboard are tried until the correct combination is discovered;

• Rainbow table: compute every possible combination of

characters before attack and then compute their hash and put the
hash in a table. => capture the password hash and compare it
with table;
• Countermeasure is to limit the number of attempts;
• Countermeasure is salting method: add extra characters
randomly to a password before applying hash.
PASSWORD CRACKING METHODS:
o Offline Attacks:
 How password are stored on a system;
 Where the list of usernames and passwords are located.
 Tools:
 Cain and Abel (Windows and Cisco)
 John the Ripper (Unix and Windows)
 Pandora
 PXdump3 : extract passwords from SAM database
 Non-technical attacks:
 Shoulder surfing
 Keyboard sniffing
 Social engineering
ROOTKITS
 Is a piece of software designed to perform tasks to a target
system;
 Alters system files and utilities on victim system;
 Hides itself;
 Beneficial to attackers:
 Scope of access attacker can gain
 Root access to the system
 Placing a Trojan
 Maintaining the access over the long term
 Monitoring network traffic
 Redirecting output
 Installing a virus or spyware
 Hiding the attack by altering the behavior of the system
COVERING TRACKS:
 Disabling Auditing:
 Auditing is to allow detection and tracking of events that are occurring on a
system;
 All events will be placed in Windows Security Log;
 An attacker can disable it with the auditpol command included with
Windows;
 Data Hiding:
 Files can be flagged as hidden
 ADS (Alternate Data Streams): feature of NTFS to provide interoperability
with Macintosh.
 Provides the ability to hide file data and metadata within existing files without
changing the appearance or behavior of a file.