Ethical Hacking

 Footprinting & Reconnaissance

 Scanning
 Enumeration
 System Hacking
 Escalation of Privileges
 Covering Tracks
Summary of Information

 valid
Usernames, Email addresses,
passwords, groups, IP range,
operating

 system, hardware and software

version, shares, protocols and
services
System Hacking
Goals of System Hacking
 Bypassing the access control and policies
by password cracking or social engineering
attacks will lead to gain access to the
system
 Exploit the known vulnerabilities of an
operating system to escalate the privileges
 Executing an application such as Trojans,
backdoors, and spyware, an attacker can
create a backdoor to maintain the remote
access to the target system
Goals of System Hacking

 Steal actual information, data or any

other asset of an organization, the
attacker needs to hide its malicious
activities
 Ensures to be undetected by hiding
the evidence of compromises by
modifying or clearing the logs
Password Cracking

3 Types of Authentication factors

 Something I have, like username

and password.
 Something I am, like biometrics
 Something I possess, like
registered / allowed devices
Password Cracking

 Password cracking may be

performed by social engineering
attack or cracking through
tempering the communication and
stealing the stored information.
 Guessable password, short
password, password with weak
encryption, a password only
containing numbers or alphabets can
be cracked with ease
Types of Password
Attacks
 Non-Electronic Attacks-can be done by
shoulder surfing, social engineering, and dumpster
diving.
 Active Online Attacks
 Passive Online Attacks
 Default Password
 Offline Attack
Active Online Attacks

 Active Online Attacks

 Dictionary Attack
 Brute Force Attack
 Hash Injection

 Passive Online Attacks

 Wire Sniffing
 Man-in-the-Middle Attack
 Replay Attack
Default Password

 https://cirt.net/
 https://default-password.info/
 http://www.passwordsdatabase.com/
Offline Attack

 Pre-Computed hashes and Rainbow

Table
 An example of offline attacks is comparing the password using a
rainbow table.
 Every possible combination of character is computed for the hash to
create a rainbow table.
 When a rainbow table contains all possible precomputed hashes,
attacker captures the password hash of target and compares it with
the rainbow table.
 The advantage of Rainbow table is all hashes are precomputed.
Hence it took few moments to compare and reveal the password.
 Limitation of a rainbow table is it takes a long time to create a
rainbow table by computing all hashes.
Rainbow table
 To generate rainbow tables. Utilities you can use to
perform this task are winrtgen, a GUI-based
generator, and rtgen, a command line tool.
 Supported hashing formats are the following:
 MD2
 MD4
 MD5
 SHA1
 SHA-256
 SHA-384
 SHA-512 and other hashing formats
Distributed Network
Attack
 DNA recovers the password by
decrypting the hashes.
 Distributed Network Attack requires
a DNA Manager and DNA client.
 DNA manager allocates small task
over the distributed network to be
computed in the background using
unused resources to crack the
password
 Password Guessing
 USB Drive-password hacking tool such as
" Passview
 Passview Tool
Microsoft Authentication

 Microsoft
platform, operating system
implements a default set of
authentication protocols

 Kerberos, Security Account Manager

 (SAM), NT LAN Manager (NTLM), LM,
NTLM Authentication
Process
Kerberos
Password Salting
 Password salting is the process of adding
additional character in the password to
one-way function.
 This addition of characters makes the
password more difficult to reverse the hash.
 Major advantage or primary function of
Password salting is to defeat the dictionary
attacks and pre-computed attacks
 Without Salting: 23d42f5f3f66498b2c8ff4c20b8c5ac826e47146
 With Salting: 87dd36bc4056720bd4c94e9e2bd165c299446287
Password Cracking Tools

 pwdump7
 fgdump
 L0phtCrack
 Ophcrack
 RainbowCrack
 Cain and Abel
 John the Ripper
Password Cracking tool for
Mobile
 FlexySpyis one of the most powerful
monitoring, spying tools for mobile
and is compatible with Android, iPad,
iPhone, Blackberry and Symbian
Phones.
 Password
Cracking using
Pwdump7 and Ophcrack tool.
Escalating Privileges

 Operating system comes with some

default setting and user accounts
 such as administrator account, root
account and guest account, etc. with
default passwords
Escalating Privileges

 Using the compromised account with

limited privilege will not help you to
achieve your goals.
 Prior to anything after gaining
access, you have to perform
privilege escalation to have
complete high-level access with no
or limited
restrictions.
Horizontal Privileges
Escalation
 In Horizontal Privileges Escalation,
an attacker attempts to take
command over the privileges of
another user having the same set of
privileges for his account.
Vertical Privileges
Escalation
 In Vertical Privileges Escalation, an
attacker attempts to escalate privileges to
a higher level.
 Vertical privileges escalation occurs when
an attacker is attempting to gain access
usually to the administrator account.
 Higher privileges allow the attacker to
access sensitive information, install,
modify and delete files and programs such
as a virus, Trojans, etc.
Privilege Escalation using
DLL Hijacking
Privilege Escalation using
DLL Hijacking
Executing Applications

 Once an attacker gains unauthorized access to the

system and escalates privileges, now the next step of
the attacker is to execute malicious applications on
the target system.
 This execution of malicious programs is intended for
gaining unauthorized access to system resources, crack
passwords, set up backdoors, and for other motives.
 These executable programs can be customized
application or available software.
 This process, execution of the application is also called
as "System Owning."
Goals of an Attacker in
executing application
 Installation of Malware to collect
information.
 To setup Backdoor to maintain
access.
 To install Cracker to crack password
and scripts.
 To install Key loggers for gathering
information via input devices such as
a keyboard.
 RemoteExec
 Deploy packages on the target system.
 Remotely execution of programs and scripts.
 Scheduling Execution based on particular
date and time.
 Remote Configuration management such as
modification of registry,
 disabling accounts, modification, and
manipulation of files.
 Remote controlling of target system such as
power off, sleep, wake up,reboot and lock,
etc.
PDQ Deploy
 PDQ Deploy is basically software,
system administrator tool used to install
and send updates silently to the remote
system.
 PDQ Deploy allow or assist the admin in
installing application and software to a
particular system as well as multiple systems
in a network.
 It can silently deploy almost every application
(such as .exe or .msi ) to the target system.
 Using PDQ Deploy, you can install and
uninstall, copy, execute and send files.
Types of Keystroke
Loggers
Anti-Keyloggers

 Anti-Keyloggers are application

software which ensures protection
against keylogging.
 This software eliminates the threat of
keylogging by providing SSL
protection, Keylogging protection,
Clipboard logging protection and
screen logging protection
Spyware
 Spywares are the software designed for
gathering user interaction information
with a system such as an email address,
login credentials, and other details without
informing the user of the target system.
 Mostly, Spyware is used for tracking
internet interaction of the user.
 This gathered information is sent to a
remote destination.
 Spyware hides its files and processes to
avoid detection.
Types of Spywares

 Adware
 System Monitors
 Tracking Cookies
 Trojans
Spywares Features
 Tracking Users such as Keylogging
 Monitoring user’s activity such as Web sites visited
 Records conversations
 Blocking Application & Services
 Remote delivery of logs
 Email Communication tracking
 Recording removable media communication like
USB
 Voice Recording
 Video Recording
 Tracking Location (GPS)
 Mobile Tracking
Rootkits
A rootkit is a collection of software designed
to provide privileged access to a remote
user over the target system.
 Mostly, Rootkits are the collection of
malicious software deployed after an
attack, when the attacker has the
administrative access to the target system
to maintain its privileged access for future.
 It creates a backdoor for an attacker;
Rootkits often mask the existence of its
software which helps to avoid detection.
Types of Rootkits

 Application Level Rootkits

 Kernel-Level Rootkits
 Hardware / Firmware Level
Rootkits
 Hypervisor Level Rootkits
 Boot Loader Level Rootkits
Rootkit Tools

 Avatar
 Necurs
 Azazel
 ZeroAccess
NTFS Data Stream

 Alternate Data Streams (ADS) is a file

attribute in NTFS file system. This
 Feature of NTFS contains metadata for
locating a particular file.
 ADS feature was introduced for
Macintosh Hierarchical File System
(HFS).
 ADS is capable of hiding file data into an
existing file without altering or
modifying any noticeable changes.
Steganography

 Steganography is basically a
technique for hiding sensitive
information in an ordinary
message to ensure the
confidentiality.
 Hidden information is extracted at
the destination by a legitimate
receiver
Types of Steganography

 Whitespace Steganography
 Image Steganography
 Image Steganography
 Document Steganography
 Video Steganography
 Audio Steganography
 Folder Steganography
 Spam/Email Steganography
Covering Tracks

 Aftergaining access, escalating

privileges, executing the application,
the next
step is to wipe the evidence to get
back.
 In the phase of covering track,
attacker removes all the event logs,
error messages, and other evidence
to prevent its attack from being
discovered easily
Techniques

 Disable Auditing
 Clearing Logs
 Manipulating Logs