Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Realized by :
oHamid IMIHI oAbdelghafour MOUJAHIDDINE
Outline
Brief History What hackers do? Hackers techniques System Hacking
27/04/12
Who is a hacker?
There are at least two common interpretations:
Someone who bypasses the systems access controls by taking advantage of security weaknesses left in the system by
developers.
Someone who is both knowledgeable and skilled at computer programming, and who is a member of the hacker subculture.
27/04/12 3
2000 In one of the biggest denial-of-service attacks , hackers launch attacks against eBay, Yahoo!, CNN.com., Amazon and others.
27/04/12 4
27/04/12
27/04/12
Hackers techniques
System hacking Network hacking Software hacking
27/04/12
System Hacking
Footprinting Scanning Enumeration Gaining access Escalating privilege Covering tracks Creating backdoors Denial of service
27/04/12 8
Footprinting
Objective
To learn as much as you can about target system, it's remote access capabilities, its ports and services, and the aspects of its security.
Techniques
Whois Web interface to whois
27/04/12
PING
27/04/12
10
27/04/12
11
Scanning
Objective
Bulk target assessment and identification of listing services focuses the attention on the most promising avenues of entry
Techniques
Ping sweep TCP/UDP port scan OS Detection
27/04/12 12
27/04/12
13
27/04/12
14
27/04/12
15
Enumeration
Objective
More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares
Techniques
List user accounts List file shares Identify applications
27/04/12 16
Gaining Access
Objective
Enough data has been gathered at this point to make an informed attempt to access the target
Techniques
File share brute forcing Password file grab Buffer overflows Password eavesdropping
27/04/12 17
NETBRUTE FORCE
27/04/12
18
Escalating Privileges
Objective
If only user level access was obtained in the last step, the attacker will now seek to gain the complete control of the system
Techniques
Password cracking Known exploits
27/04/12
19
Covering Tracks
Objective
Once total ownership of the target is secured, hiding this from system administrators become paramount ,lest they quickly end the romp.
Techniques
Clear logs Hide tools
27/04/12
20
Objective
Techniques
Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms Replace apps with trojans
27/04/12
21
Denial of Service
Objective
If an attacker is unsuccessful in gaining access ,they may use readily available exploit code to disable a target as a last resort.
Techniques
SYN flood Identical SYN requests Overlapping fragment/offset bugs DDOS
NORMAL
SYN FLOOD
27/04/12
23
27/04/12
24