Exploits - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Exploits

Description:

A computer becomes vulnerable to this attack when the user downloads and ... Hard drive or Boot record (boot disk) Scripts (batch file) Virus - example ... – PowerPoint PPT presentation

Number of Views:152
Avg rating:3.0/5.0
Slides: 40
Provided by: dalias
Category:

less

Transcript and Presenter's Notes

Title: Exploits


1
Exploits
  • Dalia Solomon

2
Categories
  • Trojan Horse Attacks
  • Smurf Attack
  • Port Scan
  • Buffer Overflow
  • FTP Exploits
  • Ethereal Exploit
  • Worm
  • Virus
  • Password Cracker
  • DNS Spoofing

3
Trojan Horse attacks
  • A computer becomes vulnerable to this attack when
    the user downloads and installs a file onto their
    system.
  • This opens a port without the knowledge of the
    user. The open port gives the remote user access
    to ones computer

4
Trojan Horse - NetBus
  • NetBus is a tool that allows a remote user to
    gain administrative privileges
  • NetBus consists of two programs a server and a
    client.

5
NetBus Server
  • To infect a computer, NetBus disguises itself as
    an ICQ executable file that a naive user install
    on their computer.

6
NetBus Server
  • NetBus server This application will open a
    backdoor on the target computer. This application
    can be configured to be either invisible or
    visible to the user.

7
NetBus Client
  • NetBus - This application will connect to a
    computer that is running NetBus server. It allows
    the hacker to spy and take control of the
    infected computer.

8
Smurf Attack
  • A Smurf Attack occurs when a packet such as an
    ICMP echo frame (in this application) is sent to
    a group of machines.
  • The packet sent has the source address replaced
    by the target computer or network IP address.
    This causes a flurry of echo responses to be sent
    to the target machine, which can overflow the
    target computer.

9
Smurf Attack
  • Here we are attacking our computer

10
Port Scan
  • This program allows the hacker to scan a target
    computer to detect open ports.
  • This is primarily used to detect vulnerable
    applications using certain ports on the target
    computer.

11
Port Scan
12
Buffer Overflow
  • Buffer Overflow
  • Most common form of exploits
  • Occurs when you put more data in the buffer than
    what it can hold
  • Occurs if bounds are not checked by program
  • Purpose of buffer overflow is to execute codes
    and gain special privileges

13
Buffer Overflow
14
Buffer Overflow
15
Buffer Overflow
16
FTP Exploits
  • This exploit shows how it is possible for
    somebody to get a shell (command prompt) from
    Serv-U FTP server.
  • This exploit causes a buffer overflow condition
    to occur in Serv-U FTP when it parses the MDTM
    command.

17
FTP Exploits
  • The exploit required that the user have login
    access to a server.

18
FTP Exploits
  • This shows how the hacker gains shell access to
    the target machine.

19
FTP Exploits
20
FTP Exploits
  • Here is a segment of the code that causes the
    buffer overflow.

21
Ethereal Exploit
  • Vulnerability exist in Ethereal. By sending
    carefully crafted packets to the sniffed wire or
    by convincing someone to load a malicious packet
    capture file into Ethereal a user can overflow a
    buffer and execute malicious code
  • The vulnerability exist in the following packets
    BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP
    and UCP.

22
Ethereal - example
  • Ethereal IGAP message
  • This exploits a vulnerability in Ethereal when
    handling IGAP messages
  • Works on Ethereal 0.10.0 to Ethereal 0.10.2.
  • Will either crash Ethereal or open a port that
    allows a user to gain root privileges

23
Ethereal - example
  • This code will create a malformed IGAP header
    that when sent, causes the Ethereal application
    to crash because of its vulnerability in handling
    IGAP packets.

24
Worm
  • A worm is a program that makes copies of itself
    and causes major damage to the files, software,
    and data
  • Method of replication include
  • Email
  • File sharing

25
Worm - example
  • W32/Bugbear-A
  • Is a network worm that spreads by emailing
    attachments of itself
  • It creates a thread which attempts to terminate
    anti-virus and security programs
  • The worm will log keystrokes and send this
    information when the user is connected online
  • The worm will open port 80 on the infected
    computer

26
Worm - example
http//www.sophos.com/virusinfo/analyses/w32bugbea
ra.html
27
Worm - Example
  • W32/MyDoom-A is a worm which spreads by email.
  • When the infected attachment is launched, the
    worm harvests email addresses from address books
    and from files with the following extensions
    WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and
    PL.

28
Worm Example (continue)
  • Attached files will have an extension of BAT,
    CMD, EXE, PIF, SCR or ZIP.

29
Worm Example (continue)
  • the worm will attempt a denial-of-service attack
    to www.sco.com, sending numerous GET requests to
    the web server.
  • Drops a file named shimgapi.dll to the temp or
    system folder. This is a backdoor program loaded
    by the worm that allows outsiders to connect to
    TCP port 3127.
  • http//www.sophos.com/virusinfo/analyses/w32mydoom
    a.html

30
Virus
  • A virus is program that infect operating system
    and applications.
  • Replication methods
  • Application File (Word doc.)
  • Hard drive or Boot record (boot disk)
  • Scripts (batch file)

31
Virus - example
  • W97M/Marker Virus is a Word macro virus
  • It collects user information from Word and sends
    the information through FTP
  • It adds a log at the end of the virus body for
    every infected user.
  • This log contains information for system time,
    date, users name and address

32
Virus - example
  • When you open a document file it will display a
    message
  • Depending on the users response the user will
    get one of these messages

33
Password Cracker
  • Some applications and web pages are vulnerable to
    remote password cracker tools.
  • Application such as HTTP, FTP and telnet that
    dont handle login properly and have small size
    password are vulnerable to brute force password
    cracker tools.

34
Password - cracker
  • Brutus is a remote password cracker tool, on an
    older Serv-U v 2.5 application it can crack a
    password by sequentially sending in all possible
    password combination

35
Password - cracker
36
DNS spoofing
  • A DNS attack that involves intercepting and
    sending a fake DNS response to a user.
  • This attack forwards the user to a different
    address than where he wants to be.

37
DNS spoofing
  • WinDNSSpoof
  • spoof DNS packets
  • http//www.securesphere.net/download/papers/dnsspo
    of.htm

38
DNS Exploitation Tool
  • Zodiac is a robust DNS protocol monitoring and
    spoofing program
  • Features
  • Captures and decodes DNS packets
  • DNS local spoofing
  • DNS ID spoofing, exploiting a weakness within the
    DNS protocol itself.
  • Etc
  • http//teso.scene.at/projects/zodiac/

39
Questions?
Write a Comment
User Comments (0)
About PowerShow.com