Hacking Windows - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Hacking Windows

Description:

Famous Hacks. Bank Hack. Johan, 20 years old from Estonia ... Famous Hacks. Security firm. Two 22 year old hackers from London ... Goal of all hacks ... – PowerPoint PPT presentation

Number of Views:210
Avg rating:3.0/5.0
Slides: 33
Provided by: enter3
Category:
Tags: hacking | hacks | windows

less

Transcript and Presenter's Notes

Title: Hacking Windows


1
Hacking Windows
  • Justin Bell

Department of Computer Science University of
Wisconsin, Platteville belljus_at_uwplatt.edu
2
Topics
  • This presentation will explore some high-profile
    intrusions along with the general methodology
    behind hacking techniques. The presentation will
    also cover some specific examples of attacks and
    vulnerable services.
  • Definitions
  • Famous Hacks
  • Breaking In
  • Malicious Code
  • Terminal Services
  • Denial of Service

3
Definitions
Hacker someone who attempts to gain unauthorized
access into a computer system. Hacking the
process of attempting to gain and possibly
achieving access to computer systems by an
unauthorized user.
4
Famous Hacks
  • Bank Hack
  • Johan, 20 years old from Estonia
  • Gained access through a limited guest account
  • Was able to access services that allowed him to
    download the SAM file
  • Once this file was decrypted Johan had login
    access to all the web accounts for the entire
    bank.

5
Famous Hacks
  • Security firm
  • Two 22 year old hackers from London
  • Through enumeration found open ports
  • This told them it was a windows server.
  • Asked the server for user names then did a
    dictionary attack
  • Hacked into a personal laptop connected to the
    system through the guest account

6
Famous Hacks
  • Hacking Comunities
  • Hackers Against Child Pornography
  • Takes down child pornography rings after
    notifying international police.
  • Nashville 2600
  • HAL2001 (Hackers At Large

7
Breaking In
  • Profiling
  • Casing the Place
  • Finding a System To Hack into and figuring out
    whats open and what is being used.
  • Foot-Printing
  • Scanning
  • Enumeration

8
Breaking In
  • Footprinting
  • Finding out everything from the outside, before
    any access is actually gained
  • Documentation is extremely important
  • Finding the Posture
  • Internet Posture
  • Intranet Posture
  • Extranet Posture

9
Breaking In Footprinting
  • whois info
  • Can be done manually
  • Services like www.ARIN.net
  • University of Wisconsin Platteville
  • Clients can do batch whois queries for hackers
    that dont have a specific target

10
Breaking In Footprinting
  • whois info
  • Company Name
  • Administrators name
  • Administrators Account Name
  • Can deduce other account names
  • Site Creation Date
  • Gives info on Legacy systems that may be running

11
Breaking In Footprinting
  • Internet Search Engines
  • Google is the easiest because of its massive size
  • Search for default file paths
  • C\inetpub
  • TSweb/default.htm
  • Now the hacker knows the weaknesses of the site
    and what port to attack 3389

12
Breaking In Scanning
  • Finding ports
  • Easiest way to access a system and establish a
    connection
  • Tools will scan all possible ports
  • If default ports are used the hacker can gain
    knowledge of services that are running
  • If a hacker sees port 389 open he can assume the
    target is running an LDAP server

13
Breaking In Enumeration
  • Find valid usernames or file shares
  • Takes advantage of default windows services
  • Domain Controller lookup
  • Exploited by a free Microsoft tool called nltest

14
Breaking In Enumeration
  • NLTEST Output
  • C\nltest /whowillESS bob 205855 Mail
    message 0 sent successfully (\MAILSLOT\NET\GETDC9
    39) 205855 Response 0 S\\NET1 DESS
    Abob (Act found) The command completed
    successfully
  • C\nltest /whowilltestd test 212613
    Response 0 S\\TEST2 DTESTD Atest (Act found)
    212615 Mail message 0 sent successfully
    (\MAILSLOT\NET\GETDC295) The command
    completed successfully

15
Breaking In Enumeration
  • NLTEST Output
  • C\nltest /dclisttestd List of DCs in
    Domain testd \\TEST2 (PDC) \\TEST1
    The command completed successfully

16
Breaking In Privilege Escalation
  • Goal of all hacks
  • Highest possible Escalation is the Domain or
    Forest Admin as well as the Local Admin
  • All Windows Accounts are stored in the SAM
    (Security Accounts Manager)
  • Stores valid users, groups and passwords in an
    encrypted database.
  • Hashed, then encrypted with a 128 bit key called
    SYSKEY

17
Breaking In Privilege Escalation
18
Breaking In Privilege Escalation
  • More than one user can be running processes at
    any given time
  • Individual SIDs ( Security IDs) are given to each
    process so Windows knows the privilege level it
    can operate at.
  • Can be a user or SYSTEM LOCAL SERVICE or
    DEFAULT LOGON accounts

19
Breaking In Privilege Escalation
  • Because every process needs to access the SAM it
    has been the top target for Hackers.
  • There have been numerous bugs in the encryption
    that have allowed the SAM to be cracked.
  • Since this is just a file, it can be copied and
    moved to another system.
  • Then it can either be cracked or have a brute
    force attack to find passwords.

20
Breaking In Privilege Escalation
  • Once a single account is broken the hacker will
    try to infiltrate many different accounts in case
    the one he knows is changed.
  • This can be done by watching for keys typed or
    cracking network SAM files
  • John the Ripper by Solar Designer
  • Searching for files on the system containing the
    words password, access, logon or
    Administrator

21
Malicious Code
  • Viruses
  • Worms
  • Trojan Horses

22
Malicious Code - Viruses
  • Segments of code that attach themselves to
    existing programs and perform some predetermined
    actions when the host program is executed.
  • Piggy-back other files, no way to spread on their
    own needs a host
  • The host passes the infected file to some new
    host who runs the file on another system.

23
Malicious Code - Viruses
  • Usually try to copy themselves throughout a
    system making them difficult to remove.
  • A single Virus can copy many different viruses to
    many different files.
  • Can do things as harmless as report internet
    activity to an outside source
  • Can do things as harmful as copy passwords,
    format a system, or replace words in e-mails.
  • Chernobyl Deletes Flash Bios Memory

24
Malicious Code - Worms
  • Similar to Viruses, but they contain a mechanism
    to spread through a computer network without the
    assistance of other programs or people.
  • Spread Extremely quickly
  • Hard to remove because they re-install right away
    from other machines

25
Malicious Code - Worms
  • Internet Worm Installed repeatedly
  • LoveBug
  • Flooded the Internet with e-mails in May 2000
    with the subject, ILOVEYOU
  • When attachment was opened it sent itself to
    other systems and ruined system files

26
Malicious Code Trojan Horses
  • Malicious programs packaged within other
    seemingly useful programs
  • Hidden like the Trojans waiting in the giant
    wooden horse
  • Can perform the advertised function, or just the
    malicious code
  • Hard to pin-point exactly what program the Trojan
    is hiding in.

27
Malicious Code Trojan Horses
  • RAT Remote Access Tool
  • Installed through a web site
  • When executed, installs back door for the site
    administrator
  • Administrator just looks through the list of IP
    addresses that accessed the site

28
Terminal Services
  • Provide Remote Access for Hacker
  • Using the usernames gained through enumeration
    the only thing needed is a password. If the
    hacker cracked the SAM the system is open.
  • Administrator accounts can not be locked out
    leaving them open to brute force attacks.
  • ProbTS and TS Grinder help find and exploit
    Terminal Services Connections

29
Denial of Services (DoS)
  • Over-load the server to render it unable to
    accept any additional connections
  • Effectiveness of attacks are seriously limited by
    the hardware and internet connection of the
    attacker
  • DoS attacks exploit the fact that the target
    cant tell if its legitimate traffic or not, so
    it has to respond to everything

30
Distributed Denial of Services (DDoS)
  • Perform the same functions as a DoS, but from
    many computers at the same time
  • Performed through machines infested with Trojan
    Horses or Worms
  • Limited only by the number of machines infected
  • Feburary 2000 first major DDoS
  • Targeted Google and Microsoft
  • Took down both sites for a little more than a day
  • Originated in computer labs from two major
    California Universities

31
Conclusion
  • Hacking is a lucrative, multinational, criminal
    occupation
  • As Computer Science or Software Engineering
    Professionals we must strive to make sure
    everything we produce is safe against hackers
  • Through understanding the methodology of hackers
    its easier to protect systems from them

32
Questions???
Write a Comment
User Comments (0)
About PowerShow.com