340 likes | 379 Vues
How To Hack Windows. Brent Williams MCSE, CNE, A+, N+, XP-MCP brwillia@kennesaw.edu Kennesaw State University (Atlanta, Georgia). Agenda. Why Talk About Hacking? Hacking Scenarios Utilities, Techniques, and Ideas Preventive Methods New Threats. Hackers Know….
E N D
How To Hack Windows Brent Williams MCSE, CNE, A+, N+, XP-MCP brwillia@kennesaw.edu Kennesaw State University (Atlanta, Georgia)
Agenda • Why Talk About Hacking? • Hacking Scenarios • Utilities, Techniques, and Ideas • Preventive Methods • New Threats
Hackers Know… • They Look for Targets of Opportunity • Most System Administrators are Self-Taught • Most Don’t Know of Basic Security Issues in Windows • Many Systems are Left Vulnerable
Hacking Steps • Casing the Establishment • Public Sources • Social Engineering • Network Hacking (Attack a Server) • Information Retrieval • System Damage • System Hacking (Attack a PC) • Information Retrieval • System Damage
Footprinting:Target Acquisition • Visit Their Web Site • http://www.kennesaw.edu • http://its.kennesaw.edu/netsoft/prodnov.shtml • http://its.kennesaw.edu/net/net.shtml • Open Source Search – People • www.allwhois.com • www.arin.net (130.218) • Sam Spade • Nslookup • Tracert • Visual Route
Scanning • Ping sweeps • Ping • Ultrascan • Superscan • WS_Ping (Ipswitch) • Look for • Port 80 • Port 139 and 445 • Port 21
Protect and Check • Firewall Software • www.zonealarm.com • www.networkice.com • www.norton.com • Shields Up? • www.grc.com • www.firewallcheck.com • www.norton.com
Decide How to “Break in” • Use a Web Browser and Exploit a Weakness • Buffer overflow (plant Netcat) • Unchecked Data • Attach • Use a Null Connection • Net Use \\ip\ipc$ “” /u:”” • Look for Shares • \\ip address or \\server name
Example: Windows Enumeration(What You Want) • Identify Valid User Accounts • Identify Group Membership • Find Poorly Protected Shares • Tools… • Winfingerprint • Superscan • Dumpsec
Example:Windows Enumeration (Windows Can be Vary Easy!) • Get the User IDs, Groups, etc. • DumpACL – www.somarsoft.com - Wow! • LDAP query – Dump Accounts and Groups on a 2000 Server • Tool is on the Windows 2000 Server CD!
Example:Get a Password • Brute Force Attack • More Elegant Tools • L0PHTCRACK • LC3/LC4
Easy Hacks • Shares • Most users don’t know how to use NTFS • Default permission in NT/2000 is EVERYONE has FULL CONTROL • Changed in XP to EVERYONE has READ
Protecting Windows Servers • Get and Run the MS Baseline Security Analyzer • Use Policies • Latest Service Packs and patches • Weekly or automatic http://windowsupdate.microsoft.com • Firewall Software • Learn how to use NTFS permissions
Wireless Hacking • Wireless LANs are everywhere • Business, Schools, Homes • By Default, they are Open! • Easy to Find – Netstumbler • Warchalking • Protection is limited • WEP: Wired Equivalent Privacy – can be hacked - airsnort • New Protection Methods • 802.1x
Basic Windows 95/98 • PWL file • Your Admin Password is All-Over-the-Place! • Easily copied to a floppy • Document Passwords • www.lostpassword.com • www.lostpasswords.com • Keystroke Logging
Workstation Attack Prevention • Firewall – especially on cable or DSL • Limit Shares - Use Passwords • Make Document Passwords LONG • Be aware of PWL files
Windows XP Professional Attacks • More secure out of the box • Use Policies • Know how to use NTFS • Limit Shares • Don’t turn on IIS • Use the built in firewall (or other)
SpyWare • New threat • Visit to Web Site Installs SpyWare • Used to Mine Personal Info • Destabilizes PC • Get SpyBot
Vendors and Politicians Fail Us • Why do Email and Web Clients allow software to install (without a prompt)? • Why not put network access in a “sandbox”? • Why are web sites allowed present misleading “User Agreements” • What will we do about HTML?
Web Sites for Tools • www.2600.com • www.hackersclub.net • www.hackingexposed.com
Summary • Get Some Training! • Hacking Tools are • Plentiful • Simple to Use • Evolving • You Must Expect Attacks on All Systems • Do the Basics – That Stops 99% of Attacks!
This Presentation Available • Visit http://edtech.kennesaw.edu/brent • See Our Course Schedule at http://edtech.kennesaw.edu
Add • N-stealth • Pest Patrol • Nessus • Retina • Check Web Sites • Check Edtech2000 server • Install LC3/LC4 on laptop • Keystroke Logger detection