Download
1 / 46
460 likes | 585 Vues
This presentation by Arif Wicaksono from Universitas Langlangbuana, discusses essential hacking techniques relevant to ethical hacking. Covering topics such as today's hackers, risk management, various security tests, and methodologies like FootPrinting and Port Scanning, it provides an in-depth understanding of vulnerabilities. The importance of tools like NMAP and methods for obtaining user information, as well as recent bugs affecting Windows systems, are examined. Ideal for aspiring ethical hackers and cybersecurity professionals seeking to enhance their testing strategies.
E N D
Secure Analysis & Testing (Hacking Technique) ArifWicaksono UniversitasLanglangbuana Bandung Bandung, 25 Oktober 2008
Agenda • Today’s Hackers • Risk Management • Types of Security Test • Testing Methodology • FootPrinting • Port Scanning • Penetrate, External • Enumeration • Discussion
Risk Management (for Ethical Hacker) Vulnerabilities Threats Risk Management (for Ethical Hacker)
Testing Methodology Footprinting
Testing Methodology : FootPrinting • Informasi Domain • Informasi Jaringan dan Server
Testing Methodology Scanning Discovery of IPs, ports, services, and vulnerabilities. * Direct connection may be made to target
Port Scanning : Identifikasi OS • Stack FingerPrint • NMAP -O
Port Scanning : Identifikasi OS • Informasi Banner sebuah Service pada OS
Port Scanning : Identifikasi OS • Port aktif • Windows : port 135 & 139 (NetBIOS), 445 (Ms-DS) • Unix (Umum) : 22, 23, 79, 111 • Ping
Testing Methodology Penetrate, External
Testing Methodology Enumerate Obtain list of users, Passwords, shares, NetBIOS, names, SMTP strings, etc.
EnumerasiDasar • Mendapatkan informasi lanjutan dari sebuah Sistem Operasi • Daftar User • Shares
EnumerasiDasar • NBT NetBIOS over TCP / IP
Tools Enumerasi • Legion
Tools Enumerasi • GetAcct
Bug yang PopulerPada Windows • Era tahun 2000 – 2002 Bug Unicode / Decode • Era tahun 2003 - 2007 • RPC - DCOM • Netapi • PnP • DNS RPC Vulnerability • Bug Terbaru dan cukup Berbahaya tahun 2008 • 8 April 2008 • Windows Kernel Could Allow Elevation of Privilege
Bug yang PopulerPada Windows • Bug pada System Windows
Bug yang PopulerPada Windows • Bug aplikasi
LatarBelakangAncaman pada Web Server • Masalah pada system Hacking • Serangan bersifat spesifik : OS, H/w, Services, dll. • Berbeda juga cara serangan dan eksploitasinya. • Perubahan yang cepat : OS, H/w, Services, dll. • Firewall
LatarBelakangAncaman pada Web Server • Click Kiddies • Era baru Hacking, khusus pada serangan aplikasi web • Hanya diperlukan satu trick khusus yang ampuh untuk melakukan serangan • Senjata ampuhnya : cukup dengan BROWSER • Tools tambahan lainnya : • Port Scanner • Netcat • Vullnerability checker : Acunetix, Goolag, SandCat, Nikto, Black Widow, dll. • Milw0rm • Metasploit Framework • Dll.
InformasiBerharga • Informasi pada Website • Logo & Aplikasi • Manipulasi URL • Directory traversal • Source Code
Jenis-jenisSerangan TerhadapAplikasi Web • Buffer overflow, stack overflow, heap overflow • Format string • Parameter manipulation (command execution, unicode/URL Decoding, file inclusion, path transversal, HTTP splitting) • Cross Site Scripting (XSS) • SQL Injections • Session/Cookie Hijacking & Manipulation
Testing Methodology Penetrate, Internal
Testing Methodology Escalate, protect
Testing Methodology Pillage
Testing Methodology Get Interactive
Testing Methodology Expand influence
Testing Methodology Cleanup / maintenance
TerimaKasih arifwsn@gmail.com
