1 / 32

Hacking Windows

Hacking Windows. Justin Bell. Department of Computer Science University of Wisconsin, Platteville belljus@uwplatt.edu.

oscar-salinas
Télécharger la présentation

Hacking Windows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville belljus@uwplatt.edu

  2. This presentation will explore some high-profile intrusions along with the general methodology behind hacking techniques. The presentation will also cover some specific examples of attacks and vulnerable services. Definitions Famous Hacks Breaking In Malicious Code Terminal Services Denial of Service Topics

  3. Definitions: Hacker: someone who attempts to gain unauthorized access into a computer system. Hacking: the process of attempting to gain and possibly achieving access to computer systems by an unauthorized user.

  4. Famous Hacks • Bank Hack • Johan, 20 years old from Estonia • Gained access through a limited “guest account” • Was able to access services that allowed him to download the SAM file • Once this file was decrypted Johan had login access to all the web accounts for the entire bank.

  5. Famous Hacks • Security firm • Two 22 year old hackers from London • Through enumeration found open ports • This told them it was a windows server. • Asked the server for user names then did a dictionary attack • Hacked into a personal laptop connected to the system through the guest account

  6. Famous Hacks • Hacking Comunities • Hackers Against Child Pornography • Takes down child pornography rings after notifying international police. • Nashville 2600 • HAL2001 (Hackers At Large

  7. Breaking In • Profiling • “Casing the Place” • Finding a System To Hack into and figuring out what’s open and what is being used. • Foot-Printing • Scanning • Enumeration

  8. Breaking In • Footprinting • Finding out everything from the outside, before any access is actually gained • Documentation is extremely important • Finding the Posture • Internet Posture • Intranet Posture • Extranet Posture

  9. Breaking In – Footprinting • whois info • Can be done manually • Services like www.ARIN.net • University of Wisconsin – Platteville • Clients can do batch whois queries for hackers that don’t have a specific target

  10. Breaking In – Footprinting • whois info • Company Name • Administrator’s name • Administrator’s Account Name • Can deduce other account names • Site Creation Date • Gives info on Legacy systems that may be running

  11. Breaking In – Footprinting • Internet Search Engines • Google is the easiest because of its massive size • Search for default file paths • C:\inetpub • TSweb/default.htm • Now the hacker knows the weaknesses of the site and what port to attack : 3389

  12. Breaking In – Scanning • Finding ports • Easiest way to access a system and establish a connection • Tools will scan all possible ports • If default ports are used the hacker can gain knowledge of services that are running • If a hacker sees port 389 open he can assume the target is running an LDAP server

  13. Breaking In – Enumeration • Find valid usernames or file shares • Takes advantage of default windows services • Domain Controller lookup • Exploited by a free Microsoft tool called nltest

  14. Breaking In – Enumeration • NLTEST Output • C:\>nltest /whowill:ESS bob [20:58:55] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC939) [20:58:55] Response 0: S:\\NET1 D:ESS A:bob (Act found) The command completed successfully • C:\>nltest /whowill:testd test [21:26:13] Response 0: S:\\TEST2 D:TESTD A:test (Act found) [21:26:15] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC295) The command completed successfully

  15. Breaking In – Enumeration • NLTEST Output • C:\>nltest /dclist:testd List of DCs in Domain testd \\TEST2 (PDC) \\TEST1 The command completed successfully

  16. Breaking In – Privilege Escalation • Goal of all hacks • Highest possible Escalation is the Domain or Forest Admin as well as the Local Admin • All Windows Accounts are stored in the “SAM” (Security Accounts Manager) • Stores valid users, groups and passwords in an encrypted database. • Hashed, then encrypted with a 128 bit key called “SYSKEY”

  17. Breaking In – Privilege Escalation

  18. Breaking In – Privilege Escalation • More than one user can be running processes at any given time • Individual SIDs ( Security IDs) are given to each process so Windows knows the privilege level it can operate at. • Can be a user or “SYSTEM” “LOCAL SERVICE” or “DEFAULT LOGON” accounts

  19. Breaking In – Privilege Escalation • Because every process needs to access the SAM it has been the top target for Hackers. • There have been numerous “bugs” in the encryption that have allowed the SAM to be cracked. • Since this is just a file, it can be copied and moved to another system. • Then it can either be cracked or have a brute force attack to find passwords.

  20. Breaking In – Privilege Escalation • Once a single account is broken the hacker will try to infiltrate many different accounts in case the one he knows is changed. • This can be done by watching for keys typed or cracking network SAM files • “John the Ripper” by “Solar Designer” • Searching for files on the system containing the words “password,” “access,” “logon” or “Administrator”

  21. Malicious Code • Viruses • Worms • Trojan Horses

  22. Malicious Code - Viruses • “Segments of code that attach themselves to existing programs and perform some predetermined actions when the host program is executed.” • Piggy-back other files, no way to spread on their own – needs a “host” • The “host” passes the infected file to some new “host” who runs the file on another system.

  23. Malicious Code - Viruses • Usually try to copy themselves throughout a system making them difficult to remove. • A single Virus can copy many different viruses to many different files. • Can do things as harmless as report internet activity to an outside source • Can do things as harmful as copy passwords, format a system, or replace words in e-mails. • Chernobyl – Deletes Flash Bios Memory

  24. Malicious Code - Worms • Similar to Viruses, but they contain a mechanism to spread through a computer network without the assistance of other programs or people. • Spread Extremely quickly • Hard to remove because they re-install right away from other machines

  25. Malicious Code - Worms • Internet Worm – Installed repeatedly • LoveBug • Flooded the Internet with e-mails in May 2000 with the subject, ILOVEYOU • When attachment was opened it sent itself to other systems and ruined system files

  26. Malicious Code – Trojan Horses • Malicious programs packaged within other seemingly useful programs • Hidden like the Trojans waiting in the giant wooden horse • Can perform the advertised function, or just the malicious code • Hard to pin-point exactly what program the Trojan is hiding in.

  27. Malicious Code – Trojan Horses • RAT – Remote Access Tool • Installed through a web site • When executed, installs back door for the site administrator • Administrator just looks through the list of IP addresses that accessed the site

  28. Terminal Services • Provide Remote Access for Hacker • Using the usernames gained through enumeration the only thing needed is a password. If the hacker cracked the SAM the system is open. • Administrator accounts can not be locked out leaving them open to brute force attacks. • ProbTS and TS Grinder help find and exploit Terminal Services Connections

  29. Denial of Services (DoS) • Over-load the server to render it unable to accept any additional connections • Effectiveness of attacks are seriously limited by the hardware and internet connection of the attacker • DoS attacks exploit the fact that the target can’t tell if it’s legitimate traffic or not, so it has to respond to everything

  30. Distributed Denial of Services (DDoS) • Perform the same functions as a DoS, but from many computers at the same time • Performed through machines infested with Trojan Horses or Worms • Limited only by the number of machines infected • Feburary 2000 – first major DDoS • Targeted Google and Microsoft • Took down both sites for a little more than a day • Originated in computer labs from two major California Universities

  31. Conclusion • Hacking is a lucrative, multinational, criminal occupation • As Computer Science or Software Engineering Professionals we must strive to make sure everything we produce is safe against hackers • Through understanding the methodology of hackers it’s easier to protect systems from them

  32. Questions???

More Related