1 / 21

Hacking Linux

Hacking Linux. Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2. Looking into Linux. Linux security overview Proactive measures and recovering. Stages of hacking – again. Mapping your machine and network Social Engineering, Trojans, and other tricks

paul
Télécharger la présentation

Hacking Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2

  2. Looking into Linux Linux security overview Proactive measures and recovering

  3. Stages of hacking – again • Mapping your machine and network • Social Engineering, Trojans, and other tricks • Physical attacks • Attacking over the network • Abusing the network itself • Elevating user privilege • Password cracking • Maintaining access

  4. Server issues and vulnerabilities • Mail and ftp • Web servers and dynamic content • Access control and firewalls

  5. Linux security overview • Porque • You are easy • You can be used as anonymous access • You are Linux and thus open source • The OS source is available • But the developers are self-policing – developer culture and Bugtraq • Access control methods • Password security • Controls on users • Privileged ports • Virtual memory gets reclaimed

  6. Proactive measures and recovering • Proactive measures • Insecurity scanners – finding your own weakness • Scan detectors – is someone eyeballing you? • Hardening your system • Log file analysis • File system integrity checks • Recovering from being hacked • Detecting if you have been hacked • What to do after a breakin

  7. Mapping your machine and network • Public domain looking • Online searches • Whois databases • Ping sweeps • DNS issues • Traceroutes • Port scanning • OS detection • Active stack fingerprinting • Passive stack fingerprinting

  8. Mapping, continued • Enumerating RPC services • What authentication level is used • What services – NFS, NIS, other PRC • NFS file sharing • What is exportable – and to what users • SNMP possibilities • Network insecurity scanners • Canned stuff that combines all these approaches

  9. Social Engineering, Trojans, and other tricks • Social engineering • Trojan horses • Viruses and worms • IRC backdoors

  10. Physical attacks • Attacking the office • Sneaky pete installs something • Boot access is root access • Boot passwords are in the flash ROM • Setup helps a little bit • Encrypted filesystems

  11. Attacking over the network • Using the network itself • TCP/IP • The public phone system • Default or bad configurations • NFS mounts • Netscape defaults • Squid • X-Windows system

  12. TCP/IP • Structure (header and function) • TCP • Flag bits (Urgent, Ack, Push, Reset, Syn, Fin) • UDP – less structure and functionality • ICMP – Control messages – many hacking possibilities • IP – Underlies these three protocols – host-to-host

  13. The public phone system • Modem attacks • Wardialing – mechanized dialing used to find modems • Attacks on modem internal protocols – Hayes not-so-smart Modem • Idea was to shut off sound, store a new number, disconnect and redial Moldavia • Countermeasures • One-time-pad login modules • Passwording • Biometrics

  14. More network attacks • Default passwords and password guessing • Sniffers • How they work • Common versions • Vulnerabilities • Buffer overflows • Vulnerable services • Vulnerable scripts • Unnecessary services and detecting them • Using netstat, lsof, nmap • How to turn them off – inetd.conf

  15. Abusing the network itself • DNS Exploits • Routing issues • Advanced sniffing and session hijacking • Hunt • Dsniff • Man-in-the-middle attacks • Denial of service (DoS) attacks • Floods • TCP/IP attacks

  16. More abuse and countermeasures • Abusing trust relationships • Implementing egress filtering

  17. Elevating user privilege • Users and privileges • Elevation of privilege • Trusted paths and trojan horses • Password storage and use • Special purpose groups and device access • Sudo • Suid programs • Hacker suids on mounted file systems • Countering poor programming

  18. Password cracking • How they work • More advanced algorithms • Cracking programs • Shadow passwords • Pluggable modules, etc.

  19. Maintaining access • Using the r commands, rsh, rexe, etc. • Passwordless access using ssh • Network accessible root shells • Trojaned system programs • Back doors • Trail hiding • Kernel hacks

  20. Remote access methods - Unix • Primary methods • Exploiting a listening service (TCP/IP) • System must be running services listening on some port • First enumerate, then specific exploit for that service • Using source routing to cross firewall or router • Router must have source routing disabled, or at least protected • User-triggered traps • Example: browsing as root and encountering malicious code • Exploiting system with network interface in promiscuous mode • Sniffer can sniff a malicious packet that was put there to catch any victim

  21. Brute force attacks • Password attacks • These can use any service that uses a logname/password for access • Many utilities exist for automating • Countermeasures are improved password analyzers, delay in login on incorrect passwords, detecting repeated login attempts • User password education – don’t use same password everywhere • Data driven attacks • Buffer and stack overflows work because of weak C libraries • Basic idea is to send an “egg” with code that goes on stack (used for local variables and return address)

More Related