Backtrack 5

“The quieter you are, the more you are able to listen…”. The motto of backtrack meaning that listening requires you to be silent, you can listen while you’re talking but it is not as effective while you are in silent mode. At first using backtrack is a lot of hassle for me. Lack of user interface really annoys me, but overtime me slowly beginning to able to use command as well as UI. Moreover, after practicing using command line I began to understand what’s going on inside of my OS instead just letting it do its work.

 

Backtrack has taught me lots of things from how to find others IP to eventually get inside of their system. Of course, it was not an easy job to do that, it requires patience and focus to do it or it will become a failure and all of your effort will be in vain. Finding a person private data also become really easy with the tools available inside of backtrack, but running those tools isn’t the only thing that you need to run it. You must also understand what are you looking for and your target as well in order to get the correct output from those tools.

 

Understanding Keyloggers

Not every keylogger is a virus. There are some company which make keyloggers to monitor their employee behavior while operating their system. Also, it also has been used to study human-computer relationship in some organization.

My personal experience in using keyloggers is when I try to find out my siblings ID and password. First I installed a keylogger in her laptop and wait a couple days to find out the password. Although it mostly contains a lot of junk, after a thourough searching I finally found the session which she is logging to an account and try to log in as her. Funnily the software I used only works in internet explorer in the Mozilla firefox the key got scrambled and created an unreadable keystroke.

Little but powerful… Packets!

 

A packet is a formatted unit of data transmitted throughout the computer network. A packets has two things which is control information and payloads. By examining this packets we will be able to determine what is going on in our network. Hacking attempts or scanning can be recorded if we are able to successfully decipher those packets.

 

Wireshark:

Wireshark is a software which analyze a networks packets and capture it in the most detailed picture available. This software is free and open source so it’s really easy to access it and used it. Also, basically it has the same functionality as TCPdump so if you aren’t able to use it you can use TCPdump instead because at the core they are one and the same.

 

 

 

source: https://en.wikipedia.org/wiki/Network_packet, http://en.wikipedia.org/wiki/Wireshark

Aim for the right spot

We can’t just launch our attacks randomly on the target ports, we must carefully search which port can or cannot be attacked. Even tough as system has many ports it doesn’t mean that all is opened, some is closed due to security issues or some of them is not needed. As an ethical hackers it is our job to search which port is alive so we can properly execute our attacks. There is also several tools in backtrack that can help us do that.

 

Superscan:

Zenmap:

 

Know your enemy!

In order to attack someone, we must know all their weaknesses and strength in order to win. The principal is the same when we are going to attack a system, we must know which part is unguarded and we must avoid detection at all cost. There are several tools that can help us do that.

Fping:

Hping:

Rping:

Protect yourselves!

As an ethical hackers, there are laws we must obey in order to do our job safely. Contracts and Statement-of-work will be needed to clear ourselves from charge if something happens to our clients. This Contracts also forbid us to publicize their system weaknesses and private data to keep their company safe and secure. Also, these contract allows us to become a recommended penetration tester in our certificate.

 

It’s not all about computers

Hacking is not a one way street attack to the target system. There are many other ways to gain access to the system even without looking at the system at all. Remember, hacker we must use the easiest and most efficient method to gather data. Therefore, since human is the weakest link in the chain, we must use them as resource use as an information gathering method.

Piggybanking:

Piggybanking is an act in which an unauthorized person who follows someone to a restricted area without the consent of the authorized person. In this secured area, this person can obtain sensitive data easily because they have access to the data.

Methods:

• Surreptitiously following an individual authorized to enter a location, giving the appearance of being legitimately escorted
• Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is largely unchecked
• Finding an authorized person who either carelessly disregards the law or the rules of the facility, or is tricked into believing the piggybacker is authorized, and agreeably allows the piggybacker to tag along

Source : http://en.wikipedia.org/wiki/Piggybacking_(security),

Let the enemy do the work for you!

E-mail is one of the things we almost can’t live without nowadays. It provides us with easy communications between places and sending documents has become as easy as pie. However, we must be careful with it because it also has become a dangerous place over the time. Hackers has already create methods to hack other people using just e-mail.

Phising  :

Phising is an act to obtain users private data by sending them fake e-mail with a link to a website that contains malware. This e-mail looks like they were important and needs to be dealt with immediately, but in truth it’s just a random junk from the internet.

Recent phising attacks   :

Apple Store – Update your Apple Account

Email Methods  :

• Deceptive Subject Line
• Forged Senders Address
• Genuine Looking Content
• Disguised Hyperlinks

Source: http://en.wikipedia.org/wiki/Phishing, http://www.fraudwatchinternational.com/individual-alert?fa_no=241426&mode=alert

Zero Day Attack

Zero day attack is an exploitation of unpatched software vulnerabilities that occurs on “day zero” of awareness of the vulnerability. This happens because of the lack of time between the discovery of the vulnerability and the amount of time needed by the administrator to fix that vulnerability.

CTA: New Java Zero-Days

Fireeye which is a Malware Protection Cloud (MPC) has detected a new brand-new zero days vulnerabilities that has already been used to attack several customer. The hackers used this vulnerability to install an “update” on Java version 6 and version 7. This is done by exploiting the JVM to write and read the infected codes. After exploiting the memory of the JVM then it began to download an md5 executable infected JAR from the host site and then began to run it. However, this exploitation also has some weaknesses. Sometimes it fails to load because it tries to overwrite a large number of memory and it is not completed properly making the JVM crashed. The Code itself try to make a copy of itself into a dll file making it roots on the host victim’s computer.

Source: http://blog.malwarebytes.org/intelligence/2013/03/cta-new-java-zero-days/, http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/yaj0-yet-another-java-zero-day-2.html, https://en.wikipedia.org/wiki/Zero-day_attack

Preparing for battle

Before we attack an enemy it is best to know them first, that way we would discover their weaknesses and attack them in the unguarded places. Information gathering becomes an inseparable activity in ethical hacking. Good information gathering may lead to a successful pen test or a failed one. It include three basic steps which is Footprinting, Fingerprinting and Enumeration.

Footprinting:

Footprinting is the blueprinting of the security profile of an organization, in a methodological manner.

The attacker may choose to source the information from:

• A web page (save it offline, e.g. using offline browser such as Teleport pro
• Yahoo or other directories. (Tifny is a comprehensive search tool for USENET newsgroups.
• Multiple search engines (All-in-One, Dogpile), groups.google.com is a great resource for searching large numbers of news group archives without having to use a tool.
• Using advanced search (e.g. AltaVista),
• Search on publicly trade companies (e.g. EDGAR).
• Dumpster diving (To retrieve documents that have been carelessly disposed)
• Physical access (False ID, temporary/contract employees, unauthorized access etc)

Fingerprinting:

Fingerprinting is “guessing” a target operating platform.

There are two type of fingerprinting which is the Active and Passive. Active fingerprinting is more accurate than passive but it leaves a visible track so it’s more dangerous to use it than the passive one.

Active fingerprinting is actively determining the target network OS by sending packets and examining its response. Passive fingerprinting is instead of relying on scanning the target host, passive fingerprinting captures packets from the target host and study it for signs that can reveal the OS.

The attacker may choose to source the information from:

• TTL – What the operating system sets the Time To Live on the outbound packet
• Window Size – What the operating system sets the Window Size at.
• DF – Does the operating system set the Don’t Fragment bit?
• TOS – Does the operating system set the Type of Service, and if so, at what?

Enumeration:

Enumeration is identifying valid user accounts or poorly protected resource shares.

The type of information enumerated by intruders:

Network resources and shares

Users and groups

Applications and banners

Source:http://www.amarjit.info/2010/03/what-is-footprinting-fingerprinting.html