Attack

*ATTACK*

This entails the actions a hacker goes through to initiate a hack on a machine or network. It involves some planning and preparation in order to be successful and remain unnoticed.

Footprinting/Scanning (gathering information about a potential target)

  • Consult their website; read the page source for clues
  • Consult services such as the ARIN database and Network Solutions, and the SEC database
  • Query the targets name server
  • Traceroute the target network to determine layout [ traceroute ]
  • Ping sweep the network to find running hosts
  • Port scan active machines to determine running services [ nmap being used ]
  • Attempt OS detection

 

Exploiting

  • Gaining access to services using brute force password guessing
  • Force buffer overflows to gain root access
  • Exploit misconfigured FTP servers
  • Use RPC services to get information about a machine and it's users or force buffer overflows on these services to gain root
  • Try to mount an NFS filesystem
  • Use social engineering to get a user's password

 

Hacking Tools

  • nmap
  • netcat
  • tcpdump
  • Dsniff
  • Hping2
  • SATAN
  • Firewalk
  • John the Ripper
  • Perl
  • Ngrep
  • traceroute/ping/telnet

Exploits

Brute Force Attacks

These involve guessing userid/password combinations on services that require authentication before granting access (telnet, ssh, ftp, etc.). There are a number of tools that can be used to automate this procedure. The best defense against such an attack is strong passwords.

Buffer Overflow Attacks

Buffer overflows occur when an attempt is made to enter more information into a buffer than is allocated for the process. Skilled hackers can use this to their advantage by forcing buffer overflows and executing a command on the remote system. This is a very simplified description, but should suffice for the scope of this text.

FTP

Misconfigured anonymous FTP servers sometimes allow users to search the entire directory tree.  This enables hackers to grab files such as the passwd file. Also, some are configured to allow anybody to write to the directories. This can result in individuals storing "warez" or illegally distributed files on the server, or allow hackers to add files that allow them to gain access to the system.

RPC Services

These are services that enable programs on one system to execute code on a remote system.  Because a number of these services run with superuser privileges, a successful buffer overflow attack would result in root access.

NFS

Known as network filesystem, it allows users to access remote filesystems as if they were stored locally. An exploit caused by misconfiguration allows everybody to mount that filesystem without authentication.

Social Engineering

This is an attack whereby the hacker uses his social skills to fool a user or sysadmin into giving him privileges or information that he would otherwise be unable to gain.  Although this could feasibly be done a number of different ways, a common way is for a hacker posing as a sysadmin to call a user and ask for personal information or password.

 

 

[Index] [Introduction] [Attack] [Detection / Recovery] [Prevention] [Conclusion] [Credits]