Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.
Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.google.com
Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.
Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port
example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.inHere "* * * Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact operating system running on target system.
-: Network Hacking (Port Scanning) :-
Port Scanning :- Port scanning is carried out to determine a list of open ports on the remote host that have certain services or daemons running. In port scanning, the attacker connects to various TCP and UDP ports and tries to determine which ports are in listening mode.
1) TCP Ports Scanning :- Almost all port scans are based on the client sending a packet containing a particular flag to the target port of the remote system to determine whether the port is open. Following table lists the type of flags a TCP packet header can contain.
Flag | Meaning |
---|---|
URG (urgent) | This flag tells the receiver that the data pointed at by the urgent pointer required urgently. |
ACK (acknowledgment) | This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end. |
PSH (push) | The data must be passed on to the application as soon as possible. |
RST (reset) | There has been a problem with the connection and one wants to reset the connection with another. |
SYN (synchronize) | If system X wants to establish TCP connection with system Y, then it sends it's own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet. |
FIN (finish) | If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y. |
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2) UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable ICMP error message. If the port is open then no such error message is generated.
3) FTP Bounce Port Scanning :- The FTP bounce port scanning technique was discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol that allowed users connected to the FTP service of a particular system to connect to any port of another system. This loophole allows anonymous port scanning.
Recommended Tools | |
Nmap | http://www.insecure.org/nmap |
Superscan | http://www.foundstone.com |
-: Network Hacking (OS Fingerprinting) :-
OS Fingerprinting :- OS Fingerprinting refers to detection of target computer's operating system.
Since, different operating system responds differently to the same kind of ICMP message, it is very important for an attacker to determine the exact operating system running on target system.
Also attacker can carry out attacks by taking over the vulnerabilities/bugs found in that particular operating system.
There are four areas that we will look at to determine the operating system (however there are other signatures that can be used). These signatures are:
1) TTL - What the operating system sets the Time To Live on the outbound packet.
2) Window Size - What the operating system sets the Window Size at.
3) DF - Does the operating system set the Don't Fragment bit.
4) TOS - Does the operating system set the Type of Service, and if so, at what.
There are two different types of OS Fingerprinting technique -
1) Active OS Fingerprinting :- Remote active operating system fingerprinting is the process of actively determining a targeted network node’s underlying operating system by probing the
targeted system with several packets and examining the response(s), or lack thereof, received? The traditional approach is to examine the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a targeted network element when probed with several legitimate and/or malformed packets.
Recommended Tools | |
---|---|
Nmap | http://insecure.org/nmap |
2) Passive OS Fingerprinting :-Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is
based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host.
Recommended Tools | |
---|---|
P0f | http://lcamtuf.coredump.cx/p0f.shtml |
Ettercap | http://ettercap.sourceforge.net |
-: ClickJacking :-
Definition :-
"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages." - Wikipedia
Introduction :-
A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins like Flash.
How It Works? :-
ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.
ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.
So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.
In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.
JavaScript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.
Examples :-
1) Malicious camera spying using Adobe's Flash.
2) Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.
The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed. |
NoScript 2.0.9.7
Allow active content to run only from sites you trust,
and protect yourself against XSS and Clickjacking attacks...!
-: NetBIOS Hacking :-
NetBIOS stands for "Network Basic Input Output System".
It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources.
By default it runs on port 139.
NetBIOS gives the various information of the computers on a network, which includes computer name, username, domain, group, and many others.....!
The NBTSTAT Command :-
NBTSTAT is the command for manually interact with NetBIOS Over TCP/IP.
All the attributes (switches) used with nbtstat command and their usage can be viewed.
At the command prompt type-
C:\Windows>nbtstat
Sample NBTSTAT Response :-
C:\>nbtstat -A 117.200.160.174
NetBIOS Remote Machine Name Table
MAC Address = 86-95-55-50-00-00
NetBIOS Remote Machine Name Table
Name | Type | Status | |
---------------------------------------------- | |||
PRASANNA | <00> | UNIQUE | Registered |
INSECURE LAB | <00> | GROUP | Registered |
PRASANNA | <03> | UNIQUE | Registered |
PRASANNA | <20> | UNIQUE | Registered |
INSECURE LAB | <1E> | GROUP | Registered |
MAC Address = 86-95-55-50-00-00
An intruder could use the output from an nbtstat against your machines to begin gathering information about them.
"<03> in above table is nothing but the username of that system."
The next step for an intruder would be to try and list the open shares on the given computer, using the net view command.
Here is an example of the Net View command-
C:\>net view \\117.200.160.174
Shared resources at \\117.200.160.174
The command was completed successfully.
Shared resources at \\117.200.160.174
Sharename | Type | Comment |
---------------------------------------- | ||
C | Disk | Drive C:\ |
MySofts | Disk | My Softwares Collection |
E | Disk | Drive E:\ |
The command was completed successfully.
This information would give the intruder a list of shares which he would then use in conjunction with the Net Use command, a command used to enable a computer to map a share to it’s local drive, below is an example of how an intruder would map the C Share to a local G: drive, which he could then browse...!
C:\>net use G: \\117.200.160.174\C
The command was completed successfully.
C:\>G:
G:\>
The command was completed successfully.
C:\>G:
G:\>
0 comments:
Post a Comment