Practical Cyber Attacking Tutorial

Se7en - Creative Powerpoint Template

Practical Cyber AttackingTutorialYam Peleg


Cyber?

CYBER!

Se7en - Creative Powerpoint TemplateJAIL!


Introduction To Cyber


Cyber Attacking

Active Reconnaissance Gaining AccessPassive

ReconnaissanceMaintaining

Access

Gaining AccessThis is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.

Maintaining AccessOnce a hacker has gained access, they want to keep that access for future exploitation andattacks.

Passive Reconnaissance Passive reconnaissance involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge

Active ReconnaissanceActive reconnaissance involves probing the network to discover individual hosts, IP addresses,and services on the network. This usually involves more risk of detection than passive reconnaissance


Vulnerability based cyber attacks

Attacker

💻- Develops code that will be sent to the victim and then

- Uses a vulnerability to insert and run that code to

the victim's device.

Victim

💻- Unaware of the attacker’s

code running on the device.

- The malicious code transmit to the attacker.

The art of running your own code on someone else’s computer :)

❞

❞

LOLZ


Social Engineering

Se7en - Creative Powerpoint Template 9

Social Engineering

PhishingPractice of sending emails

Or creating sites appearing to befrom reputable source with theGoal of influencing or gaining

Personal information

ImpersonationPractice of pretexting as

Another person with the goalOf obtaining information or

Access to a person, Company, or computer system.

VishingPractice of eliciting

Information of attempting to Influence action via the

Telephone may include such Tools as “phone spoofing”

Hey! I am from ITCan you please give Me your password

So I can.. Blah Blah..


Passive reconnaissance


Where can we find information?


Google Hacking


Google Hacking

www.victim.com


Google Hacking

site:www.victim.com intitle:index.of

www.victim.com


Google Hacking

www.victim.com

site:www.victim.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora |

ext:ini


Google Hacking

www.victim.com

site:www.victim.com ext:sql | ext:dbf | ext:mdb


Google Hacking

www.victim.com

site:www.victim.com ext:log


Google Hacking

www.victim.com

site:www.victim.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup


Google Hacking

www.victim.com

site:www.victim.com inurl:login


Google Hacking

www.victim.com

site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect

syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |

intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"


Google Hacking

www.victim.com

site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect

syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |

intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"


Google Hacking

www.victim.com

site:www.victim.com ext:php intitle:phpinfo "published by the PHP Group"


Searching for information

Searching for “Information”?


Whois


Kali Linux


Maltego


Active reconnaissance


��

��

Client Server

SYN

ACK

SYN ACK

Three way handshake


��

��

Me Server

Port Scanning

LOLZ

Ports..

25..

80..

SYNSYN ACK

ServerOpen ports:

25


Network Attacking


��

��

You Someone who is good looking

ARP

IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC :?

Who has 192.168.2.52

I Know 192.168.2.52

Mac: E5-28-EC-7E-8B-

5E

Someone


��

��

You Someone who is good looking

ARP Poisoning

IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC : E5-28-EC-7E-8B-5E

��

Me

LOLZ

MAC :BE-EF-CA-CE-13-37

I Know 192.168.2.52

Mac: BE-EF-CA-CE-13-

37

Than you :)

I Know 192.168.2.13

Mac: BE-EF-CA-CE-13-

37

Than you :)

Hey There ;) Hey There

;)


Wireless Hacking


Web HackingWWW


��

��

Client Server

SQL Injection

Request: auth.htmlPOST:user: userPass: pass

SQL

Que

ry

"Do we have a user with user name: user and password: pass?”

SELECT user from users WHERE user=‘user’ and password=‘pass’


��

��

Me Server

SQL Injection

User: user

SQL

Que

rySELECT user from users WHERE user=‘user’ and password=‘pass’

False

User: ‘OR ‘1’=‘1

SELECT user from users WHERE user=‘’OR ‘1’ =‘1’ and password=‘pass’

True

LOLZ


��

��

Client Server

Cross side scripting

GET: Page.html

Backend Data

��Other Guys

��



Backend Data

Runnable Script

Runnable Script




Exploitation


How a normal program works..


How a normal program works..

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddress


Reverse Engineering


Exploiting


Everyday use of windows


The Vulnerability… RPCR

T4!O

SF_S

CALL

::Beg

inRp

cCal

l

RPCR

T4!O

SF_S

CALL

::Pro

cess

Rece

ived

PDU

RPCR

T4!O

SF_S

CALL

::Dis

patc

hRPC

Call

RPCR

T4!O

SF_S

CALL

::Dis

patc

hHel

per

RPCR

T4!S

tubC

all2

RPCR

T4!O

SF_S

CALL

::Dis

patc

hRPC

Call

… RPCR

T4!In

voke

srvsc

v!Ne

tprP

athC

anon

ical

ize

NETA

PI32!Ne

tpw

Path

Cano

nica

lize

NETA

PI32!Ca

noni

czliz

ePat

hNam

e

NETA

PI32!su

b71C

4968

3

rpccrt4.dll srvscv.dll netapi32.dll

NetpwPathCanonicalize

\\server\\dir1\\..\\dir2

\\server\\dir2


Exploiting..


Exploiting..


a7 87 ce 5c 95 b2 4d 98 d6 fc e6 0a 56 19 96 b8 cd d3 e5 77 4d 98 d6 fc e6 0a 56

Exploiting..

c0 33 5b ac 12 82 1b ab 2b 02 9dac 6a 93 e0 9e a5 ea 3a 9e 25 5c7b c1 ad 90 29 9b 2f e6 3a 47 7d9a 20 c6 75 dc 0Address

Technology

Practical Cyber Attacking Tutorial