Upload
yam-peleg
View
580
Download
0
Embed Size (px)
Citation preview
Se7en - Creative Powerpoint Template
Practical Cyber AttackingTutorialYam Peleg
Se7en - Creative Powerpoint Template
Cyber?
CYBER!
Se7en - Creative Powerpoint TemplateJAIL!
Se7en - Creative Powerpoint Template
Introduction To Cyber
Se7en - Creative Powerpoint Template
Cyber Attacking
Active Reconnaissance Gaining AccessPassive
ReconnaissanceMaintaining
Access
Gaining AccessThis is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.
Maintaining AccessOnce a hacker has gained access, they want to keep that access for future exploitation andattacks.
Passive Reconnaissance Passive reconnaissance involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge
Active ReconnaissanceActive reconnaissance involves probing the network to discover individual hosts, IP addresses,and services on the network. This usually involves more risk of detection than passive reconnaissance
Se7en - Creative Powerpoint Template
Vulnerability based cyber attacks
Attacker
💻- Develops code that will be sent to the victim and then
- Uses a vulnerability to insert and run that code to
the victim's device.
Victim
💻- Unaware of the attacker’s
code running on the device.
- The malicious code transmit to the attacker.
The art of running your own code on someone else’s computer :)
❞
❞
LOLZ
Se7en - Creative Powerpoint Template
Social Engineering
Se7en - Creative Powerpoint Template 9
Social Engineering
PhishingPractice of sending emails
Or creating sites appearing to befrom reputable source with theGoal of influencing or gaining
Personal information
ImpersonationPractice of pretexting as
Another person with the goalOf obtaining information or
Access to a person, Company, or computer system.
VishingPractice of eliciting
Information of attempting to Influence action via the
Telephone may include such Tools as “phone spoofing”
Hey! I am from ITCan you please give Me your password
So I can.. Blah Blah..
Se7en - Creative Powerpoint Template
Passive reconnaissance
Se7en - Creative Powerpoint Template
Where can we find information?
Se7en - Creative Powerpoint Template
Google Hacking
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
Se7en - Creative Powerpoint Template
Google Hacking
site:www.victim.com intitle:index.of
www.victim.com
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora |
ext:ini
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com ext:sql | ext:dbf | ext:mdb
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com ext:log
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com inurl:login
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect
syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |
intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect
syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |
intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
Se7en - Creative Powerpoint Template
Google Hacking
www.victim.com
site:www.victim.com ext:php intitle:phpinfo "published by the PHP Group"
Se7en - Creative Powerpoint Template
Searching for information
Searching for “Information”?
Se7en - Creative Powerpoint Template
Whois
Se7en - Creative Powerpoint Template
Kali Linux
Se7en - Creative Powerpoint Template
Maltego
Se7en - Creative Powerpoint Template
Active reconnaissance
Se7en - Creative Powerpoint Template
��
��
Client Server
SYN
ACK
SYN ACK
Three way handshake
Se7en - Creative Powerpoint Template
��
��
Me Server
Port Scanning
LOLZ
Ports..
25..
80..
SYNSYN ACK
ServerOpen ports:
25
Se7en - Creative Powerpoint Template
Network Attacking
Se7en - Creative Powerpoint Template
��
��
You Someone who is good looking
ARP
IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC :?
Who has 192.168.2.52
I Know 192.168.2.52
Mac: E5-28-EC-7E-8B-
5E
Someone
Se7en - Creative Powerpoint Template
��
��
You Someone who is good looking
ARP Poisoning
IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC : E5-28-EC-7E-8B-5E
��
Me
LOLZ
MAC :BE-EF-CA-CE-13-37
I Know 192.168.2.52
Mac: BE-EF-CA-CE-13-
37
Than you :)
I Know 192.168.2.13
Mac: BE-EF-CA-CE-13-
37
Than you :)
Hey There ;) Hey There
;)
Se7en - Creative Powerpoint Template
Wireless Hacking
Se7en - Creative Powerpoint Template
Web HackingWWW
Se7en - Creative Powerpoint Template
��
��
Client Server
SQL Injection
Request: auth.htmlPOST:user: userPass: pass
SQL
Que
ry
"Do we have a user with user name: user and password: pass?”
SELECT user from users WHERE user=‘user’ and password=‘pass’
Se7en - Creative Powerpoint Template
��
��
Me Server
SQL Injection
User: user
SQL
Que
rySELECT user from users WHERE user=‘user’ and password=‘pass’
False
User: ‘OR ‘1’=‘1
SELECT user from users WHERE user=‘’OR ‘1’ =‘1’ and password=‘pass’
True
LOLZ
Se7en - Creative Powerpoint Template
��
��
Client Server
Cross side scripting
GET: Page.html
Backend Data
��Other Guys
������
Se7en - Creative Powerpoint Template
Cross side scripting
Backend Data
Runnable Script
Runnable Script
Se7en - Creative Powerpoint Template
Cross side scripting
Se7en - Creative Powerpoint Template
Exploitation
Se7en - Creative Powerpoint Template
How a normal program works..
Se7en - Creative Powerpoint Template
How a normal program works..
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddress
Se7en - Creative Powerpoint Template
Reverse Engineering
Se7en - Creative Powerpoint Template
Exploiting
Se7en - Creative Powerpoint Template
Everyday use of windows
Se7en - Creative Powerpoint Template
The Vulnerability… RPCR
T4!O
SF_S
CALL
::Beg
inRp
cCal
l
RPCR
T4!O
SF_S
CALL
::Pro
cess
Rece
ived
PDU
RPCR
T4!O
SF_S
CALL
::Dis
patc
hRPC
Call
RPCR
T4!O
SF_S
CALL
::Dis
patc
hHel
per
RPCR
T4!S
tubC
all2
RPCR
T4!O
SF_S
CALL
::Dis
patc
hRPC
Call
… RPCR
T4!In
voke
srvsc
v!Ne
tprP
athC
anon
ical
ize
NETA
PI32!Ne
tpw
Path
Cano
nica
lize
NETA
PI32!Ca
noni
czliz
ePat
hNam
e
NETA
PI32!su
b71C
4968
3
rpccrt4.dll srvscv.dll netapi32.dll
NetpwPathCanonicalize
\\server\\dir1\\..\\dir2
\\server\\dir2
Se7en - Creative Powerpoint Template
Exploiting..
Se7en - Creative Powerpoint Template
Exploiting..
Se7en - Creative Powerpoint Template
a7 87 ce 5c 95 b2 4d 98 d6 fc e6 0a 56 19 96 b8 cd d3 e5 77 4d 98 d6 fc e6 0a 56
Exploiting..
c0 33 5b ac 12 82 1b ab 2b 02 9dac 6a 93 e0 9e a5 ea 3a 9e 25 5c7b c1 ad 90 29 9b 2f e6 3a 47 7d9a 20 c6 75 dc 0Address