Attack Frameworks and Tools

Transcription

1 Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet Technologies and Mobile Communication WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München

2 Overview Introduction Overview of Tools Password Crackers Network Poisoners Network Security Tools Denial of Service Tools Concluding remarks 2

3 Introduction Network Security perhaps the most important aspect of communications in todays world How easy it is to attack a target system or network today? Tools automate most of the work From fingerprinting your target to attacking Knowledge requirements decrease day by day 3

4 Introduction The CIA Triangle Confidentiality Integrity Availability 4

5 Cain and Abel John the Ripper Hashcat Overview of the Tools Password Crackers Free Windows Only GUI Free Various Platforms Free Linux, OSX and Windows 5

6 ZARP Ettercap Overview of the Tools Network Poisoners Free Python Script Free Various Platforms 6

7 Nmap Metasploit Sqlmap Overview of the Tools Network Security Tools Free Various Platforms Free (Signup Required) Windows and Linux Free Python Script 7

8 LOIC HULK Overview of the Tools Denial of Service Tools Free Windows Only GUI Free Python Script 8

9 Password Crackers Attack: Confidentiality Crack passwords or keys Crack various kind of hashes Initially used to crack local system passwords like for Windows and Linux Have extended to include numerous kinds of hashes New versions are faster and use different kind of cracking methods GPU based password cracking also possible and is faster than CPU based Primarily: Brute forcing or Dictionary based attacks 9

10 Password Crackers Cain and Abel Windows based Widely used to crack Windows Passwords (LM Hashes and NTLM Hashes) Has built-in sniffer Can sniff web session passwords Can analyse SSH-1 or HTTPS traffic Needs: Rainbow tables for effective hash cracking Size of table impediment! However, this is an issue with all password crackers and related to password lengths and reverse hash lookups 10

11 Password Crackers John the Ripper Like Cain and Abel - Dictionary based and Brute force methods available Comes with various character sets Can crack numerous kinds of hashes Brute force can for obvious reasons take a huge amount of time Dictionaries could go up to petabytes Cracking time could be in excess of decades for even a 8 character password Normal machines: Impossible Solution: Good dictionaries? 11

12 Hashcat Password Crackers Like the previous tools However claims to be fastest password cracker with proprietary cracking algorithms Vs. Cain and Abel & John the Ripper - Offers various kinds of attacks 8 kinds of attacks Example: Combinator attack combine each word in dictionary to every other word in it Example: Hybrid attack Half of password from dictionary and rest from brute force HENCE, INCREASES EFFECTIVENESS OF A DICTIONARY A GPU Based cracker oclhashcat available - faster 12

13 Network Poisoners Attack: Integrity of the Network Can lead to loss of confidentiality and availability too Prime goal : ARP Poisoning Pose as another machine on the Network 13

14 Network Poisoners Once done: Pose as DNS Server Pose as DHCP Server Pose as the default gateway Perform Data Sniffing Man in the Middle Attacks (MITM) and a lot more Even HTTPS traffic is not safe (tool called SSLStrip) yet another tool that can be used without much insights. 14

15 Network Poisoners ZARP Suite of Poisoners Includes Sniffers Plans to be a central network poisoning/administration tool Can manage active sessions of poisoning/sniffing Still being developed 15

16 Network Poisoners Ettercap GUI available too! Plugins offer support for further complex attacks like: DNS Poisoning DHCP Poisoning 16

17 Network Security Tools Covers wide array of tools Most were created for vulnerability testing and easing the job of network administrators Today are used to test how secure a system is But are also infamous for their misuse by hackers 17

18 Network Security Tools Nmap Network Scanner A powerful tool to scan networks Used for (not exclusive list): OS fingerprinting Host Discovery Port Scanning 18

19 Network Security Tools Metasploit Framework A database of exploits Provides information about security vulnerabilities Goal: Aid in penetration testing and IDS signature development In the wrong hands: Can be used to exploit those same vulnerabilities with relative ease Exploits for almost every kind of system from Mac OSX to Windows to Linux to Android phones Has a GUI available too Armitage 19

20 Network Security Tools Metasploit Framework How easy it is? Select an exploit from the database Select a payload Decide upon an obfuscation or encoding scheme ANY EXPLOIT CAN BE ATTACHED WITH ANY PAYLOAD Types of exploits: Passive wait for targets to connect in and then try to exploit their systems Active target system attacked directly Autopwn feature tries to automatically exploit and inject itself into target system Makes life easy for an attacker! 20

21 Network Security Tools Metasploit Framework Problems? Exploits caught by anti-virus software (primarily of providers) if not local systems anti-virus SPREADING THE PAYLOAD BECOMES DIFFICULT! Many exploits released after the vulnerabilities have been patched in software updates 21

22 Network Security Tools SQLMap Where the vulnerability exists SQL Injection Vulnerabilities Script checks possible SQL injection inputs on the Web application Vulnerability scanning Control Channel Data Channel Many such scanners exist like, JoomScan Joomla CMS Scanner WPScan Wordpress Scanner 22

23 Denial Of Service Tools Attacks : Availability Bandwidth Server Server Bandwidth 23

24 Denial Of Service Tools Attacks : Availability Other scenarios exist too Example: IPv6 DOS Attack Effects on Organziations: Loss of revenues in recent years Loss of user trust on organisations Recently: Christmas Day 2014 DOS Attacks on Playstation Networks and XBOX Live 24

25 Denial Of Service Tools LOIC Low Orbit Ion Cannon Hivemind feature Distributed Denial Of Service Favourite of Hacktivists Minimal knowledge of networks required Flood Multiple requests to the Server 25

26 26

27 Denial Of Service Tools HULK HTTP Unbearable Load King Generate unique requests every single time Additional random page names added Random Query Strings appended Source Client information changed 27

28 Conclusions Is it that easy to hack? Probably not Password crackers Require massive computing power Metasploit Payloads Detected by anti-virus software Patches before vulnerabilities published (usually) Nmap Fingerprinting Can be blocked by active monitoring SQL Injection becoming less common as developers become more aware Denial of Service still can occur Difficult to mitigate Used extensively by hactivist groups Unpatched systems and old websites may still be vulnerable 28

29 Conclusions However new tools are always available Example: Dendroid Android Hijack Tool Available/Leaked on the Deep Web with ease Simple web based interface Patch might still take time to come Google not patching older Android OSs More users becoming aware of.onion,.i2p, etc domains Once again: Ease of use and easy availability leads to anyone using the tools Black hat community will always have new tools Normal users do not need massive know-how to carry out attacks Success however can be limited 29

30 Thank you! Your questions and comments are welcomed 30