CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

Transcription

1 CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish Andrew Whitaker Keatron Evans Jack B.Voth TT r\ Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Cape Town Sydney Tokyo Singapore Mexico City

2 Contents Introduction xvii Chapter I Get Your Free Credit Cards Here I Setting the Stage 1 The Approach 1 The Chained Exploit 2 Enumerating the PDXO Web Site 3 Enumerating the Credit Card Database 5 Stealing Credit Card Information from the Web Site 11 Selling the Credit Card Information on the Underground Market 13 Defacing the PDXO Web Site 15 Chained Exploit Summary 16 Countermeasures 17 Change the Default HTTP Response Header 17 Do Not Have Public Access to Developer Sites 17 Do Not Install SQL Server on the Same Machine as IIS 17 Sanitize Input on Web Forms 18 Do Not Install IIS in the Default Location 18 Make Your Web Site Read-Only 18 Remove Unnecessary Stored Procedures from Your SQL Database 18 Do Not Use the Default Username and Password for Your Database 18 Countermeasures for Customers 19 Conclusion 20 vii

3 Chapter 2 Discover What Your Boss Is Looking At 21 Setting the Stage 21 The Approach 22 For More Information 25 The Chained Exploit 28 Phishing Scam 29 Installing Executables 32 Setting Up the Phishing Site 38 Sending Mr. Minutia an 38 Finding the Boss's Computer 42 Connecting to the Boss's Computer 43 WinPcap 45 Analyzing the Packet Capture 46 Reassembling the Graphics 48 Other Possibilities 51 Chained Exploit Summary 52 Countermeasures 52 Countermeasures for Phishing Scams 53 Countermeasures for Trojan Horse Applications 53 Countermeasures for Packet-Capturing Software 54 Conclusion 54 Chapter 3 Take Down Your Competitor's Web Site 55 Setting the Stage 55 The Approach 57 For More Information 59 The Chained Exploit 59 Attack #1: The Test 60 Attack #2: The One That Worked 66 Getting Access to the Pawn Web site 68 Lab-Testing the Hack 70 Modifying the Pawn Web Site 80 Other Possibilities 83 Chained Exploit Summary 84 Countermeasures 85 Countermeasures for Hackers Passively Finding Information about Your Company 85 Countermeasures for DDoS Attacks via ICMP 85 Countermeasures for DDoS Attacks via HTTP and Other Protocols 86 viii

4 Countermeasures for Unauthorized Web Site Modification 86 Countermeasures for Compromise of Internal Employees 87 Conclusion 88 Chapter 4 Corporate Espionage 89 Setting the Stage 89 The Approach 91 The Chained Exploit 92 Reconnaissance 92 Getting Physical Access 96 Executing the Hacks 101 Bringing Down the Hospital 107 Other Possibilities 119 Chained Exploit Summary 120 Countermeasures 121 Countermeasures for Physical Security Breaches and Access Systems Compromise 121 Countermeasures for Scanning Attacks 121 Countermeasures for Social Engineering 122 Countermeasures for Operating System Attacks 122 Countermeasures for Data Theft 123 Conclusion 124 Chapter5 Chained Corporations 125 Setting the Stage 125 The Approach 126 The Chained Exploit 127 Reconnaissance 127 Social Engineering Attack 135 More and Yet More Recon 137 Aggressive Active Recon 140 Building the Exploit Infrastructure 149 Testing the Exploit 156 Executing the Hack 166 Constructing the Rootkit 167 Game Over The End Result 172 Other Possibilities 173 Chained Exploit Summary 173!X

5 Countermeasures 174 Countermeasures for Hackers Passively Finding Information about Your Company 174 Countermeasures for Social Engineering Attack on Visual IQ 175 Countermeasures for Recon on the Visual IQ Software 175 Countermeasures for Wi-Fi Attack on Quizzi Home Network 175 Countermeasures for the Keylogger Attack 176 Conclusion 176 Chapter 6 Gain Physical Access to Healthcare Records 177 Setting the Stage 177 The Approach 179 For More Information 179 The Chained Exploit 181 Social Engineering and Piggybacking 181 Gaining Physical Access 195 Booting into Windows with Knoppix 201 Modifying Personally Identifiable Information or Protected Medical Information 204 Chained Exploit Summary 205 Countermeasures 205 Social Engineering and Piggybacking 206 Lock Picking 208 Defeating Biometrics 208 Compromising a PC 208 Conclusion 209 Chapter 7 Attacking Social Networking Sites 21 I Setting the Stage 211 The Approach 212 The Chained Exploit 213 Creating a Fake MySpace Web Site 213 Creating the Redirection Web Site 217 Creating a MySpace Page 218 Sending a Comment 221 Compromising the Account 224 A

6 Logging In to the Hacked Account 224 The Results 227 Chained Exploit Summary 228 Countermeasures 228 Avoid Using Social Networking Sites 229 Use a Private Profile 229 Be Careful about Clicking on Links 229 Require Last Name / Address to Be a Friend 230 Do Not Post Too Much Information 230 Be Careful When Entering Your Username/Password 230 Use a Strong Password 230 Change Your Password Frequently 231 Use Anti-Phishing Tools 231 Conclusion 231 Chapter 8 Wreaking Havoc from the Parking Lot 233 Setting the Stage 233 The Approach 236 For More Information 237 Accessing Networks Through Access Points 238 The Chained Exploit 239 Connecting to an Access Point 239 Performing the Microsoft Kerberos Preauthentication Attack 248 Cracking Passwords with RainbowCrack 254 Pilfering the Country Club Data 256 Chained Exploit Summary 257 Countermeasures 258 Secure Access Points 258 Configure Active Directory Properly 259 Use an Intrusion Prevention System or Intrusion Detection System 260 Update Anti-Virus Software Regularly 261 Computer Network Security Checklist 261 Conclusion 266 Index 267 xi