Wednesday, March 11, 2020

NET185 - System Hacking

Summary of Chapter - System Hacking

The first section explained the different methods of password attacks. They are as follows:

  • Non-technical
    • Dumpster Diving

      Retrieving sensitive information from trash. Typically from waste bins, dumpsters and unsecured locations where hackers can easily access.

    • Social Engineering

      Manipulating a person to reveal confidential or sensitive information. Particularly passwords.

    • Shoulder Surfing

      A close proximity tactic of watching and/or recording a person's password, PIN, etc.

  • Technical
    • Dictionary

      Uses word lists from dictionaries to crack passwords. These lists include words with substituted letters with special characters or numbers.

    • Brute force

      Password cracking method which tests every possible keystroke. This method will continue until the correct password is found, but it takes a long time depending specifically on the strength of the password.

    • Pass the hash

      Uses NTLM or hash of a user's password. The hacker can use this instead of the plaintext of the password to gain access to the server. This is a very compromising attack if done successfully.

    • Sniffing

      Passive attack which collects data transmitted in a LAN. It is less likely to be detected because it runs in the background. Wireshark, TCPDump and Recon-ng are tools used for sniffing.

    • Keylogger

      Records keystrokes to collect data.There are hardware versions - which use a USB and has the advantage of being least detectable - and software versions - remotely installed and has the advantage of less memory limitations.

    • Rainbow

      Like Dictionary attacks, but uses precomputed tables with word lists and their corresponding hashes.

      RainbowCrack uses the rainbow method. The command rtgen generates tables with the parameters provided by the user. After specifying the parameters, the user can use the rsort . command to sort rainbow chains.

Countermeasures for password cracking would be to use password salting, which is adding random bits of data to a password before it gets stored, creating complex passwords, never share passwords, routinely change passwords, do not reuse passwords, and do not use words from the dictionary in your passwords.

Hackers will use privilege escalation to compromise a system. They can use cPasswords, which is an attribute storing passwords i a Group Policy preference in Windows. Kerberoasting is another tactic because the hacker can use any authorized user account on the Active Domain and request a TGS (service ticket). LSASS (Local Security Authority Subsystem Service) is vulnerable to viruses and Trojans. SAM (System Account Manager) databases can be hacked by dumping the hashed passwords to a file and decrypted through brute force methods. Unattended installations are installations which an administrator fails to clean up after installing an app. DLL hacking occurs during installation of an app, which Windows searches where directory they were loaded before the fully qualified path is attempted. It is when it is searching that the malicious DLL can locate itself to be found first before the real app.

Once a hacker has gained administrative access to a device, they like to continue that access or at least have a means to easily gain that access again. Maintaining access to a system can be done through a few methods:

  • Path Interception
  • Writable Services
  • Unsecure File and Folder Permissions
  • Backdoors
  • Crackers
  • Spyware
  • Scheduled Tasks

Lastly, the segment explained 'Covering your tracks'. Ethical hackers don't need to cover their tracks, but do need to understand how it is done so they can make a proper assessment. Hackers will erase or modify evidence (such as editing or deleting system logs - particularly from event viewer), hide evidence (setting the file to be hidden on the OS - ticking a checkbox on Windows and naming a file with a . on Linus/Unix and MacOS, but there is also the option of hiding a file within slack space of an existing file - as you see with Stenography), modifying timestamps and disabling auditing.

There was a lot of information in this section of learning. However, it was all very interesting to learn about - I was particularly fascinated by Stenography.


Current Issue Article

For my article this week, I read about the data breach on Samsung phones. A large number of users reported that even with having the 'Find My mobile' app disabled, they were receiving a strange message on their phone with 1/1. Samsung claimed it only occurred with Galaxy models, however some non-galaxy users reported experiencing the issue.Samsung advised that there was a data breach occurring at the same time, and some of the users received information about other users accounts. Samsung has since locked down the site to further investigate and remedy. They have not advised who was behind the breach.

The article can be read here: Samsung Data Breach – Mysterious ‘1/1’ Notification Let One User See Another Samsung Users Data Via Find My Mobile app

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)