Professional Documents
Culture Documents
IRU
HYHU\FKDSWHUEXWLQPDQ\FDVHVWKHFRQFHSWVGLVFXVVHGLQWKHHDUOLHUSDUWRIWKHERRNPD\
VHHP WR IRUP WKH NH\ HOHPHQWV LQ XQGHUVWDQGLQJ WKH VXEVHTXHQW FRQFHSWV 7KHUHIRUH ,
UHFRPPHQGUHDGLQJWKLVERRNLQDQRUGHUO\PDQQHUDQGQRWVNLSWKHFRQFHSWVRUFKDSWHUV
LQEHWZHHQ
7KURXJKRXW WKLV ERRN \RX ZLOO EH SUHVHQWHG ZLWK PDQ\ LOOXVWUDWLYH H[DPSOHV DQDORJLHV
DQG H\HFDWFKLQJ GLDJUDPV WKDW ZLOO QRW RQO\ PDNH WKH ZKROH XQGHUVWDQGLQJ SURFHVV
HDVLHUEXWDOVRPDNHVWKHOHDUQLQJSURFHVVDIXQ,KRSH\RXOLNHWKLVERRNDQGHQMR\WKH
FRQFHSWVSUHVHQWHGLQLW
Chapter 1 - Introduction
, EHW PRVW RI \RX DUH UHDOO\ H[FLWHG WR JHW VWDUWHG %XW EHIRUH ZH DFWXDOO\ PRYH RQ WR
OHDUQLQJKRZWRKDFNOHWXVEHJLQWRXQGHUVWDQGZKDWKDFNLQJUHDOO\PHDQV
WHAT IS HACKING?
,Q WKH ILHOG RI FRPSXWHU VHFXULW\ KDFNLQJ VLPSO\ UHIHUV WR WKH DFW RI H[SORLWLQJ WKH
ZHDNQHVVWKDWH[LVWVLQDFRPSXWHUV\VWHPRUDFRPSXWHUQHWZRUN
,QRWKHUZRUNVDKDFNHULVVRPHRQHZKRKDVGHYHORSHGDGHHSHULQWHUHVWLQXQGHUVWDQGLQJ
KRZWKHFRPSXWHUV\VWHPRUWKHVRIWZDUHSURJUDPZRUNVVRWKDWKHFDQWDNHFRQWURORIWKH
FRPSXWHUE\H[SORLWLQJDQ\RIWKHH[LVWLQJYXOQHUDELOLWLHVLQLW
HACKER CLASSIFICATION
%DVHGRQWKHDWWLWXGHDQGVNLOOOHYHOWKH\SRVVHVVKDFNHUVDUHFODVVLILHGLQWRWKHIROORZLQJ
W\SHV
White Hat Hacker$white hatKDFNHUDOVRNQRZQDVethical hackerLVVRPHRQH
ZKR XVHV KLV VNLOOV RQO\ IRU GHIHQVLYH SXUSRVHV VXFK DV SHQHWUDWLRQ WHVWLQJ 7KHVH
W\SHRIKDFNHUVDUHRIWHQKLUHGE\PDQ\RUJDQL]DWLRQVLQRUGHUWRHQVXUHWKHVHFXULW\
RIWKHLULQIRUPDWLRQV\VWHPV
Black Hat Hacker $ black hat KDFNHU DOVR NQRZQ DV cracker LV VRPHRQH ZKR
DOZD\VXVHVKLVVNLOOVIRURIIHQVLYHSXUSRVHV7KHLQWHQWLRQRIEODFNKDWKDFNHUVLVWR
JDLQPRQH\RUWDNHSHUVRQDOUHYHQJHE\FDXVLQJGDPDJHWRLQIRUPDWLRQV\VWHPV
PDQQHU ZKHUH RQH FRQFHSW IRUPV WKH IRXQGDWLRQ IRU WKH RWKHU 7KLV PD\ QRW EH WUXH IRU
HYHU\FKDSWHUEXWLQPDQ\FDVHVWKHFRQFHSWVGLVFXVVHGLQWKHHDUOLHUSDUWRIWKHERRNPD\
VHHP WR IRUP WKH NH\ HOHPHQWV LQ XQGHUVWDQGLQJ WKH VXEVHTXHQW FRQFHSWV 7KHUHIRUH ,
UHFRPPHQGUHDGLQJWKLVERRNLQDQRUGHUO\PDQQHUDQGQRWVNLSWKHFRQFHSWVRUFKDSWHUV
LQEHWZHHQ
7KURXJKRXW WKLV ERRN \RX ZLOO EH SUHVHQWHG ZLWK PDQ\ LOOXVWUDWLYH H[DPSOHV DQDORJLHV
DQG H\HFDWFKLQJ GLDJUDPV WKDW ZLOO QRW RQO\ PDNH WKH ZKROH XQGHUVWDQGLQJ SURFHVV
HDVLHUEXWDOVRPDNHVWKHOHDUQLQJSURFHVVDIXQ,KRSH\RXOLNHWKLVERRNDQGHQMR\WKH
FRQFHSWVSUHVHQWHGLQLW
Chapter 1 - Introduction
, EHW PRVW RI \RX DUH UHDOO\ H[FLWHG WR JHW VWDUWHG %XW EHIRUH ZH DFWXDOO\ PRYH RQ WR
OHDUQLQJKRZWRKDFNOHWXVEHJLQWRXQGHUVWDQGZKDWKDFNLQJUHDOO\PHDQV
WHAT IS HACKING?
,Q WKH ILHOG RI FRPSXWHU VHFXULW\ KDFNLQJ VLPSO\ UHIHUV WR WKH DFW RI H[SORLWLQJ WKH
ZHDNQHVVWKDWH[LVWVLQDFRPSXWHUV\VWHPRUDFRPSXWHUQHWZRUN
,QRWKHUZRUNVDKDFNHULVVRPHRQHZKRKDVGHYHORSHGDGHHSHULQWHUHVWLQXQGHUVWDQGLQJ
KRZWKHFRPSXWHUV\VWHPRUWKHVRIWZDUHSURJUDPZRUNVVRWKDWKHFDQWDNHFRQWURORIWKH
FRPSXWHUE\H[SORLWLQJDQ\RIWKHH[LVWLQJYXOQHUDELOLWLHVLQLW
HACKER CLASSIFICATION
%DVHGRQWKHDWWLWXGHDQGVNLOOOHYHOWKH\SRVVHVVKDFNHUVDUHFODVVLILHGLQWRWKHIROORZLQJ
W\SHV
White Hat Hacker$white hatKDFNHUDOVRNQRZQDVethical hackerLVVRPHRQH
ZKR XVHV KLV VNLOOV RQO\ IRU GHIHQVLYH SXUSRVHV VXFK DV SHQHWUDWLRQ WHVWLQJ 7KHVH
W\SHRIKDFNHUVDUHRIWHQKLUHGE\PDQ\RUJDQL]DWLRQVLQRUGHUWRHQVXUHWKHVHFXULW\
RIWKHLULQIRUPDWLRQV\VWHPV
Black Hat Hacker $ black hat KDFNHU DOVR NQRZQ DV cracker LV VRPHRQH ZKR
DOZD\VXVHVKLVVNLOOVIRURIIHQVLYHSXUSRVHV7KHLQWHQWLRQRIEODFNKDWKDFNHUVLVWR
JDLQPRQH\RUWDNHSHUVRQDOUHYHQJHE\FDXVLQJGDPDJHWRLQIRUPDWLRQV\VWHPV
ESSENTIAL TERMINOLOGIES
%HIRUH SURFHHGLQJ IXUWKHU WKH IROORZLQJ DUH VRPH RI WKH HVVHQWLDO WHUPLQRORJLHV LQ WKH
ILHOGRIKDFNLQJWKDWRQHVKRXOGEHDZDUHRI
Vulnerability: $vulnerabilityLVDQH[LVWLQJZHDNQHVVWKDWFDQDOORZWKHDWWDFNHUWR
FRPSURPLVHWKHVHFXULW\RIWKHV\VWHP
Threat: $ threat LV D SRVVLEOH GDQJHU WKDW FDQ H[SORLW DQ H[LVWLQJ YXOQHUDELOLW\ WR
FDXVHSRVVLEOHKDUP
Attack: $Q attack LV DQ\ DFWLRQ WKDW YLRODWHV WKH VHFXULW\ RI WKH V\VWHP ,Q RWKHU
ZRUGVLWLVDQDVVDXOWRQWKHV\VWHPVHFXULW\WKDWLVGHULYHGIURPDQH[LVWLQJWKUHDW
HACKING FAQS
+HUHLVDVPDOOOLVWRIVRPHRIWKHfrequently asked questionsDERXWKDFNLQJ
1RZOHWXVEHJLQWRXQGHUVWDQGVRPHRIWKHEDVLFFRQFHSWVWKDWDUHHVVHQWLDOLQOD\LQJWKH
JURXQGZRUN IRU RXU MRXUQH\ RI OHDUQLQJ KRZ WR KDFN %HIRUH DFWXDOO\ MXPSLQJ LQWR WKH
KDQGVRQDSSURDFKLWLVKLJKO\QHFHVVDU\IRURQHWRKDYHDWKRURXJKXQGHUVWDQGLQJRIWKH
EDVLFVRIFRPSXWHUQHWZRUNDQGWKHLUZRUNLQJPRGHO,QWKLVFKDSWHU\RXZLOOILQGDEULHI
GHVFULSWLRQ RI YDULRXV FRQFHSWV DQG WHUPLQRORJLHV UHODWHG WR FRPSXWHU QHWZRUNV
HQFU\SWLRQDQGVHFXULW\
COMPUTER NETWORK
$ computer network LV D JURXS RI WZR RU PRUH FRPSXWHUV OLQNHG WRJHWKHU VR WKDW
FRPPXQLFDWLRQ EHWZHHQ LQGLYLGXDO FRPSXWHUV LV PDGH SRVVLEOH 6RPH RI WKH FRPPRQ
W\SHVRIFRPSXWHUQHWZRUNLQFOXGH
Internet
7KHInternetLVWKHODUJHVWQHWZRUNZKLFKLQWHUFRQQHFWVYDULRXV/$1VDQG:$1V,WLVD
JOREDO V\VWHP RI YDULRXV LQWHUFRQQHFWHG FRPSXWHU QHWZRUNV EHORQJLQJ WR JRYHUQPHQW RU
SULYDWHRUJDQL]DWLRQV
NETWORK HOST
$network host RUVLPSO\UHIHUUHGWRDVDKRVWFDQEHDQ\FRPSXWHURUQHWZRUNGHYLFH
FRQQHFWHG WR WKH FRPSXWHU QHWZRUN 7KLV FRPSXWHU FDQ EH D WHUPLQDO RU D ZHE VHUYHU
RIIHULQJVHUYLFHVWRLWVFOLHQWV
NETWORK PROTOCOL
$network protocolRUMXVWUHIHUUHGWRDVSURWRFROLVDVHWRIUXOHVDQGFRQYHQWLRQVWKDW
DUH QHFHVVDU\ IRU WKH FRPPXQLFDWLRQ EHWZHHQ WZR QHWZRUN GHYLFHV )RU H[DPSOH WZR
FRPSXWHUVRQDQHWZRUNFDQFRPPXQLFDWHRQO\LIWKH\DJUHHWRIROORZWKHSURWRFROV
7KHIROORZLQJDUHVRPHRIWKHPRVWZLGHO\UHIHUUHGQHWZRUNSURWRFROV
Types of IP Address:
Public IP Address: $ public IP address LV WKH RQH WKDW LV DVVLJQHG WR D FRPSXWHU
FRQQHFWHGWRWKH,QWHUQHW$QH[DPSOHSXEOLF,3DGGUHVVZRXOGEHVRPHWKLQJOLNH
59.93.115.125
,Q PRVW FDVHV D FRPSXWHU JHWV FRQQHFWHG WR WKH ,63 QHWZRUN XVLQJ D SULYDWH ,3 2QFH D
FRPSXWHU LV RQ WKH ,63 QHWZRUN LW ZLOO EH DVVLJQHG D SXEOLF ,3 DGGUHVV XVLQJ ZKLFK WKH
FRPPXQLFDWLRQZLWKWKH,QWHUQHWLVPDGHSRVVLEOH
Figure 2. 1
,QRUGHUWRILQG\RXUSULYDWH,3MXVWRSHQWKHFRPPDQGSURPSWZLQGRZW\SHcmdLQWKH
5XQER[DQGHQWHUWKHIROORZLQJFRPPDQG
ipconfig/all
Figure 2. 2
7KLV ZLOO GLVSOD\ D ORQJ OLVW RI GHWDLOV DERXW \RXU FRPSXWHUV QHWZRUN GHYLFHV DQG WKHLU
FRQILJXUDWLRQ7RVHH\RXUSULYDWH,3DGGUHVVMXVWVFUROOGRZQWRILQGVRPHWKLQJDV,3Y
$GGUHVVZKLFKLVQRWKLQJEXW\RXUSULYDWH,3
Figure 2. 3
Telnet
TelnetLVDQHWZRUNSURWRFROWKDWDOORZV\RXWRFRQQHFWWRUHPRWHKRVWVRQWKH,QWHUQHWRU
RQ D ORFDO QHWZRUN ,W UHTXLUHV D WHOQHW FOLHQW VRIWZDUH WR LPSOHPHQW WKH SURWRFRO XVLQJ
ZKLFKWKHFRQQHFWLRQLVHVWDEOLVKHGZLWKWKHUHPRWHFRPSXWHU
,Q PRVW FDVHV WHOQHW UHTXLUHV \RX WR KDYH D username DQG D password WR HVWDEOLVK
FRQQHFWLRQ ZLWK WKH UHPRWH KRVW 2FFDVLRQDOO\ VRPH KRVWV DOVR DOORZ XVHUV WR PDNH
FRQQHFWLRQDVDguestRUpublic
$IWHUWKHFRQQHFWLRQLVPDGHRQHFDQXVHWH[WEDVHGFRPPDQGVWRFRPPXQLFDWHZLWKWKH
UHPRWHKRVW7KHV\QWD[IRUXVLQJWKHWHOQHWFRPPDQGLVDVIROORZV
telnet <hostname or IP> port
Example:telnet 127.0.0.1 25
NETWORK PORT
$ FRPSXWHU PD\ EH UXQQLQJ VHYHUDO VHUYLFHV RQ LW OLNH +773 ZHE VHUYHU 6073 )73
DQGVRRQ(DFKRIWKHVHVHUYLFHVDUHXQLTXHO\LGHQWLILHGE\DQXPEHUFDOOHGnetwork port
RUVLPSO\UHIHUUHGWRDVport,IDFRPSXWHUZDQWVWRDYDLODVSHFLILFVHUYLFHIURPDQRWKHU
FRPSXWHU LW KDV WR HVWDEOLVK D FRQQHFWLRQ WR LW RQ WKH H[DFW SRUW QXPEHU ZKHUH WKH
LQWHQGHGVHUYLFHLVUXQQLQJ
)RUH[DPSOHLIDWHUPLQDOLVWRUHTXHVWDZHEGRFXPHQWIURPDUHPRWHVHUYHUXVLQJ+773
LWKDVWRILUVWHVWDEOLVKDFRQQHFWLRQZLWKWKHUHPRWHVHUYHURQSRUW+773VHUYLFHUXQV
RQSRUWEHIRUHSODFLQJWKHUHTXHVW
,QVLPSOHZRUGVSRUWQXPEHUVFDQEHFRPSDUHGWRGRRUQXPEHUVZKHUHHDFKGRRUJUDQWV
DFFHVV WR D VSHFLILF VHUYLFH RQ D FRPSXWHU 7KH IROORZLQJ WDEOH VKRZV D OLVW RI SRSXODU
VHUYLFHVDQGWKHLUGHIDXOWSRUWQXPEHUV
HTTP
80
FTP
21
SMTP
25
TELNET
23
SSH
22
Table 2. 1
NETWORK PACKET
$network packetGDWDSDFNHWGDWDJUDPRUVLPSO\FDOOHGDVSDFNHWLVDEDVLFXQLWRIGDWD
VHQWIURPRQHKRVWWRDQRWKHURYHUDQHWZRUN:KHQGDWDVXFKDVDPDLOPHVVDJHRUD
ILOHKDVWREHWUDQVPLWWHGEHWZHHQWZRKRVWVLWLVIUDJPHQWHGLQWRVPDOOVWUXFWXUHVFDOOHG
SDFNHWVDQGDUHUHDVVHPEOHGDWWKHGHVWLQDWLRQWRPDNHWKHRULJLQDOGDWDFKXQN
(DFKSDFNHWFRQVLVWVRIWKHIUDJPHQWHGGDWDDORQJZLWKWKHQHFHVVDU\LQIRUPDWLRQWKDWZLOO
KHOSLWJHWWRLWVGHVWLQDWLRQVXFKDVWKHsenders IPDGGUHVVLQWHQGHGreceivers IPDGGUHVV
target portQXPEHUWKHtotal number of packetsWKHRULJLQDOGDWDFKXQNKDVEHHQEURNHQ
LQWRDQGWKHsequence numberRIWKHSDUWLFXODUSDFNHW
Figure 2. 4
FIREWALL
)LUHZDOOV DUH EDVLFDOO\ D EDUULHU EHWZHHQ \RXU FRPSXWHU RU D QHWZRUN DQG WKH ,QWHUQHW
RXWVLGHZRUOG$ILUHZDOOFDQEHVLPSO\FRPSDUHGWRDVHFXULW\JXDUGZKRVWDQGVDWWKH
HQWUDQFHRI\RXUKRXVHDQGILOWHUVWKHYLVLWRUVFRPLQJWR\RXUSODFH+HPD\DOORZVRPH
YLVLWRUV WR HQWHU ZKLOH GHQ\ RWKHUV ZKRP KH VXVSHFWV RI EHLQJ LQWUXGHUV 6LPLODUO\ D
ILUHZDOO LV D VRIWZDUH SURJUDP RU D KDUGZDUH GHYLFH WKDW ILOWHUV WKH LQIRUPDWLRQ
SDFNHWVFRPLQJWKURXJKWKH,QWHUQHWWR\RXUSHUVRQDOFRPSXWHURUDFRPSXWHUQHWZRUN
Figure 2. 5
3HUVRQDOILUHZDOOVDUHHDV\WRLQVWDOODQGXVHDQGKHQFHSUHIHUUHGE\HQGXVHUVWRVHFXUH
WKHLUSHUVRQDOFRPSXWHUV+RZHYHULQRUGHUWRPHHWFXVWRPL]HGQHHGVODUJHQHWZRUNVDQG
FRPSDQLHVSUHIHUWKRVHILUHZDOOVWKDWKDYHSOHQW\RIRSWLRQVWRFRQILJXUH
)RU H[DPSOH D FRPSDQ\ PD\ VHW XS GLIIHUHQW ILUHZDOO UXOHV IRU )73 VHUYHUV WHOQHW
VHUYHUV DQG ZHE VHUYHUV ,Q DGGLWLRQ WKH FRPSDQ\ FDQ HYHQ FRQWURO KRZ WKH HPSOR\HHV
FRQQHFWWRWKH,QWHUQHWE\EORFNLQJDFFHVVWRFHUWDLQZHEVLWHVDQGUHVWULFWLQJWKHWUDQVIHURI
ILOHV WR RWKHU QHWZRUNV 7KXV LQ DGGLWLRQ WR VHFXULW\ D ILUHZDOO FDQ JLYH WKH FRPSDQ\ D
WUHPHQGRXVFRQWURORYHUKRZSHRSOHXVHWKHLUQHWZRUN
)LUHZDOOVXVHRQHRUPRUHRIWKHIROORZLQJPHWKRGVWRFRQWUROWKHLQFRPLQJDQGRXWJRLQJ
WUDIILFLQDQHWZRUN
Packet Filtering:,QWKLVPHWKRGSDFNHWVVPDOOFKXQNVRIGDWDDUHDQDO\]HGDJDLQVW
DVHWRIfilters3DFNHWILOWHUVKDVDVHWRIUXOHVWKDWFRPHZLWKDFFHSWDQGGHQ\DFWLRQV
ZKLFK DUH SUHFRQILJXUHG RU FDQ EH FRQILJXUHG PDQXDOO\ E\ WKH ILUHZDOO
DGPLQLVWUDWRU,IWKHSDFNHWPDQDJHVWRPDNHLWWKURXJKWKHVHILOWHUVWKHQLWLVDOORZHG
WRUHDFKWKHGHVWLQDWLRQRWKHUZLVHLWLVGLVFDUGHG
Stateful Inspection:7KLVLVDQHZHUPHWKRGWKDWGRHVQWDQDO\]HWKHFRQWHQWVRIWKH
SDFNHWV ,QVWHDG LW FRPSDUHV FHUWDLQ NH\ DVSHFWV RI HDFK SDFNHW WR D GDWDEDVH RI
WUXVWHG VRXUFH %RWK LQFRPLQJ DQG RXWJRLQJ SDFNHWV DUH FRPSDUHG DJDLQVW WKLV
GDWDEDVH DQG LI WKH FRPSDULVRQ \LHOGV D UHDVRQDEOH PDWFK WKHQ WKH SDFNHWV DUH
DOORZHGWRWUDYHOIXUWKHU2WKHUZLVHWKH\DUHGLVFDUGHG
Firewall Configuration:
)LUHZDOOVFDQEHFRQILJXUHGE\DGGLQJRQHRUPRUHILOWHUVEDVHGRQVHYHUDOFRQGLWLRQVDV
PHQWLRQHGEHORZ
IP addresses:,QDQ\FDVHLIDQ,3DGGUHVVRXWVLGHWKHQHWZRUNLVVDLGWREH
XQIDYRXUDEOHWKHQLWLVSRVVLEOHWRVHWILOWHUWREORFNDOOWKHWUDIILFWRDQGIURP
WKDW,3DGGUHVV)RUH[DPSOHLIDFHUWDLQ,3DGGUHVVLVIRXQGWREHPDNLQJWRR
PDQ\ FRQQHFWLRQV WR D VHUYHU WKH DGPLQLVWUDWRU PD\ GHFLGH WR EORFN
WUDIILFIURPWKLV,3XVLQJWKHILUHZDOO
Domain names:6LQFHLWLVGLIILFXOWWRUHPHPEHUWKH,3DGGUHVVHVLWLVDQ
HDVLHU DQG VPDUWHU ZD\ WR FRQILJXUH WKH ILUHZDOOV E\ DGGLQJ ILOWHUV EDVHG RQ
GRPDLQQDPHV%\VHWWLQJXSDGRPDLQILOWHUDFRPSDQ\PD\GHFLGHWREORFNDOO
DFFHVV WR FHUWDLQ GRPDLQ QDPHV RU PD\ SURYLGH DFFHVV RQO\ WR D OLVW RI
VHOHFWHGGRPDLQQDPHV
Ports/Protocols: ,IWKHVHUYLFHVUXQQLQJRQDJLYHQSRUWLVLQWHQGHGIRUWKH
SXEOLFRUQHWZRUNXVHUVWKH\DUHXVXDOO\NHSWRSHQ2WKHUZLVHWKH\DUHEORFNHG
XVLQJ WKH ILUHZDOO VR DV WR SUHYHQW LQWUXGHUV IURP XVLQJ WKH RSHQ SRUWV IRU
PDNLQJXQDXWKRUL]HGFRQQHFWLRQV
Specific words or phrases:$ILUHZDOOFDQEHFRQILJXUHGWRILOWHURQHRUPRUH
VSHFLILF ZRUGV RU SKUDVHV VR WKDW ERWK WKH LQFRPLQJ DQG RXWJRLQJ SDFNHWV DUH
VFDQQHGIRUWKHZRUGVLQWKHILOWHU
)RU H[DPSOH \RX PD\ VHW XS D ILUHZDOO UXOH WR ILOWHU DQ\ SDFNHW WKDW
FRQWDLQVDQRIIHQVLYHWHUPRUDSKUDVHWKDW\RXPD\GHFLGHWREORFNIURP
HQWHULQJRUOHDYLQJ\RXUQHWZRUN
PROXY SERVER
,QDFRPSXWHUQHWZRUNDproxy serverLVDQ\FRPSXWHUV\VWHPRIIHULQJDVHUYLFHWKDWDFWV
DVDQLQWHUPHGLDU\EHWZHHQWKHWZRFRPPXQLFDWLQJSDUWLHVWKHFOLHQWDQGWKHVHUYHU
,QWKHSUHVHQFHRIDSUR[\VHUYHUWKHUHLVQRGLUHFWFRPPXQLFDWLRQEHWZHHQWKHFOLHQWDQG
WKHVHUYHU,QVWHDGWKHFOLHQWFRQQHFWVWRWKHSUR[\VHUYHUDQGVHQGVUHTXHVWVIRUUHVRXUFHV
VXFKDVDGRFXPHQWZHESDJHRUDILOHWKDWUHVLGHVRQDUHPRWHVHUYHU7KHSUR[\VHUYHU
KDQGOHV WKLV UHTXHVW E\ IHWFKLQJ WKH UHTXLUHG UHVRXUFHV IURP WKH UHPRWH VHUYHU DQG
IRUZDUGLQJWKHVDPHWRWKHFOLHQW
Figure 2. 6
$SUR[\VHUYHULVPRVWZLGHO\XVHGWRFRQFHDOWKH,3DGGUHVVRUWKHRULJLQRIWKH,QWHUQHW
XVHUVGXULQJWKHLUDFWLYLW\6LQFHLWWKHSUR[\VHUYHUZKLFKKDQGOHVWKHUHTXHVWVEHWZHHQ
WKHFOLHQWDQGWKHWDUJHWRQO\WKH,3DGGUHVVRIWKHSUR[\VHUYHULVH[SRVHGWRWKHRXWVLGH
ZRUOG DQG QRW WKH DFWXDO RQH 7KHUHIRUH PRVW KDFNHUV XVH D SUR[\ VHUYHU GXULQJ WKH
DWWDFNVRQWKHLUWDUJHWVRWKDWLWZRXOGEHKDUGWRWUDFHEDFNWRWKHP
/LQX[ LV D 81,;OLNH RSHUDWLQJ V\VWHP ZKLFK LV RSHQVRXUFH DQG IUHHO\ DYDLODEOH IRU
GRZQORDG&RPSDUHGWR:LQGRZVRSHUDWLQJV\VWHP/LQX[LVPRUHVHFXUHVWDEOHUHOLDEOH
PXOWLXVHUFDSDEOHDQGFRPSDWLEOHZLWKERWKVHUYHUDQGGHVNWRSXVDJH7KLVPDNHVLWRQH
RIWKHPRVWSRSXODURSHUDWLQJV\VWHPQH[WWR:LQGRZV
WHY LINUX?
$V DQ HWKLFDO KDFNHU LW LV PRVW HVVHQWLDO WR KDYH D VRXQG XQGHUVWDQGLQJ RI WKH /LQX[
SODWIRUPLWVXVDJHDQGFRPPDQGV/LQX[LVZLGHO\UHFRJQL]HGDVWKHKDFNHUVRSHUDWLQJ
V\VWHPDQGLI\RXDUHZRQGHULQJZK\WKHUHDVRQVDUHEHORZ
6LQFHLWLVDIUHHZDUHKLJKO\VHFXUHDQGVWDEOHRSHUDWLQJV\VWHPPLOOLRQVRIVHUYHUV
RQWKH,QWHUQHWUXQVRQ/LQX[
6RPHRIWKHEHVWKDFNLQJVFULSWVDQGSURJUDPVDUHGHVLJQHGRQO\IRU/LQX[
DQGqVWDQGVIRUquit7KLVVKRXOGVDYHFKDQJHVWR\RXUILOHFORVHWKHYLHGLWRUDQGWDNH
\RXEDFNWRWKH#SURPSW,I\RXDUHWRTXLWZLWKRXWVDYLQJFKDQJHVMXVWW\SH:q!LQVWHDGRI
ZTDQGKLWEnter
Figure 3. 7
:KHQ \RX KLW Enter \RX DUH DVNHG IRU GHOHWH FRQILUPDWLRQ -XVW W\SH y DQG KLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHILOHVDPSOHILOH
7RGHOHWHDGLUHFWRU\DQGDOOLWVFRQWHQWVXVHWKHIROORZLQJFRPPDQG
# rm -r VDPSOHGLU
:KHQ\RXKLWEnter\RXDUHDVNHGIRUDGHOHWHFRQILUPDWLRQ-XVWW\SHyDQGKLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHGLUHFWRU\VDPSOHGLUDQGDOOWKHFRQWHQWV
LQVLGHLW
Logging Out
2QFH \RX DUH GRQH ZLWK \RXU ZRUN \RX FDQ FORVH WKH WHUPLQDO ZLQGRZ XVLQJ WKH exit
FRPPDQGDVIROORZV
# exit
SSH on Linux
,I\RXDUHRQD/LQX[FRPSXWHUFRQQHFWLQJWRDQRWKHU/LQX[FRPSXWHULVYHU\HDV\-XVW
RSHQWKHTerminalZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
Command Syntax:ssh XVHUQDPH#KRVW
+HUHusernamePHDQVXVHUQDPHRI\RXUDFFRXQWRQWKHUHPRWHFRPSXWHUDQGhostFDQEH
Ddomain nameVXFKDV[\]FRPRUWKHIP addressRIWKHUHPRWHFRPSXWHU7KHIROORZLQJ
H[DPSOHVPDNHLWPRUHFOHDU
# ssh MRKQ#[\]FRP
# ssh MRKQ#
# ssh URRW#[\]FRP
# ssh URRW#
,IWKHXVHUH[LVWVRQWKHWDUJHWPDFKLQHWKHFRQQHFWLRQZLOOEHHVWDEOLVKHGDQG\RXZLOOEH
DVNHG WR HQWHU WKH password 2QFH \RX HQWHU WKH SDVVZRUG DQG KLW Enter SDVVZRUG
HQWHUHGZLOOEHLQYLVLEOHGXHWRVHFXULW\UHDVRQV\RXZLOOEHJUDQWHGDFFHVVWRWKHWDUJHW
/LQX[ PDFKLQH ZKHUH \RX DUH IUHH WR H[HFXWH DQ\ FRPPDQG RQ LW DV GLVFXVVHG LQ WKH
SUHYLRXVVHFWLRQ
SSH on Windows
<RXFDQFRQQHFWWRDUHPRWH/LQX[PDFKLQHHYHQLI\RXDUHXVLQJD:LQGRZVFRPSXWHU
7KLVFDQEHGRQHXVLQJDVPDOOIUHHZDUHSURJUDPFDOOHGPuTTYZKLFKLVDQ66+FOLHQW
DQGDWHUPLQDOHPXODWRUIRU:LQGRZV<RXFDQGRZQORDGLWIURPWKHOLQNEHORZ
Download PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
$IWHUWKHGRZQORDGGRXEOHFOLFNRQWKHDSSOLFDWLRQputty.exeHQWHUWKHhostnameRU IP
DGGUHVV RI WKH WDUJHW PDFKLQH VHOHFW WKH SSH RSWLRQ DQG FOLFN RQ WKH EXWWRQ 2SHQ DV
VKRZQLQWKHEHORZVQDSVKRW
$ directory structure LV WKH ZD\ LQ ZKLFK WKH ILOH V\VWHP DQG LWV ILOHV RI DQ RSHUDWLQJ
V\VWHPDUHGLVSOD\HGWRWKHXVHU3HRSOHZKRDUHQHZWRWKH/LQX[RSHUDWLQJV\VWHPDQG
WKHVWUXFWXUHRILWVFile SystemRIWHQILQGLWWURXEOHVRPHDQGPHVVHGXSLQGHDOLQJZLWK
WKHILOHVDQGWKHLUORFDWLRQ6ROHWXVEHJLQWRH[SORUHVRPHRIWKHEDVLFLQIRUPDWLRQDERXW
WKH/LQX[)LOH6\VWHP
$Q\VWDQGDUG/LQX[GLVWULEXWLRQKDVWKHIROORZLQJGLUHFWRU\VWUXFWXUHDVVKRZQEHORZ
Figure 3. 2
%HORZLVDEULHIGHVFULSWLRQRIWKHSXUSRVHDQGFRQWHQWVRIHDFKGLUHFWRU\
/ - ROOT Directory
(YHU\VLQJOHILOHDQGWKHGLUHFWRU\RIWKH/LQX[ILOHV\VWHPVWDUWVIURPWKHroot directory
2QO\URRWXVHUKDVWKHZULWHSULYLOHJHWRWKLVGLUHFWRU\
/bin - Binaries
&RQWDLQV H[HFXWDEOH ELQDU\ ILOHV UHTXLUHG IRU ERRWLQJ DQG UHSDLULQJ RI WKH V\VWHP $OVR
FRQWDLQVILOHDQGFRPPDQGVUHTXLUHGWRUXQLQVLQJOHXVHUPRGHVXFKDVlspinggrepHWF
&RQWDLQV FRQILJXUDWLRQ ILOHV UHTXLUHG E\ DOO SURJUDPV ,W DOVR FRQWDLQV start-up DQG
shutdownVKHOOVFULSWVXVHGWRstartRUstopLQGLYLGXDOSURJUDPV
Linux Commands
$OO FRPPDQGV LQ /LQX[ DUH W\SHG LQ ORZHUFDVH DQG DUH FDVH VHQVLWLYH (DFK /LQX[
FRPPDQG KDV WR EH W\SHG DQG H[HFXWHG LQ D ZLQGRZ FDOOHG terminal emulator RU
VLPSO\ UHIHUUHG WR DV D terminal ,W LV D SURJUDP VLPLODU WR WKH command prompt RI
0LFURVRIW:LQGRZVZKHUHDXVHUFDQUXQWKHFRPPDQGVDQGJHWWKHUHVXOWVGLVSOD\HG$
WHUPLQDO VLPSO\ WDNHV WKH XVHU FRPPDQGV SDVVHV LW RQ WR WKH VKHOO IRU H[HFXWLRQ DQG
GLVSOD\VWKHUHVXOWVEDFNWRWKHXVHU
7R UXQ FRPPDQGV LQ WKH WHUPLQDO \RX ZLOO KDYH WR ILUVW ORDG WKH /LQX[ IURP WKH /LYH
'9'WKDW\RXKDYHFUHDWHG7RGRWKLVMXVWLQVHUWWKH.DOL/LQX['9'LQWRWKHGULYHERRW
IURPLWDQGVHOHFWWKH/LYHRSWLRQ2QFHWKHERRWLQJLVFRPSOHWHG\RXVKRXOGVHH\RXU
GHVNWRSORDGHGRQ\RXUVFUHHQ
7RVWDUWWKHWHUPLQDOZLQGRZMXVWFOLFNright-click RQ WKH GHVNWRS DQG VHOHFW WKH RSWLRQ
Open in Terminal DVVKRZQLQWKHEHORZVQDSVKRW
Figure 3. 3
2QFHWKHterminal windowLVORDGHG\RXVKRXOGEHDEOHWRVWDUWW\SLQJWKHFRPPDQGV$
VQDSVKRWRIWKHterminal windowLVVKRZQEHORZ
Figure 3. 4
Creating Files
7KHUH DUH WZR FRPPDQGV IRU FUHDWLQJ ILOHV touch DQG cat +HUH LV KRZ WKH\ DUH WR EH
XVHG
# touch VDPSOH
7KLV FUHDWHV DQ HPSW\ ILOH FDOOHG VDPSOH ,I \RX ZDQW WR FUHDWH PXOWLSOH HPSW\ ILOHV
TXLFNO\LWFDQEHGRQHDVIROORZV
# touch VDPSOHVDPSOHVDPSOHVDPSOHVDPSOH
,QRUGHUWRVWRUHDIHZOLQHVRIGDWDRQWRWKHILOHMXVWW\SHWKHIROORZLQJFRPPDQG
#cat ! VDPSOH
:KHQ\RXSUHVVWKHEnterNH\\RXZLOOILQGWKHFXUVRUSRVLWLRQHGLQWKHQH[WOLQHZDLWLQJ
IRU \RX WR W\SH WKH FRQWHQW WKDW \RX ZDQW WR VWRUH LQ WKH ILOH VDPSOH -XVW W\SH LQ WKH
IROORZLQJOLQH
This is a sample file containing some sample text.
2QFH \RX DUH GRQH SUHVV Ctrl+D 7KLV ZLOO VDYH WKH FRQWHQWV RQWR WKH ILOH DQG
DXWRPDWLFDOO\ WDNH \RX EDFN WR WKH # SURPSW 1RZ WR GLVSOD\ WKH FRQWHQWV RI WKH ILOH
VDPSOHMXVWW\SHWKHFRPPDQGDVIROORZV
# cat VDPSOH
7KLVVKRXOGGLVSOD\WKHFRQWHQWVRIWKHILOHDVVKRZQLQWKHVQDSVKRWEHORZ
Figure 3. 5
Editing Files
7RHGLWDJLYHQILOHRQHKDVWRXVHWKHYLFRPPDQG,QRUGHUWRHGLWDJLYHQILOHVDPSOH
WKHFRPPDQGLVDVIROORZV
# vi VDPSOH
:KHQ\RXW\SHWKHDERYHFRPPDQGDQGKLWEnter\RXVKRXOGVHHWKHFRQWHQWVRIWKHILOH
VDPSOHGLVSOD\HGLQWKHYLHGLWRUZLQGRZDVVKRZQLQWKH)LJXUH
Figure 3. 6
,QRUGHUWRVWDUW\RXUHGLWSURFHVV\RXQHHGWRHQWHUWKHINSERTPRGHE\SUHVVLQJWKHNH\
i 1RZ \RXU FXUVRU VKRXOG PRYH IUHHO\ LQVLGH WKH HGLWRU ZLQGRZ DOORZLQJ \RX WR PDNH
QHFHVVDU\FKDQJHVWRWKHFRQWHQW2QFH\RXDUHGRQHZLWKWKHHGLWLQJSUHVVWKHEscNH\
1RZW\SH:wqDVVKRZQLQWKHEHORZVQDSVKRWDQGKLWEnter7KHwVWDQGVIRUwritesave
DQGqVWDQGVIRUquit7KLVVKRXOGVDYHFKDQJHVWR\RXUILOHFORVHWKHYLHGLWRUDQGWDNH
\RXEDFNWRWKH#SURPSW,I\RXDUHWRTXLWZLWKRXWVDYLQJFKDQJHVMXVWW\SH:q!LQVWHDGRI
ZTDQGKLWEnter
Figure 3. 7
:KHQ \RX KLW Enter \RX DUH DVNHG IRU GHOHWH FRQILUPDWLRQ -XVW W\SH y DQG KLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHILOHVDPSOHILOH
7RGHOHWHDGLUHFWRU\DQGDOOLWVFRQWHQWVXVHWKHIROORZLQJFRPPDQG
# rm -r VDPSOHGLU
:KHQ\RXKLWEnter\RXDUHDVNHGIRUDGHOHWHFRQILUPDWLRQ-XVWW\SHyDQGKLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHGLUHFWRU\VDPSOHGLUDQGDOOWKHFRQWHQWV
LQVLGHLW
Logging Out
2QFH \RX DUH GRQH ZLWK \RXU ZRUN \RX FDQ FORVH WKH WHUPLQDO ZLQGRZ XVLQJ WKH exit
FRPPDQGDVIROORZV
# exit
SSH on Linux
,I\RXDUHRQD/LQX[FRPSXWHUFRQQHFWLQJWRDQRWKHU/LQX[FRPSXWHULVYHU\HDV\-XVW
RSHQWKHTerminalZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
Command Syntax:ssh XVHUQDPH#KRVW
+HUHusernamePHDQVXVHUQDPHRI\RXUDFFRXQWRQWKHUHPRWHFRPSXWHUDQGhostFDQEH
Ddomain nameVXFKDV[\]FRPRUWKHIP addressRIWKHUHPRWHFRPSXWHU7KHIROORZLQJ
H[DPSOHVPDNHLWPRUHFOHDU
# ssh MRKQ#[\]FRP
# ssh MRKQ#
# ssh URRW#[\]FRP
# ssh URRW#
,IWKHXVHUH[LVWVRQWKHWDUJHWPDFKLQHWKHFRQQHFWLRQZLOOEHHVWDEOLVKHGDQG\RXZLOOEH
DVNHG WR HQWHU WKH password 2QFH \RX HQWHU WKH SDVVZRUG DQG KLW Enter SDVVZRUG
HQWHUHGZLOOEHLQYLVLEOHGXHWRVHFXULW\UHDVRQV\RXZLOOEHJUDQWHGDFFHVVWRWKHWDUJHW
/LQX[ PDFKLQH ZKHUH \RX DUH IUHH WR H[HFXWH DQ\ FRPPDQG RQ LW DV GLVFXVVHG LQ WKH
SUHYLRXVVHFWLRQ
SSH on Windows
<RXFDQFRQQHFWWRDUHPRWH/LQX[PDFKLQHHYHQLI\RXDUHXVLQJD:LQGRZVFRPSXWHU
7KLVFDQEHGRQHXVLQJDVPDOOIUHHZDUHSURJUDPFDOOHGPuTTYZKLFKLVDQ66+FOLHQW
DQGDWHUPLQDOHPXODWRUIRU:LQGRZV<RXFDQGRZQORDGLWIURPWKHOLQNEHORZ
Download PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
$IWHUWKHGRZQORDGGRXEOHFOLFNRQWKHDSSOLFDWLRQputty.exeHQWHUWKHhostnameRU IP
DGGUHVV RI WKH WDUJHW PDFKLQH VHOHFW WKH SSH RSWLRQ DQG FOLFN RQ WKH EXWWRQ 2SHQ DV
VKRZQLQWKHEHORZVQDSVKRW
WHAT IS FOOTPRINTING?
Footprinting UHIHUV WR WKH SURFHVV RI JDWKHULQJ LQIRUPDWLRQ DERXW D VSHFLILF FRPSXWHU
V\VWHPRUDQHWZRUNHQYLURQPHQWDQGWKHFRPSDQ\LWEHORQJVWR7KLVLVWKHSUHSDUDWRU\
SKDVHIRUWKHKDFNHUZKHUHKHJDWKHUVDVPXFKLQIRUPDWLRQDVKHFDQVRDVWRILQGZD\VWR
LQWUXGHLQWRWKHWDUJHW)RRWSULQWLQJFDQUHYHDOWKHYXOQHUDELOLWLHVRIWKHWDUJHWV\VWHPDQG
LPSURYHWKHZD\VLQZKLFKWKH\FDQEHH[SORLWHG
)RRWSULQWLQJKDVWREHGRQHLQDVORZDQGPHWKRGRORJLFDOPDQQHUZKHUHWKHKDFNHUVSHQGV
RI KLV WLPH LQ EOXHSULQWLQJ WKH VHFXULW\ SURILOH RI WKH WDUJHW DQG RQO\ LQ
ODXQFKLQJ WKH DWWDFN )RRWSULQWLQJ FDQ DFWXDOO\ KHOS KDFNHU GHFLGH RQ WKH W\SH RI DWWDFN
WKDWLVPRVWVXLWDEOHIRUWKHWDUJHW
FURTHER REFERENCES
7KLVFKDSWHUKDVGHDOWZLWKVRPHRIWKHEDVLFFRQFHSWVDQGFRPPDQGH[DPSOHVRI/LQX[
RSHUDWLQJV\VWHPVRDVWROD\WKHJURXQGZRUNIRU\RXUIXUWKHUOHDUQLQJ,QRUGHUWRHPHUJH
DV D SURIHVVLRQDO KDFNHU LW LV QHFHVVDU\ WR KDYH D VRXQG XQGHUVWDQGLQJ RQ /LQX[ DQG
PDVWHU LWV FRPPDQGV )RU WKLV UHDVRQ , KDYH D IHZ UHFRPPHQGDWLRQV IRU \RXU IXUWKHU
UHIHUHQFHV
+HUHLVDOLVWRIVRPHRIWKHXVHIXOZHEVLWHVWRH[SDQG\RXU/LQX[NQRZOHGJH
Linux Official Website
+HUHLVDOLVWRIVRPHRIWKHJUHDWERRNVZRUWKUHDGLQJ
How Linux Works
Chapter 4 - Programming
7KHQHHGWRSRVVHVVWKHNQRZOHGJHRISURJUDPPLQJDVDKDFNHULVRQHRIWKHPRVWGHEDWHG
WRSLFVLQWKHKDFNHUVFRPPXQLW\(YHQWKRXJKWKHDYDLODELOLW\RIDYDULHW\RIUHDG\PDGH
WRROV RQ WKH ,QWHUQHW KDV FRQVLGHUDEO\ HOLPLQDWHG WKH QHHG IRU SURJUDPPLQJ PDQ\ VWLOO
DUJXHWKDWKDYLQJDNQRZOHGJHRISURJUDPPLQJFDQEHDJUHDWDGYDQWDJHIRUWKHKDFNHU
WHY PROGRAMMING?
$WWKLVSRLQW\RXPLJKWEHDVNLQJ\RXUVHOI'R,QHHGWROHDUQSURJUDPPLQJ":HOOWKLV
TXHVWLRQLVKDUGWRDQVZHUDVLWDOOGHSHQGVRQLQGLYLGXDOJRDOV:KLOHVRPHSHRSOHKDWH
SURJUDPPLQJDQGORYHWRVWLFNZLWKUHDGLO\DYDLODEOHWRROVWKHUHDUHDIHZZKRZRXOGOLNH
WRJLYHSURJUDPPLQJDWU\5HPHPEHULWLVVWLOOSRVVLEOHWREHDIDLUO\JRRGHWKLFDOKDFNHU
ZLWKRXW NQRZLQJ DQ\ SURJUDPPLQJ DW DOO SURYLGHG \RX UHDOO\ PDVWHU WKH WKHRUHWLFDO
FRQFHSWVRIKDFNLQJDQGNQRZKRZWRXVHWKHWRROVHIIHFWLYHO\
+RZHYHU LI \RX DUH WR WDNH P\ SHUVRQDO DGYLFH , VWLOO UHFRPPHQG WKDW \RX OHDUQ VRPH
EDVLFVRISURJUDPPLQJVRWKDW\RXZLOOKDYHDPXFKEHWWHUXQGHUVWDWLQJRIWKHVLWXDWLRQV
$NQRZOHGJHRISURJUDPPLQJFDQJLYH\RXWKHIROORZLQJDGGHGEHQHILWV
<RXFDQFRGH\RXURZQH[SORLWIRUIUHVKO\GLVFRYHUHGYXOQHUDELOLWLHVZLWKRXWKDYLQJ
WRZDLWIRUVRPHRQHWRGHYHORSDWRRO
<RXFDQPRGLI\WKHH[LVWLQJVRXUFHFRGHWRPHHW\RXUFXVWRPL]HGQHHGV
<RXZLOOEHUHJDUGHGDVDQHOLWHHWKLFDOKDFNHULQWKHKDFNHUVFRPPXQLW\
$WODVW\RXFDQDYRLGSHRSOHFODVVLI\LQJ\RXDVDVFULSWNLGGLH
Learn-C
C4Learn
2QFH \RX DUH GRQH ZLWK WKH EDVLFV RI & OHDUQLQJ +70/, 3+3 DQG -DYD6FULSW EHFRPHV
IDLUO\ VLPSOH 7KH IROORZLQJ DUH WKH IUHHO\ DYDLODEOH ZHEVLWHV WR OHDUQ +70/ 3+3 DQG
-DYD6FULSW
HTML Tutorial w3schools
,Q DGGLWLRQ WR IUHH UHVRXUFHV \RX FDQ HYHQ FRQVLGHU SXUFKDVLQJ ERRNV LI \RX DUH PRUH
VHULRXVDERXWSURJUDPPLQJ7KHIROORZLQJDUHIHZRIWKHJUHDWERRNVZRUWKUHDGLQJ
The C Programming Language
Programming PHP
2QFH\RXKDYHPDGHXS\RXUPLQG\RXFDQVWDUWWROHDUQDQGSUDFWLFHSURJUDPPLQJDVD
VHSDUDWH MRXUQH\ ZLWKRXW KDYLQJ WR SDXVH SXUVXLQJ \RXU KDFNLQJ WXWRULDOV ,Q PRVW
FLUFXPVWDQFHV HWKLFDO KDFNLQJ RU SHQHWUDWLRQ WHVWLQJ LV LQGHSHQGHQW RI SURJUDPPLQJ DQG
KHQFH\RXFDQOHDUQWKHPVLPXOWDQHRXVO\,I\RXDUHQRW\HWUHDG\IRUSURJUDPPLQJ\RX
PD\HYHQFRPSOHWHUHDGLQJWKLVERRNDQGODWHUGHFLGHRQSURJUDPPLQJ
Chapter 5 - Footprinting
%HIRUHWKHUHDOIXQRIKDFNLQJEHJLQVWKHUHFRPHVWZRLPSRUWDQWVWHSVLQWKHLQWHOOLJHQFH
JDWKHULQJSURFHVVNQRZQDVfootprinting DQGscanningWREHSHUIRUPHGE\WKHKDFNHU7KLV
FKDSWHU ZLOO GHDO ZLWK WKH first VWHS FDOOHG footprinting ZKLFK VLPSO\ PHDQV JDWKHULQJ
LQIRUPDWLRQDERXWWKHWDUJHW
WHAT IS FOOTPRINTING?
Footprinting UHIHUV WR WKH SURFHVV RI JDWKHULQJ LQIRUPDWLRQ DERXW D VSHFLILF FRPSXWHU
V\VWHPRUDQHWZRUNHQYLURQPHQWDQGWKHFRPSDQ\LWEHORQJVWR7KLVLVWKHSUHSDUDWRU\
SKDVHIRUWKHKDFNHUZKHUHKHJDWKHUVDVPXFKLQIRUPDWLRQDVKHFDQVRDVWRILQGZD\VWR
LQWUXGHLQWRWKHWDUJHW)RRWSULQWLQJFDQUHYHDOWKHYXOQHUDELOLWLHVRIWKHWDUJHWV\VWHPDQG
LPSURYHWKHZD\VLQZKLFKWKH\FDQEHH[SORLWHG
)RRWSULQWLQJKDVWREHGRQHLQDVORZDQGPHWKRGRORJLFDOPDQQHUZKHUHWKHKDFNHUVSHQGV
RI KLV WLPH LQ EOXHSULQWLQJ WKH VHFXULW\ SURILOH RI WKH WDUJHW DQG RQO\ LQ
ODXQFKLQJ WKH DWWDFN )RRWSULQWLQJ FDQ DFWXDOO\ KHOS KDFNHU GHFLGH RQ WKH W\SH RI DWWDFN
WKDWLVPRVWVXLWDEOHIRUWKHWDUJHW
https://who.is/
http://whois.domaintools.com/
$VDPSOH:KRLV/RRNXSSHUIRUPHGRQIDFHERRNFRPDWhttp://www.whois.com/whois/
VKRZVWKHIROORZLQJLQIRUPDWLRQ
Figure 5. 1
FUXFLDO7KLVFDQEHHDVLO\IRXQGRXWXVLQJWKHIROORZLQJZHEVLWH
WhoIsHostingThis: http://www.whoishostingthis.com/
-XVW YLVLW WKH DERYH ZHEVLWH DQG HQWHU WKH GRPDLQ QDPH RI \RXU FKRLFH WR REWDLQ LWV ,3
DGGUHVVDVZHOODVWKHQDPHRILWVKRVWLQJSURYLGHUDVVKRZQEHORZ
Figure 5. 2
$V \RX FDQ VHH IURP WKH DERYH VQDSVKRW D TXHU\ RQ IDFHERRNFRP UHYHDOV LWV IP
addresshosting providerDQGDOVRWKHname serversDVVRFLDWHGZLWKLW
$VQDSVKRWRIVDPSOHTXHU\IRUWKH,3DGGUHVV173.252.120.6RQip2location.comZHEVLWH
LVVKRZQEHORZ
Figure 5. 3
9LVLW WKH DERYH 85/ DQG LQVHUW WKH IP address RI DQ\ JLYHQ ZHEVLWH LQ WKH Search
WhoisER[IRXQGDWWKHWRSULJKWFRUQHURIWKHZHESDJH+HUHLVDVQDSVKRWVKRZLQJWKH
UHVXOWVRIDVDPSOHTXHU\SHUIRUPHGRQWKH)DFHERRNV,3DGGUHVV173.252.120.6
Figure 5. 4
Traceroute
Traceroute LV D QHWZRUN GLDJQRVWLF WRRO WR LGHQWLI\ WKH DFWXDO SDWK URXWH WKDW WKH
LQIRUPDWLRQSDFNHWVWDNHVWRWUDYHOIURPVRXUFHWRGHVWLQDWLRQ7KHVRXUFHZLOOEH\RXU
RZQ FRPSXWHU FDOOHG localhost 7KH GHVWLQDWLRQ FDQ EH DQ\ KRVW RU VHUYHU RQ WKH ORFDO
QHWZRUNRU,QWHUQHW
7KH WUDFHURXWH WRRO LV DYDLODEOH RQ ERWK :LQGRZV DQG /LQX[ 7KH FRPPDQG V\QWD[ IRU
:LQGRZVLVDVIROORZV
tracert WDUJHWGRPDLQRU,3
7KHFRPPDQGV\QWD[IRU/LQX[LVDVIROORZV
traceroute WDUJHWGRPDLQRU,3
8VXDOO\ WKH WUDQVIHU RI LQIRUPDWLRQ IURP RQH FRPSXWHU WR DQRWKHU ZLOO QRW KDSSHQ LQ D
VLQJOHMXPS,WLQYROYHVDFKDLQRIVHYHUDOFRPSXWHUVDQGQHWZRUNGHYLFHVFDOOHGhopsWR
WUDQVPLWLQIRUPDWLRQIURPVRXUFHWRGHVWLQDWLRQ7UDFHURXWHLGHQWLILHVHDFKKRSRQWKDWOLVW
DQG WKH DPRXQW RI WLPH LW WDNHV WR WUDYHO IURP RQH KRS WR DQRWKHU $ VQDSVKRW RI WKH
WUDFHURXWHSHUIRUPHGRQJRRJOHFRPXVLQJD:LQGRZVFRPSXWHULVVKRZQEHORZ
Figure 5. 5
$VVKRZQLQWKHDERYHVQDSVKRWWKHWUDFHURXWHWRROLGHQWLILHVDOOWKHKRSVSUHVHQWLQWKH
SDWKWUDYHUVHGE\SDFNHWVIURPVRXUFHWRGHVWLQDWLRQ+HUH192.168.0.1LVWKHSULYDWH,3
DQG 117.192.208.1 LV WKH SXEOLF ,3 RI WKH VRXUFH P\ FRPSXWHU 74.125.236.66 LV WKH
GHVWLQDWLRQ,3DGGUHVV*RRJOHVVHUYHU$OOWKHUHPDLQLQJ,3DGGUHVVHVVKRZQLQEHWZHHQ
WKHVRXUFHDQGWKHGHVWLQDWLRQEHORQJWRFRPSXWHUVWKDWDVVLVWLQFDUU\LQJWKHLQIRUPDWLRQ
-XVWXVHWKHDERYHOLQNWRYLVLWWKH:D\%DFN0DFKLQHZHEVLWHDQGW\SHLQWKH85/RIWKH
WDUJHWZHEVLWH<RXVKRXOGJHWDOLVWRIDUFKLYHVRIWKHZHEVLWHOLVWHGLQDPRQWKE\PRQWK
DQG\HDUO\EDVLVDVVKRZQLQWKHVQDSVKRWEHORZ
Figure 5. 6
COUNTERMEASURES
, KRSH \RX DUH QRZ DZDUH RI VHYHUDO ZD\V XVLQJ ZKLFK \RX FDQ VXFFHVVIXOO\ SHUIRUP
IRRWSULQWLQJWRJDWKHUDZKROHORWRILQIRUPDWLRQDERXWWKHWDUJHW2QFH\RXDUHGRQHZLWK
RUJDQL]LQJ WKH GDWD WKDW \RX KDYH REWDLQHG WKURXJK WKH IRRWSULQWLQJ SURFHVV \RX FDQ VLW
EDFNDQGDQDO\]HWKHPWRILQGRXWSRVVLEOHYXOQHUDELOLWLHVLQDQ\RIWKHWHFKQRORJLHVXVHG
LQWKHZHEVLWH
0DQ\QHWZRUNDGPLQLVWUDWRUVRIWHQIDLOWRXSGDWHYXOQHUDEOHVRIWZDUHDQGVFULSWVUXQQLQJ
RQWKHLUVHUYHUWRWKHODWHVWYHUVLRQ7KLVFDQRSHQDQRSSRUWXQLW\IRUWKHKDFNHUWRH[SORLW
DQGJDLQDFFHVVWRWKHV\VWHP7KHUHIRUHLWLVLPSRUWDQWWRLGHQWLI\DQGSDWFKWKHH[LVWLQJ
YXOQHUDELOLWLHVRQDUHJXODUEDVLVDQGDOVROLPLWWKHDPRXQWRIVHQVLWLYHLQIRUPDWLRQOHDNHG
WRWKH,QWHUQHW
Chapter 6 - Scanning
$IWHUJDWKHULQJDYDULHW\RILQIRUPDWLRQDERXWWKHWDUJHWWKURXJKfootprintingLWLVWLPHWR
PRYHRQWRWKHQH[WVWHSFDOOHGscanning6FDQQLQJLVWKHVHFRQGVWHSLQWKHLQWHOOLJHQFH
JDWKHULQJ SURFHVV RI D KDFNHU ZKHUH LQIRUPDWLRQ DERXW VSHFLILF ,3 DGGUHVVHV RSHUDWLQJ
V\VWHPV WKHLU DUFKLWHFWXUH DQG VHUYLFHV UXQQLQJ RQ FRPSXWHUV FDQ EH REWDLQHG 8QOLNH
footprinting ZKLFK JDWKHUV LQIRUPDWLRQ SDVVLYHO\ IURP YDULRXV WKLUG SDUW\ VRXUFHV
scanningLQYROYHVDFWLYHO\HQJDJLQJZLWKWKHWDUJHWWRREWDLQLQIRUPDWLRQ
,IWKHWDUJHWLVDOLYHDQGRQOLQH\RXVKRXOGJHWDUHSO\IURPWKHWDUJHWRU\RXLIWKHWDUJHWLV
QRWDOLYH\RXZLOOJHWDUHVSRQVHVD\LQJSLQJUHTXHVWFDQQRWILQGWKHKRVW
Angry IP Scanner
<RXFDQHYHQSLQJDUDQJHRI,3DGGUHVVHVDOODWRQFHXVLQJDQLFHWRROFDOOHG$QJU\,3
6FDQQHU ,W LV DQ RSHQVRXUFH FURVVSODWIRUP QHWZRUN VFDQQHU WRRO SDFNHG ZLWK VHYHUDO
XVHIXOIHDWXUHV
$OO\RXQHHGWRGRLVHQWHUWKHstartingDQGWKH ending ,3RIWKHUDQJHWKDW\RXZDQWWR
SLQJ DQG FOLFN RQ WKH 6WDUW EXWWRQ DV VKRZQ LQ WKH EHORZ ILJXUH 7KLV VKRXOG WHOO \RX
ZKLFKRIWKRVH,3VDUHDYDLODEOHDQGZKLFKDUHQRW
Figure 6. 1
$QJU\,36FDQQHULVDYDLODEOHIRUERWK:LQGRZVDQG/LQX[RSHUDWLQJV\VWHPVDQGFDQEH
GRZQORDGHGIURPWKHOLQNEHORZ
Angry IP Scanner: http://angryip.org/download/
7KHIROORZLQJILJXUHRQWKHQH[WSDJHVKRZVDVDPSOHSLQJWHVWFRQGXFWHGXVLQJWKH
Just-PingWRRO
Figure 6. 2
TYPES OF SCANNING
1RZOHWXVGLVFXVVRQHE\RQHVRPHRIWKHGLIIHUHQWW\SHVRIVFDQQLQJWKDWDUHLQSODFH
Port Scanning
Port scanning LQYROYHV VHQGLQJ D VHULHV RI PHVVDJHV WR WKH WDUJHW FRPSXWHU WR GLVFRYHU
WKHW\SHVRIQHWZRUNVHUYLFHVUXQQLQJRQLW6LQFHHDFKVHUYLFHLVDVVRFLDWHGZLWKDZHOO
NQRZQ SRUW QXPEHU SHUIRUPLQJ D SRUW VFDQ RQ WKH WDUJHW ZLOO UHYHDO WKH SRUWV WKDW DUH
RSHQ6RZKHQDSRUWLVVDLGWREHRSHQWKHVHUYLFHDVVRFLDWHGZLWKLWLVVDLGWREHDFWLYH
DQGUXQQLQJWKHUHE\RSHQLQJXSWKHRSSRUWXQLW\IRUWKHDWWDFNHUWREUHDNLQWRLW
)RU H[DPSOH LI D SRUW VFDQ RQ WKH WDUJHW VKRZV WKDW SRUW DQG SRUW DUH RSHQ WKDW
PHDQVWKHWDUJHWFRPSXWHUKDVD+773VHUYLFHZHEVHUYHUDQGDQ6073VHUYLFHHPDLO
VHUYLFHUXQQLQJRQLWUHVSHFWLYHO\
Network Scanning
Network scanning LVDSURFHGXUHIRULGHQWLI\LQJDFWLYHKRVWVRQWKHWDUJHWQHWZRUNHLWKHU
IRU WKH SXUSRVH RI DWWDFNLQJ WKHP RU IRU VHFXULW\ DVVHVVPHQW ,Q WKLV ZD\ LW ZRXOG EH
SRVVLEOHIRUWKHKDFNHUWRPDNHDOLVWRIYXOQHUDEOHKRVWVIRUGLUHFWDWWDFNRUWRXVHWKHP
LQGLUHFWO\WRDWWDFNRWKHUKRVWV
Vulnerability Scanning
Vulnerability scanning LQYROYHV WKH XVH RI DXWRPDWHG WRROV NQRZQ DV vulnerability
scannersWRSURDFWLYHO\LGHQWLI\VHFXULW\YXOQHUDELOLWLHVRIFRPSXWHUV\VWHPVLQDQHWZRUN
7KHVH WRROV ZLOO VFDQ WKH WDUJHW WR ILQG RXW WKH SUHVHQFH RI NQRZQ IODZV WKDW DUH
VXVFHSWLEOHWRH[SORLWV
Nmap
Nmap LV D SRSXODU RSHQVRXUFH WRRO IRU QHWZRUN GLVFRYHU\ DQG VHFXULW\ DXGLWLQJ WKDW
ZRUNVRQGLIIHUHQWSODWIRUPVOLNH/LQX[:LQGRZVDQG0DF,WEDVLFDOO\FRPHVLQWKHIRUP
RIDFRPPDQGOLQHLQWHUIDFHKRZHYHUWRIDFLOLWDWHWKHHDVHRIXVHLWLVDOVRDYDLODEOHLQD
*8, IRUPDW FDOOHG Zenmap )RU :LQGRZV PDFKLQHV \RX FDQ LQVWDOO WKH VHOILQVWDOOHU
YHUVLRQ RI Nmap WKDW FRPHV LQ WKH H[H IRUPDW 7KH GRZQORDG OLQN IRU WKH VDPH LQ
DYDLODEOHEHORZ
Nmap Download: http://nmap.org/download.html
$IWHU LQVWDOOLQJ WKH WRRO UXQ WKH GHVNWRS VKRUWFXW WR RSHQ WKH Zenmap ZLQGRZ ZKLFK
W\SLFDOO\ORRNVDVVKRZQEHORZ
Figure 6. 3
Intense Scan
7KLV VFDQ W\SH VKRXOG EH UHDVRQDEO\ TXLFN DV LW RQO\ VFDQV 7&3 SRUWV $GGLWLRQDOO\ LW
PDNHVDQDWWHPSWWRGHWHFWWKH26W\SHYDULRXVVHUYLFHVDQGWKHLUYHUVLRQQXPEHUVWKDW
DUHUXQQLQJRQWKHWDUJHWPDFKLQH
Ping Scan
7KLVRSWLRQZLOORQO\SLQJWKHWDUJHWEXWGRHVQRWSHUIRUPSRUWVFDQQLQJRIDQ\W\SH
Quick Scan
6FDQVIDVWHUWKDQWKHIntense scanE\OLPLWLQJWKHQXPEHURI7&3SRUWVVFDQQHGWRRQO\WKH
WRSPRVWFRPPRQ7&3SRUWV
Quick Traceroute
7KLVRSWLRQZLOOVKRZ\RXWKHURXWHWKDWWKHSDFNHWVWDNHWRUHDFKWKHWDUJHWVWDUWLQJZLWK
WKHORFDOKRVWVRXUFHRU\RXURZQFRPSXWHU
Regular Scan
7KLVZLOOSHUIRUPWKHSLQJDQG7&3SRUWVFDQRIGHIDXOWSRUWVRQWKHWDUJHW
3DVVZRUG KDFNLQJ LV RQH RI WKH KRWWHVW DQG PRVW ZLGHO\ GLVFXVVHG WRSLFV LQ WKH ILHOG RI
FRPSXWHU KDFNLQJ ,Q WRGD\V ZRUOG SDVVZRUGV DORQH SOD\ D NH\ UROH LQ GHFLGLQJ WKH
VHFXULW\RIDZHEVHUYHURUDQ\RWKHUFRPSXWHUV\VWHP$VDUHVXOWKDFNLQJWKHSDVVZRUG
LV RQH RI WKH HDVLHVW DQG VRPHWLPHV WKH RQO\ ZD\ WR JDLQ DFFHVV WR WKH V\VWHP ,Q WKLV
FKDSWHU\RXZLOOEHLQWURGXFHGWRYDULRXVSDVVZRUGKDFNLQJWHFKQLTXHVWKDWDUHIUHTXHQWO\
XVHGLQWKHKDFNLQJLQGXVWU\
7REHJLQZLWK,ZLOOOHW\RXNQRZVRPHRIWKHREYLRXVVLPSOH\HWHIIHFWLYHWHFKQLTXHVWR
KDFNSDVVZRUGV
Social Engineering: 7KLVW\SHRIWHFKQLTXHLQYROYHVSV\FKRORJLFDOPDQLSXODWLRQRI
SHRSOH LQWR SHUIRUPLQJ DFWLRQV WKDW OHDG WR WKH GLVFORVXUH RI WKHLU FRQILGHQWLDO
LQIRUPDWLRQ,QRWKHUZRUGVVRFLDOHQJLQHHULQJLVMXVWDWULFNSOD\HGE\WKHKDFNHUWR
JDLQWKHWUXVWRISHRSOHVRWKDWWKH\UHYHDOWKHSDVVZRUGE\WKHPVHOYHV
Scenario-1:7KHKDFNHUPD\FDOOWKHWDUJHWSHUVRQE\SUHWHQGLQJKLPVHOIDVDEDQN
RIILFLDODQGDVNKLPWRFRQILUPKLVSDVVZRUGVWDWLQJWKDWWKLVKDVWREHGRQHDVDSDUW
RIDQRQJRLQJYHULILFDWLRQSURJUDP,QPRVWFDVHVWKHWDUJHWSHUVRQRQWKHRWKHUHQG
EHOLHYHVWKLVDQGUHYHDOVKLVSDVVZRUGWRWKHKDFNHU
Scenario-2: ,Q RUGHU WR DYRLG VXVSLFLRQ LQVWHDG RI GLUHFWO\ DVNLQJ WKH YLFWLP WR
UHYHDOWKHSDVVZRUGWKHKDFNHUPD\REWDLQRWKHUYLWDOLQIRUPDWLRQVXFKDVWKH'DWH
RI%LUWK3ODFHRI%LUWK+LJK6FKRRO'HWDLOVHWFIURPWKHWDUJHWSHUVRQ8VLQJ
WKHVHGHWDLOVWKHKDFNHUFDQHDVLO\UHVHWWKHSDVVZRUGDQGJDLQXQDXWKRUL]HGDFFHVV
(YHQ WKRXJK VRFLDO HQJLQHHULQJ VHHPV VLPSOH LW LV SURYHQ WKDW PRVW SHRSOH
ZRXOGHDVLO\IDOOYLFWLPWRWKLVDWWDFN/DFNRIDZDUHQHVVDPRQJSHRSOHLVWKH
SULPHUHDVRQIRUWKHVXFFHVVEHKLQGWKLVWULFN
Shoulder surfing: ,W LV WKH DFW RI VS\LQJ RQ RQHV NH\ERDUG IURP EHKLQG WKH
VKRXOGHUVDVDSHUVRQW\SHVKLVKHUSDVVZRUG7KLVWHFKQLTXHZRUNVZHOOSDUWLFXODUO\
LQFURZGHGDUHDVVXFKDVF\EHUFDIHVDQG$70VZKHUHSHRSOHDUHXVXDOO\XQDZDUHRI
ZKDWLVKDSSHQLQJEHKLQGWKHLUVKRXOGHUV
$IWHUXQGHUVWDQGLQJVRPHRIWKHVLPSOHSDVVZRUGKDFNLQJWHFKQLTXHVLWLVWLPHWRPRYH
RQWRWKHQH[WOHYHO1RZOHWXVMXPSLQWRVRPHRIWKHVHULRXVPHWKRGVWKDWKDFNHUVXVHWR
FUDFNSDVVZRUGV
Figure 6. 6
7KH+RVW'HWDLOVWDEVKRZVWKHVWDWXVRIWKHKRVWLWVQDPHQXPEHURISRUWVVFDQQHG
XSWLPHODVWERRWWLPHW\SHRIRSHUDWLQJV\VWHPUXQQLQJLQFOXGLQJLWVYHUVLRQQXPEHUDQG
PDQ\RWKHUGHWDLOVDVVKRZQLQWKHEHORZILJXUH
Figure 6. 7
NetScanTools Pro
NetScanTools ProLVDQRWKHUZRQGHUIXOSURJUDPIRU:LQGRZVWKDWKDVDSRZHUIXOVHWRI
RYHUQHWZRUNWRROVLQFOXGLQJERWKDXWRPDWHGDQGPDQXDOZD\VWRUHWULHYHLQIRUPDWLRQ
IURPWKHWDUJHW
Figure 6. 8
<RX FDQ XVH WKH $XWRPDWHG 7RROV WR TXLFNO\ SHUIRUP SRUW VFDQ DQG JUDE YLWDO
LQIRUPDWLRQDERXWWKHWDUJHWVXFKDV'16UHFRUGV:KRLVGDWD7UDFHURXWHGHWDLOVDOOIURP
D VLQJOH SODFH 2Q WKH RWKHU KDQG WKH 0DQXDO 7RROV VHFWLRQ FRQWDLQV LQGLYLGXDO WRROV
VSHFLDOO\FUDIWHGWRJLYHPRUHFRQWUROLQWKHVFDQQLQJSURFHVVIRUDGYDQFHGXVHUV
Online Tools
<RX FDQ DOVR PDNH XVH RI RQOLQH WRROV WR SHUIRUP SRUW VFDQ DQG GLVFRYHU LPSRUWDQW
LQIRUPDWLRQ DERXW WKH WDUJHW 7KH IROORZLQJ DUH VRPH RI WKH OLQNV XVHIXO RQOLQH QHWZRUN
WRROVWKDWDUHZRUWKFRQVLGHULQJ
PenTest-Tools
YouGetSignal
ipEye
OS FINGERPRINTING
OS fingerprintingLVWKHSURFHVVRIGHWHFWLQJWKHRSHUDWLQJV\VWHPRIWKHWDUJHWKRVWRUD
QHWZRUN7KHIROORZLQJDUHVRPHRIWKHFRPPRQO\XVHG26ILQJHUSULQWLQJPHWKRGV
Active Fingerprinting
Active fingerprinting LV WKH PHWKRG LQ ZKLFK VSHFLDOO\ FUDIWHG SDFNHWV DUH VHQW WR WKH
WDUJHW V\VWHP DQG WKH UHVSRQVH LV QRWHG 6LQFH GLIIHUHQW RSHUDWLQJ V\VWHPV UHVSRQG WR
VRXUFHSDFNHWVLQGLIIHUHQWZD\VWKLVUHVSRQVHFDQEHDQDO\]HGWRGHWHUPLQHWKHWDUJHW26
2QHRIWKHVLPSOHH[DPSOHLVWKHXVHRI Nmap toolDVGLVFXVVHGLQWKHSUHYLRXVVHFWLRQ
ZKLFKHPSOR\Vactive fingerprintingPHWKRGWRGHWHUPLQHWKHWDUJHW26
Banner Grabbing
$QRWKHUFRPPRQO\XVHGPHWKRGRIDFWLYHILQJHUSULQWLQJLVFDOOHGbanner grabbing7KLV
FDQEHGRQHXVLQJDVLPSOHWRROFDOOHGtelnet7HOQHWLVUHDGLO\DYDLODEOHRQ:LQGRZV;3
DQGSUHYLRXVYHUVLRQV)RU:LQGRZV9LVWDDQGPDFKLQHV\RXQHHGWRDFWLYDWHWKHLQ
EXLOWWHOQHWWRROEHIRUH\RXFDQXVHLW-XVWVHDUFKIRUKRZWRHQDEOHWHOQHWRQZLQGRZV
RQ*RRJOHWRILQGGHWDLOHGLQVWUXFWLRQVIRUHQDEOLQJWHOQHWFOLHQWRQ\RXUFRPSXWHU
2QFH \RX KDYH HQDEOHG WKH WHOQHW FOLHQW RQ \RXU FRPSXWHU EDQQHU JUDEELQJ LV SUHWW\
VLPSOH-XVWW\SHWKHIROORZLQJFRPPDQGLQWKHFRPPDQGSURPSWWRGHWHFWWKHRSHUDWLQJ
V\VWHPUXQQLQJRQWKHWDUJHW
telnet WDUJHWGRPDLQRU,3
7KLVZLOORSHQWKHFRQQHFWLRQZLWKWKHWDUJHW1H[WW\SHWKHWH[WH[DFWO\DVIROORZVHEAD
/ HTTP/1.1 DQG KLW WKH Enter NH\ WZLFH 7KLV VKRXOG IHWFK UHVXOWV ZKHUH WKHUH LV D
SRVVLELOLW\RIWKHWDUJHW26EHLQJPHQWLRQHGDVVKRZQLQWKHEHORZILJXUH
Figure 6. 9
Passive Fingerprinting
Passive fingerprinting LV D WHFKQLTXH WKDW XVHV LQGLUHFW PHWKRGV WR GHWHUPLQH WKH WDUJHW
RSHUDWLQJV\VWHP8QOLNHDFWLYHILQJHUSULQWLQJZKLFKVHQGVSDFNHWVWRWKHWDUJHWSDVVLYH
ILQJHUSULQWLQJ RQ WKH RWKHU KDQG XVHV VQLIILQJ WHFKQLTXH WR DQDO\]H WKH WDUJHW QHWZRUN
WUDIILF DQG GHWHUPLQH WKH RSHUDWLQJ V\VWHP ,W LV OHVV DFFXUDWH WKDQ DFWLYH ILQJHUSULQWLQJ
<RXFDQXVHRQOLQHWRROVOLNHNetcraftWRSHUIRUPSDVVLYHILQJHUSULQWLQJ
Netcraft Tool: http://toolbar.netcraft.com/site_report
-XVW YLVLW WKH DERYH OLQN WR DFFHVV WKH 1HWFUDIW WRRO DQG HQWHU WKH WDUJHW GRPDLQ RU ,3
DGGUHVV WR NQRZ WKH WDUJHW RSHUDWLQJ V\VWHP SRVVLEOH YXOQHUDELOLWLHV LWV ULVN UDWLQJ DQG
RWKHUXVHIXOLQIRUPDWLRQ
Using a Proxy
$SUR[\VHUYHUFDQEHXVHGWRFRQFHDO\RXUUHDO,3DGGUHVVZKLOHSHUIRUPLQJVFDQQLQJDQG
KDFNDWWHPSWVRQWKHWDUJHW6LQFHWKH,3DGGUHVVWHOOVHYHU\WKLQJDERXW\RXFRQFHDOLQJLW
XVLQJDSUR[\FDQEHKLJKO\HIIHFWLYHLQKLGLQJ\RXURULJLQ
(YHQ WKRXJK WKHUH DUH GLIIHUHQW W\SHV RI SUR[LHV DYDLODEOH , UHFRPPHQG XVLQJ D 931
SUR[\VHUYLFHWRKLGH\RXU,3DGGUHVV931VHUYLFHVDUHIDVWDQGSURYLGHUHOLDEOHZD\VQRW
RQO\WRKLGH\RXU,3DGGUHVVEXWDOVRWRSURWHFW\RXUGDWDDQGLGHQWLW\RYHUWKH,QWHUQHW
+HUHDUHDIHZSRSXODU931VHUYLFHVWKDW\RXFDQWU\
HideMyAss Proxy
VyprVPN Proxy
$OWHUQDWLYHO\ \RX FDQ DOVR XVH D FKDLQ RI SXEOLF SUR[LHV WR IXUWKHU HQKDQFH \RXU VWHDOWK
RSHUDWLRQ XVLQJ IUHH WRROV OLNH ProxifierDQG SocksChain 3OHDVH QRWH WKDW XVLQJ SXEOLF
SUR[LHVFDQVORZGRZQ\RXUVSHHGDQGKHQFH931SUR[LHVDUHPRUHUHFRPPHQGHGDVWKH\
EHVWVHUYHWKHSXUSRVH
7KHRWKHUZD\WRKLGH\RXULGHQWLW\LVE\XVLQJRQOLQHWRROVIRUSLQJLQJDQGVFDQQLQJWKH
WDUJHW 'XULQJ WKH XVH RI RQOLQH WRROV WKH ,3 DGGUHVV RI WKH VHUYHU KRVWLQJ WKH WRROV LV
H[SRVHGWRWKHWDUJHWDQGQRWWKHRQHWKDWEHORQJVWRWKHDFWXDODWWDFNHU
2QFH \RX KDYH JDWKHUHG D ORQJ OLVW RI LQIRUPDWLRQ DERXW WKH WDUJHW WKURXJK footprinting
DQG scanning LW LV WLPH WR DQDO\]H WKHP IRU SRVVLEOH YXOQHUDELOLWLHV LQ WKH RSHUDWLQJ
V\VWHPWHFKQRORJLHVRUVHUYLFHVUXQQLQJRQWKHWDUJHW<RXFDQPDNHXVHRIWKHIROORZLQJ
ZHEVLWHVWRILQGLQIRUPDWLRQDERXWODWHVWYXOQHUDELOLWLHVDQGH[SORLWV
http://www.securiteam.com
http://www.zone-h.org
http://www.securityfocus.com
http://www.packetstormsecurity.com
http://www.cybercrime.gov
COUNTERMEASURES
6R IDU \RX KDYH OHDUQW GLIIHUHQW VFDQQLQJ WHFKQLTXHV WR GLVFRYHU LQIRUPDWLRQ DERXW WKH
WDUJHW1RZOHWXVORRNLQWRVRPHRIWKHFRXQWHUPHDVXUHVWKDWRQHFDQWDNHWRSUHYHQWYLWDO
LQIRUPDWLRQIURPOHDNLQJLQWRWKHKDQGVRIDQDWWDFNHU
&RQILJXUHZHEVHUYHUVWRSUHYHQWLQIRUPDWLRQOHDNDJH
'LVDEOHXQZDQWHGXQXVHGVHUYLFHVDQGSURWRFROV
3DVVZRUG KDFNLQJ LV RQH RI WKH KRWWHVW DQG PRVW ZLGHO\ GLVFXVVHG WRSLFV LQ WKH ILHOG RI
FRPSXWHU KDFNLQJ ,Q WRGD\V ZRUOG SDVVZRUGV DORQH SOD\ D NH\ UROH LQ GHFLGLQJ WKH
VHFXULW\RIDZHEVHUYHURUDQ\RWKHUFRPSXWHUV\VWHP$VDUHVXOWKDFNLQJWKHSDVVZRUG
LV RQH RI WKH HDVLHVW DQG VRPHWLPHV WKH RQO\ ZD\ WR JDLQ DFFHVV WR WKH V\VWHP ,Q WKLV
FKDSWHU\RXZLOOEHLQWURGXFHGWRYDULRXVSDVVZRUGKDFNLQJWHFKQLTXHVWKDWDUHIUHTXHQWO\
XVHGLQWKHKDFNLQJLQGXVWU\
7REHJLQZLWK,ZLOOOHW\RXNQRZVRPHRIWKHREYLRXVVLPSOH\HWHIIHFWLYHWHFKQLTXHVWR
KDFNSDVVZRUGV
Social Engineering: 7KLVW\SHRIWHFKQLTXHLQYROYHVSV\FKRORJLFDOPDQLSXODWLRQRI
SHRSOH LQWR SHUIRUPLQJ DFWLRQV WKDW OHDG WR WKH GLVFORVXUH RI WKHLU FRQILGHQWLDO
LQIRUPDWLRQ,QRWKHUZRUGVVRFLDOHQJLQHHULQJLVMXVWDWULFNSOD\HGE\WKHKDFNHUWR
JDLQWKHWUXVWRISHRSOHVRWKDWWKH\UHYHDOWKHSDVVZRUGE\WKHPVHOYHV
Scenario-1:7KHKDFNHUPD\FDOOWKHWDUJHWSHUVRQE\SUHWHQGLQJKLPVHOIDVDEDQN
RIILFLDODQGDVNKLPWRFRQILUPKLVSDVVZRUGVWDWLQJWKDWWKLVKDVWREHGRQHDVDSDUW
RIDQRQJRLQJYHULILFDWLRQSURJUDP,QPRVWFDVHVWKHWDUJHWSHUVRQRQWKHRWKHUHQG
EHOLHYHVWKLVDQGUHYHDOVKLVSDVVZRUGWRWKHKDFNHU
Scenario-2: ,Q RUGHU WR DYRLG VXVSLFLRQ LQVWHDG RI GLUHFWO\ DVNLQJ WKH YLFWLP WR
UHYHDOWKHSDVVZRUGWKHKDFNHUPD\REWDLQRWKHUYLWDOLQIRUPDWLRQVXFKDVWKH'DWH
RI%LUWK3ODFHRI%LUWK+LJK6FKRRO'HWDLOVHWFIURPWKHWDUJHWSHUVRQ8VLQJ
WKHVHGHWDLOVWKHKDFNHUFDQHDVLO\UHVHWWKHSDVVZRUGDQGJDLQXQDXWKRUL]HGDFFHVV
(YHQ WKRXJK VRFLDO HQJLQHHULQJ VHHPV VLPSOH LW LV SURYHQ WKDW PRVW SHRSOH
ZRXOGHDVLO\IDOOYLFWLPWRWKLVDWWDFN/DFNRIDZDUHQHVVDPRQJSHRSOHLVWKH
SULPHUHDVRQIRUWKHVXFFHVVEHKLQGWKLVWULFN
Shoulder surfing: ,W LV WKH DFW RI VS\LQJ RQ RQHV NH\ERDUG IURP EHKLQG WKH
VKRXOGHUVDVDSHUVRQW\SHVKLVKHUSDVVZRUG7KLVWHFKQLTXHZRUNVZHOOSDUWLFXODUO\
LQFURZGHGDUHDVVXFKDVF\EHUFDIHVDQG$70VZKHUHSHRSOHDUHXVXDOO\XQDZDUHRI
ZKDWLVKDSSHQLQJEHKLQGWKHLUVKRXOGHUV
$IWHUXQGHUVWDQGLQJVRPHRIWKHVLPSOHSDVVZRUGKDFNLQJWHFKQLTXHVLWLVWLPHWRPRYH
RQWRWKHQH[WOHYHO1RZOHWXVMXPSLQWRVRPHRIWKHVHULRXVPHWKRGVWKDWKDFNHUVXVHWR
FUDFNSDVVZRUGV
DICTIONARY ATTACK
$dictionary attackLVDW\SHRISDVVZRUGFUDFNLQJWHFKQLTXHZKHUHDORQJOLVWRIZRUGV
IURPWKHGLFWLRQDU\LVUHSHDWHGO\WULHGDJDLQVWWKHWDUJHWXQWLOWKHULJKWPDWFKLVIRXQG7KLV
WHFKQLTXHFDQEHXVHGWRFUDFNSDVVZRUGVWKDWFRQWDLQZRUGVIRXQGLQWKHGLFWLRQDU\
*HQHUDOO\WKHVXFFHVVRIDGLFWLRQDU\DWWDFNLVEDVHGRQWKHIDFWWKDWPRVWSHRSOHKDYHD
WHQGHQF\WRXVHHDV\WRUHPHPEHUSDVVZRUGVWKDWDUHIRXQGLQWKHGLFWLRQDU\+RZHYHULI
RQHXVHVDVWURQJSDVVZRUGZLWKDFRPELQDWLRQRIDOSKDEHWVDQGQXPEHUVRULQWURGXFLQJD
VOLJKWYDULDWLRQWRWKHDFWXDOVSHOOLQJZRXOGPDNHLWLPSRVVLEOHIRUWKHGLFWLRQDU\DWWDFNWR
FUDFNVXFKSDVVZRUGV
2QHRIP\IDYRXULWHWRROWRFDUU\RXWWKHGLFWLRQDU\DWWDFNLVBrutus,WLVDUHPRWHRQOLQH
SDVVZRUG FUDFNHU WKDW ZRUNV RQ :LQGRZV SODWIRUP DQG FDQ EH GRZQORDGHG IURP WKH
IROORZLQJOLQN
Brutus Download:http://www.hoobie.net/brutus/
NOTE:6RPHDQWLYLUXVSURJUDPVDUHNQRZQWRKDYHFRQIOLFWZLWKWKHBrutusDSSOLFDWLRQ
6RLWLVUHFRPPHQGWKDW\RXWHPSRUDULO\GLVDEOH\RXUDQWLYLUXVEHIRUHUXQQLQJWKHBrutus
DSSOLFDWLRQ
1RZ OHW PH JLYH \RX D VPDOO GHPR RQ KRZ WR XVH Brutus +HUH LV D VWHSE\VWHS
SURFHGXUH
$IWHUGRZQORDGLQJWKHWRROIURPWKHDERYHOLQNXQ]LSWKHSDFNDJHLQWRDQHZHPSW\
IROGHU
5XQWKH%UXWXV$H[HILOHWRRSHQWKHDSSOLFDWLRQDVVKRZQLQWKHILJXUHEHORZ
Figure 7. 1
(QWHU WKH IP address RU domain name RI WKH WDUJHW VHUYHU LQ WKH 7DUJHW ILHOG
6HOHFW WKH W\SH RI SDVVZRUG WKDW \RX ZDQW WR FUDFN IURP WKH 7\SH ILHOG RU HQWHU
\RXURZQFXVWRPSRUWQXPEHULQWKH3RUWILHOG
,I\RXNQRZWKHusernameIRUZKLFK\RXZDQWKDFNWKHSDVVZRUGIRUWKHQFKHFNWKH
6LQJOH8VHURSWLRQDQGHQWHUWKHusernameLQWKH8VHU,'ILHOG2WKHUZLVHOHDYH
WKH GHIDXOW VHWWLQJV WR ZRUN DV LW LV VR WKDW WKH username list LV ORDGHG IURP WKH
XVHUVW[WILOH
,Q WKH 3DVV 0RGH ILHOG VHOHFW WKH RSWLRQ :RUG /LVW 7KH list of words ZLOO EH
ORDGHG IURP WKH ZRUGVW[W ILOH E\ GHIDXOW ZKLFK FRQWDLQV DURXQG ZRUGV ,I
\RXYHD.TXTILOHWKDWFRQWDLQVPRUHZRUGVWKHQ\RXFDQXVHWKDWE\VHOHFWLQJWKH
%URZVH RSWLRQ 7KH PRUH ELJJHU WKH OLVW LV EHWWHU WKH FKDQFHV RI FUDFNLQJ WKH
SDVVZRUG %HORZ LV DQ H[DPSOH RI KRZ D username DQG password OLVW PLJKW ORRN
OLNH
Figure 7. 2
1RZKLWWKH6WDUWEXWWRQWREHJLQWKHFUDFNLQJSURFHVV%UXWXVZLOOWU\HYHU\ZRUG
LQWKH password list IRU HDFK RI WKH usernames SUHVHQW LQ WKH username list ,W ZLOO
WDNHDZKLOHIRUWKHSURFHVVWRFRPSOHWHDQGLI\RXUHOXFN\\RXVKRXOGJHWDpositive
authenticationUHVSRQVHDQGWKHFUDFNHGSDVVZRUGDVVKRZQLQWKHEHORZILJXUH
Figure 7. 3
NOTE:,WLVDOZD\VDVPDUWLGHDWRuse a proxyEHIRUHDWWHPSWLQJWKLVKDFNLQJSURFHVV
7KLVZLOOSUHYHQW\RXUUHDO,3DGGUHVVIURPEHLQJVWRUHGLQWKHORJVRIUHPRWHVHUYHUDQG
WKXVUHGXFHVWKHFKDQFHVRIEHLQJWUDFHGEDFN
BRUTE-FORCE ATTACK
8QOLNH WKH GLFWLRQDU\ DWWDFN ZKLFK WULHV RQO\ WKRVH ZRUGV SUHVHQW LQ WKH OLVW WKH brute
force attackRQWKHRWKHUKDQGWULHVHYHU\SRVVLEOHSHUPXWDWLRQRIDOSKDEHWVQXPEHUVDQG
HYHQVSHFLDOFKDUDFWHUVXQWLOWKHULJKWSDVVZRUGLIIRXQG
,QWKHRU\LWLVSRVVLEOHWRFUDFNDQ\SDVVZRUGXVLQJWKLVDSSURDFKEXWKHUHVWKHFDWFK
Brute force attackWDNHVDORQJWLPHWRFUDFNSDVVZRUGV7KHWLPHDFWXDOO\GHSHQGVRQWKH
VSHHGRIWKHFRPSXWHUDQGWKHFRPSOH[LW\RIWKHSDVVZRUG
)RUH[DPSOHLIWKHWDUJHWSDVVZRUGLVVPDOODQGGRHVQWFRQWDLQDQ\QXPEHUVRUVSHFLDO
FKDUDFWHUVLWLVIDLUO\HDV\WRFUDFNVXFKSDVVZRUGVXVLQJWKLVDSSURDFK+RZHYHULIWKH
SDVVZRUGLVOHQJWK\FRQWDLQVQXPEHUVRUHYHQVSHFLDOFKDUDFWHUVWKLVDSSURDFKPD\WDNH
DORQJWLPHWRFRPSOHWH)RUVRPHFRPSOH[SDVVZRUGVEUXWHIRUFHDSSURDFKPD\WDNHXS
HYHQ\HDUVWRILQLVKWKHFUDFNLQJSURFHVVDVWKHUHDUHELOOLRQVRISHUPXWDWLRQVWRWU\
+HUHLVKRZ\RXFDQFRQILJXUHWKHBrutusSURJUDPWRWU\WKHEUXWHIRUFHDSSURDFK
&RQILJXUH WKH 7DUJHW 7\SH DQG 3RUW LQ WKH VDPH ZD\ DV LQ FDVH RI WKH
dictionary attack 8QGHU WKH $XWKHQWLFDWLRQ 2SWLRQV VHOHFW WKH 3DVV 0RGH DV
Brute ForceDQGFOLFNRQWKH5DQJHEXWWRQDVVKRZQLQWKH)LJXUHEHORZ
2QFH\RXFOLFNRQ5DQJH\RXZLOOVHHDQXPEHURIRSWLRQVWRVHOHFWZLWKVXFKDV
'LJLWVRQO\/RZHUFDVH$OSKD8SSHUFDVH$OSKDDQGVRRQ<RXFDQDOVRVHW
WKHMin LengthDQGMax LengthWRQDUURZ\RXUEUXWHIRUFHDWWDFNRSWLRQV)LJXUH
Figure 7. 4
Figure 7. 5
,Q WKH DERYH H[DPSOH %UXWXV ZLOO WU\ DOO SHUPXWDWLRQV RI ORZHU DOSKDEHWV
UDQJLQJIURPWRFKDUDFWHUVLQOHQJWK*RLQJIRURSWLRQVOLNH0L[HG$OSKD
RU$OSKDQXPHULFDQGLQFUHDVLQJWKHMax LengthZRXOGLQFUHDVHWKHVXFFHVV
UDWHRIFUDFNLQJWKHSDVVZRUGEXWFRQVHTXHQWO\WDNHVPRUHWLPHWRFRPSOHWH
2QFH\RXUUDQJHVHOHFWLRQLVRYHUFOLFN2.DQGKLWWKH6WDUWEXWWRQ7KHEUXWH
IRUFH FUDFNLQJ DWWHPSW ZLOO EHJLQ DQG ZLOO WDNH DQ\ZKHUH IURP D IHZ PLQXWHV WR D
FRXSOH RI KRXUV WR FRPSOHWH ,I WKH FUDFN DWWHPSW LV VXFFHVVIXO \RX VKRXOG VHH WKH
usernameDQGLWVFRUUHVSRQGLQJpasswordGLVSOD\HGRQWKH%UXWXVZLQGRZ
RAINBOW TABLE
$rainbow tableLVDSUHFRPSXWHGWDEOHWKDWFRQWDLQVDORQJOLVWRISDVVZRUGKDVKHVIRU
GLFWLRQDU\ ZRUGV DV ZHOO DV DOSKDQXPHULF SHUPXWDWLRQ RI ZRUGV 7KH KDFNHU LQLWLDOO\
JHQHUDWHVDORQJOLVWRISDVVZRUGKDVKHVDQGVWRUHVWKHPLQDUDLQERZWDEOHIRUODWHUXVH
$OWKRXJKJHQHUDWLQJDUDLQERZWDEOHLQLWLDOO\WDNHVDORQJWLPHDQGXWLOL]HVPRUHVWRUDJH
VSDFH RQFH FRPSXWHG LW FDQ JUHDWO\ UHGXFH WKH WLPH WDNHQ IRU WKH SDVVZRUG FUDFNLQJ
SURFHVV
$Q\ FRPSXWHU V\VWHP WKDW UHTXLUHV SDVVZRUG DXWKHQWLFDWLRQ ZLOO PDLQWDLQ D WDEOH RI
XVHUQDPHVDQGSDVVZRUGVLQLWVGDWDEDVH,QFDVHLIWKHKDFNHUPDQDJHVWRVWHDOWKLVWDEOH
IURP WKH GDWDEDVH KH ZRXOG HDVLO\ EH LQ D SRVLWLRQ WR JDLQ DFFHVV WR D ODUJH QXPEHU RI
DFFRXQWVRQWKHWDUJHWV\VWHP,QRUGHUWRSUHYHQWWKLVIURPKDSSHQLQJPRVWV\VWHPVVWRUH
WKHSDVVZRUGVLQDFU\SWRJUDSKLFKDVKIRUPDWDVRSSRVHGWRSODLQWH[W
)RUH[DPSOHZKHQDXVHUFRPSOHWHVWKHVLJQXSSURFHVVRQDQRQOLQHSRUWDOWKHV\VWHP
PD\FRQYHUWKLVSDVVZRUGWR0'KDVKIRUPDWDQGVWRUHLWLQLWVGDWDEDVHWDEOH6XSSRVHLI
WKHXVHUKDVKLVSDVVZRUGDVgoldfishLWV0'KDVKZRXOGEHDVIROORZV
MD5 Hash:IHGGIDEGEH
7KHUHDIWHUZKHQHYHUWKHXVHUWULHVWRORJLQWRWKHSRUWDOKLVSDVVZRUGJHWVFRQYHUWHGWRWKH
0' KDVK IRUPDW RQ WKH IO\ DQG LV FRPSDUHG DJDLQVW WKH H[LVWLQJ KDVK LQ WKH GDWDEDVH
WDEOH,IERWKWKHKDVKHVPDWFKDFFHVVLVJUDQWHGWRWKHXVHU
1RZ HYHQ LI WKH KDFNHU PDQDJHV WR JDLQ DFFHVV WR WKH GDWDEDVH DQG VWHDO WKH SDVVZRUG
WDEOHKHZRXOGRQO\VHHDORQJOLVWRIFU\SWRJUDSKLFKDVKHVDQGQRWWKHDFWXDOSDVVZRUG
7KLV LV ZKHUH rainbow tables FRPH LQ KDQG\ 7KH KDFNHU FDQ XVH WKH rainbow tables WR
FRPSDUHWKHORQJOLVWRISUHFRPSXWHGKDVKHVDJDLQVWWKHVWROHQOLVWRISDVVZRUGKDVKHV,I
WKHKDVKHVPDWFKWKHSDVVZRUGZRXOGEHWKHRQHWKDWZDVLQLWLDOO\XVHGWRJHQHUDWHWKH
KDVK
8QOLNHDbrute forceDSSURDFKZKHUHWKHKDVKLVFRPSXWHGRQHYHU\DWWHPSWWKHrainbow
tableDSSURDFKRQWKHRWKHUKDQGXWLOL]HVDSUHFRPSXWHGOLVWRIKDVKHVWRGLUHFWO\FRPSDUH
WKHP DJDLQVW DQ H[LVWLQJ SDVVZRUG KDVK $V WKH WLPH UHTXLUHG WR FRPSXWH WKH KDVK RQ
HYHU\ DWWHPSW LV FXW GRZQ WKH rainbow table DSSURDFK WDNHV VLJQLILFDQWO\ OHVV WLPH WR
FRPSOHWHWKHFUDFNLQJSURFHVV
$SUDFWLFDOH[DPSOHRIrainbow tableDSSURDFKZLOOEHGLVFXVVHGLQWKHQH[WFKDSWHUZKHUH
ZHWDNHXSWKHWRSLFRIFUDFNLQJ:LQGRZVSDVVZRUGV
PHISHING ATTACK
3KLVKLQJ LV D IRUP RI VRFLDO HQJLQHHULQJ WHFKQLTXH XVHG E\ KDFNHUV WR JDWKHU VHQVLWLYH
LQIRUPDWLRQ VXFK DV XVHUQDPHV SDVVZRUGV DQG FUHGLW FDUG GHWDLOV E\ SRVLQJ DV
DWUXVWZRUWK\SHUVRQRURUJDQL]DWLRQ
3KLVKLQJ VFDPV XVXDOO\ VHQGV DQ HPDLO PHVVDJH WR XVHUV UHTXHVWLQJ IRU WKHLU SHUVRQDO
LQIRUPDWLRQRUUHGLUHFWVWKHPWRDZHEVLWHZKHUHWKH\DUHUHTXLUHGWRHQWHUWKHLUSHUVRQDO
LQIRUPDWLRQ
,Q PRVW FDVHV D SKLVKLQJ HPDLO GLUHFWV WKH YLFWLPV WR IROORZ D OLQN OHDGLQJ WR D ZHEVLWH
ZKHUH WKH\ ZLOO KDYH WR HQWHU WKHLU ORJLQ GHWDLOV RU RWKHU FRQILGHQWLDO LQIRUPDWLRQ ,Q
UHDOLW\ WKLV ZHEVLWH LV D IDNH RQH FUHDWHG E\ WKH KDFNHU RIWHQ UHIHUUHG WR DV VSRRIHG
ZHEVLWH ZKLFK LV DQ H[DFW UHSOLFD RI WKH RULJLQDO RU DSSHDUV VLPLODU :KHQ WKH YLFWLP
HQWHUVKLVKHUORJLQGHWDLOVRQDVSRRIHGSDJHWKH\DUHDFWXDOO\VWROHQDZD\E\WKHKDFNHU
)RUH[DPSOHWKHKDFNHUPD\VHQGDQHPDLOWKDWSUHWHQGVWRKDYHEHHQDSSHDULQJIURPWKH
EDQNZKHUHWKHYLFWLPPDLQWDLQVDQDFFRXQWDQGDVNKLPKHUWRXSGDWHWKHORJLQGHWDLOVE\
IROORZLQJWKHOLQNSUHVHQWLQWKHHPDLO7KHHPDLOIXUWKHUPHQWLRQVWKDWWKLVXSGDWHSURFHVV
LV PDQGDWRU\ DQG IDLOLQJ WR GR VR ZLOO UHVXOW LQ WKH EDQN DFFRXQW EHLQJ ORFNHG $V D
UHVSRQVHWKHYLFWLPFOLFNVRQWKHOLQNZKHUHKHVKHZLOOEHWDNHQWRWKHIDNHORJLQSDJH
WKDWORRNVVLPLODUWRWKHRULJLQDORQH+RZHYHUZKHQWKHORJLQGHWDLOVDUHHQWHUHGWKH\DUH
UHFRUGHG DQG VWRUHG RQ WKH ZHEVLWH IRU ODWHU DFFHVV E\ WKH KDFNHU 7KH YLFWLP UHPDLQV
XQDZDUHRIWKHHQWLUHSURFHVVEXWWKHKDFNHUVNLOIXOO\PDQDJHVWRKDFNWKHSDVVZRUG
COUNTERMEASURES
$IWHU DGGUHVVLQJ VRPH RI WKH SRSXODU SDVVZRUG FUDFNLQJ WHFKQLTXHV OHW XV QRZ ORRN DW
VRPH RI WKH FRXQWHUPHDVXUHV WKDW FDQ EH WDNHQ WR SURWHFW RXUVHOYHV IURP WKH DERYH
PHQWLRQHGDWWDFNV
Social Engineering
7KHPHDVXUHVQHHGHGWRSURWHFW\RXUVHOIIURPsocial engineeringDWWDFNVDUHSUHWW\VLPSOH
DQGVWUDLJKWIRUZDUG1HYHUGLVFORVH\RXUSDVVZRUGRUDQ\RWKHUSHUVRQDOLQIRUPDWLRQWR
DQ\RQHYLDSKRQHRUHPDLO$WWDFNHUVPD\HYHQWU\WRFRQYLQFH\RXE\SUHWHQGLQJWREHDQ
DXWKRUL]HGSHUVRQZLWKZKRP\RXFDQVKDUHWKHSHUVRQDOGHWDLOVZLWK%XWUHPHPEHUWKDW
SDVVZRUGV DUH PHDQW RQO\ WR EH HQWHUHG RQ ORJLQ SDJHV DQG QRW WR EH VKDUHG ZLWK DQ\
SHUVRQDWDOO
Dictionary Attack
7R SURWHFW \RXUVHOI IURP D dictionary attack DOO \RX QHHG WR GR LV PDNH VXUH WKDW \RXU
SDVVZRUG GRHV QRW FRQWDLQ ZRUGV IURP GLFWLRQDU\ 7KDW PHDQV \RXU SDVVZRUG LV QRW
VRPHWKLQJ OLNH DSSOH ORWXV RU PDQJR ,QVWHDG XVH ZRUGV WKDW DUH QRW LQ WKH
GLFWLRQDU\<RXFDQDOVRXVHDSKUDVHOLNHstr0ngpAss??DV\RXUSDVVZRUGVRWKDWLWFDQQRW
EHFUDFNHGXVLQJWKHGLFWLRQDU\DWWDFNDSSURDFK
Phishing Attack
<RXFDQDYRLGSKLVKLQJDWWDFNE\IROORZLQJWKHEHORZPHQWLRQHGJXLGHOLQHV
'RQRWUHVSRQGWRVXVSLFLRXVHPDLOVWKDWDVN\RXWRJLYH\RXUSHUVRQDOLQIRUPDWLRQ
,I\RXDUHXQVXUHZKHWKHUDQHPDLOUHTXHVWLVOHJLWLPDWHYHULI\WKHVDPHE\FDOOLQJ
WKH UHVSHFWLYH EDQNFRPSDQ\ $OZD\V XVH WKH WHOHSKRQH QXPEHUV SULQWHG RQ \RXU
EDQNUHFRUGVRUVWDWHPHQWVDQGQRWWKRVHPHQWLRQHGLQWKHVXVSLFLRXVHPDLO
'R QRW XVH WKH OLQNV LQ DQ HPDLO LQVWDQW PHVVHQJHU RU FKDW FRQYHUVDWLRQ WR HQWHU D
ZHEVLWH,QVWHDGDOZD\VW\SHWKH85/RIWKHZHEVLWHRQ\RXUEURZVHUVDGGUHVVEDU
WRJHWLQWRDZHEVLWH
Figure 7. 6
(YHQ LI WKH ORJLQ SDJH LV QRW VHFXUH KWWSV WKH WDUJHW ZHEVLWH PD\ VWLOO EH
OHJLWLPDWH+RZHYHUORRNIRUPLVVSHOOLQJVOLNHwww.papyal.comwww.payapl.com
RU paypal.somethingelse.com LQVWHDG RI WKH OHJLWLPDWH VLWH www.paypal.com DQG
PDNHVXUHWKDWWKHORJLQGHWDLOVDUHRQO\HQWHUHGRQWKHOHJLWLPDWHZHESDJH
GD\VWRFRPSOHWHWKHFUDFNLQJSURFHVV6LQFHOphcrackLVQRWVRHIIHFWLYHIRUWKHEUXWH
IRUFHDSSURDFKZHZLOOXVHDQRWKHUSRZHUIXOWRROFDOOHGL0phtCrackZKLFKLVDYDLODEOH
IURPWKHOLQNEHORZ
L0PhtCrack Download: http://www.l0phtcrack.com/download.html
$IWHULQVWDOOLQJL0phtCrack&OLFNRQ,PSRUWKDVKHVEXWWRQIURPWKHPDLQZLQGRZWR
ORDGWKHKDVKHV<RXKDYHWKHRSWLRQWRORDGWKHKDVKHVIURPERWKWKH3:'803ILOHDV
ZHOODV6$0ILOH
Figure 8. 20
&OLFNRQWKH6HVVLRQ2SWLRQVEXWWRQWRIXUWKHUFRQILJXUHGLIIHUHQWDXGLWLQJRSWLRQVVXFK
DVGLFWLRQDU\DQGEUXWHIRUFHDWWDFNV<RXFDQHQDEOHRUGLVDEOHVSHFLILFDWWDFNVDQGDOVR
FXVWRPL]H FKDUDFWHU VHW SDVVZRUG OHQJWK DQG UDQJH RSWLRQV IRU EUXWHIRUFH DSSURDFK
&RQILJXULQJ WKH DXGLWLQJ RSWLRQV ZLVHO\ FDQ DYRLG XQQHFHVVDU\ WLPH GHOD\ DQG WKHUHE\
VSHHGXSWKHSDVVZRUGFUDFNLQJSURFHVV
2QFH \RX DUH GRQH ZLWK ORDGLQJ WKH KDVKHV DQG FRQILJXULQJ WKH RSWLRQV FOLFN RQ WKH
%HJLQEXWWRQ7KLVZLOOLQLWLDWHWKHFUDFNLQJSURFHVVDQGWKHWLPHFRQVXPHGWRFUDFNWKH
SDVVZRUG GHSHQGV RQ YDULRXV IDFWRUV OLNH WKH SDVVZRUG VWUHQJWK OHQJWK SUHVHQFH RI
DOSKDQXPHULFVSHFLDOFKDUDFWHUVW\SHRIDWWDFNGLFWLRQDU\K\EULGRUEUXWHIRUFHDQG
WKHVSHHGRI\RXUFRPSXWHU
,IWKHSDVVZRUGFUDFNLQJSURFHVVLVVXFFHVVIXO\RXVKRXOGVHHWKHFUDFNHGSDVVZRUGQH[W
WRWKHXVHUQDPHLQWKHL0phtCrackZLQGRZDVVKRZQEHORZ
Figure 8. 21
COUNTERMEASURES
,QRUGHUWRVHFXUH\RXU:LQGRZVFRPSXWHUIURPDOOWKRVHSRVVLEOHDWWDFNVDVPHQWLRQHGLQ
WKLVFKDSWHUWKHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDW\RXQHHGWRIROORZ
'RQRWDOORZVWUDQJHUVWRDFFHVV\RXUFRPSXWHUGXULQJ\RXUDEVHQFH
,I WKH FRPSXWHU LV RQ D SXEOLF QHWZRUN VXFK DV VFKRRO RU RIILFH SDVVZRUG SURWHFW
WKRVHDFFRXQWVZLWKDGPLQLVWUDWRUDFFHVVDQGRQO\JLYHOLPLWHGDFFRXQWVWRWKHXVHUV
$OZD\VXVHDVWURQJSDVVZRUGWKDWLVKDUGWRJXHVV6WURQJSDVVZRUGVFRQWDLQDPL[
RIDOSKDQXPHULFDQGVSHFLDOFKDUDFWHUVWKDWDUHORQJHQRXJKWRDYRLGUDLQERZWDEOH
DQGEUXWHIRUFHDSSURDFKHV
'LVDEOHDFFHVVWR&''9'GULYHVDQG86%GHYLFHVRQSXEOLFQHWZRUNV
&RQILJXUH%,26WRGLVDEOHERRWLQJIURP86%&''9'DQGRWKHUSRUWDEOHGHYLFHV
3DVVZRUGSURWHFW\RXUFRPSXWHU%,26VRWKDWLWZRXOGQRWEHSRVVLEOHIRUDQDWWDFNHU
WRPRGLI\LWVVHWWLQJVDQGJDLQDFFHVV
6HOHFWWKHXVHUZKRKDVDGPLQLVWUDWRUSULYLOHJHDQGKLWEnter
Figure 8. 5
,QWKHQH[WVFUHHQ\RXZLOOEHDVNHGWRVHOHFWIURPDOLVWRIRSWLRQVWKDW\RXPD\ZDQWWR
SHUIRUP RQ WKH VHOHFWHG XVHU +HUH MXVW VHOHFW WKH RSWLRQ1 ZKLFK LV &OHDU EODQN XVHU
SDVVZRUGDQGKLWEnter
Figure 8. 6
7KLVVKRXOGUHVHWWKHSDVVZRUGIRUWKHXVHUDFFRXQWWRPDNHLWJREODQNVRWKDWWKHQH[W
WLPH\RXUHERRW\RXU:LQGRZV\RXVKRXOGEHDEOHWRORJLQDXWRPDWLFDOO\DVLIWKHUHZDV
QRSDVVZRUGVHWIRUWKDWXVHUDFFRXQW
1RZTXLWHGLWLQJXVHUE\SUHVVLQJqDQGKLWEnterXQWLO\RXSURFHHGWRWKHVFUHHQZKHUH
\RX ZLOO EH DVNHG WR FRQILUP ZULWLQJ EDFN FKDQJHV WR WKH 6$0 ILOH 7KLV VWHS LV YHU\
LPSRUWDQWZKHUH\RXQHHGWRSUHVVyDQGKLWEnterDVVKRZQLQWKHVQDSVKRWEHORZ,I\RX
DFFLGHQWDOO\SUHVVEnterNHHSLQJWKHGHIDXOWRSWLRQZKLFKLVnWKHUHVHWSURFHVVZLOOIDLO
DQGWKHZKROHSURFHGXUHZLOOKDYHWREHUHSHDWHGDJDLQIURPWKHEHJLQQLQJ6RFKDQJLQJ
WKHGHIDXOWRSWLRQIURPnWRyEHIRUHSUHVVLQJEnter LVYHU\LPSRUWDQW
Figure 8. 7
7KLVZLOOFRPSOHWHWKHUHVHWSURFHVVZKHUHWKHH[LVWLQJSDVVZRUGZLOOEHUHPRYHGDQGVHW
WR EODQN 'LVFRQQHFW WKH 86% GHYLFH DQG SUHVV CTRL+ALT+DEL WR UHERRW WKH
FRPSXWHU1RZWKH:LQGRZVVKRXOGOHW\RXORJLQWRWKHV\VWHPZLWKRXWLQVLVWLQJWRHQWHU
WKHSDVVZRUG
7RRYHUFRPHWKLVGUDZEDFNZHZLOOKDYHWRGHYLFHDPHDQVWRUHVWRUHHYHU\WKLQJEDFNWR
QRUPDORQFHWKHSXUSRVHRIEUHDFKLVFRPSOHWHG)RUWKLVZHZLOOKDYHWRWDNHDEDFNXSRI
WKHRULJLQDOSAMILOHEHIRUHPRGLI\LQJLWLQWKHSDVVZRUGUHVHWSURFHVVDQGVDIHO\UHVWRUH
LWEDFNWRPDNHHYHU\WKLQJORRNQRUPDO
7KHSAMILOHLVORFDWHGLQWKHGULYHZKHUHWKH:LQGRZVLVLQVWDOOHGXVXDOO\C:XQGHUWKH
IROORZLQJSDWK\windows\system32\config<RXFDQHDVLO\DFFHVVWKLVORFDWLRQE\ERRWLQJ
XSWKHFRPSXWHUIURP\RXUOLYHKali Linux'9'2QFHWKHKali'9'LVORDGHGGRXEOH
FOLFNWKH&RPSXWHU,FRQSUHVHQWRQWKHGHVNWRSWRRSHQXSWKHH[SORUHUZLQGRZ1RZ
QDYLJDWHWRWKHDERYHORFDWLRQWRILQGWKHSAMILOHDQGEDFNLWXSWRDGLIIHUHQWORFDWLRQ
VXFKDVDGLIIHUHQWGULYHRUWR\RXURZQ86%GHYLFH
Figure 8. 8
1RZUHERRWWKHV\VWHPDQGSHUIRUPWKHSDVVZRUGUHVHWSURFHVVDVGLVFXVVHGHDUOLHU2QFH
\RXDUHGRQHZLWK\RXUZRUNUHERRWWKHV\VWHPDJDLQZLWKKali'9'DQGQDYLJDWHWRWKH
ORFDWLRQ RI SAM ILOH 5HQDPH WKH H[LVWLQJ ILOH WR SAM.OLD DQG UHVWRUH WKH RULJLQDO
SAM ILOH IURP WKH EDFNXS ORFDWLRQ 7KLV VKRXOG EULQJ HYHU\WKLQJ EDFN WR QRUPDO DQG
DYRLGVXVSLFLRQ
Kon-BootLVDKDQG\WRROWKDWDOORZV\RXWRHQWHUDQ\SDVVZRUGSURWHFWHG:LQGRZVXVHU
DFFRXQWZLWKRXWKDYLQJWRHQWHUWKHSDVVZRUGGXULQJWKHORJLQSURFHVV7KHWRRODOORZV
\RXWRFUHDWHDERRWDEOH&'RUD86%GULYH2QFH\RXERRWWKHWDUJHWFRPSXWHUIURPWKLV
ERRWDEOH GHYLFH LW ZLOO YLUWXDOO\ PRGLI\ SDUWV RI :LQGRZV NHUQHO WR ORDG WKH RSHUDWLQJ
V\VWHP LQ D VSHFLDO PRGH ZKHUH \RX ZLOO QRW EH LQVLVWHG WR HQWHU WKH SDVVZRUG 7KH
DGYDQWDJHRIWKLVWRROLVWKDWDOOWKHFKDQJHVDUHWHPSRUDU\DQGGLVDSSHDUDIWHUUHERRWVR
WKDW HYHU\WKLQJ ORRNV QRUPDO WKHUHDIWHU DQG GRHV QRW DURXVH VXVSLFLRQ RI D SRVVLEOH
VHFXULW\EUHDFK
7KLVLVDYHU\VPDOOWRROZKLFKLVOHVVWKDQD0%LQVL]HDQGFDQEHFDUULHGWRWKHWDUJHW
ORFDWLRQLQD86%WKXPEGULYH7RGXPSWKHKDVKHVMXVWRSHQWKHFRPPDQGSURPSWZLWK
DGPLQLVWUDWRU ULJKWV QDYLJDWH WR WKH ORFDWLRQ RI WKH WRRO 3Z'XPSH[H DQG UXQ WKH
IROORZLQJFRPPDQG
PwDump7.exe >> WDUJHWILOHQDPHW[W
$V VKRZQ LQ WKH EHORZ VQDSVKRW , DP UXQQLQJ WKH PwDump.exe IURP P\ 86% WKXPE
GULYH M: DQG GXPSLQJ WKH KDVK GHWDLOV LQ D ILOH FDOOHG hash.txt 7KLV ILOH VKRXOG JHW
FUHDWHGLQWKHVDPHGLUHFWRU\IURPZKLFKPwDump.exeLVUXQQLQJ
Figure 8. 9
7KH hash.txt ILOH FRQWDLQV D OLVW RI H[LVWLQJ XVHU DFFRXQWV RQ WKH PDFKLQH DQG WKHLU
FRUUHVSRQGLQJNTLMKDVKHVDVVKRZQEHORZ
Figure 8. 10
Dumping Hashes Without Administrator Access
7KH SUHYLRXV VHFWLRQ VKRZV KRZ WR GXPS SDVVZRUG KDVKHV ZKHQ \RX DOUHDG\ KDYH
DGPLQLVWUDWRUDFFHVVWRWKHWDUJHWPDFKLQH:KDWLI\RXGRQRWKDYHDGPLQLVWUDWRUDFFHVV"
,QWKLVFDVH\RXFDQXVH\RXUKali Linux/LYH'9'WRERRWXSWKHV\VWHPDQGORDGWKH
/LQX[)URPKHUHDFFHVVWKHGULYHRQZKLFKWKH:LQGRZV26LVLQVWDOOHGDQGQDYLJDWHWR
\windows\system32\config\)URPKHUHFRS\WKHWZRILOHVSAMDQGSYSTEMRQWR\RXU
86%GHYLFHVRWKDW\RXFDQFDUU\WKHPWR\RXUFRPSXWHUIRURIIOLQHSDVVZRUGFUDFNLQJ
Figure 8. 11
&5$&.,1*7+(:,1'2:63$66:25'
$IWHU VXFFHVVIXOO\ GXPSLQJ WKH SDVVZRUG KDVKHV ZH FDQ QRZ HDVLO\ FUDFN WKHP XVLQJ
GLIIHUHQWWRROVDQGDSSURDFKHVDVPHQWLRQHGEHORZ
)URP WKH DERYH OLQN GRZQORDG WKH LQVWDOODEOH YHUVLRQ RI Ophcrack QRW WKH /LYH &'
YHUVLRQ DQG LQVWDOO LW RQ \RXU V\VWHP 'XULQJ WKH LQVWDOODWLRQ SURFHVV ZKHQ WKH RSWLRQ
FRPHVXSWRGRZQORDGUDLQERZWDEOHVXQFKHFNWKHPDOODQGMXVWLQVWDOOWKHSURJUDP,WLV
DOZD\VEHWWHUWRGRZQORDGWKHUDLQERZWDEOHVVHSDUDWHO\
Figure 8. 12
2QFH\RXKDYHLWLQVWDOOHGRQ\RXUV\VWHPJRWRWKHOphcrack websiteIURPWKHDERYH
OLQN DQG FOLFN RQ Tables LQ WKH QDYLJDWLRQ PHQX +HUH \RX VKRXOG VHH D OLVW RI UDLQERZ
WDEOHV\RXFDQGRZQORDG
,I\RXZDQWWRFUDFNWKHSDVVZRUGVRIWindows XPDQGSULRURSHUDWLQJV\VWHPVGRZQORDG
WKHWDEOHVIURPWKHLM hashesVHFWLRQ)RURSHUDWLQJV\VWHPVDIWHU;3VXFKDVWindows
Vista7DQG8 GRZQORDGWKHWDEOHVIURPWKHNT hashesVHFWLRQ
Figure 8. 13
Figure 8. 14
Figure 8. 15
2QFHWKHKDFNHUVJDLQDFFHVVDQGWDNHFRQWURORIWKHV\VWHPWKHQH[WVWHSWKH\PD\WU\WR
GRLVWRKLGHVRPHFULWLFDOILOHVDQGLQIRUPDWLRQRQLW7KHKDFNHUPD\GHFLGHWRKLGHILOHV
IRUODWHUH[HFXWLRQRUXVHWKHYLFWLPVFRPSURPLVHGV\VWHPWRVWRUHLQIRUPDWLRQVHFUHWO\VR
WKDWLWFDQEHDFFHVVHGODWHUDQGVHQWWRWKHILQDOGHVWLQDWLRQZKHUHLWLVLQWHQGHGWRJR,Q
WKLVFKDSWHUZHZLOOGLVFXVVVRPHRIWKHSRSXODUWHFKQLTXHVWRKLGHILOHVDQGLQIRUPDWLRQ
RQ D V\VWHP /HW XV VWDUW ZLWK WKH VLPSOH RQHV DQG JUDGXDOO\ DGYDQFH WR PRUH FRPSOH[
WHFKQLTXHV
Figure 8. 18
:KHQ HYHU\WKLQJ LV ORDGHG DQG UHDG\ DV VKRZQ LQ WKH DERYH VQDSVKRW FOLFN RQ
&UDFNEXWWRQDQGVLWHEDFNSDWLHQWO\7KHFUDFNLQJSURFHVVZLOOWDNHIURPDQ\ZKHUH
EHWZHHQIHZPLQXWHVWRIHZKRXUVWRFRPSOHWHGHSHQGLQJXSRQWKHVL]HRIWKHWDEOH
DQG VWUHQJWK RI WKH SDVVZRUG ,I LW LV VXFFHVVIXO WKH FUDFNHG SDVVZRUG ZLOO EH
GLVSOD\HGDORQJZLWKWKHWLPHWDNHQWRFUDFNDVVKRZQEHORZ
Figure 8. 19
,I \RX EHFRPH XQVXFFHVVIXO LQ FUDFNLQJ WKH SDVVZRUG \RX PD\ WU\ D GLIIHUHQW UDLQERZ
WDEOHWKDWFRYHUVPRUHFKDUDFWHUVDQGORQJSDVVZRUGV
GD\VWRFRPSOHWHWKHFUDFNLQJSURFHVV6LQFHOphcrackLVQRWVRHIIHFWLYHIRUWKHEUXWH
IRUFHDSSURDFKZHZLOOXVHDQRWKHUSRZHUIXOWRROFDOOHGL0phtCrackZKLFKLVDYDLODEOH
IURPWKHOLQNEHORZ
L0PhtCrack Download: http://www.l0phtcrack.com/download.html
$IWHULQVWDOOLQJL0phtCrack&OLFNRQ,PSRUWKDVKHVEXWWRQIURPWKHPDLQZLQGRZWR
ORDGWKHKDVKHV<RXKDYHWKHRSWLRQWRORDGWKHKDVKHVIURPERWKWKH3:'803ILOHDV
ZHOODV6$0ILOH
Figure 8. 20
&OLFNRQWKH6HVVLRQ2SWLRQVEXWWRQWRIXUWKHUFRQILJXUHGLIIHUHQWDXGLWLQJRSWLRQVVXFK
DVGLFWLRQDU\DQGEUXWHIRUFHDWWDFNV<RXFDQHQDEOHRUGLVDEOHVSHFLILFDWWDFNVDQGDOVR
FXVWRPL]H FKDUDFWHU VHW SDVVZRUG OHQJWK DQG UDQJH RSWLRQV IRU EUXWHIRUFH DSSURDFK
&RQILJXULQJ WKH DXGLWLQJ RSWLRQV ZLVHO\ FDQ DYRLG XQQHFHVVDU\ WLPH GHOD\ DQG WKHUHE\
VSHHGXSWKHSDVVZRUGFUDFNLQJSURFHVV
2QFH \RX DUH GRQH ZLWK ORDGLQJ WKH KDVKHV DQG FRQILJXULQJ WKH RSWLRQV FOLFN RQ WKH
%HJLQEXWWRQ7KLVZLOOLQLWLDWHWKHFUDFNLQJSURFHVVDQGWKHWLPHFRQVXPHGWRFUDFNWKH
SDVVZRUG GHSHQGV RQ YDULRXV IDFWRUV OLNH WKH SDVVZRUG VWUHQJWK OHQJWK SUHVHQFH RI
DOSKDQXPHULFVSHFLDOFKDUDFWHUVW\SHRIDWWDFNGLFWLRQDU\K\EULGRUEUXWHIRUFHDQG
WKHVSHHGRI\RXUFRPSXWHU
,IWKHSDVVZRUGFUDFNLQJSURFHVVLVVXFFHVVIXO\RXVKRXOGVHHWKHFUDFNHGSDVVZRUGQH[W
WRWKHXVHUQDPHLQWKHL0phtCrackZLQGRZDVVKRZQEHORZ
Figure 8. 21
COUNTERMEASURES
,QRUGHUWRVHFXUH\RXU:LQGRZVFRPSXWHUIURPDOOWKRVHSRVVLEOHDWWDFNVDVPHQWLRQHGLQ
WKLVFKDSWHUWKHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDW\RXQHHGWRIROORZ
'RQRWDOORZVWUDQJHUVWRDFFHVV\RXUFRPSXWHUGXULQJ\RXUDEVHQFH
,I WKH FRPSXWHU LV RQ D SXEOLF QHWZRUN VXFK DV VFKRRO RU RIILFH SDVVZRUG SURWHFW
WKRVHDFFRXQWVZLWKDGPLQLVWUDWRUDFFHVVDQGRQO\JLYHOLPLWHGDFFRXQWVWRWKHXVHUV
$OZD\VXVHDVWURQJSDVVZRUGWKDWLVKDUGWRJXHVV6WURQJSDVVZRUGVFRQWDLQDPL[
RIDOSKDQXPHULFDQGVSHFLDOFKDUDFWHUVWKDWDUHORQJHQRXJKWRDYRLGUDLQERZWDEOH
DQGEUXWHIRUFHDSSURDFKHV
'LVDEOHDFFHVVWR&''9'GULYHVDQG86%GHYLFHVRQSXEOLFQHWZRUNV
&RQILJXUH%,26WRGLVDEOHERRWLQJIURP86%&''9'DQGRWKHUSRUWDEOHGHYLFHV
3DVVZRUGSURWHFW\RXUFRPSXWHU%,26VRWKDWLWZRXOGQRWEHSRVVLEOHIRUDQDWWDFNHU
WRPRGLI\LWVVHWWLQJVDQGJDLQDFFHVV
Chapter 9 - Malware
0DOZDUHLVDFROOHFWLYHWHUPXVHGWRUHSUHVHQWYLUXVZRUPVVS\ZDUHDQGRWKHUPDOLFLRXV
SURJUDPVRXWWKHUHRQWKH,QWHUQHW,QVLPSOHZRUGVDQ\VRIWZDUHSURJUDPWKDWLVLQWHQGHG
WRFDXVHGLUHFWRULQGLUHFWKDUPWRWKHFRPSXWHUV\VWHPLVUHIHUUHGWRDVDPDOZDUH
6RPHPDOZDUHSURJUDPVFDQFDXVHVHULRXVSUREOHPVVXFKDVGHVWUR\LQJWKHV\VWHPILOHV
FDXVLQJ GLVUXSWLRQ WR WKH FRPSXWHU RSHUDWLRQ RU JDWKHULQJ VHQVLWLYH LQIRUPDWLRQ ZKLOH
RWKHUV PD\ RQO\ KDYH D OLJKW LPSDFW VXFK DV UHGLUHFWLQJ ZHEVLWHV WR ORDG SRUQRJUDSKLF
FRQWHQWRUDQQR\LQJWKHXVHUVZLWKSRSXSVDQGEDQQHUV
Computer Virus
$VZHDOONQRZWKLVLVWKHW\SHRIPDOZDUHWKDWKDVEHFRPHKLJKO\SRSXODUDQGLVRQHRI
WKH PRVW ZLGHO\ GLVFXVVHG WRSLF LQ WKH ILHOG RI FRPSXWHU VHFXULW\ $ virus LV MXVW D
FRPSXWHUSURJUDPWKDWLVGHVLJQHGWRWDNHXQDXWKRUL]HGFRQWURORIWKHLQIHFWHGFRPSXWHU
VRDVWRFDXVHKDUPWRWKHV\VWHPVGDWDRUGHJUDGHLWVSHUIRUPDQFH
Mode of Operation:
&RPSXWHUYLUXVHVRSHUDWHVE\DWWDFKLQJWKHPVHOYHVWRDQDOUHDG\H[LVWLQJILOHRUSURJUDP
DQGUHSOLFDWHVLWVHOIWRVSUHDGIURPRQHFRPSXWHUWRDQRWKHU,QPRVWFDVHVWKH\WHQGWR
LQIHFWH[HFXWDEOHILOHVWKDWDUHSDUWVRIOHJLWLPDWHSURJUDPV6RZKHQHYHUWKHLQIHFWHGILOH
LV H[HFXWHG RQ D QHZ FRPSXWHU WKH YLUXV JHWV DFWLYDWHG DQG EHJLQV WR RSHUDWH E\
UHSOLFDWLQJIXUWKHURUFDXVLQJWKHLQWHQGHGGDPDJHWRWKHV\VWHP
$YLUXVFDQQRWSHUIRUPLWVWDVNRIKDUPLQJDQGUHSOLFDWLRQXQOHVVLWLVDOORZHGWRH[HFXWH
7KLVLVWKHUHDVRQZK\YLUXVHVRIWHQFKRRVHDQH[HFXWDEOHILOHDVLWVKRVWDQGJHWDWWDFKHG
WRWKHP9LUXVHVDUHPDLQO\FODVVLILHGLQWRWZRW\SHV
Non-Resident Viruses: 7KLV NLQG RI YLUXV ZLOO H[HFXWH DORQJ ZLWK LWV KRVW SHUIRUP WKH
QHHGIXODFWLRQRIILQGLQJDQGLQIHFWLQJWKHRWKHUSRVVLEOHILOHVDQGHYHQWXDOO\WUDQVIHUVWKH
FRQWUROEDFNWRWKHPDLQSURJUDPKRVW7KHRSHUDWLRQRIWKHYLUXVZLOOWHUPLQDWHDORQJ
ZLWKWKDWRILWVKRVW
Resident Viruses: ,QFDVHRIUHVLGHQWYLUXVHVZKHQHYHUWKHLQIHFWHGSURJUDPLVUXQE\WKH
XVHU WKH YLUXV JHWV DFWLYDWHG ORDGV LWV UHSOLFDWLRQ PRGXOH LQWR WKH PHPRU\ DQG WKHQ
WUDQVIHUVWKHFRQWUROEDFNWRWKHPDLQSURJUDP,QWKLVFDVHWKHYLUXVVWLOOUHPDLQVDFWLYHLQ
WKHPHPRU\ZDLWLQJIRUDQRSSRUWXQLW\WRILQGDQGLQIHFWRWKHUILOHVHYHQDIWHUWKHPDLQ
SURJUDPKRVWKDVEHHQWHUPLQDWHG
Damages Caused:
9LUXVHVDUHNQRZQWRFDXVHGHVWUXFWLRQRIGDWDDQGVRIWZDUHSURJUDPV,QVRPHFDVHVD
YLUXVPD\GRQRWKLQJRWKHUWKDQMXVWUHSOLFDWLQJLWVHOI+RZHYHUWKH\DUHUHVSRQVLEOHIRU
XVLQJDODUJHSRUWLRQRIWKHV\VWHPUHVRXUFHVVXFKDV&38DQGPHPRU\ZKLFKUHVXOWVLQ
WKHSHUIRUPDQFHGHJUDGDWLRQRIWKHFRPSXWHU
Worms
Worms DUH VWDQGDORQH FRPSXWHU SURJUDPV ZLWK D PDOLFLRXV LQWHQW WKDW VSUHDG IURP RQH
FRPSXWHUWRDQRWKHU8QOLNHYLUXVHVZRUPVKDYHWKHDELOLW\WRRSHUDWHLQGHSHQGHQWO\DQG
KHQFHGRQRWDWWDFKWKHPVHOYHVWRDQRWKHUSURJUDP
Mode of Operation:
:RUPV RIWHQ XVH D FRPSXWHU QHWZRUN WR VSUHDG LWVHOI E\ H[SORLWLQJ WKH VHFXULW\
YXOQHUDELOLWLHV WKDW H[LVW LQVLGH WKH LQGLYLGXDO FRPSXWHUV ,Q PRVW FDVHV ZRUPV DUH
GHVLJQHGRQO\WRVSUHDGZLWKRXWFDXVLQJDQ\VHULRXVFKDQJHWRWKHFRPSXWHUV\VWHP
Damages Caused:
8QOLNH YLUXVHV ZRUPV GR QRW FDXVH GDPDJH WR WKH V\VWHP ILOHV DQG RWKHU LPSRUWDQW
SURJUDPV+RZHYHUWKH\DUHUHVSRQVLEOHIRUFRQVXPLQJWKHEDQGZLGWKWKHUHE\GHJUDGLQJ
WKHSHUIRUPDQFHRIWKHQHWZRUN
Mode of Operation:
$5$7FDQEHLQVWDOOHGPDQXDOO\E\WKHDWWDFNHUZKHQKHJHWVDGPLQLVWUDWRUDFFHVVWRD
V\VWHP 7KH\ FDQ DOVR EH DWWDFKHG WR RWKHU PDOLFLRXV SURJUDPV OLNH D WURMDQ KRUVH WR
GHOLYHULWWRWKHWDUJHWV\VWHP2QFHLQVWDOOHGD5$7FDQLPPHGLDWHO\DOORZWKHKDFNHUWR
UHPRWHO\WDNHFRQWURORIWKHV\VWHP
Damages Caused:
:LWKWKHKHOSRID5$7DQDWWDFNHUFDQFDUU\RXWWKHIROORZLQJRSHUDWLRQVRQWKHWDUJHW
V\VWHP
:DWFK/LYHVFUHHQDFWLYLWLHVDQGFDSWXUHVFUHHQVKRWV
5HDG:ULWH8SORDG'RZQORDGILOHVDQGIROGHUV
,QVWDOO8QLQVWDOODGGLWLRQDOPDOZDUHSURJUDPV
0RGLI\5HJLVWU\VXFKDVDGGHGLWGHOHWHHQWULHV
3RZHURII5HERRWWKHV\VWHP
$V\RXFDQVHHIURPWKHDERYHOLVWWKHUHLVYLUWXDOO\QRRSHUDWLRQWKDWWKHDWWDFNHUFDQQRW
SHUIRUPZLWKWKHXVHRID5$76RPHRIWKHH[DPSOHVRISRSXODU5$7VLQFOXGHPsTools
RadminDQGLogMeIn
Keystroke Loggers
$ keystroke logger RU VLPSO\ NQRZQ DV D keylogger LV D SURJUDP WKDW LV GHVLJQHG WR
UHFRUGHYHU\NH\VWURNHW\SHGRQWKHFRPSXWHUVNH\ERDUG
Mode of Operation:
$ NH\ORJJHU SURJUDP FDQ EH LQVWDOOHG PDQXDOO\ ZLWK SK\VLFDO DFFHVV WR WKH V\VWHP RU
UHPRWHO\XVLQJDRWKHUSURJUDPVOLNH5$72QFHWKHLQVWDOODWLRQLVFRPSOHWHDNH\ORJJHU
RSHUDWHVLQDFRPSOHWHVWHDOWKPRGHE\KLGLQJLWVHOIIURPZHOONQRZQSODFHVVXFKDVWKH
SURJUDPVIROGHUV\VWHPWUD\DGGUHPRYHSURJUDPVWDVNPDQDJHUHWFVRWKDWWKHYLFWLPV
RIWKHFRPSXWHUZLOOUHPDLQXQDZDUHRILWVSUHVHQFH
Damages Caused:
$ NH\ORJJHU ZLOO FDSWXUH HYHU\ NH\VWURNH W\SHG RQ WKH FRPSXWHUV NH\ERDUG LQFOXGLQJ
SDVVZRUGV EDQN ORJLQV FUHGLW FDUG GHWDLOV HPDLOV FKDW FRQYHUVDWLRQ HWF DQG VWRUHV WKH
ORJVLQDVDIHSODFHVRDVWREHDFFHVVLEOHRQO\WRWKHDWWDFNHU6RPHNH\ORJJHUVFDQDOVR
VHQGWKHORJVYLDHPDLORUXSORDGWKHPWRWKHKDFNHUV)73DFFRXQW
6RPHRIWKHSRSXODUNH\VWURNHORJJHUVLQFOXGHElite KeyloggerPowered KeyloggerDQG
Actual Keylogger
Spyware
SpywareLVDW\SHRIPDOLFLRXVVRIWZDUHWKDWFDQFROOHFWLQIRUPDWLRQDERXWWKHDFWLYLWLHVRI
WKHWDUJHWFRPSXWHUZLWKRXWWKHNQRZOHGJHRILWVXVHUV0RVWVS\ZDUHSURJUDPVDOVRFRPH
SUHORDGHGZLWKDNH\ORJJHUZKLFKPDNHVWKHPPRUHSRZHUIXO7KHVHW\SHRISURJUDPV
DUHRIWHQLQVWDOOHGE\WKHRZQHURUDGPLQLVWUDWRURIWKHFRPSXWHULQRUGHUWRPRQLWRUWKH
DFWLYLWLHV RI WKH XVHUV RQ LW 7KLV FDQ EH D SDUHQW WU\LQJ WR PRQLWRU KLVKHU FKLOG RU D
FRPSDQ\RZQHUWU\LQJWRPRQLWRUWKHLUHPSOR\HHV8QIRUWXQDWHO\LWFDQDOVREHXVHGE\
KDFNHUVDQGFULPLQDOVWRVS\RQXVHUVRIWKHLUWDUJHWPDFKLQHV
Mode of Operation:
6S\ZDUHV DUH GHVLJQHG WR RSHUDWH LQ D WRWDOO\ VWHDOWK PRGH VR WKDW LWV SUHVHQFH LV
FRPSOHWHO\KLGGHQIURPWKHXVHUVRIWKHFRPSXWHU2QFHLQVWDOOHGWKH\VLOHQWO\PRQLWRUDOO
WKH DFWLYLWLHV RI WKH FRPSXWHU VXFK DV NH\VWURNHV ZHE DFWLYLW\ VFUHHQVKRWV HPDLOV ,0
ORJV HWF 7KHVH ORJV DUH VWRUHG VHFUHWO\ IRU ODWHU DFFHVV RU XSORDGHG RQOLQH VR WKDW WKH
LQVWDOOHURIWKHVS\ZDUHSURJUDPFDQKDYHDFFHVVWRWKHP
Damages Caused:
$SDUWIURPPRQLWRULQJVS\ZDUHVGRQRWFDXVHDQ\GDPDJHWRWKHFRPSXWHU+RZHYHULQ
VRPHFDVHVWKHDIIHFWHGFRPSXWHUPD\H[SHULHQFHGHJUDGDWLRQLQLWVSHUIRUPDQFH
SniperSpySpyAgentDQG WebWatcher DUH VRPH RI WKH H[DPSOHV RI SRSXODU VS\ZDUH
SURJUDPV
Rootkits
Rootkit LV D VSHFLDO W\SH RI PDOLFLRXV SURJUDP GHVLJQHG E\ WKH KDFNHU WR KLGH FHUWDLQ
SURJUDPVOLNHVS\ZDUHNH\ORJJHUVDQGRWKHUSURFHVVHVIURPQRUPDOPHWKRGVRIGHWHFWLRQ
VRDVWRHQDEOHFRQWLQXHGSULYLOHJHGDFFHVVWRWKHWDUJHWFRPSXWHU
Mode of operation:
5RRWNLWVDUHRIWHQLQVWDOOHGE\WKHDWWDFNHUDVVRRQDVKHJDLQVDGPLQLVWUDWRUOHYHODFFHVV
WRWKHWDUJHW5RRWNLWVRSHUDWHE\PRGLI\LQJWKHNHUQHORIWKHRSHUDWLQJV\VWHPLWVHOIZKLFK
PDNHVLWUHDOO\KDUGWRGHWHFW
Damage caused:
5RRWNLWVFDXVHDVHULRXVGDPDJHWRWKHV\VWHPDVLWPRGLILHVWKH26NHUQHOWRFDUU\RXW
RSHUDWLRQV8QOHVVLWLVUHPRYHGFRPSOHWHO\LWFDQEHYHU\GDQJHURXV
Trojan Horse
$trojan horseRUVLPSO\FDOOHGDVtrojanLVDW\SHRIPDOLFLRXVSURJUDPWKDWGLVJXLVHV
LWVHOIDVVRPHWKLQJWKDWLVOHJLWLPDWHRUXVHIXO7KHPDLQSXUSRVHRIDWURMDQLVWRJDLQWKH
WUXVWRIWKHXVHUE\GLVJXLVLQJLWVHOIDVDXVHIXOSURJUDPRURWKHUXWLOLW\VRWKDWLWJHWVWKH
SHUPLVVLRQ WR EH LQVWDOOHG %XW IURP WKH EDFN HQG LW LV GHVLJQHG WR JUDQW XQDXWKRUL]HG
FRQWURORIWKHFRPSXWHUWRWKHKDFNHUE\LQVWDOOLQJD5$76S\ZDUHRUD5RRWNLW
Mode of Operation:
$7URMDQKRUVHGRQRWGHSHQGRQWKHKRVWWRFDUU\RXWLWVRSHUDWLRQ6RXQOLNHDFRPSXWHU
YLUXVLWGRHVQRWWHQGWRDWWDFKLWVHOIWRRWKHUILOHV7URMDQVDUHRIWHQGLVJXLVHGDVYLGHR
FRGHF VRIWZDUH FUDFNV NH\JHQV DQG RWKHU VLPLODU SURJUDPV GRZQORDGHG IURP XQWUXVWHG
VRXUFHV 6R RQH KDV WR EH FDUHIXO DERXW WKRVH XQWUXVWHG ZHEVLWHV WKDW RIIHU IUHH
GRZQORDGV
2QHRIWKHPRVWSRSXODUH[DPSOHLVWKHDNSChanger TrojanWKDWZDVGHVLJQHGWRKLMDFN
WKH '16 VHUYHUV RI WKH YLFWLPL]HG FRPSXWHUV ,W ZDV GLVWULEXWHG E\ VRPH RI WKH URJXH
SRUQRJUDSKLFZHEVLWHVDVDYLGHRFRGHFQHHGHGWRYLHZRQOLQHFRQWHQW
Damages Caused:
7URMDQKRUVHVDUHNQRZQWRFDXVHDZLGHYDULHW\RIGDPDJHVVXFKDVVWHDOLQJSDVVZRUGV
DQGORJLQGHWDLOVHOHFWURQLFPRQH\WKHIWORJJLQJNH\VWURNHVPRGLI\LQJRUGHOHWLQJILOHV
PRQLWRULQJXVHUDFWLYLW\DQGVRRQ
COUNTERMEASURES
7KH IROORZLQJ DUH VRPH RI WKH FRXQWHUPHDVXUHV WKDW \RX FDQ WDNH WR SUHYHQW PDOZDUH
DWWDFNRQ\RXUV\VWHPV
'HSOR\DWZRZD\ILUHZDOOZKLFKPDQDJHVERWKLQERXQGDVZHOODVRXWERXQGWUDIILF
,QVWDOODJRRGDQWLYLUXVSURJUDPDQGNHHSLWXSWRGDWH3HULRGLFDOO\UXQIXOOV\VWHP
VFDQVWRGHWHFWDQGUHPRYHNH\ORJJHUVS\ZDUHDQGURRWNLWV
.HHSXSWRGDWHRQDOOVHFXULW\VRIWZDUHSDWFKHV8VHDXWRPDWLFXSGDWHVWRNHHS\RXU
:LQGRZVSDWFKHGIRUODWHVWWKUHDWVDQGYXOQHUDELOLWLHV
,QVWDOO DGGLWLRQDO VHFXULW\ SURJUDPV VXFK DV DQWLVS\ZDUH DQWLNH\ORJJHUV DQG DQWL
URRWNLWV
5XQ ZLWK OHDVW SULYLOHJH /RJ LQ DV DGPLQLVWUDWRU RQO\ ZKHQ UHTXLUHG )RU OLJKWHU
DFWLYLWLHVOLNHEURZVLQJWKH,QWHUQHWDQGUHDGLQJHPDLOVORJLQZLWKDQDFFRXQWWKDWKDV
OLPLWHGDFFHVV
6FDQXQNQRZQSURJUDPVZLWKDQXSWRGDWHDQWLYLUXVVRIWZDUHEHIRUHLQVWDOOLQJWKHP
RQ\RXUV\VWHP
7DNH SHULRGLF EDFNXSV RI \RXU V\VWHP VR WKDW LQ FDVH RI GDWD ORVV RU GDPDJH IURP
PDOZDUH\RXFRXOGHDVLO\UHYHUWEDFNWRDSUHYLRXVGDWHRIQRUPDOZRUNLQJFRQGLWLRQ
2QFHWKHKDFNHUVJDLQDFFHVVDQGWDNHFRQWURORIWKHV\VWHPWKHQH[WVWHSWKH\PD\WU\WR
GRLVWRKLGHVRPHFULWLFDOILOHVDQGLQIRUPDWLRQRQLW7KHKDFNHUPD\GHFLGHWRKLGHILOHV
IRUODWHUH[HFXWLRQRUXVHWKHYLFWLPVFRPSURPLVHGV\VWHPWRVWRUHLQIRUPDWLRQVHFUHWO\VR
WKDWLWFDQEHDFFHVVHGODWHUDQGVHQWWRWKHILQDOGHVWLQDWLRQZKHUHLWLVLQWHQGHGWRJR,Q
WKLVFKDSWHUZHZLOOGLVFXVVVRPHRIWKHSRSXODUWHFKQLTXHVWRKLGHILOHVDQGLQIRUPDWLRQ
RQ D V\VWHP /HW XV VWDUW ZLWK WKH VLPSOH RQHV DQG JUDGXDOO\ DGYDQFH WR PRUH FRPSOH[
WHFKQLTXHV
,QWKH3URSHUWLHVZLQGRZXQGHUWKH$WWULEXWHVVHFWLRQFKHFNWKHER[ZKLFKVD\V
+LGGHQDQGFOLFNRQ2.
7KLVZLOOPDNHWKHVHOHFWHGILOHRUIROGHUJRLQYLVLEOH7RYLHZWKHKLGGHQILOHVDQGIROGHUV
IROORZWKHLQVWUXFWLRQEHORZ
2SHQWKH&RQWURO3DQHOE\FOLFNLQJWKH6WDUWEXWWRQ
1RZFOLFNRQ$SSHDUDQFHDQG3HUVRQDOL]DWLRQDQGWKHQRQ)ROGHU2SWLRQV
6ZLWFKWR9LHZWDEFKHFNWKHRSWLRQ6KRZKLGGHQILOHVIROGHUVDQGGULYHVXQGHU
$GYDQFHG6HWWLQJVDQGFOLFNRQ2.
7KLVVKRXOGXQKLGHDOOWKHKLGGHQILOHVDQGIROGHUV+RZHYHUWKHGUDZEDFNRIWKLVPHWKRG
LVWKDWPRVWXVHUVDUHDZDUHRIWKLVDQGKHQFHWKHKLGGHQILOHVFDQHDVLO\EHXQFRYHUHG,Q
RUGHU WR FRXQWHU WKLV GUDZEDFN VRPH RI WKH DGYDQFHG LQIRUPDWLRQ KLGLQJ PHWKRGV DUH
GLVFXVVHGEHORZ
7\SHWKHIROORZLQJFRPPDQGDQGKLW(QWHU
Example Command: notepad IORZHUVMSJKLGGHQLQIR
Figure 10. 1
$V VKRZQ LQ WKH DERYH VQDSVKRW , DP LVVXLQJ WKH DERYH FRPPDQG RQ
flowers.jpgSUHVHQWLQVLGHWKHIROGHUQDPHGHidden Info
1RZ :LQGRZV ZLOO FUHDWH D QHZ ADS IRU WKH VSHFLILHG ILOH DQG RSHQ LW LQ D QHZ
QRWHSDG ZLWK D PHVVDJH ZLQGRZ 'R \RX ZDQW WR FUHDWH D QHZ ILOH" DV VKRZQ
EHORZ
Figure 10. 2
&OLFNRQ<HVDQGW\SHWKHFRQWHQWWKDW\RXZLVKWRKLGHRQWRLWDQGRQFH\RXDUH
GRQHVDYHDQGFORVHWKHQRWHSDG
1RZDOO\RXUVHFUHWPHVVDJHZLOOEHVWRUHGLQDQHZADSFDOOHGhiddeninfoLQVLGH
WKHILOHflowers.jpg
7RWKHRXWVLGHZRUOGWKHflowers.jpgLVMXVWDQLPDJHILOHEXWRQO\WKHKDFNHUNQRZWKDWLW
FRQWDLQVKLGGHQGDWDLQVLGHLW(YHQLIWKHILOHLVPRYHGWRDQRWKHUV\VWHP17)6RQO\LW
VWLOOFDUULHVWKHKLGGHQLQIRUPDWLRQDORQJZLWKLW
7RYLHZWKHKLGGHQLQIRDOO\RXQHHGWRGRLVDJDLQW\SHWKHVDPHFRPPDQGDVnotepad
flowers.jpg:hiddeninfo LQ WKH FRPPDQG SURPSW 7KLV ZLOO RSHQ XS WKH ADS FRQWDLQHG
LQVLGHWKHflowers.jpgILOHLQDQRWHSDGGLVSOD\LQJDOOWKHKLGGHQWH[WWKDWZDVSUHYLRXVO\
VWRUHG
ADSWHFKQLTXHKDVDVPDOOGUDZEDFN,IWKLVILOHLVFRSLHGRUPRYHGRQWRDGLIIHUHQWILOH
V\VWHP VXFK DV FAT32 DOO WKH ADS LQIRUPDWLRQ ZLOO EH GURSSHG DQG WKH KLGGHQ
LQIRUPDWLRQZLOOEHORVW
STEGANOGRAPHY
Steganography LV D PHDQV RI REVFXULQJ GDWD ZKHUH VHFUHW PHVVDJHV DUH KLGGHQ
LQVLGHFRPSXWHUILOHVVXFKDVLPDJHVVRXQGILOHVYLGHRVDQGHYHQH[HFXWDEOHILOHVVRWKDW
QRRQHH[FHSWWKHFUHDWRUZLOONQRZDERXWWKHH[LVWHQFHRIVWHDOWKLQIRUPDWLRQLQLW
6WHJDQRJUDSK\ PD\ DOVR LQYROYH WKH XVDJH RI FU\SWRJUDSK\ ZKHUH WKH PHVVDJH LV ILUVW
HQFU\SWHG EHIRUH LW LV FRQFHDOHG LQ DQRWKHU ILOH *HQHUDOO\ WKH PHVVDJHV DSSHDU WR EH
VRPHWKLQJHOVHVXFKDVDQLPDJHVRXQGRUYLGHRVRWKDWWKHSUHVHQFHRIVHFUHWGDWDLQLW
UHPDLQVXQVXVSHFWHG
7KH PDLQ DGYDQWDJH RI VWHJDQRJUDSK\ RYHU RWKHU LQIRUPDWLRQ KLGLQJ PHWKRGV LV WKDW LW
ZLOO QRW DURVH VXVSLFLRQ HYHQ LI WKH ILOHV IDOO LQ WKH KDQGV RI D WKLUG SDUW\ 8QOLNH
FU\SWRJUDSK\ ZKLFK RQO\ HQFU\SWV LQIRUPDWLRQ VWHJQRJUDSK\ XVHV ERWK HQFU\SWLRQ DQG
REVFXULW\RIGDWDLQDQRUPDOILOH7KLVPDNHVVWHJQDQRJUDSK\KDUGWRGHWHFWDVWKHILOHV
ORRNFRPSOHWHO\QRUPDOIURPRXWVLGH
6WHJQRJUDSKLF WRROV LPSOHPHQW LQWHOOLJHQW DOJRULWKPV WR FDUHIXOO\ HPEHG WKH HQFU\SWHG
WH[WPHVVDJHVRUELQDU\GDWDLQVLGHRWKHUODUJHUILOHVVXFKDVDQLPDJHDXGLRYLGHRRUDQ
H[HFXWDEOHILOH6RPHWRROVZLOOHPEHGWKHHQFU\SWHGGDWDDWWKHHQGRIDQRWKHUILOHVRWKDW
WKHUHZLOOEHHQRXJKURRPIRUVWRULQJODUJHUGDWD
7KHUH DUH PDQ\ VWHJDQRJUDSLF WRROV DYDLODEOH RQOLQH EXW RQO\ D IHZ DUH DEOH WR ZRUN
IODZOHVVO\,GLGQRWILQGDQ\WRROWKDWZRUNHGSHUIHFWO\RQERWKVPDOODQGODUJHGDWD7R
FRXQWHUWKLVSUREOHP,KDYHPDQDJHGWRGHYHORSP\RZQWRROWKDWFDQZRUNSHUIHFWO\RQ
DOO W\SHV RI ILOHV DQG DOO VL]H RI GDWD , KDYH QDPHG WKH WRRO DV StegoMagic <RX FDQ
GRZQORDGLWIURPWKHIROORZLQJOLQN
Download StegoMagic
7KH]LSILOHFRQWDLQVWZRYHUVLRQVRIStegoMagic2QHIRUHQFU\SWLQJWKHWH[WPHVVDJHV
DQG WKH RWKHU IRU HQFU\SWLQJ ELQDU\ ILOHV StegoMagic_TXT FDQ EH XVHG WR KLGH WH[W
PHVVDJHVLQRWKHUILOHVVXFKDVDQLPDJHRUDVRXQGILOHStegoMagic_BINFDQEHXVHGWR
KLGH RQH ELQDU\ ILOH LQ DQRWKHU VXFK DV DQ H[HFXWDEOH ILOH LQVLGH DQ LPDJH RU DQ LPDJH
LQVLGHDYLGHRILOHDQGVRRQ
Figure 10. 3
:LWK StegoMagic WKHUH LV QR OLPLWDWLRQ RQ WKH VL]H DQG W\SH RI WKH ILOH WKDW \RX DUH
LQWHQGLQJWRKLGH)RUH[DPSOH\RXFDQKLGHDYLGHRRIVL]H*%LQDQLPDJHRIVL]H
0% RU KLGH DQ H[HFXWDEOH ILOH LQVLGH D :25' GRFXPHQW 7KH WRRO LV SUHWW\
VWUDLJKWIRUZDUGWRXVHDQGUHTXLUHVQRVSHFLDOXQGHUVWDQGLQJRIWKHFRQFHSW
$W WKH HQG RI WKH HQFU\SWLRQ SURFHVV D VHFUHW GHFU\SWLRQ NH\ ZLOO EH JHQHUDWHG DQG WKH
VDPHLVUHTXLUHGGXULQJWKHGHFU\SWLRQSURFHVV
Chapter 11 - Sniffing
Sniffing DOVR FDOOHG DV packet sniffing UHIHUV WR WKH XVH RI D GHYLFH RU SURJUDP WR
FDSWXUHYLWDOLQIRUPDWLRQIURPDZLUHGRUZLUHOHVVQHWZRUNWUDIILFXVLQJGDWDLQWHUFHSWLRQ
WHFKQRORJ\7KHREMHFWLYHRIVQLIILQJLVWRVWHDOYDULRXVLQIRUPDWLRQVXFKDVSDVVZRUGVRI
DSSOLFDWLRQVOLNHHPDLODQG)73FRQWHQWVLQWKHHPDLOFKDWFRQYHUVDWLRQVILOHVWKDWDUHLQ
WUDQVIHUIURPRQHV\VWHPWRDQRWKHUDQGVRRQ
3URWRFROV WKDW VHQG DQG UHFHLYH GDWD LQ D UDZ IRUPDW ZLWKRXW HQFU\SWLRQ DUH HDVLO\
VXVFHSWLEOH WR VQLIILQJ DWWDFN +HUH LV D OLVW RI VRPH RI WKH FRPPRQ SURWRFROV WKDW DUH
YXOQHUDEOHWRVQLIILQJ
Telnet:.H\VWURNHVLQFOXGLQJXVHUQDPHVDQGSDVVZRUGV
HTTP:'DWDVHQWLQFOHDUWH[W
SMTP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
FTP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
POP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
TYPES OF SNIFFING
6QLIILQJLVPDLQO\FODVVLILHGLQWRWZRW\SHVDVIROORZV
Passive Sniffing
Passive sniffingLVIDLUO\VLPSOHZKLFKLQYROYHVMXVWFRQQHFWLQJWRWKHWDUJHWQHWZRUNDQG
ZDLWLQJIRUWKHSDFNHWVWRDUULYHDW\RXUKRVWIRUVQLIILQJ7KLVW\SHRIVQLIILQJZRUNVRQO\
LQ DQ XQVZLWFKHG QHWZRUN HQYLURQPHQW ZKHUH WKH LQGLYLGXDO KRVWV DUH LQWHUFRQQHFWHG
XVLQJDhub
,QDKXEW\SHRIQHWZRUNHQYLURQPHQWWUDIILFSDFNHWVIURPDOOKRVWVDUHVHQWWRDOOSRUWV
RQWKHQHWZRUN7KLVPDNHVLWSRVVLEOHIRUWKHKDFNHUVFRPSXWHUWRVHFUHWO\LQWHUFHSWDQG
VQLIISDFNHWVWKDWEHORQJWRRWKHUFRPSXWHUVRQWKHVDPHQHWZRUN
,Q RUGHU WR FDUU\ RXW SDVVLYH VQLIILQJ WKH KDFNHU ZLOO VLPSO\ KRRN XS KLV ODSWRS WR WKH
QHWZRUNDQGUXQVDVQLIILQJVRIWZDUHWRVLOHQWO\FDSWXUHWKHSDFNHWVWKDWDUULYHDWKLVSRUW
6LQFHSDVVLYHVQLIILQJZRUNVE\VLPSO\H[SORLWLQJWKHH[LVWLQJYXOQHUDELOLW\RIXQVZLWFKHG
QHWZRUNVZLWKRXWPDNLQJDGGLWLRQDOPRGLILFDWLRQVLWLVRIWHQKDUGWRGHWHFW
Active Sniffing
Active sniffing LV WKH RQH WKDW LV RIWHQ SHUIRUPHG RQ D VZLWFKHG QHWZRUN HQYLURQPHQW
+HUHLQGLYLGXDOKRVWVRQWKHQHWZRUNDUHLQWHUFRQQHFWHGXVLQJswitchesWKDWNHHSVUHFRUG
RI0$&DGGUHVVHVKDUGZDUHDGGUHVVHVRIDOOKRVWVFRQQHFWHGWRLW:LWKWKLVLQIRUPDWLRQ
WKHVZLWFKFDQLGHQWLI\ZKLFKV\VWHPLVVLWWLQJRQZKLFKSRUWVRWKDWZKHQWKHSDFNHWVDUH
UHFHLYHGWKH\DUHLQWHOOLJHQWO\ILOWHUHGDQGIRUZDUGHGRQO\WRWKHLQWHQGHGSRUWV
7KLVPDNHVWKHSDFNHWVQLIILQJYHU\GLIILFXOWRQVZLWFKHGQHWZRUNDVWKHWUDIILFIURPDOO
KRVWV GRHV QRW IORZ WR DOO SRUWV RQ WKH QHWZRUN +RZHYHU LW LV VWLOO SRVVLEOH WR DFWLYHO\
VQLII SDFNHWV RQ VZLWFKHG QHWZRUNV XVLQJ WHFKQLTXHV VXFK DV ARP poisoning DQGMAC
floodingZKLFKDUHGLVFXVVHGEHORZ
ARP Poisoning
%HIRUH DFWXDOO\ JRLQJ LQWR ARP poisoning OHW XV ILUVW WU\ WR XQGHUVWDQG ZKDW ARP
DFWXDOO\PHDQV
What is an ARP?
ARP ZKLFK VWDQGV IRU Address Resolution Protocol LV UHVSRQVLEOH IRU FRQYHUWLQJ IP
addressWRDSK\VLFDODGGUHVVFDOOHGMAC addressLQDQHWZRUN(DFKKRVWRQDQHWZRUN
KDVD0$&DGGUHVVDVVRFLDWHGZLWKLWZKLFKLVHPEHGGHGLQLWVKDUGZDUHFRPSRQHQWVXFK
DVNIC1HWZRUN,QWHUIDFH&RQWUROOHU7KLV0$&DGGUHVVLVXVHGWRSK\VLFDOO\LGHQWLI\D
KRVWRQWKHQHWZRUNDQGIRUZDUGSDFNHWVWRLW
:KHQ RQH KRVW ZDQWV WR VHQG GDWD WR DQRWKHU LW EURDGFDVWV DQ $53 PHVVDJH WR DQ ,3
DGGUHVVUHTXHVWLQJIRULWVFRUUHVSRQGLQJSK\VLFDODGGUHVV7KHKRVWZLWKWKH,3DGGUHVVLQ
WKHUHTXHVWUHSOLHVZLWKLWVSK\VLFDODGGUHVVDIWHUZKLFKWKHGDWDLVIRUZDUGHGWRLW7KLV
$53UHTXHVWLVFDFKHGLPPHGLDWHO\DQGVWRUHGLQDQ$53WDEOHWRHDVHIXUWKHUORRNXSV
6RARP poisoningDOVRNQRZQDVARP spoofingLVZKHUHWKHKDFNHUJRHVDQGSROOXWHV
WKH HQWULHV LQ WKH $53 WDEOH WR SHUIRUP GDWD LQWHUFHSWLRQ EHWZHHQ WZR PDFKLQHV LQ WKH
QHWZRUN)RUWKLVZKHQHYHUDVRXUFHKRVWVHQGVDQ$53PHVVDJHUHTXHVWLQJIRUWKH0$&
DGGUHVVRIWDUJHWKRVWWKHKDFNHUEURDGFDVWVWKH0$&DGGUHVVRIKLVPDFKLQHVRWKDWDOO
WKH SDFNHWV DUH URXWHG WR KLP DQG QRW WKH WDUJHW KRVW WKDW LV LQWHQGHG WR UHFHLYH 7KH
IROORZLQJILJXUHVKRZVDQLOOXVWUDWLRQRIKRZ$53SRLVRQLQJLVSHUIRUPHG
Figure 11. 1
$VVKRZQLQWKHDERYHH[DPSOH JohnAdamDQGWKHattackerDOOWKUHHVKDUHWKHVDPH
QHWZRUN -RKQ GHFLGHV WR VHQG D PHVVDJH WR $GDP ZKHUH KLV FRPSXWHU NQRZV WKH ,3
DGGUHVVRI$GDPDVEXWGRHVQRWNQRZLWV0$&DGGUHVV6RLWZLOOEURDGFDVW
DQ$53PHVVDJHUHTXHVWLQJIRUWKH0$&DGGUHVVRI%XWWKH$WWDFNHUZLOO
SRLVRQWKH$53FDFKHWDEOHE\VSRRILQJ$GDPV,3DGGUHVVDQGPDSSLQJKLVDWWDFNHUV
0$&DGGUHVVRQWR$VDUHVXOW-RKQVWUDIILFJHWVIRUZDUGHGWRWKHDWWDFNHUVFRPSXWHU
ZKHUH KH VQLIIV DOO WKH YLWDO LQIRUPDWLRQ DQG IRUZDUGV WKH VDPH WR $GDP VR DV WR PDNH
HYHU\WKLQJORRNQRUPDO
1. Ettercap
7KLVLVDQRSHQVRXUFHQHWZRUNVHFXULW\WRROXVHGIRUSHUIRUPLQJVQLIILQJDQGPDQLQWKH
PLGGOH DWWDFNV RQ D ORFDO QHWZRUN ,W LV FDSDEOH RI LQWHUFHSWLQJ QHWZRUN WUDIILF DQG
FDSWXULQJ YLWDO LQIRUPDWLRQ OLNH SDVVZRUGV DQG HPDLOV ,W ZRUNV E\ SXWWLQJ WKH QHWZRUN
LQWHUIDFHGHYLFHLQWRSURPLVFXRXVPRGHDQGSRLVRQLQJ$53HQWULHVRIWKHWDUJHWPDFKLQHV
WRVQLIIWUDIILFHYHQRQVZLWFKHGQHWZRUNHQYLURQPHQW,WFDQEHGRZQORDGHGIURPWKHOLQN
EHORZ
Download Ettercap: http://ettercap.github.io/ettercap/
2. Nightawk
7KLVLVDVLPSOHWRROIRUSHUIRUPLQJ$53VSRRILQJDQGSDVVZRUGVQLIILQJ,WKDVWKHDELOLW\
WR FDSWXUH SDVVZRUGV IURP ZHE ORJLQ IRUPV LPSOHPHQWHG RQ SURWRFROV OLNH +773 )73
6073DQG323,WFDQEHGRZQORDGHGIURPWKHOLQNEHORZ
Download Nightawk: https://code.google.com/p/nighthawk/
MAC Flooding
MAC flooding LV DQRWKHU W\SH RI VQLIILQJ WHFKQLTXH XVHG LQ D VZLWFKHG QHWZRUN
HQYLURQPHQW WKDW EDVLFDOO\ LQYROYHV IORRGLQJ WKH VZLWFK ZLWK QXPHURXV XQQHFHVVDU\
UHTXHVWV 6LQFH VZLWFKHV KDYH OLPLWHG PHPRU\ DQG SURFHVVLQJ FDSDELOLWLHV WR PDS 0$&
DGGUHVVHVWRSK\VLFDOSRUWVWKH\JHWVFRQIXVHGDQGKLWVWKHLUOLPLWDWLRQ
:KHQVZLWFKHVKLWVWKHLUOLPLWDWLRQWKH\ZLOOIDOOLQWRDQRSHQVWDWHDQGVWDUWVDFWLQJMXVW
OLNH D KXE 7KDW PHDQV DOO WUDIILF JHWV IRUZDUGHG WR DOO SRUWV MXVW OLNH LQ FDVH RI DQ
XQVZLWFKHGQHWZRUNVRWKDWWKHDWWDFNHUFDQHDVLO\VQLIIWKHUHTXLUHGLQIRUPDWLRQ
Figure 11. 2
$VVKRZQLQWKHDERYHILJXUHDXVHUZLOOSODFHDUHTXHVWWRWKH'16VHUYHUIRUUHVROYLQJ
IDFHERRNFRP6LQFHWKH'16VHUYHUGRHVQRWKDYHWKH,3LQLWVFDFKHLWIRUZDUGVWKH
VDPHUHTXHVWWRWKHQH[W'16VHUYHU1RZDURXJH'16VHUYHUSLFNVXSWKHUHTXHVWDQG
UHSOLHV ZLWK D IDNH ,3 IRU WKH TXHU\ IDFHERRNFRP :LWKRXW DFWXDOO\ YDOLGDWLQJ WKH
UHVSRQVH WKH '16 VHUYHU IRUZDUGV WKH UHVXOW WR WKH XVHU DQG DOVR VWRUHV WKH UHVXOW LQ LWV
FDFKH$VDUHVXOWWKHFDFKHJHWVSRLVRQHG
7KH XVHU LV QRZ GLUHFWHG WRZDUGV WKH fake )DFHERRN VHUYHU PDLQWDLQHG E\ WKH KDFNHU
LQVWHDGRIWKHUHDORQH$OOWKHVXEVHTXHQWUHTXHVWVIURPRWKHUXVHUVIRUIDFHERRNFRPLV
DOVRDQVZHUHGE\WKHFRPSURPLVHG'16VHUYHUXVLQJLWVSRLVRQHGFDFKHGDWD
,Q WKLV ZD\ LW LV SRVVLEOH IRU WKH KDFNHU WR YLFWLPL]H D ODUJH JURXS RI SHRSOH DQG KLMDFN
WKHLUSHUVRQDOLQIRUPDWLRQVXFKDVSDVVZRUGVHPDLOVEDQNORJLQVDQGRWKHUYDOXDEOHGDWD
MAN-IN-THE-MIDDLE ATTACK
Man-in-the-middleLVUHIHUUHGWRDNLQGRIDWWDFNZKHUHWKHDWWDFNHULQWHUFHSWVDQRQJRLQJ
FRPPXQLFDWLRQ EHWZHHQ WZR KRVWV LQ D QHWZRUN ZLWK DQ DELOLW\ WR VQLII WKH GDWD RU
PDQLSXODWH WKH SDFNHWV H[FKDQJHG EHWZHHQ WZR FRPPXQLFDWLQJ SDUWLHV 7KLV DWWDFN LV
VRPHZKDWVLPLODUWRWKHRQHVKRZQLQWKHILJXUHIURPWKHSUHYLRXVVHFWLRQ
$QRWKHUJRRGH[DPSOHRIPDQLQWKHPLGGOHDWWDFNLVDQDFWLYHHDYHVGURSSLQJFDUULHGRXW
E\ WKH DWWDFNHU E\ PDNLQJ WZR LQGHSHQGHQW FRQQHFWLRQV ZLWK WKH YLFWLPV WR PDNH WKHP
EHOLHYH WKDW WKH\ DUH FKDWWLQJ ZLWK HDFK RWKHU %XW WKH HQWLUH FRQYHUVDWLRQ LV DFWXDOO\
FRQWUROOHGE\WKHDWWDFNHUDVLOOXVWUDWHGLQWKHIROORZLQJILJXUH
Figure 11. 3
WireShark
Wireshark LV IUHH DQG RSHQVRXUFH SDFNHW DQDO\]HU SURJUDP XVHG IRU QHWZRUN
WURXEOHVKRRWLQJ DQG DQDO\VLV ,W LV DYDLODEOH IRU ERWK :LQGRZV DQG /LQX[ RSHUDWLQJ
V\VWHPVDQGFDQEHGRZQORDGHGIURPWKHIROORZLQJOLQN
Download WireShark: https://www.wireshark.org/download.html
2QFH \RX KDYH LQVWDOOHG WireShark RQ \RXU :LQGRZV FRPSXWHU VWDUW WKH SURJUDP E\
UXQQLQJLWZLWKDGPLQLVWUDWRUSULYLOHJHV
Figure 11. 4
)URP WKH PHQX RSWLRQV FOLFN RQ &DSWXUH DQG VHOHFW 2SWLRQV IURP WKH GURS GRZQ
PHQX7KLVZLOOVKRZDOLVWRIDYDLODEOHLQWHUIDFHGHYLFHVIRUVQLIILQJ
Figure 11. 5
<RXFDQHLWKHUVHOHFWDSDUWLFXODUGHYLFHRUFKRRVHWRFDSWXUHRQDOOLQWHUIDFHV$OVRPDNH
VXUHWKDWSURPLVFXRXVPRGHLVDFWLYDWHG:KHQ\RXDUHGRQHFOLFNRQWKH6WDUWEXWWRQ
WREHJLQWKHVQLIILQJSURFHVV
7KLVZLOOVWDUWFDSWXULQJDOOWKHLQFRPLQJDQGRXWJRLQJWUDIILFRQWKHQHWZRUNDVVKRZQLQ
WKHILJXUHEHORZ
Figure 11. 6
5XQWKLVWRROIRUDVORQJDV\RXZDQWDQGZKHQ\RXIHHOWKDW\RXDUHGRQHZLWKFDSWXULQJ
HQRXJK GDWD VWRS WKH VQLIILQJ SURFHVV E\ SUHVVLQJ WKH 6WRS EXWWRQ GLVSOD\HG LQ UHG
FRORXUDWWKHWRS
,QRUGHUWRDQDO\]HWKHFDSWXUHGGDWD\RXZLOOKDYHWRVHWILOWHUVLQIRUILOWHULQJWKHW\SHRI
GDWD WKDW \RX DUH ORRNLQJ IRU )RU H[DPSOH LI RQH LV ORRNLQJ WR FDSWXUH SDVVZRUGV IURP
ORJLQIRUPVZKLFKDUHQRUPDOO\VHQWXVLQJWKH+7733267UHTXHVWPHWKRG\RXFDQVHW
WKHILOWHUDVhttp.request.method == POST7KLVZLOOKHOS\RXQDUURZ\RXUUHVXOWVDQG
ILQGZKDW\RXDUHORRNLQJIRU
2QFHWKHILOWHULVVHWULJKWFOLFNRQWKHGHVLUHGUHVXOWWKDW\RXZDQWWRDQDO\]HDQGVHOHFW
)ROORZ7&36WUHDP7KLVZLOORSHQXSWKHHQWLUH7&3VWUHDPLQDQHZZLQGRZ+HUH
\RX FDQ FDUHIXOO\ DQDO\]H WKH GDWD WR ILQG RXW WKH SDVVZRUG HQWHUHG E\ XVHUV LQ
XQHQFU\SWHGORJLQIRUPVDVVKRZQLQWKHVDPSOHVQDSVKRWEHORZ
802.11b7KLVSURWRFROLVDOVRSRSXODUO\NQRZQDVWi-Fi7KLVLVWKHVWDQGDUGWKDW
ZDVXVHGLQPRVWRIWKH:L)LKRWVSRWV
802.11g 7KLV LV VLPLODU WR WKH E SURWRFRO EXW SURYLGHV PXFK IDVWHU
WUDQVPLVVLRQ
Figure 13. 1
Wi-Fi Radio Device:7KLVFDQEHDQ\GHYLFHWKDWKDVDZLUHOHVVFDUG1,&EXLOWLQWR
LWVXFKDVDODSWRSWDEOHW:L)LHQDEOHG3&RUDFHOOSKRQH
Figure 11. 9
7KHGRZQORDGOLQNIRU60$&LVJLYHQEHORZ
SMAC Download : http://www.klcconsulting.net/smac/
COUNTERMEASURES
$IWHUNQRZLQJDERXWYDULRXVVQLIILQJPHWKRGVDQGWKHWRROVXVHGWRFDUU\RXWWKHPLWLV
WLPH WR VKHG VRPH OLJKW RQ SRVVLEOH FRXQWHUPHDVXUHV WKDW FDQ EH WDNHQ WR SUHYHQW VXFK
DWWDFNVRQ\RXUQHWZRUN
5HVWULFW SK\VLFDO DFFHVV WR WKH QHWZRUN IRU XQLQWHQGHG XVHUV 7KLV ZLOO VWRS WKH
DWWDFNHUIURPLQVWDOOLQJWKHSDFNHWVQLIIHURQWKHQHWZRUN
8VH HQFU\SWLRQ RQ WKH QHWZRUN VR WKDW HYHQ LI WKH DWWDFNHU PDQDJHV WR VQLII WKH
SDFNHWVKHZLOOQRWEHDEOHWRVHHWKHLQIRUPDWLRQLQDSODLQWH[WIRUPDW
3HUPDQHQWO\DGGLQJWKH0$&DGGUHVVRIWKHJDWHZD\WRWKH$53FDFKHZLOOSUHYHQW
WKHDWWDFNHUIURP$53VSRRILQJWKHJDWHZD\
,QFDVHRIDVPDOOQHWZRUNXVLQJVWDWLF,3DGGUHVVHVDQGVWDWLF$53WDEOHVZLOOSUHYHQW
KDFNHUVIURPDGGLQJVSRRIHG$53HQWULHV
,QFDVHRIDODUJHQHWZRUNLQVWDOOVZLWFKHVWKDWFRPHZLWKSRUWVHFXULW\IHDWXUHVZKLFK
PDNHVLWLPSRVVLEOHWRVSRRI
8VH WRROV OLNH Arpwatch RU DQ IDS ,QWUXVLRQ 'HWHFWLRQ 6\VWHP WR PRQLWRU DQG
GHWHFWVQLIILQJDFWLYLWLHVRQWKHQHWZRUN
,Q WKLV FKDSWHU ZH ZLOO WDNH D FORVHU ORRN DW ZKDW H[DFWO\ DUH denial of service (DoS)
DWWDFNV WKHLU GLIIHUHQW W\SHV DQG WRROV XVHG WR SHUIRUP WKHP ,Q WKH UHFHQW \HDUV 'R6
DWWDFNVKDYHVLPSO\JURZQIURPPHUHDQQR\DQFHVWRPRUHVHULRXVDQGKLJKSURILOHWKUHDWV
WR EXVLQHVV DQG HFRPPHUFH ZHEVLWHV 7KLV LV WKH W\SH RI DWWDFN WKDW WKH KDFNHUV KDYH
VXFFHVVIXOO\XVHGWRWHPSRUDULO\EULQJGRZQPDMRURQOLQHSURYLGHUVOLNHYahoo!eBayDQG
RWKHUELJSOD\HUV6RKDYLQJDFOHDUXQGHUVWDQGLQJRIWKH'R6DWWDFNVDQGWKHLUZRUNLQJ
SULQFLSOH VHHPV KLJKO\ HVVHQWLDO IRU DQ\RQH ZKR QHHGV WR H[FHO LQ WKH ILHOG RI HWKLFDO
KDFNLQJ
$WWHPSWWR disrupt connections EHWZHHQ WZR PDFKLQHV RQ WKH QHWZRUN ZKLFK PD\
OHDGWRGHQLDORIVHUYLFH
$WWHPSW WR prevent a particular individual IURP DFFHVVLQJ WKH VHUYLFH RU disrupt
only a specific serviceIURPJHWWLQJDFFHVVHG
Figure 12. 1
3. Teardrop Attack
7HDUGURS DWWDFN LQYROYHV VHQGLQJ ,3 IUDJPHQWV ZLWK RYHUVL]HG SD\ORDG DQG RYHUODSSLQJ
RIIVHWYDOXHHVSHFLDOO\LQWKHVHFRQGRUODWHUIUDJPHQW,IWKHUHFHLYLQJRSHUDWLQJV\VWHPLV
XQDEOHWRDJJUHJDWHWKHSDFNHWVDFFRUGLQJO\LWFDQOHDGWRV\VWHPFUDVK
UHVRXUFHH[KDXVWLRQUHVXOWLQJLQDGHQLDORIVHUYLFH6<1IORRGDWWDFNLVGHPRQVWUDWHGLQ
WKHIROORZLQJILJXUH
Figure 12. 2
1. Slowloris
SlowlorisLVDWRROEXLOWIRU/LQX[SODWIRUPWKDWWDUJHWVKRVWVUXQQLQJZHEVHUYHUVVXFKDV
Apache dhttpd Tomcat DQG GoAhead 7KLV WRRO ZRUNV E\ VHQGLQJ WRR PDQ\ +773
KHDGHUVWRWKHWDUJHWVHUYHUEXWQHYHUFRPSOHWHVLW6ORZORULVLVGHVLJQHGWRWDNHGRZQD
WDUJHWZHEVHUYHUIURPDVLQJOHPDFKLQHE\KROGLQJDVPDQ\FRQQHFWLRQVWRLWDVSRVVLEOH
7KLV ZLOO HYHQWXDOO\ RYHUIORZ WKH PD[LPXP FRQQHFWLRQV WKDW WKH WDUJHW ZHE VHUYHU FDQ
KDQGOHWKHUHE\OHDGLQJWRDGHQLDORIVHUYLFHIRURWKHUOHJLWLPDWHFRQQHFWLRQV
2. QSlowloris
7KLV WRRO ZRUNV RQ WKH VDPH SULQFLSOH DV WKDW RI 6ORZORULV EXW KDV D JUDSKLFDO XVHU
LQWHUIDFHIRUHDVHRIXVHDQGZRUNVRQ:LQGRZVSODWIRUP
3. PyLoris
PyLorisLVEDVLFDOO\DWHVWLQJWRROIRUVHUYHUVEXWFDQDOVREHXVHGWRSHUIRUP'R6DWWDFNV
,WFDQWDUJHWYDULRXVSURWRFROVLQFOXGLQJHTTPFTPSMTPIMAPDQGTelnet
Figure 12. 3
''R6DWWDFNZRUNVXQGHUWZROHYHOV7KHILQDOWDUJHWZKLFKLVXQGHUGLUHFWDWWDFNLV
NQRZQDVWKHSULPDU\YLFWLPZKLOHWKH]RPELHVXVHGWRDWWDFNLWDUHUHIHUUHGWRDV
VHFRQGDU\YLFWLPV
$VWKHDWWDFNRULJLQDWHVIURPPXOWLSOHQHWZRUNORFDWLRQVDQGLQYROYHVODUJHQXPEHU
RI]RPELHVLWLVRIWHQKDUGWRGHWHFWRUSUHYHQW
$VLPSOH'R6DWWDFNZKLFKRULJLQDWHVIURPDVLQJOH,3DGGUHVVFDQHDVLO\EHEORFNHG
DW WKH ILUHZDOO OHYHO %XW D ''R6 DWWDFN ZKLFK RULJLQDWHV IURP WZHQW\ WR WKLUW\
(YHQLIWKHFRPSDQ\PDNHVDJXHVVZRUNDQGPDQDJHVWREORFNPXOWLSOH,3DGGUHVVHV
DW LWV ILUHZDOO WKHUH LV D FOHDU FKDQFH RI UHDO XVHUV EHLQJ DGYHUVHO\ DIIHFWHG DV LW LV
KDUGWRGLIIHUHQWLDWHEHWZHHQJHQXLQHDQGPDOLFLRXVWUDIILF
Figure 12. 4
6R GXULQJ WKH WLPH RI DWWDFN WKH DWWDFNHU FOHYHUO\ VLWV DW WKH WRS RI WKH KLHUDUFK\
FRQWUROOLQJWKHKDQGOHUVZKLFKLQWXUQLQLWLDWHWKHDJHQWV]RPELHVWRDWWDFNWKHWDUJHWKRVW
YLFWLP 6LQFH WKH DWWDFNHU VDIHO\ KLGHV LQ WKH EDFNJURXQG WKLV W\SH RI DWWDFN PDNHV LW
UHDOO\KDUGWRWUDFHEDFNWRWKHVRXUFH
Figure 12. 5
7KH DGYDQWDJH RI WKLV PRGHO LV WKDW WKH DWWDFNHU FDQ XVH OHJLWLPDWH ,5& SRUW WR HDVLO\
FRQQHFW KLPVHOI WR DJHQWV DQG LQLWLDWH WKH DWWDFN $OVR KXJH DPRXQW RI WUDIILF RQ ,5&
QHWZRUNPDNHVLWGLIILFXOWIRUWKHQHWZRUNDGPLQLVWUDWRUWRWUDFHWKHSUHVHQFHRIDWWDFNHU
RQWKHVHUYHU
1. Trinoo
TrinooLVDSRSXODUWRROIRU''R6DWWDFNVWKDWKDVDUHFRUGRIWDNLQJGRZQODUJHVLWHVOLNH
<DKRR ,W LV GHVLJQHG WR FDXVH FRRUGLQDWHG ''R6 DWWDFNV RQ WKH WDUJHW IURP GLIIHUHQW
ORFDWLRQV7KLVWRROEDVLFDOO\XVHVWKHUHPRWHEXIIHURYHUUXQYXOQHUDELOLW\RIV\VWHPVWR
JHWLQVWDOOHGDQGODWHUXVHWKHPDV]RPELHV
2. DDoSim
DDoSim DOVRNQRZQDVLayer 7 DDoS simulatorLVDQH[FHOOHQWWRROWRFDUU\RXW''R6
DWWDFN RQ WKH WDUJHW E\ VLPXODWLQJ VHYHUDO ]RPELHV 7KHVH ]RPELHV FUHDWH IXOO 7&3
FRQQHFWLRQ WR WKH WDUJHW XVLQJ UDQGRP ,3 DGGUHVVHV ,W FDQ DOVR SHUIRUP +773 EDVHG
''R6DWWDFNVZLWKERWKYDOLGDQGLQYDOLGUHTXHVWV
3. Tors Hammer
7KLVLVDQRWKHUQLFH''R6WRROZULWWHQLQ3\WKRQ,WLVDKLJKO\HIIHFWLYHWRROWKDWKDVWKH
FDSDELOLW\ WR WDNH GRZQ PDFKLQHV UXQQLQJ $SDFKH DQG ,,6 VHUYHUV LQ D YHU\ VKRUW WLPH
7KH DGYDQWDJH RI WKLV WRRO LV WKDW LW KDV WKH DELOLW\ WR UXQ WKURXJK D 725 QHWZRUN
DQRQ\PRXVQHWZRUNWRNHHSWKHZKROHDWWDFNXQLGHQWLILHG
4. Davoset
DavosetLV\HWDQRWKHULPSUHVVLYHWRROIRUSHUIRUPLQJ''R6DWWDFNV,WPDNHVXVHRIWKH
DEXVH RI IXQFWLRQDOLW\ YXOQHUDELOLW\ RQ VLWHV WR XVH WKHP DV ]RPELHV DQG FDXVH ''R6
DWWDFNVRQWKHWDUJHW
COUNTERMEASURES
$IWHU H[SORULQJ D IDLU DPRXQW RI LQIRUPDWLRQ DERXW GLIIHUHQW W\SHV 'R6 DWWDFNV WKHLU
PHFKDQLVP DQG YDULRXV WRROV XVHG LQ SHUIRUPLQJ WKHP OHW XV QRZ ORRN DW VRPH RI WKH
FRXQWHUPHDVXUHVWKDWRQHFDQWDNHWRVWRSRUPLWLJDWHVXFKDWWDFNVIURPKDSSHQLQJRQ\RXU
V\VWHPV
8VLQJ DQ IDS ,QWUXVLRQ 'HWHFWLRQ 6\VWHP DQG IPS ,QWUXVLRQ SUHYHQWLRQ 6\VWHP
FDQEHRIDJUHDWDGYDQWDJHZKHQLWFRPHVWRGHWHFWLRQDQGSUHYHQWLRQRI'R6''R6
DWWDFNVDWDQHDUO\VWDJH
%ODFNOLVW,3DGGUHVVHVWKDWDUHIRXQGWREHWKHVRXUFHRIDSRVVLEOH'R6DWWDFN
Ingress Filtering: 0DNH VXUH WKDW WKH LQFRPLQJ SDFNHWV DUH FRPLQJ IURP D YDOLG
VRXUFH
Egress Filtering: 6FDQ DOO WKH RXWJRLQJ SDFNHWV IRU PDOLFLRXV GDWD EHIRUH WKH\
DFWXDOO\OHDYHWKHQHWZRUN
6LQFHLWLVSRVVLEOHWRHDVLO\VSRRIWKH,3DGGUHVVRILQFRPLQJ''R6SDFNHWVWKHUHLV
D JRRG FKDQFH WKDW WKH SDFNHWV ZLOO QRW UHSUHVHQW D YDOLG VRXUFH 6R FRQILJXUH WKH
ILUHZDOOWRGURSSDFNHWVWKDWGRQRWUHSUHVHQWDYDOLGVRXUFHDGGUHVV
3ODFHDILUHZDOORUSDFNHWVQLIIHUWKDWILOWHUVRXWDOOLQFRPLQJWUDIILFWKDWGRHVQRWKDYH
DQRULJLQDWLQJ,3DGGUHVV
,QFUHDVH WKH DYDLODEOH EDQGZLGWK RU UHVRXUFHV WR SUHYHQW WKH VHUYLFHV IURP JRLQJ
GRZQTXLFNO\GXULQJDQDWWDFN
Load Balancing:8VHDPXOWLSOHVHUYHUDUFKLWHFWXUHDQGEDODQFHWKHLQFRPLQJORDG
RQHDFKVHUYHU7KLVFDQKHOSLPSURYHSHUIRUPDQFHDVZHOODVPLWLJDWHWKHHIIHFWVRI
''R6DWWDFNV
7KHXVDJHRIZLUHOHVVQHWZRUNVDUHEHFRPLQJLQFUHDVLQJO\SRSXODUWKHVHGD\VGXHWRWKHLU
RSHUDWLRQIOH[LELOLW\DQGORZFRVWVHWXS:LUHOHVVQHWZRUNVVXFKDV:/$1VDOORZXVHUVWR
DFFHVVQHWZRUNUHVRXUFHVIURPDQ\ZKHUHLQWKHFDPSXVXVLQJPRELOHGHYLFHVOLNHODSWRSV
DQG WDEOHWV 7KLV RIIHUV D JUHDW GHDO RI IOH[LELOLW\ WR VWXGHQWV DQG HPSOR\HHV WKHUHE\
HOLPLQDWLQJWKHQHHGWRDOZD\VVWLFNWRWKHLUGHVNVGXULQJWKHLUZRUNWLPH
+RZHYHURQWKHIOLSVLGHRIDOOLWVDGYDQWDJHVOLHVPDMRUVHFXULW\LVVXHV$VPRUHDQGPRUH
FRPSDQLHV KDYH QRZ VWDUWHG XVLQJ ZLUHOHVV WHFKQRORJLHV LQ WKHLU QHWZRUN WKHVH VHFXULW\
LVVXHVSXWVWKHEXVLQHVVRQDKLJKULVN$VRSSRVHGWRZLUHGQHWZRUNVZLUHOHVVWHFKQRORJ\
GRHVQRWOLPLWSK\VLFDODFFHVVWRDQRXWVLGHUVXFKDVDKDFNHU7RGD\ZLWKDOOWKHUHDGLO\
DYDLODEOHWRROVLWLVHDVLO\SRVVLEOHIRUWKHKDFNHUWRFRPSURPLVHORRSKROHVLQWKHZLUHOHVV
VHFXULW\V\VWHPDQGJDLQDFFHVVWRWKHQHWZRUN
,Q WKLV FKDSWHU ZH ZLOO ORRN DW VRPH RI WKH FRPPRQ YXOQHUDELOLWLHV WKDW H[LVWV LQ WKH
ZLUHOHVV QHWZRUNLQJ WHFKQRORJ\ ZD\V WR H[SORLW WKHP IRU JDLQLQJ DFFHVV DQG DOVR WKH
FRXQWHUPHDVXUHVIRUSUHYHQWLQJWKHP
802.11b7KLVSURWRFROLVDOVRSRSXODUO\NQRZQDVWi-Fi7KLVLVWKHVWDQGDUGWKDW
ZDVXVHGLQPRVWRIWKH:L)LKRWVSRWV
802.11g 7KLV LV VLPLODU WR WKH E SURWRFRO EXW SURYLGHV PXFK IDVWHU
WUDQVPLVVLRQ
Figure 13. 1
Wi-Fi Radio Device:7KLVFDQEHDQ\GHYLFHWKDWKDVDZLUHOHVVFDUG1,&EXLOWLQWR
LWVXFKDVDODSWRSWDEOHW:L)LHQDEOHG3&RUDFHOOSKRQH
Gateway: 5RXWHUV DUH FRQQHFWHG WR WKH JDWHZD\V ZKLFK WKHQ FRQQHFWV WKH ZKROH
QHWZRUNWRWKH,QWHUQHW
MiniStumbler: 7KLV LV D SRUWDEOH YHUVLRQ RI NetStumbler WKDW FDQ EH LQVWDOOHG RQ
KDQGKHOGFRPSXWHUV
Vistumbler: 7KLV LV DQRWKHU KDQG\ ZDUGULYLQJ WRRO IRU :LQGRZV EDVHG RSHUDWLQJ
V\VWHPV
Kismet: 7KLV LV D /LQX[ EDVHG ZLUHOHVV VQLIILQJ WRRO WKDW DOVR KDV WKH DELOLW\ WR
SHUIRUPZDUGULYLQJ
Wifi Scanner:7KLVLVD*8,EDVHG:LQGRZVWRROWRGHWHFWDOOWKHDYDLODEOH$3VLQ
\RXUVXUURXQGLQJV
3OHDVH QRWH WKDW DOO ZLUHOHVV QHWZRUN FDUGV 1,&V DUH QRW VDPH DQG VRPH PD\ QRW EH
FRPSDWLEOHZLWKWKHDERYHPHQWLRQHGZDUGULYLQJWRROV,QWKDWFDVH\RXZLOOKDYHWRXVH
WKHVRIWZDUHWKDWFDPHZLWK\RXUZLUHOHVV1,&IRUGHWHFWLQJDFFHVVSRLQWV
WIRELESS SNIFFING
Wireless sniffingLVQRGLIIHUHQWWKDQWKHZLUHGVQLIILQJWKDWZHKDYHDOUHDG\GLVFXVVHG
LQ WKH HDUOLHU FKDSWHU EXW WKH RQO\ GLIIHUHQFH KHUH LV WKDW WKLV RQH LV SHUIRUPHG RQ D
ZLUHOHVV HQYLURQPHQW ,Q WKLV FDVH WKH SURWRFRO XVHG IRU VQLIILQJ LV 6LQFH UDGLR
ZDYHVDUHRPQLGLUHFWLRQDOLWLVHDVLO\SRVVLEOHWRFDUU\RXWDPDQLQWKHPLGGOHDWWDFN
DQGFDSWXUHDOOWKHSDFNHWVIURPWKHZLUHOHVVWUDIILFDYDLODEOHLQ\RXUUDQJH
Wireshark
Wireshark LV RQH RI P\ IDYRXULWH SDFNHW VQLIILQJ WRRO DV LW LV HDV\ WR XVH DQG VXSSRUWV
*8, (YHQ WKRXJK LW ZRUNV RQ :LQGRZV , DP XVLQJ /LQX[ RSHUDWLQJ V\VWHP LQ P\
ZLUHOHVV VQLIILQJ GHPRQVWUDWLRQ DV SURPLVFXRXV PRGH LV QRW VXSSRUWHG RQ :LQGRZV
SODWIRUP,DPXVLQJTP-LINK TL-WN722NIRUWKLVGHPRDVLWLVIXOO\FRPSDWLEOHZLWK
.DOL /LQX[ WKDW , DP UXQQLQJ LW RQ ,I \RX KDYH D GLIIHUHQW ZLUHOHVV FDUG RU QHHG WR
SXUFKDVHRQHSOHDVHPDNHVXUHWKDWLWLVFRPSDWLEOHZLWKWKH/LQX[NHUQHOWKDW\RXZLOOEH
XVLQJLWRQ6LQFH.DOL/LQX[LVSDFNHGZLWK:LUHVKDUNDQGDOORWKHUXVHIXOWRROVWKHUHLV
QRQHHGWRLQVWDOOLWVHSDUDWHO\)ROORZWKHEHORZLQVWUXFWLRQVWRSHUIRUPDVDPSOHZLUHOHVV
VQLIILQJ
%RRWXS\RXUFRPSXWHUIURP\RXU/LYH.DOL/LQX['9'
2QFHWKH/LQX[LVORDGHGSOXJLQ\RXU86%ZLUHOHVVFDUG
2SHQWKH7HUPLQDOZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
iwconfig
Figure 13. 2
,I\RXUZLUHOHVVFDUGLVFRPSDWLEOH\RXVKRXOGVHH\RXUGHYLFHOLVWHGDVVKRZQLQWKH
DERYHVQDSVKRWDVZODQ
2QP\FRPSXWHUZLUHOHVVFDUGLVOLVWHGDVZODQ6R,KDYHHQWHUHGZODQ
LQ WKH FRPPDQG ,I \RXU FRPSXWHU KDV D GLIIHUHQW OLVWLQJ VXFK DV ZODQ RU
ZODQWKHQ\RXQHHGWRUHSODFHWKHVDPHLQWKHDERYHFRPPDQG
$IWHU\RXH[HFXWHWKHFRPPDQGVXFFHVVIXOO\\RXUFRPSXWHUZLOOFUHDWHDQHZYLUWXDO
ZLUHOHVVFDUGDQGHQDEOHPRQLWRUPRGHLQLW,QP\FDVHLWLVPRQDVVKRZQLQ
WKHEHORZVQDSVKRW
Figure 13. 3
1RZ LW LV WLPH WR XVH :LUHVKDUN WR VWDUW FDSWXULQJ WKH SDFNHWV 7R VWDUW :LUHVKDUN
FOLFN RQ Applications -> Kali Linux -> Top 10 Security Tools -> wireshark DV
0DNHVXUHWKDW\RXVWULSRXWSRWHQWLDOO\GDQJHURXVFKDUDFWHUVOLNHVHPLFRORQVSLSHV
_ DQG DPSHUVDQGV IURP XVHU LQSXW EHIRUH SDVVLQJ LW RQWR WKH XQGHUO\LQJ
SURJUDPV
,ISRVVLEOHDYRLGSDVVLQJXVHUJLYHQDUJXPHQWVWR26SURJUDPV
Buffer Overflow
Buffer overflowDOVRNQRZQDVbuffer overrunLVDW\SHRIH[SORLWWKDWWDNHVDGYDQWDJH
RIYXOQHUDEOHDSSOLFDWLRQVWKDWDUHZDLWLQJWRSURFHVVXVHULQSXWV$ZHEDSSOLFDWLRQLVVDLG
WR EH YXOQHUDEOH WR WKLV NLQG RI DWWDFN ZKHQ WKH DSSOLFDWLRQ ZKLOH ZULWLQJ GDWD WR WKH
EXIIHURYHUUXQVWKHEXIIHUOLPLWDQGRYHUZULWHVWRDGMDFHQWPHPRU\
7KHJRDOLVWRWULJJHUEXIIHURYHUIORZVLQYXOQHUDEOHDSSOLFDWLRQVWKURXJKLQSXWVWKDW
DUHGHVLJQHGWRH[HFXWHPDOLFLRXVFRGHVRUDOWHUWKHQRUPDOIORZRIWKHSURJUDPWR
WKHIORZGHWHUPLQHGE\WKHKDFNHU
+HDSEDVHGDWWDFNZRUNVE\IORRGLQJWKHPHPRU\VSDFHWKDWLVG\QDPLFDOO\DOORFDWHGWRD
SURJUDPEXWWKHGLIILFXOW\LQYROYHGLQFDUU\LQJRXWVXFKDWWDFNVPDNHVWKHPUDUH2QWKH
RWKHU KDQG VWDFN EDVHG DWWDFNV DUH WKH HDVLHVW DQG KHQFH PRVW ZLGHO\ SHUIRUPHG E\ WKH
DWWDFNHUV
Figure 13. 6
7KHIROORZLQJDUHVRPHRIWKHRWKHUZLUHOHVVVQLIILQJWRROVZRUWKFRQVLGHULQJ
Ethereal
7KLVLVDQRWKHU/LQX[EDVHGVQLIILQJWRROWKDWZRUNVERWKRQZLUHGDQGZLUHOHVVQHWZRUNV
,WFRPHVDVDEXLOWLQVHFXULW\WHVWLQJWRROLQ.DOL/LQX[
OmniPeek Wireless
OmniPeek LV D FRPPHUFLDO VQLIIHU WRRO SDFNHW ZLWK WRQV RI XVHIXO IHDWXUHV IRU
QHWZRUNPRQLWRULQJ,WZRUNVRQ:LQGRZVSODWIRUP
Aircrack-NG
7KLV LV D SRSXODU WRRO XVHG RQ /LQX[ WR FUDFN :(3 HQFU\SWLRQ NH\V ,W LV D
FRPPDQGOLQHWRROWKDWFRPHVDVDEXLOWLQIHDWXUHLQ.DOL/LQX[SDFNDJHDQGFDQHDVLO\EH
XVHG E\ ORDGLQJ LW IURP WKH OLYH '9' 6LQFH LW WDNHV D ORQJ OLVW RI FRPPDQGV DQG
SURFHGXUHV WR FUDFN :(3 SDVVZRUGV , KDYH GHFLGHG WR RPLW WKH GHPR RI WKH FUDFNLQJ
SURFHVVIURPWKLVERRN%XW\RXFDQVWLOO*RRJOHIRUKRZWRFUDFN:(3HQFU\SWLRQWR
ILQGPDQ\VWHSE\VWHSSURFHGXUHVWKDWGHVFULEHWKHDFWXDOFUDFNLQJSURFHVV
WEPCrack
WEPCrackLVDQRWKHUSRSXODUWRROIRUFUDFNLQJVHFUHWNH\V7KLVLVWKHILUVWWRROWR
JLYHDSXEOLFGHPRQVWUDWLRQRQKRZ:(3HQFU\SWLRQFDQEHH[SORLWHG
2SHQWKHWHUPLQDOZLQGRZDQGW\SHWKHFRPPDQGiwconfigWRPDNHVXUHWKDW\RXU
FDUGLVGHWHFWHG
Figure 13. 7
2QFH\RXVHH\RXUFDUGOLVWHGZODQDVVKRZQDERYHW\SHWKHIROORZLQJFRPPDQG
WRSXW\RXUFDUGLQWRWKHPRQLWRULQJPRGHDQGVWDUWXVLQJLW
7KLV VKRXOG DFWLYDWH PRQLWRULQJ PRGH IRU \RXU FDUG 2Q P\ FRPSXWHU LW LV
HQDEOHGRQPRQDVVKRZQLQWKHEHORZVQDSVKRW
Figure 13. 8
1RZW\SHWKHIROORZLQJFRPPDQGWRGHWHFWQHDUE\:36HQDEOHGDFFHVVSRLQWV
wash -i mon0 -C
7KLVVKRXOGSHUIRUPDVFDQDQGOLVWDOOWKHQHDUE\DFFHVVSRLQWVDVVKRZQEHORZ
2QFHDFFHVVSRLQWVDUHGHWHFWHGSUHVVCtrl+CWRVWRSWKHVFDQQLQJSURFHVV
Figure 13. 9
$VVKRZQDERYHWKHUHLVRQHOLVWLQJZKLFKVKRZVDYXOQHUDEOHDFFHVVSRLQWZLWKDQ
(66,'NETGEAR311RZLVVXHWKHIROORZLQJFRPPDQGWRSHUIRUPEUXWHIRUFH
DWWDFNRQWKHWDUJHW
3OHDVHQRWHWKDW\RXZLOOKDYHWRUHSODFH&%''ZLWKWKHBSSID
RIWKHWDUJHW$3LQ\RXUFDVH
7KHFUDFNLQJSURFHVVZLOOWDNHDIHZKRXUVWRFRPSOHWHDQGLIHYHU\WKLQJJRHVZHOO
\RXVKRXOGVHHWKHFUDFNHG3,1DQGSDVVSKUDVHLQWKHUHVXOWVDVVKRZQLQWKHEHORZ
VQDSVKRW
Figure 13. 10
1
Other To
13. 10
COUNTERMEASURES
7KHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDWRQHFDQHPSOR\WRSUHYHQWSRVVLEOH
DWWDFNVRQDZLUHOHVVQHWZRUN
MAC Address Filtering:7KLVIHDWXUHXVHVDSUHGHILQHGOLVWRI0$&DGGUHVVHVRI
WKHFOLHQWVZLUHOHVV1,&VZKRDUHDOORZHGWRFRQQHFWWRWKHQHWZRUN7KLVZD\LWLV
SRVVLEOHWRSUHYHQWVWUDQJHUVIURPDFFHVVLQJWKH:/$1V
Firewall: 8VLQJ D ILUHZDOO ZLWK VWURQJ UXOHV KHOSV ILOWHU XQDXWKRUL]HG WUDIILF DQG
SUHYHQWEUXWHIRUFHDWWDFNV
:HDNQHVVLQZHEDSSOLFDWLRQVDOORZKDFNHUVWRFDUU\RXWYDULRXVPDOLFLRXVDWWDFNVVXFKDV
KLMDFNLQJ DFFRXQWV VWHDOLQJ LGHQWLWLHV JDLQLQJ DFFHVV WR FRQILGHQWLDO LQIRUPDWLRQ DQG VR
RQ ,Q WKLV FKDSWHU ZH ZLOO ORRN DW VRPH RI WKH FRPPRQ YXOQHUDELOLWLHV IRXQG LQ ZHE
DSSOLFDWLRQVDQGZD\VWRH[SORLWWKHP
7KH WDUJHW ZHE VHUYHU UHFHLYHV WKLV UHTXHVW DQG IRUZDUGV WKH VDPH WR WKH ZHE
DSSOLFDWLRQVUHVLGLQJRQLW
7KHZHEDSSOLFDWLRQVZLOOSURFHVVWKHUHTXHVWWRIHWFKDOOWKHQHFHVVDU\LQIRUPDWLRQ
UHTXLUHGIRUWKHRXWSXWVXFKDVTXHU\LQJGDWDEDVHSURFHVVLQJLPDJHHWFDQGVHQGV
LWEDFNWRWKHZHEVHUYHU
7KHZHEVHUYHUIRUZDUGVWKHRXWSXWEDFNWRWKHUHTXHVWLQJFOLHQWVEURZVHU
Figure 14. 1
,Q;66DWWDFNVWKHILQDOWDUJHWRUWKHYLFWLPLVWKHHQGXVHUDQGQRWWKHYXOQHUDEOH
DSSOLFDWLRQ
+HUH WKH YXOQHUDEOH ZHE SDJH RU DSSOLFDWLRQ LV XVHG MXVW DV D FRQGXLW WR UHDFK WKH
ILQDOWDUJHWZKRLVWKHHQGXVHU
6SUHDGZRUPVYLUXVDQG7URMDQV
*DLQDFFHVVWRWKHHQGXVHUVILOHVDQGGLUHFWRULHV
5HPRWHO\FRQWUROWKHXVHUVEURZVHUDFWLYLW\
XSS Scenario
/HWXVDVVXPHWKDWDKDFNHUGLVFRYHUVDQ;66YXOQHUDELOLW\LQRQHRIWKHZHEDSSOLFDWLRQV
RIDODUJHZHEVLWHOLNHfacebook.com7KHKDFNHUH[SORLWVWKLVYXOQHUDELOLW\DQGLQMHFWVD
PDOLFLRXVFRGHRQWRRQHRIWKH)DFHERRNVZHESDJH:KHQHYHUXVHUVYLVLWWKLVSDJHWKH
PDOLFLRXV FRGH UXQV RQ WKHLU EURZVHU DQG VWHDOV WKHLU VHVVLRQ FRRNLH DQG VHQGV WKLV
LQIRUPDWLRQEDFNWRWKHKDFNHU7KHDWWDFNHUZLOOQRZXVHWKLVFRRNLHWRKLMDFNWKHXVHUV
VHVVLRQDQGHDVLO\JDLQDFFHVVWRKLVKHU)DFHERRNDFFRXQW
XSS Countermeasures
7RGD\ PRGHUQ ZHEVLWHV UHO\ KHDYLO\ RQ FRPSOH[ ZHE DSSOLFDWLRQV WR GHOLYHU G\QDPLF
FRQWHQWRXWSXWVEDVHGRQXVHUVSHFLILFQHHGVDQGSUHIHUHQFHV8QOLNHVWDWLFZHEVLWHVLWLV
QRWSRVVLEOHIRUWKHG\QDPLFZHEVLWHVWRH[HUFLVHFRPSOHWHFRQWURORYHUKRZWKHLURXWSXW
LV LQWHUSUHWHG E\ WKH FOLHQW 7KLV PD\ RSHQ XS D SRVVLELOLW\ IRU WKH SUHVHQFH RI ;66
YXOQHUDELOLWLHVLQRQHRUPRUHZHEDSSOLFDWLRQVXVHGE\WKHG\QDPLFZHEVLWH<RXFDQWDNH
XSWKHIROORZLQJFRXQWHUPHDVXUHVWRVWRS;66DWWDFNVRQ\RXUZHEVLWHV
6WULFWO\YDOLGDWHDOOWKHLQFRPLQJGDWDWRWKHZHEDSSOLFDWLRQVEHIRUHH[HFXWLRQ
$GRSWDVWULFWVHFXULW\SROLF\WRSUHYHQWSHRSOHIURPGLUHFWO\VXEPLWWLQJVFULSWVWRWKH
VHUYHU
)LOWHUWKHLQSXWGDWDWRUHPRYHDQ\RIWKHH[LVWLQJVFULSWVLQLWEHIRUHSURFHVVLQJWKHP
SQL Injection
:HE DSSOLFDWLRQV XVH GDWDEDVHV WR VWRUH GDWD QHHGHG IRU ZHEVLWHV WR GHOLYHU VSHFLILF
FRQWHQWWRYLVLWRUVDQGUHQGHURWKHUXVHIXOLQIRUPDWLRQ'DWDEDVHVPD\DOVRFRQWDLQRWKHU
YLWDOLQIRUPDWLRQVXFKDVXVHUFUHGHQWLDOVILQDQFLDOGRFXPHQWDWLRQVXVHUVSHFLILFGDWDDQG
PDQ\RWKHUFRQILGHQWLDOLQIRUPDWLRQ:KHQHYHUOHJLWLPDWHXVHUVSODFHDUHTXHVWWRYLHZRU
PRGLI\ WKLV LQIRUPDWLRQ 64/ TXHULHV DOVR FDOOHG 64/ FRPPDQGV DUH XVHG E\ ZHE
DSSOLFDWLRQWRIHWFKRUPRGLI\WKHGDWDVWRUHGLQWKHGDWDEDVHV
SQL injection LV D W\SH RI DWWDFN ZKHUH WKH DWWDFNHU WULHV WR SDVV 64/ FRPPDQG LWVHOI
LQVWHDGRIWH[WGDWDWKURXJKWKHZHEDSSOLFDWLRQIRUH[HFXWLRQE\WKHEDFNHQGGDWDEDVH
+HUH WKH DWWDFNHU LQMHFWV VSHFLDOO\ FUDIWHG 64/ FRPPDQGV WR LQSXW ILHOGV VXFK DV VHDUFK
ER[HV ORJLQ ILHOGV IHHGEDFN IRUPV HWF WKDW DUH PHDQW WR UHFHLYH YDOLG GDWD ,I WKH ZHE
DSSOLFDWLRQV IDLO WR SURSHUO\ YDOLGDWH WKH LQSXW EHIRUH SDVVLQJ LW RQ WR WKH GDWDEDVH WKLV
PD\ JUDQW XQDXWKRUL]HG DFFHVV WR WKH DWWDFNHU DQG SHUPLW KLP WR YLHZ RU PRGLI\
LQIRUPDWLRQIURPWKHGDWDEDVH
$WWDFNHUVXVHLQSXWILHOGVWRSDVVVSHFLDOO\FUDIWHG64/TXHULHVLQDQDWWHPSWWRWULFN
WKHLQWHUSUHWHUWRH[HFXWHXQLQWHQGHGFRPPDQGVRQWKHGDWDEDVH
*DLQDFFHVVWRLPSRUWDQWSDUWVRIWKHGDWDEDVHDQGYLHZXQLQWHQGHGGDWD
$GGRUUHPRYHQHZHQWULHVWRWKHGDWDEDVH
6RPHWLPHVLWLVHYHQSRVVLEOHWRFRPSOHWHO\ZLSHRXWWKHFRQWHQWVRIWKHGDWDEDVH
7KH64/TXHU\XVHGWRSHUIRUPWKLVPDWFKZRXOGEHVRPHWKLQJDVIROORZV
SELECT * FROM users WHERE username=tom and password=pass2000
+HUH WKH DERYH 64/ TXHU\ LV WU\LQJ WR ILQG D URZ LQ WKH GDWDEDVH E\ PDWFKLQJ WKH
XVHUQDPHSDVVZRUG SDLU XVLQJ WKH logical and RSHUDWRU 7KH and RSHUDWRU UHWXUQV
TRUERQO\ZKHQERWKWKHRSHUDQGVXVHUQDPH SDVVZRUGPDWFKHV2WKHUZLVHDFFHVV
ZLOOEHGHQLHG
,PDJLQHZKDWZRXOGKDSSHQZKHQDKDFNHUGLVFRYHUVD64/LQMHFWLRQYXOQHUDELOLW\RQWKLV
ORJLQ SDJH +H ZRXOG LQMHFW D VSHFLDOO\ FUDIWHG 64/ FRPPDQG LQWR WKH ORJLQ ILHOG DV
IROORZV
Username: tom
Password: or 1=1
7KH YXOQHUDEOH ZHE DSSOLFDWLRQ VLPSO\ SDVVHV WKH GDWD LQ WKH SDVVZRUG ILHOG ZLWKRXW
SURSHU YDOLGDWLRQ DQG KHQFH LW JHWV LQWHUSUHWHG DV DQ 64/ FRPPDQG LQVWHDG RI D QRUPDO
WH[WGDWD1RZWKH64/TXHU\XVHGWRSHUIRUPWKLVPDWFKZRXOGEHVRPHWKLQJDVIROORZV
+HUHWKH logical operator orKROGVTRUE HYHQ LI RQO\ RQH RI LWV RSHUDQGV PDWFKHV ,Q
WKLVFDVH1=1PDWFKHVDQGKHQFHWKHKDFNHULVJUDQWHGDFFHVVWRWKHUHVWULFWHGDUHDIRU
WKH ZHEVLWH 7KLV ZD\ WKH 64/ LQMHFWLRQ YXOQHUDELOLW\ KHOSV KDFNHU E\SDVV WKH
DXWKHQWLFDWLRQV\VWHPDQGJDLQXQDXWKRUL]HGDFFHVVWRWKHV\VWHP
8VHUVPXVWEHJLYHQOHDVWSHUPLVVLRQZKHQWKH\DUHDOORZHGWRDFFHVVWKHGDWDEDVH
:HE DSSOLFDWLRQV PXVW QRW EH DOORZHG WR DFFHVV GDWDEDVH ZLWK DGPLQLVWUDWRU
SULYLOHJHV ,QVWHDG XVH D OLPLWHG DFFRXQW ZKHQ DFFHVVLQJ GDWDEDVHV YLD ZHE
DSSOLFDWLRQV
Command Injection
Command injection DOVRNQRZQDVshell injectionLVDW\SHRIDWWDFNZKHUHWKHDWWDFNHU
H[SORLWV YXOQHUDEOH ZHE DSSOLFDWLRQV WR LQMHFW PDOLFLRXV FRGHV LQWR WKH EDFNHQG
DSSOLFDWLRQVLQRUGHUWRVHHNXQDXWKRUL]HGDFFHVVWRGDWDRUQHWZRUNUHVRXUFHV7KLVDWWDFN
LVYHU\VLPLODUWRWKH64/LQMHFWLRQDWWDFNGHVFULEHGDERYH
'\QDPLFZHESDJHVXVHZHEDSSOLFDWLRQVWRSUHVHQWXVHUVSHFLILFGDWDDQGFDUU\RXWRWKHU
G\QDPLFRSHUDWLRQVVXFKDVUHWULHYLQJWKHFRQWHQWVRIDILOHVHQGLQJHPDLOVHWF7KHVHZHE
DSSOLFDWLRQVLQWXUQPDNHXVHRIXQGHUO\LQJSURJUDPVVXFKDVVKHOOVFULSWVDQGRSHUDWLQJ
V\VWHPFDOOVWRFRPSOHWHVSHFLILFUHTXHVWVDQGDFWLRQV
,IZHEDSSOLFDWLRQVVXFKDVIRUPILHOGVIDLOWRVDQLWL]HXVHULQSXWGDWDEHIRUHSDVVLQJWKH
VDPHWRWKHEDFNHQGDSSOLFDWLRQVDQDWWDFNHUFDQHDVLO\H[SORLWWKHPWRSHUIRUPFRPPDQG
LQMHFWLRQDWWDFN
6WUXFWXUH UHTXHVWV VR WKDW DOO VXSSOLHG SDUDPHWHUV DUH WUHDWHG DV GDWD LQVWHDG RI
SRWHQWLDOO\H[HFXWDEOHFRQWHQW
0DNHVXUHWKDW\RXVWULSRXWSRWHQWLDOO\GDQJHURXVFKDUDFWHUVOLNHVHPLFRORQVSLSHV
_ DQG DPSHUVDQGV IURP XVHU LQSXW EHIRUH SDVVLQJ LW RQWR WKH XQGHUO\LQJ
SURJUDPV
,ISRVVLEOHDYRLGSDVVLQJXVHUJLYHQDUJXPHQWVWR26SURJUDPV
Buffer Overflow
Buffer overflowDOVRNQRZQDVbuffer overrunLVDW\SHRIH[SORLWWKDWWDNHVDGYDQWDJH
RIYXOQHUDEOHDSSOLFDWLRQVWKDWDUHZDLWLQJWRSURFHVVXVHULQSXWV$ZHEDSSOLFDWLRQLVVDLG
WR EH YXOQHUDEOH WR WKLV NLQG RI DWWDFN ZKHQ WKH DSSOLFDWLRQ ZKLOH ZULWLQJ GDWD WR WKH
EXIIHURYHUUXQVWKHEXIIHUOLPLWDQGRYHUZULWHVWRDGMDFHQWPHPRU\
7KHJRDOLVWRWULJJHUEXIIHURYHUIORZVLQYXOQHUDEOHDSSOLFDWLRQVWKURXJKLQSXWVWKDW
DUHGHVLJQHGWRH[HFXWHPDOLFLRXVFRGHVRUDOWHUWKHQRUPDOIORZRIWKHSURJUDPWR
WKHIORZGHWHUPLQHGE\WKHKDFNHU
+HDSEDVHGDWWDFNZRUNVE\IORRGLQJWKHPHPRU\VSDFHWKDWLVG\QDPLFDOO\DOORFDWHGWRD
SURJUDPEXWWKHGLIILFXOW\LQYROYHGLQFDUU\LQJRXWVXFKDWWDFNVPDNHVWKHPUDUH2QWKH
RWKHU KDQG VWDFN EDVHG DWWDFNV DUH WKH HDVLHVW DQG KHQFH PRVW ZLGHO\ SHUIRUPHG E\ WKH
DWWDFNHUV
NQRZZKHUHWRJREDFNZKHQ)XQFWLRQ%ILQLVKHVLWVWDVNDQGWKLVUHWXUQDGGUHVVEDFNWR
)XQFWLRQ$LVVWRUHGLQWKHVWDFN
&RQVLGHUWKHIROORZLQJVDPSOHFRGH
YRLGfunctionA
^
IXQFWLRQ%5HDG8VHU1DPHVRFNHW
`
YRLGfunctionBFKDU
QDPH
^
FKDUQDPHBDUU>@
VWUFS\QDPHBDUUQDPH
`
3UDFWLFHVDIHDQGVHFXUHFRGLQJKDELWVZKHQGHDOLQJZLWKEXIIHUV
Directory Traversal
Directory traversal LV D W\SH RI +773 YXOQHUDELOLW\ XVHG E\ KDFNHUV WR JDLQ DFFHVV WR
UHVWULFWHGGLUHFWRULHVDQGILOHV\VWHPRQDZHEVHUYHU'LUHFWRU\WUDYHUVDODWWDFNKDSSHQV
GXHWRWKHZHEVHUYHUVVLQDELOLW\WRYDOLGDWHILOWHUXVHULQSXWV:HEDSSOLFDWLRQVGHYHORSHG
XVLQJ SURJUDPPLQJ ODQJXDJHV OLNH 3+3 3\WKRQ 3HUO $SDFKH DQG &ROG)XVLRQ DUH
FRPPRQO\YXOQHUDEOHWRWKLVW\SHRIDWWDFN
7KLVW\SHRIDWWDFNH[SRVHVGLUHFWRU\VWUXFWXUHXQGHUO\LQJZHEVHUYHUDQGRSHUDWLQJ
V\VWHPRIWKHYXOQHUDEOHPDFKLQH
$WWDFNDOORZVKDFNHUWRJDLQDFFHVVWRUHVWULFWHGSDJHVDQGFRQILGHQWLDOLQIRUPDWLRQ
RQWKHV\VWHP
(PSOR\ ILOWHUV WR EORFN 85/V FRQWDLQLQJ FRPPDQGV DQG HVFDSH FRGHV WKDW DUH
FRPPRQO\XVHGE\DWWDFNHUV
'HILQH DFFHVV ULJKWV WR SURWHFWHG DUHDV RI WKH ZHEVLWH VR DV WR UHVWULFW QRUPDO XVHU
DFFHVV
.HHS\RXUZHEVHUYHUVRIWZDUHXSWRGDWHZLWKODWHVWSDWFKHVDQGXSGDWHV
W3af:7KLVLVDQRSHQVRXUFHZHEDSSOLFDWLRQDWWDFNDQGDXGLWWRROIRU/LQX[%6'
0DFDQG:LQGRZVPDFKLQHV
Vega: 7KLV WRRO LV XVHG WR ILQG DQG IL[ FRPPRQO\ IRXQG ZHE DSSOLFDWLRQ
YXOQHUDELOLWLHVOLNH;6664/LQMHFWLRQDQGPRUH,WLVDQRSHQVRXUFHWRROZULWWHQLQ
-DYDDQGDYDLODEOHIRUERWK:LQGRZVDQG/LQX[RSHUDWLQJV\VWHPV
Arachni:7KLVLVDSRZHUIXORSHQVRXUFHWRROXVHGE\SHQHWUDWLRQWHVWHUVDQGV\VWHP
DGPLQLVWUDWRUVWRHYDOXDWHWKHVHFXULW\RIZHEDSSOLFDWLRQV7KHWRROLVDYDLODEOHIRU
/LQX[DQG0DFSODWIRUPV
X5S: ;6 LV D SRZHUIXO WRRO GHVLJQHG WR ILQG FURVVVLWH VFULSWLQJ YXOQHUDELOLWLHV LQ
ZHEDSSOLFDWLRQV
'XH WR D UDSLG LQFUHDVH LQ WKH QXPEHU RI ,QWHUQHW XVHUV LQ WKH UHFHQW \HDUV PDOLFLRXV
KDFNHUVKDYHQRZVWDUWHGWRWDUJHWLQGLYLGXDOXVHUVIRUWKHLUDWWDFN1XPHURXVFOLHQWVLGH
YXOQHUDELOLWLHV VXFK DV EURZVHU IODZV DQG ODFN RI VHFXULW\ DZDUHQHVV DPRQJ WKH ,QWHUQHW
XVHUVKDVPDGHWKHPDQHDV\WDUJHWIRUKDFNHUV,QWKLVFKDSWHUOHWXVORRNDWVRPHRIWKH
SRSXODUZD\VWRKDFN,QWHUQHWXVHUVDQGDOVRWKHFRXQWHUPHDVXUHVWRSUHYHQWWKHP
7RWDNHFRQWURORIXVHUVRQOLQHDFFRXQWVVXFKDV(PDLO)DFHERRNDQGRWKHUVRFLDO
QHWZRUNDFFRXQWV
7RHDUQDGYHUWLVLQJUHYHQXHE\IRUFHIXOO\GULYLQJXVHUVWRRQOLQHDGYHUWLVHPHQWVVXFK
DVEDQQHUVDQGSRSXSV
7RXVHLQGLYLGXDOXVHUVIRUDWWDFNLQJRWKHUV\VWHPVVXFKDVFDXVLQJD''R6DWWDFN
6RPHWLPHVHYHQIRUIXQRUWRVKRZRIIWDOHQWDPRQJWKHKDFNHUVFRPPXQLW\
Session Cookies
7KHUHIRUHLQRUGHUWRUHPHPEHULQGLYLGXDOXVHUVZHEVLWHVVWRUHDVPDOOILOHFDOOHGsession
cookie RQ WKH FOLHQW VLGH LQ WKH XVHUV EURZVHU ZKLFK FRQWDLQV XQLTXH DXWKHQWLFDWLRQ
LQIRUPDWLRQ DERXW WKH XVHUV DFWLYH VHVVLRQ 7KHVH FRRNLHV KHOS LGHQWLI\ LQGLYLGXDO XVHUV
WKURXJKRXWWKHZHEVLWH:KHQWKHXVHUKLWVWKHORJRXWEXWWRQRUFORVHVWKHEURZVHUWKH
VHVVLRQLVVDLGWRH[SLUH
6RZKHQDKDFNHUPDQDJHVWRVWHDOWKHFRRNLHVRIDQDFWLYHVHVVLRQKHPD\LQMHFWWKHPWR
KLV EURZVHU WR JDLQ XQDXWKRUL]HG WR DQ\ RQOLQH DFFRXQW VXFK DV HPDLOV VRFLDO PHGLD
DFFRXQWV DQG VR RQ 7KLV WHFKQLTXH LV NQRZQ DV session hijacking DOVR UHIHUUHG WR DV
cookie hijacking RUcookie stealing
xs
,QRUGHUWRKLMDFNDQDFWLYHVHVVLRQRQHKDVWRJDLQDFFHVVWRWKHFRQWHQWVRIWKHDERYHWZR
FRRNLHV6QDSVKRWVRIWKHVDPSOHGDWDFRQWDLQHGLQWKHVHWZRFRRNLHVDUHVKRZQEHORZ
Figure 15. 1
Figure 15. 2
2QFH\RXKDYHDFFHVVWRWKHFRQWHQWVRIWKHDERYHWZRVHVVLRQFRRNLHVc_userDQGxs
LW LV WLPH WR LQMHFW WKHP WR \RXU EURZVHU DQG JDLQ DFFHVV WR WKH WDUJHW XVHUV )DFHERRN
DFFRXQW $ )LUHIR[ H[WHQVLRQ FDOOHG Advanced Cookie Manager PDNHV WKLV MRE D ORW
VLPSOHU,WSURYLGHVDQRSWLRQWRDGGDQGHGLWFRRNLHVVWRUHGRQ)LUHIR[+HUHLVDVWHSE\
VWHSLQVWUXFWLRQWRLQMHFWFRRNLHWR)LUHIR[EURZVHU
,QVWDOOWKHDGGRQAdvanced Cookie Manager WR\RXU)LUHIR[EURZVHUDQGRSHQLW
E\FOLFNLQJWKHLFRQSUHVHQWLQWKHWRROEDU
6ZLWFKWRWKH0DQDJH&RRNLHVWDEDQGFOLFNRQWKH$GG&RRNLHVEXWWRQ
7R FUHDWH WKH c_user FRRNLH ILOO LQ DOO WKH GHWDLOV H[DFWO\ DV VKRZQ LQ WKH EHORZ
VQDSVKRWH[SHFWIRUWKH9DOXHILHOGZKLFKKDVWREHUHSODFHGE\WKHFRQWHQWIURP
WKHKLMDFNHGFRRNLH2QFH\RXDUHGRQHFOLFNRQ$GGEXWWRQ
Figure 15. 3
$JDLQFOLFNRQ$GG&RRNLHEXWWRQWRFUHDWHWKHFRRNLHxsLQWKHVDPHZD\$IWHU
ILOOLQJWKHGHWDLOVDVVKRZQEHORZFOLFNRQ$GGEXWWRQ'RQRWIRUJHWWRUHSODFHWKH
9DOXHILHOGZLWKWKHFRQWHQWIURP\RXUKLMDFNHG[VFRRNLH
Figure 15. 4
$IWHU \RX KDYH ILQLVKHG FUHDWLQJ WKHVH WZR FRRNLHV FORVH WKH $GYDQFHG &RRNLH
0DQDJHUDQGORDGWKH)DFHERRNSDJH<RXVKRXOGDXWRPDWLFDOO\EHORJJHGLQWRWKH
WDUJHWXVHUVDFFRXQWZKHUH\RXKDYHWKHFRPSOHWHDFFHVV
2QFH \RX DUH ORJJHG \RX FDQ DFFHVV WKH DFFRXQW DV ORQJ DV WKH WDUJHW XVHUV VHVVLRQ LV
DFWLYH7KDWPHDQV\RXFDQDFFHVVWKHDFFRXQWLQSDUDOOHOIURP\RXURZQFRPSXWHUXQWLO
WKHXVHUKLWV/RJ2XWEXWWRQRQKLVKHUFRPSXWHU
8VHDQXSWRGDWHEURZVHUSURJUDPWRSUHYHQWEURZVHUH[SORLWV
&RQILJXUH EURZVHU WR VWRS UXQQLQJ XQYHULILHG VFULSWV DQG DOVR DYRLG XVLQJ EURZVHU
SOXJLQVIURPXQWUXVWHGVRXUFHV
Email Hacking
(PDLOKDFNLQJLVRQHRIWKHSUHYDLOLQJKRWWRSLFVLQWKHILHOGRIHWKLFDOKDFNLQJ$KDFNHU
FDQJDLQDFFHVVWRDZLGHYDULHW\RISULYDWHLQIRUPDWLRQDERXWWKHWDUJHWXVHULIKHPDQDJHU
WR KDFN KLVKHU HPDLO DFFRXQW 6RPH RI WKH SRVVLEOH ZD\V WR KDFN HPDLO DFFRXQWV DUH
GLVFXVVHGEHORZ
Keylogging
8VLQJ D VS\ZDUH SURJUDP VXFK DV NH\ORJJHU LV WKH HDVLHVW ZD\ WR KDFN DQ HPDLO RU DQ\
RWKHURQOLQHDFFRXQWSDVVZRUG$OO\RXQHHGWRGRLVMXVWLQVWDOOWKHNH\ORJJHUSURJUDPRQ
WKHFRPSXWHUZKHUHWKHWDUJHWXVHULVOLNHO\WRDFFHVVKLVKHUHPDLODFFRXQWIURP7KHVH
VS\ZDUH SURJUDPV DUH GHVLJQHG WR RSHUDWH LQ D WRWDO VWHDOWK PRGH DQG KHQFH UHPDLQV
FRPSOHWHO\KLGGHQIURPQRUPDOXVHUV2QFHWKHNH\VWURNHVDUHUHFRUGHG\RXFDQXQORFN
WKHSURJUDPXVLQJDKRWNH\FRPELQDWLRQRUSDVVZRUGWRYLHZWKHORJV7KHORJVFRQWDLQ
DOO WKH NH\VWURNHV W\SHG RQ WKH FRPSXWHU NH\ERDUG LQFOXGLQJ WKH XVHUQDPHV DQG
SDVVZRUGV
0RGHUQ NH\ORJJHU SURJUDPV OLNH Realtime-Spy SpyAgent DQG SniperSpy VXSSRUWV
UHPRWH PRQLWRULQJ IHDWXUH ZKHUH \RX FDQ YLHZ WKH ORJV HYHQ IURP D UHPRWH ORFDWLRQ
6RPHRIWKHPDOVRKDYHDIHDWXUHWRVHQGORJVWKURXJKHPDLODQG)73
(YHQ WKRXJK NH\ORJJHUV FDQ PDNH WKH KDFNLQJ SURFHVV D ORW VLPSOHU WKH\ KDYH D IHZ
GUDZEDFNV0RVWRIWKHVHSURJUDPVKDYHWREHLQVWDOOHGPDQXDOO\RQWKHWDUJHWFRPSXWHU
IRUZKLFK\RXQHHGWRKDYHSK\VLFDODFFHVVWRLW$OVRWKHUHLVDFKDQFHRIDQWLVS\ZDUH
SURJUDPVGHWHFWLQJDQGGHOHWLQJWKHNH\ORJJHULQVWDOODWLRQRQWKHFRPSXWHU
Phishing
3KLVKLQJLVDQRWKHUSRSXODUDQGKLJKO\HIIHFWLYHWHFKQLTXHXVHGE\DWWDFNHUVWRKDFNHPDLO
DQGRWKHURQOLQHDFFRXQWV0RVW,QWHUQHWXVHUVZRXOGHDVLO\IDOOSUH\DQGEHFRPHYLFWLPV
WRWKLVW\SHRIDWWDFN+RZHYHUWRGHYLFHDSKLVKLQJDWWDFNRQHKDVWRKDYHDWOHDVWDEDVLF
NQRZOHGJHRI+70/DQGSURJUDPPLQJ
6WHSV,QYROYHGLQ3KLVKLQJ$WWDFN
7KHKDFNHUILUVWFUHDWHVDUHSOLFDRIWKHWDUJHWORJLQSDJHVXFKDV*PDLO<DKRRRU
DQ\RWKHURQOLQHDFFRXQW
2QFHWKHSDJHLVLQWHJUDWHGWRWKHVFULSWDQGGDWDEDVHWKHKDFNHUXSORDGVWKHZKROH
VHWXSWRDKRVWLQJVHUYHUVRDVWRPDNHWKHSKLVKLQJSDJHJRRQOLQH
2QFHWKHSKLVKLQJSDJHLVOLYHDQGZRUNLQJWKHKDFNHUGULYHVSHRSOHWRWKLVSKLVKLQJ
SDJHE\VSUHDGLQJWKHSKLVKLQJOLQNYLDHPDLO,QWHUQHW0HVVHQJHUDQGIRUXPV
6LQFHSKLVKLQJSDJHVORRNH[DFWO\WKHVDPHDVWKHUHDORQHSHRSOHHQWHUWKHLUORJLQ
GHWDLOV RQ WKHVH SDJHV ZKHUH WKH\ DUH VWROHQ DZD\ DQG JHWV VWRUHG LQ WKH KDFNHUV
GDWDEDVH
Session Hijacking
$V GLVFXVVHG HDUOLHU LW LV SRVVLEOH WR JDLQ DFFHVV WR DQ HPDLO DFFRXQW WKURXJK VHVVLRQ
KLMDFNLQJ %\ VWHDOLQJ WKH FRRNLHV RI DQ DFWLYH VHVVLRQ DQG LQMHFWLQJ WKHP WR RQHV RZQ
EURZVHU LW LV SRVVLEOH WR JDLQ DFFHVV WR WKH WDUJHW HPDLO DFFRXQW +RZHYHU LI WKH WDUJHW
XVHUFORVHVKLVKHURQJRLQJVHVVLRQE\ORJJLQJRXW\RXZLOOQRORQJHUEHDEOHWRDFFHVVWKH
DFFRXQW $OVR XQOLNH NH\ORJJLQJ DQG SKLVKLQJ WKLV PHWKRG GRHV QRW JUDQW \RX WKH
SDVVZRUG RI WKH WDUJHW DFFRXQW DQG KHQFH \RX ZLOO QRW EH DEOH WR UHDFFHVV LW DW D ODWHU
WLPH
,QVWDOODJRRGDQWLYLUXVDQGDQWLVS\ZDUHSURJUDPRQ\RXUFRPSXWHUDQGNHHSWKHP
XSWRGDWH
3DVVZRUGSURWHFW\RXURSHUDWLQJV\VWHPVRWKDWQRRQHFDQDFFHVV\RXUFRPSXWHULQ
\RXUDEVHQFH
$OZD\VSHUIRUPDPDOZDUHVFDQRQSURJUDPVEHIRUHLQVWDOOLQJWKHP
$YRLGDFFHVVLQJ\RXUDFFRXQWVLQSXEOLFSODFHVVXFKDVF\EHUFDIHV
0DNHVXUHWKDW+7736LVRQZKHQ\RXDUHDFFHVVLQJ\RXUHPDLOV
'R QRW FOLFN RQ WKH OLQNV LQ \RXU HPDLO RU IRUXP WR HQWHU WKH ORJLQ SDJH ,QVWHDG
DOZD\VW\SHWKH85/RIWKHZHEVLWHLQWKHEURZVHUVDGGUHVVEDUDQGDOVRPDNHVXUH
WKDW+7736LVHQDEOHGRQ\RXUORJLQSDJH
$YRLGVWRULQJ\RXUORJLQGHWDLOVRQWKHEURZVHUXQOHVV\RXDUHWKHRQO\XVHURQWKH
FRPSXWHU
Malware:8VLQJPDOZDUHLVDQRWKHUSRSXODUZD\RIKDFNLQJ,QWHUQHWXVHUV+DFNHUV
PDNHXVHRIPDOZDUHSURJUDPVOLNHYLUXVDQG7URMDQKRUVHVWRDFFRPSOLVKWKHLUWDVN
E\DIIHFWLQJODUJHQXPEHURISHRSOH$SRSXODUH[DPSOHRIVXFKDWWDFNLVWKHXVHRI
DNSChanger 7URMDQ ZKLFK DIIHFWHG PLOOLRQV RI ,QWHUQHW XVHUV E\ KLMDFNLQJ WKHLU
'16VHUYHUV
Instant Messaging:$WWDFNHUVFDQDOVRWDUJHW,0XVHUVE\VHQGLQJWKHPXQVROLFLWHG
RIIHUV LQ WKH IRUP RI ILOHV DQG OLQNV 7KLV PD\ PLVOHDG WKH XVHUV LQWR LQVWDOOLQJ
PDOZDUHRUQDYLJDWLQJWRPDOLFLRXVZHEVLWHV
CONCLUSION
,ZRXOGOLNHWRFRQJUDWXODWH\RXUHIIRUWIRUPDNLQJLWWKURXJKWKHZKROHERRN7KURXJKRXW
WKH FRXUVH RI WKLV ERRN \RX KDYH EHHQ LQWURGXFHG WR YDULRXV KDFNLQJ WHFKQLTXHV DQG
VHFXULW\FRQFHSWVWKDWKDVODLGDVROLGIRXQGDWLRQWRSUHVHQW\RXUVHOIDVDQHWKLFDOKDFNHU
+RZHYHUDVWKHQDPHRIWKLVERRNLWVHOIVXJJHVWVWKLVLVMXVWDEHJLQQLQJ,QWKHILHOGRI
LQIRUPDWLRQVHFXULW\WKHUHLVDOZD\VDURRPDQGQHHGIRUOHDUQLQJQHZWKLQJVDQGTXHVW
IRU H[SDQGLQJ NQRZOHGJH UHPDLQV IRUHYHU 5HPHPEHU SUHVHQW GD\ KDFNLQJ WHFKQLTXHV
PD\ QR ORQJHU ZRUN IRU WKH IXWXUH $V QHZ YXOQHUDELOLWLHV JHW GLVFRYHUHG ROG RQHV JHW
SDWFKHG 6R \RX DV DQ HWKLFDO KDFNHU PXVW DOZD\V KDYH DQ XSGDWH RQ WKH ODWHVW VHFXULW\
QHZVDQGQHZO\GLVFRYHUHGYXOQHUDELOLWLHV
FURTHER READING
,QRUGHUWRPDNHLWHDV\IRUWKHEHJLQQHUVDQGILUVWWLPHUHDGHUV,KDYHVLPSOLILHGVRPHRI
WKHWRSLFVLQWKHERRN+RZHYHUHDFKRIWKHPFDQEHH[SDQGHGDQGGLVFXVVHGLQDPXFK
GHHSHUZD\<RXFDQDOZD\VFKRRVH\RXUIDYRXULWHWRSLFIURPWKHERRNDQGEHJLQWROHDUQ
PRUHDERXWLW
2QHRIWKHEHVWZD\WRH[SDQGNQRZOHGJHLVE\SXUFKDVLQJDERRNRQDVSHFLILFWRSLFDQG
IXUWKHUSXUVXLQJLW,QDGGLWLRQ\RXFDQOHDUQPRUHRQLQGLYLGXDOWRSLFVE\MRLQLQJRQOLQH
FRPPXQLWLHVZKHUH\RXFDQGLVFXVV\RXUSUREOHPVDQGILQGTXLFNVROXWLRQVIURPH[SHUWV
+HUHLVDFRPSLODWLRQRIVRPHRIWKHXVHIXOOLQNVWKDWKHOSH[SDQG\RXUNQRZOHGJHRQWKH
VXEMHFW
HackThisSite:2QHRIWKHEHVWVLWHWKDWRIIHUVDQH[FHOOHQWSODWIRUPWROHDUQWHVWDQG
H[SDQG\RXUKDFNLQJVNLOOV
Hellbound Hackers: $QRWKHU ZHEVLWH WKDW JLYHV LQGHSWK LQIRUPDWLRQ RQ YDULRXV
VHFXULW\UHODWHGWRSLFV
Astalavista:7KLVLVDZRQGHUIXOSODFHWROHDUQDERXWODWHVWVHFXULW\H[SORLWVKDFNLQJ
WHFKQLTXHVFRGHFUDFNLQJDQGPRUH
Hack Forums: +HUH \RX FDQ GLVFXVV DQG LQWHUDFW ZLWK ODUJH JURXS RI OLNHPLQGHG
SHRSOHDQGH[SHUWVWRILQGLQIRUPDWLRQDQGVROXWLRQVIRUYDULRXVWRSLFVDQGSUREOHPV
DERXWKDFNLQJ
Codecall: 7KLV ZHEVLWH SURYLGHV DOO WKH SURJUDPPLQJ UHVRXUFHV QHHGHG IRU ZULWLQJ
\RXURZQFRGHVDQGH[SORLWV
Go4Expert: 7KLV LV DQRWKHU FRPPXQLW\ RIIHULQJ IUHH KHOS DQG UHVRXUFHV RQ
SURJUDPPLQJDQGZHEGHYHORSPHQW
Email: info@gohacking.com
EHVWUHJDUGV
Srikanth Ramesh
Table of Contents
35()$&(
&KDSWHU,QWURGXFWLRQ
:+$7,6+$&.,1*"
+$&.(5&/$66,),&$7,21
(66(17,$/7(50,12/2*,(6
+$&.,1*)$46
&KDSWHU(VVHQWLDO&RQFHSWV
&20387(51(7:25.
1(7:25.+267
1(7:25.35272&2/
1(7:25.3257
1(7:25.3$&.(7
'20$,11$0(6<67(0'16
),5(:$//
352;<6(59(5
&KDSWHU,QWURGXFWLRQWR/LQX[
:+</,18;"
:,1'2:696/,18;
&+226,1*$/,18;',675,%87,21
5811,1*/,18;)520$/,9(',6.
/,18;%$6,&6
)857+(55()(5(1&(6
&KDSWHU3URJUDPPLQJ
:+<352*5$00,1*"
:+(5(6+28/',67$57"
&KDSWHU)RRWSULQWLQJ
:+$7,6)22735,17,1*"
,1)250$7,21*$7+(5,1*0(7+2'2/2*<
&2817(50($685(6
&KDSWHU6FDQQLQJ
'(7(&7,1*/,9(6<67(06
7<3(62)6&$11,1*
722/6)256&$11,1*
26),1*(535,17,1*
&21&($/,1*<285,'(17,7<
&2817(50($685(6
&KDSWHU+DFNLQJ3DVVZRUGV
',&7,21$5<$77$&.
%587()25&($77$&.
5$,1%2:7$%/(
3+,6+,1*$77$&.
&2817(50($685(6
&KDSWHU+DFNLQJ:LQGRZV
*$,1,1*$&&(66727+(6<67(0
'803,1*7+(3$66:25'+$6+(6
&5$&.,1*7+(:,1'2:63$66:25'
&2817(50($685(6
&KDSWHU0DOZDUH
0$/:$5(9$5,$176$1'&200217(&+1,48(6
&2817(50($685(6
&KDSWHU+LGLQJ,QIRUPDWLRQ
:,1'2:6+,''(1$775,%87(
17)6$/7(51$7('$7$675($06
67(*$12*5$3+<
86,1*722/6)25+,',1*,1)250$7,21
&KDSWHU6QLIILQJ
7<3(62)61,)),1*
7(&+1,48(6)25$&7,9(61,)),1*
'16&$&+(32,621,1*
0$1,17+(0,''/($77$&.
722/6)2561,)),1*
&2817(50($685(6
&KDSWHU'HQLDORI6HUYLFH
:+$7,6'(1,$/2)6(59,&('26$77$&."
',675,%87(''(1,$/2)6(59,&(''26$77$&.
&2817(50($685(6
&KDSWHU:LUHOHVV+DFNLQJ
:,5(/(661(7:25.%$6,&6
:,5(/(6661,)),1*
:,5('(48,9$/(1735,9$&<:(3
:,),3527(&7('$&&(66:3$
'(1,$/2)6(59,&('26$77$&.6
&2817(50($685(6
&KDSWHU:HE$SSOLFDWLRQ9XOQHUDELOLWLHV
:(%$33/,&$7,21%$6,&6
7<3(62):(%$33/,&$7,2198/1(5$%,/,7,(6
722/6)2598/1(5$%,/,7<6&$11,1*
&KDSWHU+DFNLQJ,QWHUQHW8VHUV
&20021+$&.,1*7(&+1,48(6