Module 6: System Hacking Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering t...

Module06 System Hacking

Thursday, February 29, 2024 0 Comments

 Module 6: System Hacking

Learn about the various system hacking methodologies—including

steganography, steganalysis attacks, and covering tracks—used to discover

system and network vulnerabilities. Hands-On Lab Exercises:

Over 25 hands-on exercises with real-life simulated targets to build skills on

how to:

> Perform Online active online attack to crack the system’s password

> Perform buffer overflow attack to gain access to a remote system

> Escalate privileges using privilege escalation tools

> Escalate privileges in linux machine

> Hide data using steganography

> Clear Windows and Linux machine logs using various utilities

> Hiding artifacts in Windows and Linux machines

Section 01: Gaining Access

Gaining access

Password cracking:

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.

Security account manager (SAM) database:

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords.

Net technology lan manager (NTLM):

In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users.

Kerberos:

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Dictionary Attack:

In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.

Brute force attack:

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Password spraying attack:

Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application.

Hashcat:

Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software.

Trojan horse:

In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

Man in the middle attack (MiTM):

In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

Rainbow table:

A rainbow table is an efficient way to store data that has been computed in advance to facilitate cracking passwords. To protect stored passwords from compromise in case of a data breach, organizations avoid storing them directly, instead transforming them using a scrambling function – typically a cryptographic hash.

John the ripper:

John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms.

Password salt:

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.

Exploitation

Exploit DB:

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

VulDB:

Number one vulnerability management and threat intelligence platform documenting and explaining vulnerabilities since 1970.

Buffer overflow:

In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.

Return oriented programming:

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Section 02: Privilege Escalation

Privilege escalation:

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

There are two types of privilege escalation

    horizontal privilege escalation

    vertical privilege escalation

LinPeas:

LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz

LinEnum:

Linux privilege escalation script.

Defenses against privilege escalation

    Run services using unprivileged accounts.

    Regularly patch the OS/kernel.

    Keep as many files as read only as possible.

    Implement strong password policy.

Section 03: Maintaining Access

Maintaining Access

Backdoor:

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus computer" —a tiny computer-within-a-computer such as that found in Intel's AMT technology).

Keylogger / Keystroke logger:

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard,[1][2] typically covertly, so that a person using the keyboard is unaware that their actions are being monitored.

Spyware:

Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privacy or endangering their device's security.

Rootkit:

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

Steganography:

Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection.

Section 04: Clearing Logs

Covering Tracks:

Covering tracks is one of the most stage during system hacking. during this stage, the attacker tries to cover and avoid being detected, or “traced out,” by covering all track, or logs, generated while gaining access to the target networks or computer.

Covering bash shell tracks

1. Disable history

export HISTSIZE=0

2.Clearing history

history -c


0 Comments: