Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March...
-
Upload
isaac-stephens -
Category
Documents
-
view
213 -
download
0
Transcript of Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March...
Hacker’s Strategies Revealed
WEST CHESTER UNIVERSITY
Computer Science Department
Yuchen Zhou
March 22, 2002
Requirements:• Hardware: -Two computers
-One hub
-Internet access
• Software: -Windows 98/2000
-Trojan horse (Glacier 6.0)
-Sniffer ( password monitor)
-Port scanner (Fluxay IV)
Case 1: Trojan Horse:
• Suppose a Trojan horse (server.exe) was installed on computer A already.
• One can execute a control program(client.exe) on computer B to control computer A.
Planting a Trojan Horse
• Direct execution of a Trojan horse• Sent as an e-mail attachment• Link an icon (as a “bait”) to a Trojan Horse• Guess password of a user and then use remote execution
All folders and filesin computer A. We cancopy, rename, run or delete them remotely.
All folders and filesin computer A. We cancopy, rename, run or delete them remotely.
Computer A’s basic information
System informationof computer A.
System informationof computer A.
Passwordrelated commands
Controlrelatedcommands
Networkrelatedcommands
Other operations you can use to control computer A
• Find/copy/delete files from computer A
• Share a directory
• Kill a process
• Change the registry
• Record the keyboard
• Shut/restart the computer
Case 2: Sniff a Password
• If computer A transmits some data frames to a server machine D via an Ethernet, every computer will receive a copy.
• Only computer D should accept it; others should discard the data frames.
• However, a sniffer running on machine B or C receives it and analyzes it even B or C is not the destination.
The URL computer A visiting
username
password
Computer A’s IP address
log on time
monitoring NIC
When the password was detected, it will display here.
When the password was detected, it will display here.
This file’s name is “webfilter.txt”, “pwmonitor” need this file to identify the URLs. That is to say, only when the URL computer A visiting is in this filter file can the passwords be sniffed. Because this sniffer is created in China, most of the URLs located in China, but we can find yahoo.com here.
This file’s name is “webfilter.txt”, “pwmonitor” need this file to identify the URLs. That is to say, only when the URL computer A visiting is in this filter file can the passwords be sniffed. Because this sniffer is created in China, most of the URLs located in China, but we can find yahoo.com here.
Case 3: Hack a Server
• Computer A is a server, B is a client
• Scans the ports of computer A
• Guesses the password of admin.
• After the computer is compromised, a hacker can plant some backdoor software to the server and execute it remotely.
Hosts’ typeHosts’ type
username password hosts
Flaxuy is the most popular ports scanner used in China these days.It scans all services (ports) of the servers provide, once it finds a certain service (FTP, telnet...), it will try to find the users and guess the passwords...
Flaxuy is the most popular ports scanner used in China these days.It scans all services (ports) of the servers provide, once it finds a certain service (FTP, telnet...), it will try to find the users and guess the passwords...
Computer 144.26.30.40’s Administrator is “TopTooler”,the password is “toptooler”, we can establish a IPC connection.
Computer 144.26.30.40’s Administrator is “TopTooler”,the password is “toptooler”, we can establish a IPC connection.
password
Using this command, we can log on to the server as an administrator.
Using this command, we can log on to the server as an administrator.
Then copy a Trojan horse to a server
Then copy a Trojan horse to a server