practical cyber attacking tutorial

Se7en - Creative Powerpoint Template

Practical Cyber AttackingTutorialYam Peleg

Cyber?

CYBER!

Se7en - Creative Powerpoint TemplateJAIL!

Introduction To Cyber

Cyber Attacking

Active Reconnaissance Gaining AccessPassive

ReconnaissanceMaintaining

Access

Gaining AccessThis is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.

Maintaining AccessOnce a hacker has gained access, they want to keep that access for future exploitation andattacks.

Passive Reconnaissance Passive reconnaissance involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge

Active ReconnaissanceActive reconnaissance involves probing the network to discover individual hosts, IP addresses,and services on the network. This usually involves more risk of detection than passive reconnaissance

Vulnerability based cyber attacks

Attacker

💻- Develops code that will be sent to the victim and then

- Uses a vulnerability to insert and run that code to

the victim's device.

Victim

💻- Unaware of the attacker’s

code running on the device.

- The malicious code transmit to the attacker.

The art of running your own code on someone else’s computer :)

Social Engineering

Se7en - Creative Powerpoint Template 9

Social Engineering

PhishingPractice of sending emails

Or creating sites appearing to befrom reputable source with theGoal of influencing or gaining

Personal information

ImpersonationPractice of pretexting as

Another person with the goalOf obtaining information or

Access to a person, Company, or computer system.

VishingPractice of eliciting

Information of attempting to Influence action via the

Telephone may include such Tools as “phone spoofing”

Hey! I am from ITCan you please give Me your password

So I can.. Blah Blah..

Passive reconnaissance

Where can we find information?

Google Hacking

www.victim.com

Google Hacking

site:www.victim.com intitle:index.of

www.victim.com

Google Hacking

www.victim.com

ext:ini

Google Hacking

www.victim.com

site:www.victim.com ext:sql | ext:dbf | ext:mdb

Google Hacking

www.victim.com

site:www.victim.com ext:log

Google Hacking

www.victim.com

site:www.victim.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

Google Hacking

www.victim.com

site:www.victim.com inurl:login

Google Hacking

www.victim.com

site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect

syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |

intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"

Google Hacking

www.victim.com

site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect

syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" |

intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"

Google Hacking

www.victim.com

site:www.victim.com ext:php intitle:phpinfo "published by the PHP Group"

Searching for information

Searching for “Information”?

Kali Linux

Maltego

Active reconnaissance

��

Client Server

SYN ACK

Three way handshake

��

Me Server

Port Scanning

Ports..

SYNSYN ACK

ServerOpen ports:

Network Attacking

��

You Someone who is good looking

IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC :?

Who has 192.168.2.52

I Know 192.168.2.52

Mac: E5-28-EC-7E-8B-

Someone

��

You Someone who is good looking

ARP Poisoning

IP:192.168.2.13 IP:192.168.2.52MAC :7B-DA-70-1C-2E-EA MAC : E5-28-EC-7E-8B-5E

��

MAC :BE-EF-CA-CE-13-37

I Know 192.168.2.52

Mac: BE-EF-CA-CE-13-

Than you :)

I Know 192.168.2.13

Mac: BE-EF-CA-CE-13-

Than you :)

Hey There ;) Hey There

Wireless Hacking

Web HackingWWW

��

Client Server

SQL Injection

Request: auth.htmlPOST:user: userPass: pass

"Do we have a user with user name: user and password: pass?”

SELECT user from users WHERE user=‘user’ and password=‘pass’

��

Me Server

SQL Injection

User: user

rySELECT user from users WHERE user=‘user’ and password=‘pass’

User: ‘OR ‘1’=‘1

SELECT user from users WHERE user=‘’OR ‘1’ =‘1’ and password=‘pass’

��

Client Server

Cross side scripting

GET: Page.html

Backend Data

��Other Guys

��

Backend Data

Runnable Script

Exploitation

How a normal program works..

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddress

Reverse Engineering

Exploiting

Everyday use of windows

The Vulnerability… RPCR

… RPCR

PI32!Ne

PI32!Ca

PI32!su

rpccrt4.dll srvscv.dll netapi32.dll

NetpwPathCanonicalize

\\server\\dir1\\..\\dir2

\\server\\dir2

Exploiting..

a7 87 ce 5c 95 b2 4d 98 d6 fc e6 0a 56 19 96 b8 cd d3 e5 77 4d 98 d6 fc e6 0a 56

Exploiting..

c0 33 5b ac 12 82 1b ab 2b 02 9dac 6a 93 e0 9e a5 ea 3a 9e 25 5c7b c1 ad 90 29 9b 2f e6 3a 47 7d9a 20 c6 75 dc 0Address

practical cyber attacking tutorial

Technology

attacking rsa

attacking voip

for campaign teams - canadian centre for cyber security...

practical cyber resilience for directors and managers

safety system cyber security –a practical approach ·...

attacking drupal

practical cyber security strategies for the compliance...

attacking authentication

purple teaming the cyber kill chain - sector...

attacking html5

engaging students in the development of cyber security...

escwa-practical application of cyber crime issues- ver2

cyber learning solutions - raytheon: customer … raytheon...

attacking & defending two versus two each player attacking

attacking the vista heap - lateral security · •...

the security director's practical guide to cyber security

attacking scenario

attacking md5

attacking php

20 attacking drills - association de soccer de - · pdf...