VIEWS: 72 PAGES: 39 POSTED ON: 4/23/2010
Exploits Dalia Solomon Categories Trojan Horse Attacks Smurf Attack Port Scan Buffer Overflow FTP Exploits Ethereal Exploit Worm Virus Password Cracker DNS Spoofing Trojan Horse attacks A computer becomes vulnerable to this attack when the user downloads and installs a file onto their system. This opens a port without the knowledge of the user. The open port gives the remote user access to ones computer Trojan Horse - NetBus NetBus is a tool that allows a remote user to gain administrative privileges NetBus consists of two programs a server and a client. NetBus Server To infect a computer, NetBus disguises itself as an ICQ executable file that a naive user install on their computer. NetBus Server NetBus server – This application will open a backdoor on the target computer. This application can be configured to be either invisible or visible to the user. NetBus Client NetBus - This application will connect to a computer that is running NetBus server. It allows the hacker to spy and take control of the infected computer. Smurf Attack A Smurf Attack occurs when a packet such as an ICMP echo frame (in this application) is sent to a group of machines. The packet sent has the source address replaced by the target computer or network IP address. This causes a flurry of echo responses to be sent to the target machine, which can overflow the target computer. Smurf Attack Here we are attacking our computer Port Scan This program allows the hacker to scan a target computer to detect open ports. This is primarily used to detect vulnerable applications using certain ports on the target computer. Port Scan Buffer Overflow Buffer Overflow • Most common form of exploits • Occurs when you put more data in the buffer than what it can hold • Occurs if bounds are not checked by program • Purpose of buffer overflow is to execute codes and gain special privileges Buffer Overflow Buffer Overflow Buffer Overflow FTP Exploits This exploit shows how it is possible for somebody to get a shell (command prompt) from Serv-U FTP server. This exploit causes a buffer overflow condition to occur in Serv-U FTP when it parses the MDTM command. FTP Exploits The exploit required that the user have login access to a server. FTP Exploits This shows how the hacker gains shell access to the target machine. FTP Exploits FTP Exploits Here is a segment of the code that causes the buffer overflow. Ethereal Exploit Vulnerability exist in Ethereal. By sending carefully crafted packets to the sniffed wire or by convincing someone to load a malicious packet capture file into Ethereal a user can overflow a buffer and execute malicious code • The vulnerability exist in the following packets: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ethereal - example Ethereal IGAP message • This exploits a vulnerability in Ethereal when handling IGAP messages • Works on Ethereal 0.10.0 to Ethereal 0.10.2. • Will either crash Ethereal or open a port that allows a user to gain root privileges Ethereal - example This code will create a malformed IGAP header that when sent, causes the Ethereal application to crash because of its vulnerability in handling IGAP packets. Worm A worm is a program that makes copies of itself and causes major damage to the files, software, and data Method of replication include • Email • File sharing Worm - example W32/Bugbear-A • Is a network worm that spreads by emailing attachments of itself • It creates a thread which attempts to terminate anti-virus and security programs • The worm will log keystrokes and send this information when the user is connected online • The worm will open port 80 on the infected computer Worm - example http://www.sophos.com/virusinfo/analyses/w32bugbeara.html Worm - Example W32/MyDoom-A is a worm which spreads by email. When the infected attachment is launched, the worm harvests email addresses from address books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL. Worm – Example (continue…) Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP. Worm – Example (continue…) the worm will attempt a denial-of-service attack to www.sco.com, sending numerous GET requests to the web server. Drops a file named shimgapi.dll to the temp or system folder. This is a backdoor program loaded by the worm that allows outsiders to connect to TCP port 3127. http://www.sophos.com/virusinfo/analyses/ w32mydooma.html Virus A virus is program that infect operating system and applications. Replication methods • Application File (Word doc.) • Hard drive or Boot record (boot disk) • Scripts (batch file) Virus - example W97M/Marker Virus is a Word macro virus It collects user information from Word and sends the information through FTP It adds a log at the end of the virus body for every infected user. • This log contains information for system time, date, users name and address Virus - example When you open a document file it will display a message Depending on the user’s response the user will get one of these messages Password Cracker Some applications and web pages are vulnerable to remote password cracker tools. Application such as HTTP, FTP and telnet that don’t handle login properly and have small size password are vulnerable to brute force password cracker tools. Password - cracker Brutus is a remote password cracker tool, on an older Serv-U v 2.5 application it can crack a password by sequentially sending in all possible password combination Password - cracker DNS spoofing A DNS attack that involves intercepting and sending a fake DNS response to a user. This attack forwards the user to a different address than where he wants to be. DNS spoofing WinDNSSpoof • spoof DNS packets • http://www.securesphere.net/download/papers/dnsspoof.htm DNS Exploitation Tool Zodiac is a robust DNS protocol monitoring and spoofing program Features: • Captures and decodes DNS packets • DNS local spoofing • DNS ID spoofing, exploiting a weakness within the DNS protocol itself. • Etc… http://teso.scene.at/projects/zodiac/ Questions?
Pages to are hidden for
"Exploits"Please download to view full document