Attack Frameworks and Tools

Network Architectures and Services, Georg Carle Faculty of Informatics

Technische Universität München, Germany

Attack Frameworks and Tools

Pranav Jagdish

Betreuer: Nadine Herold

Seminar Innovative Internet Technologies and Mobile Communication WS2014

Lehrstuhl Netzarchitekturen und Netzdienste

Overview

 Overview of Tools  Password Crackers  Network Poisoners

Introduction

 Network Security – perhaps the most important aspect of communications in todays world

 How easy it is to attack a target system or network today?  Tools automate most of the work

 From fingerprinting your target to attacking

Introduction

Confidentiality

Overview of the Tools

Cai

n

an

d

Abel

Overview of the Tools

Overview of the Tools

Password Crackers

 Crack passwords or keys

 Crack various kind of hashes

 Initially used to crack local system passwords like for Windows and Linux  Have extended to include numerous kinds of hashes

 New versions are faster and use different kind of cracking methods

 GPU based password cracking also possible and is faster than CPU based

Password Crackers

 Windows based

 Widely used to crack Windows Passwords (LM Hashes and NTLM Hashes)  Has built-in sniffer

• Can sniff web session passwords • Can analyse SSH-1 or HTTPS traffic

 Needs:

• Rainbow tables for effective hash cracking • Size of table – impediment!

Password Crackers

 Like Cain and Abel - Dictionary based and Brute force methods available  Comes with various character sets

 Can crack numerous kinds of hashes

 Brute force can for obvious reasons take a huge amount of time

• Dictionaries could go up to petabytes

• Cracking time could be in excess of decades for even a 8 character password • Normal machines: Impossible

Password Crackers

 Like the previous tools – However claims to be “fastest password

cracker” with proprietary cracking algorithms

 Vs. Cain and Abel & John the Ripper - Offers various kinds of attacks

• 8 kinds of attacks

• Example: Combinator attack – combine each word in dictionary to every other word in it

• Example: Hybrid attack – Half of password from dictionary and rest from brute force

• HENCE, INCREASES EFFECTIVENESS OF A DICTIONARY

Network Poisoners

 Attack: Integrity of the Network  Can lead to loss of

confidentiality and availability too

 Prime goal : ARP Poisoning  Pose as another machine

Network Poisoners

 Once done:

 Pose as DNS Server  Pose as DHCP Server

 Pose as the default gateway  Perform Data Sniffing

 Man in the Middle Attacks (MITM)  and a lot more…

Network Poisoners

 Suite of Poisoners  Includes Sniffers

 Plans to be a central network poisoning/administration tool  Can manage active sessions of poisoning/sniffing

Network Poisoners

 Ettercap

 GUI available too!

 Plugins offer support for further complex attacks like: • DNS Poisoning

Network Security Tools

 Most were created for vulnerability testing and easing the job of network administrators

Network Security Tools

 Network Scanner

 A powerful tool to scan networks  Used for (not exclusive list):

Network Security Tools

 A database of exploits

 Provides information about security vulnerabilities

 Goal: Aid in penetration testing and IDS signature development

 In the wrong hands:

• Can be used to exploit those same vulnerabilities with relative ease

 Exploits for almost every kind of system – from Mac OSX to Windows to Linux to Android phones

Network Security Tools

 How easy it is?

• Select an exploit from the database • Select a payload

• Decide upon an obfuscation or encoding scheme

• ANY EXPLOIT CAN BE ATTACHED WITH ANY PAYLOAD

 Types of exploits:

• Passive – wait for targets to connect in and then try to exploit their systems • Active – target system attacked directly

 “Autopwn” feature – tries to automatically exploit and inject itself into target system

Network Security Tools

 Problems?

• Exploits caught by anti-virus software (primarily of E-Mail providers) if not local systems anti-virus

– SPREADING THE PAYLOAD BECOMES DIFFICULT!

Network Security Tools

 SQLMap

 SQL Injection Vulnerabilities • Script checks possible SQL

injection inputs on the Web application

• Vulnerability scanning

 Many such scanners exist like,

 JoomScan – Joomla CMS Scanner  WPScan – Wordpress Scanner

Denial Of Service Tools

Bandwidth

Bandwidth

Denial Of Service Tools

 Other scenarios exist too

 Example: IPv6 DOS Attack  Effects on Organziations:

 Loss of revenues in recent years  Loss of user trust on organisations

Denial Of Service Tools

 “Hivemind” feature – Distributed Denial Of Service  Favourite of “Hacktivists”

Denial Of Service Tools

 HULK – “HTTP Unbearable Load King”

 Generate unique requests every single time • Additional random page names added • Random Query Strings appended

Conclusions

 Is it that easy to hack?

 Probably not

• Password crackers – Require massive computing power • Metasploit Payloads

– Detected by anti-virus software

– Patches before vulnerabilities published (usually)

• Nmap Fingerprinting – Can be blocked by active monitoring

• SQL Injection becoming less common as developers become more aware • Denial of Service – still can occur

– Difficult to mitigate

– Used extensively by “hactivist” groups

Conclusions

 However new tools are always available

 Example: Dendroid – Android Hijack Tool

• Available/Leaked on the Deep Web with ease • Simple web based interface

• Patch might still take time to come – Google not patching older Android OSs • More users becoming aware of .onion, .i2p, etc domains

– Once again: Ease of use and easy availability leads to anyone using the tools

 Black hat community will always have new tools

 Normal users do not need massive know-how to carry out attacks

Thank you!