Exhibition
Artists/Projects
Open Call
Hackers Forum
Contact Us
Home
 

Suggested Ethical Hacking Performance

 

 

<<- BACK

Required systems:

 

1) One SQL server.

2) One HTTP server.

3) Two DNS servers, running Solaris.

4) One PC, running WinNT, connected to an Internal DSL (or likewise, Ethernet, wireless, IrDA ...) LAN.

5) One PC (running any OS), connected to the Internal LAN through a dialup modem.

6) One UNIX server that is used as a firewall for connecting the internal LAN to Internet.

7) One Linux or BSD server.

 

Possible attacks.

Categorized Parts

1) Simple techniques

2) Compound scripting

3) Advanced strategies

 

_____________________________________________________________

1) Simple Techniques:

 

SQL injection - On SQL server

Spam - On any

Sniffing and Spoofing - On HTTP server

Phishing - On DNS or HTTP servers

Smurffing* - On WinNT PCs or DNS servers

War DSL- On ?User PC?

SSH, FTP, PW, TELNET, HTTP, PATCH ?Dump - On any

Unix Daemons tricks - On UNIX servers (Solaris DNS, Linux or BSD servers)

 

_____________________________________________________________

Most common daemons are:

 

Service Port Number Description

?___________________________________

 

-ftp-21-File Transfer [Control]

- smtp-25-Simple Mail Transfer Protocol

-tftp-69-Trivial File Transfer Protocol

-finger-79-Finger

-www-http - - 80 -- World Wide Web HTTP

sunrpc -- 111 -- SUN Remote Procedure Call

fln-spx -- 221 -- Berkeley rlogind with SPX auth

rsh-spx -- 222 -- Berkeley rshd with SPX auth

netinfo -- 716-719 -- NetInfo

ibm-res -- 1405 -- IBM Remote Execution Starter

nfs -- 2049 -- Network File System

x11 -- 6000-6063 -- X Window System

 

rcp/rshd -- Remote Copy/Remote Shell Daemon

nis -- Network Information Services

_____________________________________________________________

2) Compound Scripting:

??

??? Advanced Buffer over Flow (Exploit) attacks

??? Rootkit attacks

??? DOS & DDOS attacks

??? Kernel and system calls backdoors

???

(All these attacks are simply possible on any of the aforementioned servers)

 

 

_____________________________________________________________

3) Advanced strategies:

??? Dial ?M? for Modem (By Ed Skoudis)

??? This one could be considered as a real hacking project.

 

A) Informations that will be given to hackers:

???? 1) The IP address of the ?User PC?.

???? 2) The Phone number that ?User PC? uses to connect to the Internal LAN.

 

B) Chances that will be given to hackers:

???? (Common mistakes, made by system administrators)

???? 1)?User PC? will run CMA service, without any Password

????????? protection.

???? 2) There are no IDSs on the Internal LAN.

???? 3) There will be an active telnet connection between Console & DMZ.

???? 4) There will be an active FTP connection between Console & DNS

???? ?????server.

 

 

 

 

[The DMZ contains a web server and a DNS server.

The tri-homed firewall and DMZ are controlled and managed from MGMT console,

which is connected to the Internal LAN]

 

 

C) Things that won?t be given? to hackers:

???? (Or what hackers are supposed to do!)

???? This is just one of the possible strategies known as

?? ?Dial ?M? for Modem?, but other strategies would not differ so much.

 

??? 1) Scanning your Network with Cheops for active systems, in order to find your Net topology.

??? 2) Running FragFouter to hide their scan.

??? 3) Using Nmap for finding open TCP/UDP ports on your systems.

??? 4) Using firewalk, to scan systems for filtered ports.

??? 5) Using Nessus for scanning vulnerable or unpatched local services.

??? 6) Running CMA client service, configured to dial the given phone

??????? number (used by ?User PC), to get access to Internal LAN through

?????? ?User PC?

??? 7) Inactivating the ?User PC?? anti-virus.

??? 8) Installing a Back Orifice (A Kernel Level Trojan Backdoor-BO2K) on ?User PC?.

??? 9) Installing the WinNT version of Nessus on ?User PC?.

? 10) Executing a BIND Exploit on the ?Internal DNS server?.

? 11)Getting access to the ?Internal DNS server?.

? 12) Installing a Reverse WWW shell and a LKM RootKit on the ?Internal DNS server?.

? 13) Running a Hunt Session Hijacker for spying Telnet connections.

? 14) Getting access to the ?WWW server? of DMZ.

? 15) Installing Dsniff on ?WWW server?, for monitoring? FTP connections.

? 16) Getting Access to ?DNS server?.

 

 

For more detailed and technical help & information, about any part of my notes,

 

Head of Z-HaCkers

Puyan Bedayat