Security breaches are detrimental to the financial structure of organizations, from situations ranging from information theft to destroying the network structure. Security breaches are problematic no doubt, both most of the time they occur from human error, for instance, the errors from the company’s staff. Security breaches are mostly intricate, and require a careful and well-thought-out plan, for its immediate success. System hackers usually have three different information collection stages before they can attempt to hack a system -
System hacking methodology can be segmented into three major parts –
Hackers penetrate the system of target hosts for various reasons -
Passwords are used to protect systems from unauthorized access, and when malicious individuals try to gain access to target systems, the process is called password cracking. Most cracking attempts are successful because the passwords are not strong. One of the easiest way of cracking password is using default passwords. Hackers can use manufacturers' default password to crack any system becuase sometimes system administrators forget to change the default password. There are some online tool and websites to find default passwords. Some of the online tools are - http: //cirt.net, http: //default-password.info, http: //defaultpassword.us etc.
Non-electronic attacks are attacks that do not need a lot of experience. Active online attacks - In this attack the hackers directly interact with the target system. There are three methods to carry out the active online attack -
Passive online attacks -It does the direct opposite, the hackers don’t have to connect with the victim machine to gain access.
Offline attacks - It allows the hacker to crack passwords from an already downloaded password file, at a separate location.
The active online method is focused on password guessing, which means when a target is found, the passwords that have been guessed are prioritized after which the hacker keys in each password until there is a match. Active online attacks use the default passwords – these are passwords given to the target system by the manufactures - as a guideline for cracking passwords.
Trojan horses could also be used to gain access to the target’s system to gain sensitive information, such as user’s credentials (passwords), which could be used to access more information.
• The process can also be completed with a USB, and a hacking tool called PassView.
Wire sniffing is a method used by hackers to get access and store raw network traffic, on the local area network. The hackers use packet sniffer tools, to get data such as passwords and emails. Stolen information is used to gain access to the target system.
The main-in-the middle and replay attack is usually hard to carry out and needs some sort of trust to work. The man in the middle attack accesses the information on the way from the victim towards the server. Hence, there is an interception in the middle. The replay attack uses the sniffer to gain authentication tokens and packets, information is removed, and the token is placed back. I have already demonstrated a man-in-the-middle attack(DNS spoofing) in a previous paper.
The rainbow table attack is a table consisting of dictionary files, brute force lists, and their corresponding hash values. The hacker works by capturing the hash of passwords and comparing it to these compiled tables, making it easy to crack the passwords. Rtgen and winrtgen are tools used to develop the rainbow tables. You can find more on rainbow table generate and password cracking in a previous papre - click here .
The distributed network attack (DNA) decodes passwords by using the processing power of machines. In order words, all the processing power of the target system’s client is brought together and decoded.
Passwords are encoded and stored in SAM, or active directory database. They are not stored in text, to protect them from being easily stolen. The hashed and protected passwords need to be authenticated by authorized personnel before it can be read in clear text.
There are different types of verification process: NTLM verification and authentication NTLM and LM verification protocol’s are used to save the passwords with different hashing methods. For the NTLM authentication process, the user types the password in the login window, the operating system runs the password through a hash process, the computer sends the login request to DC, the DC sends to login challenge, the computer sends to challenge, DC compares computer response with the hash it developed. If there is a match, the password is accepted.
Kerberos Authentication This is an upgraded verification process, used by Microsoft, to authenticate passwords that have been created. This verification process has the client interact with the key distribution server and the application server. Here the user communicates with the authentication server and the server responds. The user also communicates with the ticket-granting server, to request a service ticket and the server responds. Lastly, the user communicates to the application server, to request for access to a service, and the application server communicates to the user and tries to determine if the client is real.
Published with the express permission of the author.