Certified Ethical Hacker - Part 5-1 - System Hacking

by Riazul H. Rozen
Nov. 15, 2017 0 comments 4 minute read Certifications CEH cracking hacking RainbowCrack RainbowTable system
Download PDF

System hacking

Security breaches are detrimental to the financial structure of organizations, from situations ranging from information theft to destroying the network structure. Security breaches are problematic no doubt, both most of the time they occur from human error, for instance, the errors from the company’s staff. Security breaches are mostly intricate, and require a careful and well-thought-out plan, for its immediate success. System hackers usually have three different information collection stages before they can attempt to hack a system -

  • The Footprinting stage, where they have the Namespace, Employee details, and IP range
  • The scanning module, where they access the target, find the system and service they plan on breaching
  • The enumeration stage. Here the hackers search for security flaws and user lists by intricately searching the target system.

System hacking methodology can be segmented into three major parts –

  • Gaining access
    • Cracking password
    • Escalating Privileges
  • Maintaining Access
    • Executing applications
    • Hiding files
  • Clearing logs
    • covering tracks

Objectives of system hacking

Hackers penetrate the system of target hosts for various reasons -

  • To gain unauthorized access to the target system. This they do by cracking passwords or social engineering.
  • To gain access to administrator privileges. This is done by searching for flaws and taking advantage of them.
  • To gain access to certain privileges and information in the system without the knowledge of the target. This is done with Trojans, spyware, backdoors, keyloggers.
  • To steal sensitive information without the knowledge of the target system. This is done with rootkits
  • To clear any footprints of malicious activities. This is done by clearing logs.

Hacking methods

Password cracking

Passwords are used to protect systems from unauthorized access, and when malicious individuals try to gain access to target systems, the process is called password cracking. Most cracking attempts are successful because the passwords are not strong. One of the easiest way of cracking password is using default passwords. Hackers can use manufacturers' default password to crack any system becuase sometimes system administrators forget to change the default password. There are some online tool and websites to find default passwords. Some of the online tools are - http: //cirt.net, http: //default-password.info, http: //defaultpassword.us etc.

Searching default passwords using cirt.net

Password attack types

Non-electronic attacks are attacks that do not need a lot of experience. Active online attacks - In this attack the hackers directly interact with the target system. There are three methods to carry out the active online attack -

  • The dictionary attack works with a loaded dictionary file on the cracking application, which runs against different user accounts until a password is gotten.
  • The brute force method tries every possible combination until a password is found
  • The rule-based method works when some information about the password has been gotten.

Passive online attacks -It does the direct opposite, the hackers don’t have to connect with the victim machine to gain access.

Offline attacks - It allows the hacker to crack passwords from an already downloaded password file, at a separate location.

Ways to carry out active online attacks

The active online method is focused on password guessing, which means when a target is found, the passwords that have been guessed are prioritized after which the hacker keys in each password until there is a match. Active online attacks use the default passwords – these are passwords given to the target system by the manufactures - as a guideline for cracking passwords.

Trojan horses could also be used to gain access to the target’s system to gain sensitive information, such as user’s credentials (passwords), which could be used to access more information.

Trojan Horse

• The process can also be completed with a USB, and a hacking tool called PassView.

Mail PassView

Ways to carry out passive online attacks

Wire sniffing is a method used by hackers to get access and store raw network traffic, on the local area network. The hackers use packet sniffer tools, to get data such as passwords and emails. Stolen information is used to gain access to the target system.

The main-in-the middle and replay attack is usually hard to carry out and needs some sort of trust to work. The man in the middle attack accesses the information on the way from the victim towards the server. Hence, there is an interception in the middle. The replay attack uses the sniffer to gain authentication tokens and packets, information is removed, and the token is placed back. I have already demonstrated a man-in-the-middle attack(DNS spoofing) in a previous paper.

DNS Spoofing

The rainbow table attack is a table consisting of dictionary files, brute force lists, and their corresponding hash values. The hacker works by capturing the hash of passwords and comparing it to these compiled tables, making it easy to crack the passwords. Rtgen and winrtgen are tools used to develop the rainbow tables. You can find more on rainbow table generate and password cracking in a previous papre - click here .

Rainbow Crack in Kali

The distributed network attack (DNA) decodes passwords by using the processing power of machines. In order words, all the processing power of the target system’s client is brought together and decoded.

DNA Manager

Microsoft verification

Passwords are encoded and stored in SAM, or active directory database. They are not stored in text, to protect them from being easily stolen. The hashed and protected passwords need to be authenticated by authorized personnel before it can be read in clear text.

Location of SAM

There are different types of verification process: NTLM verification and authentication NTLM and LM verification protocol’s are used to save the passwords with different hashing methods. For the NTLM authentication process, the user types the password in the login window, the operating system runs the password through a hash process, the computer sends the login request to DC, the DC sends to login challenge, the computer sends to challenge, DC compares computer response with the hash it developed. If there is a match, the password is accepted.

NTLM verification and authentication

Kerberos Authentication This is an upgraded verification process, used by Microsoft, to authenticate passwords that have been created. This verification process has the client interact with the key distribution server and the application server. Here the user communicates with the authentication server and the server responds. The user also communicates with the ticket-granting server, to request a service ticket and the server responds. Lastly, the user communicates to the application server, to request for access to a service, and the application server communicates to the user and tries to determine if the client is real.

Kerberos Authentication

Protection against password cracking

  • Get an information security audit, to check and monitor password attacks
  • Use a different password, during the password change
  • Don’t give passwords out, or use passwords that are in the dictionary
  • Don’t store passwords in areas that are not safe
  • Set regulations to change the password after 30 days.

Published with the express permission of the author.