Chapter 5 - 8 Flashcards
SAM Files
Security Accounts Manager File - Windows store credential in SAMs File. C:\windows\system32\config v
LM Authentication
DES
NTLM
DES and MD4 (V2 MD5)
WINDOWS registry
is a collection of all the setting and configurations that make the system run - made up of keys and values
Hacking Steps
Reconnaissance, Scanning , Gaining Access, Maintaining Access, Clearing Tracks
Net view /domain:domainname
Show all systems on a domain
net view \systemname
provide a list of open shares on the system named
net use \target\ipc$ “” /u: ‘’
set up a null sessions
Passive online attack
Sniffing a wire in the hopes of either intercepting a password in clear text or replay attack or a man in the middle attack
Vertical Escalation
When a lower level user executes code at a high privilege level than they should have access to
Horizontal Escalation
Excuting code at the same user
Kerberos
Uses both Symmetric and Asymmetric encryption. technologies to securely transmit passwords and keys across a network. (TGT TGS AS KDC)
Important Keys
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\RunServiceOnce ( RunServices RunOnce Run)
Attack types
Non- Electronic, Active Online, Passive online , Offline
DLL Hijacking
Replacing legitimate DLL with malicious copies in the application root folder
New Technology File System
NTFS file streaming allows you to hide files virtually behind any other file.
Types of Logs
Application, Security, Systems
Rootkit
Collection of software put in place by an attacker that is designed to obscure system compromise (backdoor)
Type of Rootkits
Hypervisor Level, Hardware, Boot loader level, application Level, Kernel Level and Library Level
IETF
Internet Engineering Task Force - Create engineering documents to help improve the internet
W3C
World Wide Web Consortium - International Community working together to develop web standards
OWASP
Open Web Application Security Project - Focused on improve the security of software
Apache configuration
http.conf
IIS configuration
Spawns shells as LOCAL_SYSTEM
N-tier architecture
Distributes processes across multiple servers - Each tier consists of a single role carried out by one
Three Tier Architecture
Presentation Tier, Logic Tier and Data Tier
HTML entity
Way of telling the browser to display certain character it would otherwise look at as a tag or part of the programming itself and
HTTP request methods
GET, HEAD, POST, PUT, DELETE,TRACE and CONNECT§
DNS Amplification
Attack manipulating recursive DNS to DoS a target
Web 2.0
Different method of creating website and applications (dynamic web pages) web 1.0 using static HTML
LDAP Injection
)(&) after username then any password
SOAP Injection
Inject malicious queries
Buffer Overflow
Also known as Smashing the stack is an attempt to write more data into an application prebuilt buffer to overwrite adjacent memory, execute code or crash a system
CSRF
Cross Site Request Forgery - Get user to execute unwanted actions on a web application on which they are currently authenticated
HTTP Response Splitting
Adding header response data to an input field so the server splits the response in a couple directions - second header can be controlled and used for malicious reasons
802.11i
WLAN
802.16
Global development of broadband wireless metropolitan area network
modulation
the practice of manipulating properties of a waveform
OFDM Wavelength
Orthogonal Frequency-Division Multiplexing - Works with several waveforms, simultaneously carrying messages back and forth
DSS
Direct-sequence spread spectrum - combing all wavelengths into a single purpose
Ad hoc mode
Wireless systems connect directly to other systems as if a cable were strung between the two
Infrastructure mode
Uses an access point (AP) to funnel all wireless connections through
BSS (Basic Service Area)
Single AP and its client is known as a basic service sent
ESS
As client move from one AP in your subnet to another - dissociated with one AP and (re)associate with another seamlessly
Omnidirectional Antenna
360 degrees from sourse
Directional Antenna
Focusses in a specific direction
Dipole
Two signal towers and work omnidirectional
SSID
Service set identifier - text word (32 characters or less) that distinguishes wireless networks (part of the header in every packet)
WEP
Wireless equivalent privacy - 40 bits to 232-bit keys in RC4 encryption algorithm - reuses initialisation vectors
WPA
Wifi Protected Access (WPA or WPA2) - Uses TKIP 128 - bit key - changes key every 10000 packets
WPA2
Can tie Extensible Authentication Protocol (EAP) - Uses AES for encryption
Untethered
Kernel will remain patched
Semi-tethered
Reboot no longer trains the patched kernel but the software has already been added to the device, there for if admin privileges are required the installed jail breaking tool can be used)
tethered
Reboot removes all jailbreaking patched and the phone may be stuck in a perpetual loop on start up, requiring a system connection, such as a usb to repair)
