MOD 6 - System Hacking Flashcards
Password Salting
Adding some random characters to a password before hashing. This makes the PW a little longer and more random, which makes cracking attempts harder
- Password cracking programs
John the Ripper, L0phtcrack, THC-Hydra, Cain, Hashcat, etc.
- Pass-The-Hash
If an attacker gets your password hash, they really don’t even need to crack it to impersonate you. They could just do a Pass-The-Hash attack to transmit your hash for logon. The only way to prevent this is to not let an attacker get your hashes!
- Internal Monologue Attack
Attacks the (older) NetNTLMv1 protocol to steal password hashes
- CHNTPW
(Change NT PassWord) Linux command-line tool found on an Ubuntu Live CD that lets an attacker edit a Windows SAM file to change user passwords and to activate disabled accounts
Metasploit
Automated exploitation framework containing thousands of exploits for known vulnerabilities.
rhost = victim (receiving host), lhost = attacker (listening host - listening for a command prompt to be sent from victim’s machine)
MSFvenom - multiple labs on this!
Can generate and encode payloads. For example, it can generate shellcode to gain shell access on a victim computer. The -f switch formats the payload. Two common format options are -f c, which creates code that can be pasted into a program, and -f exe >MyShellCode.exe, which creates an executable file to target a Windows machine.
*getsystem
Once you’ve gotten a meterpreter command-prompt with a successful Metasploit attack, the getsystem command will attempt a privilige escalation attack on the target.
Buffer overflows
Understand the basics of what a buffer overflow is and how it could lead to problems.
“ The ““C”” programming languages are very susceptible to buffer overflows because they can manipulate memory blocks (C, C++, etc.).
C# (C-Sharp) is an exception to that rule because it is protected from memory manipulation attacks.”
Privilege Escalation
Acquiring the permissions/rights of another user. Horizontal = another user at your same level. Vertical = gaining higher-level rights.
Rootkits, types of Rootkits
Kernel rootkits get into the core of your OS and often go undetected.
Covering Tracks
Several ways to do this.
DNS tunneling
Method of cyber attack that encodes the data of other programs or protocols inDNSqueries and responses. For example, this could use DNS requests to implement a command and control channel for malware. Inbound DNS traffic can carry commands to the malware, while outbound traffic can exfiltrate sensitive data or provide responses to the malware operator’s requests.
HTTP or ICMP tunneling
Reverse HTTP Shell
Auditing
Part of clearing your tracks on a target system is to turn auditing off, clear the logs, do your malicious deeds, then turn auditing back on just before you disconnect.
