Hacking Methodology

Loading...

En provenance du cours de University of Colorado System

Hacking and Patching

44 notes

University of Colorado System

Hacking and Patching

44 notes

Cours 3 sur 4 dans Specialization Fundamentals of Computer Network Security

In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.

À partir de la leçon

Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.

Hacking Methodology9:56

Rencontrer les enseignants

Edward Chow
Professor
Computer Science

In this lesson, we present the hacking methodology for systematically,

exploit the vulnerability on the target systems,

and understanding the hackers mentality.

Here we show the hacking methodology presented in the back cover of hacking

expose textbooks by Mcclure et al.

In the middle we see the steps,

in the right we see the example of the tool and command they use.

Hacker will start by surveying and gathering information about

the organization they intend to penetrate and hack into.

This step is called footprinting.

The right column here show the command we

use to obtain those related information in the internet about the organizations.

We have whois you can type in most of the nicknacks system and it will return

those critical organization information about

administrator and the technical contact information,

how many server, name server,

are serving that particular domain.

And we also see the netscraft as one of the command.

Actually one of the website that provide a query,

allow you to type in a domain name,

and it track all of the Web servers they've used for that organization,

over the years; including the operating system and the version.

And we were able to find that information very valuable.

Next steps, the second step is scanning.

Here we use and Nmap command or one of the famous tool called nexus.

It allows us to find out what other machines within that domain or subnet range,

network adjust range, how many machine are active,

how many server are active and what are

the ports which represent the specific service that are open.

The Nexus too can even instructed

it to gather and analyze the operating system and package

and identify the vulnerability listed and even tried to launching the malicious attack.

Next, step three is enumerations.

It is a process of gathering the information about the target machine

by actually actively connect to it.

And here the hacker try to identify user, system,

admin kind of accounts and try to find out what the active directory,

shared directory that may be open.

And if there's a web server they will try find out what are the web page that is

available for potential injection attacks.

Step four, wiretap.

We can wiretap the network or using

the legitimate account to analyze the network traffics and

explore the web page to see if they have command or unsecure injection vulnerability.

This is so called low hanging fruit and

has demonstrated in the last few lesson we have done.

Step five called escalating privilege.

With the privilege we established in number four,

we then- a hacker will then perform treasure hunting.

We do that by exporting variable directory within the attackers system.

For example, the passport file, the script,

server site script file,

which may have embedded with some credential information,

maybe some configuration file.

And try to gather

additional credential passport information and we

search directory and see whether they can read or write or even execute.

And see whether we can even modify the access right

or its security token if they are using secure index more for protection.

In case the passport file is readable and

the passport maybe encrypted we can read it out and offline.

We use password cracking tool such as,

johntheripper showing here to break into the additional account.

Step six, by gathering the information on

identify the Mackays to allow access to the trops system.

This including examining the configurations of various network services.

And often they include commands and showing how they are configured.

All they actually contains the credential credit card,

passport information such as,

server connection information or very typical for intrusion detection system.

They might including database account for access and

deposit detecting malicious information.

Step seven, covering the track.

System may including logs or intrusion detection system that monitor and

knew your access or modification of critical, file and directory.

Such law breakers, the hacker may attempt to modify,

to hide their track if that is possible.

Note that from previous lesson some operating system

will prevent this from happening by only allow a pen right to the lock.

Step eight, create a

backdoor to allow re-entry sometime in the future.

The hacker may create scripts to be excecute by the Cron job,

or At job, in a regular interval.

And when they are execute it will examine

the remote executable they have deposit and see whether they still exists.

If they are wiped out by

the anti-virus quarantine these At job and Cron job will put it back.

And therefore, that's a reason why,

from time to time we see the quarantined virus reappear.

And these also show why a back door attack is very important.

A Trojan kind of attack is very important to detect.

Make sure we search.

Once we got attack,

make sure we search the start up folder,

registry entry and those At/Cron type and

the configuration file to see we have those dangerous Script there.

And sometimes they will hide those file,

those script with the DOT prefix widget.

That's called hidden directory or hidden file.

Step nine,denial of service. Maybe after the weakened machine has

been explored with all the treasure and no longer useful.

Sometime we launching the denial of service attack to shut down the system.

And that can also happen when we can't actually, we cannot penetrate.

And then we use this kind of proof for denial of service attack.

And this can be done from outside or from inside by modifying

the configuration of network routing table

and confusing the system interior and resulting in incorrect routing or database access.

And in this case it's very important for the vendor to backup the file and images.

But at the same time the hacker will try to,

if they can get access to this backup up file and images,

restore image, they will try to modify and resulting in failed disaster recovery process.

So pick up in multiple places that's important steps.

We will illustrate some example of these steps in the next few lesson.

Explorer notre catalogue

Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.

Coursera propose un accès universel à la meilleure formation au monde, en partenariat avec des universités et des organisations du plus haut niveau, pour proposer des cours en ligne.

© 2019 Coursera Inc. Tous droits réservés.

Télécharger dans l'App Store

Disponible sur Google Play