Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold - - PowerPoint PPT Presentation

Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany

Attack Frameworks and Tools

Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet Technologies and Mobile Communication WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München

Titel

2

Overview

 Introduction  Overview of Tools  Password Crackers  Network Poisoners  Network Security Tools  Denial of Service Tools  Concluding remarks

Attack Frameworks and Tools

Titel

3

Introduction

 Network Security – perhaps the most important aspect of communications in todays world  How easy it is to attack a target system or network today?

• Tools automate most of the work
• From fingerprinting your target to attacking
• Knowledge requirements decrease day by day

Attack Frameworks and Tools

Titel

4

Introduction

 The CIA Triangle Confidentiality Availability Integrity

Attack Frameworks and Tools

Titel

5

Overview of the Tools

 Password Crackers

Cain and Abel

• Free
• Windows

Only GUI

John the Ripper

• Free
• Various

Platforms

Hashcat

• Free
• Linux,

OSX and Windows

Attack Frameworks and Tools

Titel

6

Overview of the Tools

 Network Poisoners

ZARP

• Free
• Python

Script

Ettercap

• Free
• Various

Platforms

Attack Frameworks and Tools

Titel

7

Overview of the Tools

 Network Security Tools

Nmap

• Free
• Various

Platforms

Metasploit

• Free

(Signup Required)

• Windows

and Linux

Sqlmap

• Free
• Python

Script

Attack Frameworks and Tools

Titel

8

Overview of the Tools

 Denial of Service Tools

LOIC

• Free
• Windows

Only GUI

HULK

• Free
• Python

Script

Attack Frameworks and Tools

Titel

9

Password Crackers

 Attack: Confidentiality  Crack passwords or keys  Crack various kind of hashes  Initially used to crack local system passwords like for Windows and Linux  Have extended to include numerous kinds of hashes  New versions are faster and use different kind of cracking methods

• GPU based password cracking also possible and is faster than CPU based

 Primarily: Brute forcing or Dictionary based attacks

Attack Frameworks and Tools

Titel

10

Password Crackers

 Cain and Abel

• Windows based
• Widely used to crack Windows Passwords (LM Hashes and NTLM Hashes)
• Has built-in sniffer
• Can sniff web session passwords
• Can analyse SSH-1 or HTTPS traffic
• Needs:
• Rainbow tables for effective hash cracking
• Size of table – impediment!

– However, this is an issue with all password crackers and related to password lengths and reverse hash lookups

Attack Frameworks and Tools

Titel

11

Password Crackers

 John the Ripper

• Like Cain and Abel - Dictionary based and Brute force methods available
• Comes with various character sets
• Can crack numerous kinds of hashes
• Brute force can for obvious reasons take a huge amount of time
• Dictionaries could go up to petabytes
• Cracking time could be in excess of decades for even a 8 character password
• Normal machines: Impossible

– Solution: Good dictionaries?

Attack Frameworks and Tools

Titel

12

Password Crackers

 Hashcat

• Like the previous tools – However claims to be “fastest password

cracker” with proprietary cracking algorithms

• Vs. Cain and Abel & John the Ripper - Offers various kinds of attacks
• 8 kinds of attacks
• Example: Combinator attack – combine each word in dictionary to every
• ther word in it
• Example: Hybrid attack – Half of password from dictionary and rest from

brute force

• HENCE, INCREASES EFFECTIVENESS OF A DICTIONARY
• A GPU Based cracker – “oclHashcat” available - faster

Attack Frameworks and Tools

Titel

13

Network Poisoners

 Attack: Integrity of the Network

• Can lead to loss of

confidentiality and availability too  Prime goal : ARP Poisoning

• Pose as another machine
• n the Network

Attack Frameworks and Tools

Titel

14

Network Poisoners

 Once done:

• Pose as DNS Server
• Pose as DHCP Server
• Pose as the default gateway
• Perform Data Sniffing
• Man in the Middle Attacks (MITM)
• and a lot more…

 Even HTTPS traffic is not safe (tool called SSLStrip) – yet another tool that can be used without much insights.

Attack Frameworks and Tools

Titel

15

Network Poisoners

 ZARP

• Suite of Poisoners
• Includes Sniffers
• Plans to be a central network poisoning/administration tool
• Can manage active sessions of poisoning/sniffing
• Still being developed

Attack Frameworks and Tools

Titel

16

Network Poisoners

 Ettercap

• GUI available too!
• Plugins offer support for

further complex attacks like:

• DNS Poisoning
• DHCP Poisoning

Attack Frameworks and Tools

Titel

17

Network Security Tools

 Covers wide array of tools  Most were created for vulnerability testing and easing the job of network administrators  Today are used to test how secure a system is  But are also infamous for their misuse by hackers

Attack Frameworks and Tools

Titel

18

Network Security Tools

 Nmap

• Network Scanner
• A powerful tool to scan networks
• Used for (not exclusive list):
• OS fingerprinting
• Host Discovery
• Port Scanning

Attack Frameworks and Tools

Titel

19

Network Security Tools

 Metasploit Framework

• A database of exploits
• Provides information about security vulnerabilities
• Goal: Aid in penetration testing and IDS signature development
• In the wrong hands:
• Can be used to exploit those same vulnerabilities with relative ease
• Exploits for almost every kind of system – from Mac OSX to Windows to Linux to

Android phones

• Has a GUI available too – Armitage

Attack Frameworks and Tools

Titel

20

Network Security Tools

 Metasploit Framework

• How easy it is?
• Select an exploit from the database
• Select a payload
• Decide upon an obfuscation or encoding scheme
• ANY EXPLOIT CAN BE ATTACHED WITH ANY PAYLOAD
• Types of exploits:
• Passive – wait for targets to connect in and then try to exploit their systems
• Active – target system attacked directly
• “Autopwn” feature – tries to automatically exploit and inject itself into target system
• Makes life easy for an attacker!

Attack Frameworks and Tools

Titel

21

Network Security Tools

 Metasploit Framework

• Problems?
• Exploits caught by anti-virus software (primarily of E-Mail providers) if not local systems anti-virus

– SPREADING THE PAYLOAD BECOMES DIFFICULT!

• Many exploits released after the vulnerabilities have been patched in software updates

Attack Frameworks and Tools

Titel

22

Network Security Tools

 SQLMap

• SQL Injection Vulnerabilities
• Script checks possible SQL

injection inputs on the Web application

• Vulnerability scanning

 Many such scanners exist like,

• JoomScan – Joomla CMS Scanner
• WPScan – Wordpress Scanner

Control Channel Data Channel

Where the vulnerability exists

Attack Frameworks and Tools

Titel

23

Denial Of Service Tools

 Attacks : Availability

Bandwidth Bandwidth

Server Server

Attack Frameworks and Tools

Titel

24

Denial Of Service Tools

 Attacks : Availability

• Other scenarios exist too
• Example: IPv6 DOS Attack
• Effects on Organziations:
• Loss of revenues in recent years
• Loss of user trust on organisations
• Recently: Christmas Day 2014 DOS Attacks on Playstation Networks and

XBOX Live

Attack Frameworks and Tools

Titel

25

Denial Of Service Tools

 LOIC – “Low Orbit Ion Cannon”

• “Hivemind” feature – Distributed Denial Of Service
• Favourite of “Hacktivists”
• Minimal knowledge of networks required
• Flood Multiple requests to the Server

Attack Frameworks and Tools

Titel

26

Attack Frameworks and Tools

Titel

27

Denial Of Service Tools

 HULK – “HTTP Unbearable Load King”

• Generate unique requests every single time
• Additional random page names added
• Random Query Strings appended
• Source Client information changed

Attack Frameworks and Tools

Titel

28

Conclusions

 Is it that easy to hack?

• Probably not
• Password crackers – Require massive computing power
• Metasploit Payloads

– Detected by anti-virus software – Patches before vulnerabilities published (usually)

• Nmap Fingerprinting – Can be blocked by active monitoring
• SQL Injection becoming less common as developers become more aware
• Denial of Service – still can occur

– Difficult to mitigate – Used extensively by “hactivist” groups

• Unpatched systems and old websites may still be vulnerable

Attack Frameworks and Tools

Titel

29

Conclusions

 However new tools are always available

• Example: Dendroid – Android Hijack Tool
• Available/Leaked on the Deep Web with ease
• Simple web based interface
• Patch might still take time to come – Google not patching older Android OSs
• More users becoming aware of .onion, .i2p, etc domains

– Once again: Ease of use and easy availability leads to anyone using the tools

 Black hat community will always have new tools  Normal users do not need massive know-how to carry out attacks

• Success however can be limited

Attack Frameworks and Tools

Titel

30

Thank you!

Your questions and comments are welcomed…

Attack Frameworks and Tools