CH03 駭客手法研究－基礎篇

CH03 *

HackerCrackerHacker*

* (Black Hats)Cracker (White Hats) (Security Analysts) (Reformed Crackers)

*

(Cont.) (Ethical Hacker) (Gray Hats) (Suicide Hackers)

*

(Cont.) (Reconnaissance) (Passive Reconnaissance) (Active Reconnaissance)IP (Scan)*

(Cont.) (Dialers)Port Network (Gaining Access) (Operating System Level) (Application Level) (Network Level)

*

(Cont.) (Maintaining Access) (Uploading) (Altering) (Downloading) *

(Cont.) (Clearing Tracks)(Steganography)(Tunneling) Log *

Footprinting (Pre-Attack Phase) (Scanning) (Enumeration)*

(Cont.) 90% 10% *

7 *

7 Port Port

7 (Cont.) URL : URL : (Telephone /Mail) : IP *

7 (Cont.) IP () Port Port *

7 (Cont.) Port Port Port HTTP Port 8080 *

URL Whois WHOIS http://www.whois365.com/twwho.ishttp://www.who.isSam SpadeWhois http://samspade.org http://majorgeeks.com/Sam_Spade_d594.html*

URL (Cont.)ARINhttp://www.arin.net whois ( IP) SpiderFoot GoogleNetcraftWhois DNS http://www.binarypool.com/spiderfoot/*

URL (Cont.)nslookup DNS DNS IP *

traceroute ICMP 3D Traceroute 3D http://www.d3tr.de/VisualRoute Litehttp://www.visualroute.com/lite.html*

HTTrack WebSite Copierhttp://www.httrack.com/ ()*

Google Earth Google Earthhttp://earth.google.com/YouGetSignal.comhttp://www.yougetsignal.com/ Network Location Tool IPGoogle Maps*

URL whois DNS IP (Mirror) ()*

(Cont.) Google *

Scanning IP IP*

(Network Scanning) IPPort (Port Scanning) Port Well-Known Port Port*

(Cont.) (Vulnerability Scanning) ()

*

Port ()

*

ICMPICMP ICMP Ping-Sweep ICMP Port

*

(Cont.)Ping ping -t [IP or Domain Name] (IP) Angry IP Scannerhttp://www.angryip.org/w/HomeWindows IP IP Port NETBIOS *

PortTCP () TCP (Flag) Flag Flag 1 bit Flag Port *

Port (Cont.) TCP FlagSynchronize (SYN)Acknowledgement (ACK)PUSH (PSH)Urgent (URG)Finish (FIN)Reset (RST) TCP Port (Listen) HTTP Server Port 80 *

Port (Cont.) Port Port Open Port Close*

Port (Cont.) Port Open SYN/ACK Port Close RST SYN StealthXmas ScanFIN ScanNULL ScanIDLE ScanTCP Connect RPC Scan

*

SYN StealthHalf Open Scan () TCP

*

Xmas Scan RFC 793 Windows RFC 793 Port FINX-masNull Scan RST Port*

Xmas Scan (Cont.)*

FIN Scan Xmas Scan *

Null Scan Xmas Scan

*

IDLE Scan Port Scanning IP IDS (Intrusion Detection System) (Zombie Computer) (Zombie) *

IDLE Scan (Cont.) IP IPID SYN/ACK RST (SYN) IPID SYN/ACK IPID 1

*

IDLE Scan (Cont.)IDLE Scan A Z SYN/ACK RST IPID 31337*

IDLE Scan (Cont.) SYN IP Z IP Z Port SYN/ACK Z Z SYN/ACK IPID 1 31338 IPID RST Port RST Z*

IDLE Scan (Cont.) A SYN/ACK Z Port Z 31338 1 31339 A 31338 Port 1*

TCP ConnectFull Open Scan TCP connect()*

RPC Scan Port Scan TCP/UDP Port SunRPC Null RPC Port*

Port Scan NMAP UNIX (Linux) Windows ( Zenmap GUI)http://nmap.org/*

Port Scan (Cont.)*

-sTTCP Connect-sAACK Scan-sSSYN Scan-sWWindow Scan-sFFin Scan-sRRPC Scan-sXXmas Scan-sLList/DNS Scan-sNNull Scan-PTTCP Ping-sUUDP Scan-PSSYN Ping-sIIdle Scan-PIICMP Ping-sOProtocol Scan

Port Scan (Cont.)SuperScan Ping IP IP Porthttp://www.snapfiles.com/get/superscan.html*

Port Port Port Port http://www.xuanya.com.tw/cubekm/images/port1.htm*

(Fingerprinting)telnet xxx.xxx.xxx.xxx 110 telnet xxx.xxx.xxx.xxx 25

*

(Cont.) TCP TCP (Sniffing) *

Netcraft Websitehttp://news.netcraft.com/*

(Banner) Apache Server 2.x httpd.confHeader set ServerBanner IIS Server IIS Lockdown Tool ServerMask*

Nessus Bug Windows Linux Plug-in NASL Client-Server

*

(Cont.)http://www.nessus.org/nessus/ Windows Nessus Server Client*

Friendly Pingerhttp://www.kilievich.com 30 Ping *

(Proxy Server) Firewall () IP

*

(Cont.)*

SocksChainhttp://www.ufasoft.com/socks/ SOCKS HTTP IPHTTPorthttp://download.cnet.com/HTTPort/3000-2155_4-10037133.htmlHTTPort (Client) HTTHost (Server) TCP HTTP (Tunnel)

*

HTTP Port HTTP (Port 80) HTTPS (Port 443) FTP HTTP HTTP HTTP Tunnel *

IDS IPS Port Port *

(Cont.)*

Enumeration Intranet *

SNMP E-mail (Brute Force)*

NetBIOS Null Sessions CIFS/SMB (Common Internet File System/ Server Messaging Block) NetBIOS Null Session Windows (200/XP) Null User Name Password

*

NetBIOS Null Sessions (Cont.) Null Users Groups UIDs SIDs (Security Identifiers) NetBIOS

*

NetBIOS Null Sessions (Cont.)Windows 2000/XP TCP Port 139 (/u:) Null Password () IP 192.34.34.2C:\> net use \\192.34.34.2\IPC$ /u:

*

SuperScan4 Windows EnumerationEnumeration Type NULL Session IPEnumerate*

(Cont.)GetAccthttp://www.securityfriday.com/tools/GetAcct.html Windows 2000/XP/2003 IP NetBIOS Remote Computer 1000 End of IDGet AccountRID 2000 1000

*

Null Session Null Session TCP Port 139 TCP Port 445 Port Windows WINS Client TCP/IP SMB (Registry) (Anonymous User)regedt32 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\restrictanonymousData Type: DWORDValue: 2*

SNMP SNMP (Simple Network Management Protocol)(Requests) (Agent) Agent Agent Traps Agent Agent *

SNMP (Cont.)MIB (Management Information Base) SNMP SNMP Agent SNMPMIB-II MIB MIB Community String public

*

SNMP Getifhttp://www.wtcs.org/snmp4tpc/getif.htm SNMP Agent SNScan http://www.foundstone.com/us/resources/proddesc/snscan.htmWindows-based SNMP Scanner SNMP SNMP Ports Public Community Names*

SNMP (Cont.)Winfingerprinthttp://sourceforge.net/projects/winfingerprint/*

SNMP SNMP Agent SNMP SNMP Public Community Group Policy Security Additional Restrictions for Anonymous Connections SNMP SNMP v3*

Null Session Super Scan4 Windows Enumeration GetAcct Users Accounts GetifSNScan SNMP Port http://www.defaultpassword.com/ *

Sniffing (Sniffer) (Sniffer) *

(Cont.)*

Telnet RloginHTTPPOPFTPIMAP (Clear Text) *

OSI (Frame) OSI (Packet) ( Linux ) ( Windows )

*

(Passive Sniffing) Hub

*

(Cont.) (Active Sniffing) (Bogus) MAC ARP Spoofing MAC Flooding

*

**

CH03 駭客手法研究－基礎篇

Documents

Transcript of CH03 駭客手法研究－基礎篇