Scribd
Upload
81 views

Hackers and Hacking: 2.a Reconnaissance

The document discusses hacking and tools that hackers use. It describes how hackers first perform reconnaissance on target networks to identify vulnerable systems. Popular tools mentioned for reconnaissance include whois, nslookup, and nmap. Next, hackers try to enumerate users and resources using techniques specific to the operating system, such as exploiting null sessions in Windows 2000 or using finger in UNIX. Finally, the document outlines some prevention and countermeasures organizations can take, such as using firewalls, proxy servers, and keeping software updated.

Uploaded by

معاذ الصديق
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
81 views

Hackers and Hacking: 2.a Reconnaissance

The document discusses hacking and tools that hackers use. It describes how hackers first perform reconnaissance on target networks to identify vulnerable systems. Popular tools mentioned for reconnaissance include whois, nslookup, and nmap. Next, hackers try to enumerate users and resources using techniques specific to the operating system, such as exploiting null sessions in Windows 2000 or using finger in UNIX. Finally, the document outlines some prevention and countermeasures organizations can take, such as using firewalls, proxy servers, and keeping software updated.

Uploaded by

معاذ الصديق
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SE 4C03 Simon Tai 9812650

HACKERS AND HACKING 1. Introduction


Hacking can be easily associated with invasion of privacy. Because hacking allows the hackers to gain information that was previously not authorized to them, the action of hacking can instantaneously grant more power to the hackers. After all, information equals power in the computing world. We human can be easily drawn by such temptation, and so are most hackers. In an original context, hacking is regarded as dedication or passion towards certain interests or habits. Hence, a hacker is referred as an individual who is passionate in what he or she does. Since the information revolution, the word hacking became a buzzword and is generally recognized as illegal or destructive use of computer systems due to misinformation by the media. To distinguish the true hackers from the destructive computer users, they are sometimes referred as crackers. The terms are mere technicalities, thus for the rest of paper, the term hackers will be referring to destructive computer users.

2. Tools of the Trade


Much alike the unauthorized entry in real life, hacking allows hackers to gain access to others private information. The range of actions that a hacker can take may range from mere learning to complete deletion or alteration of the information. The following section will only provide a brief overview of some of the popular tools and methods of hacking. Enumerating them will be outside of the scope of this report. 2.a Reconnaissance The first step of hacking is to interrogate the targeted network and to discover the number and types of machines connected to the network. whois is a free UNIX program used to search network of machines. It looks up information through a public registry server called InterNIC. From the network interrogation, a hacker can quickly determine the server IP addresses for further interrogation. Once the targeted server IP address is acquired, one can use nslookup to perform a zone transfer. A zone transfer will allow a hacker to obtain a complete list of computers or networks connected to the targeted server. To further investigate the hosts of a sub-network, nmap can be used to search a range of IP addresses within the sub-network. nmap does this by sending ping commands to each IP address in the specified range. Finally, when the targeted host is located, one can use strobe, netcat, or nmap to accurately determine what types of services are running on the targeted host.

SE 4C03 Simon Tai 9812650

After a plausible target system is successfully identified without tripping any security measures, the next step is to enumerate valid users or resources of the targeted host. The techniques of enumerations are specific to operating systems. Windows 2000 and Novell system both share the same vulnerability of null session. A hacker can easily create a null session remotely, and practically gain completely control of the entire system. On UNIX system, one can easily count on the classic tool, finger. finger can give almost all the information regarding users on a system. 2.b Windows 2000 Denial of service attacks are often accomplished by causing buffer overflows on the target systems. In comparison to Windows 2000s predecessor, Windows NT4, Windows 2000 is much more robust in handling buffer overflows, but no defense is perfect. One method of causing buffer overflows on Windows 2000 is to send massive IP or SYN fragment packets to the target system such that the amount of the packets overwhelms the target systems ability to reassemble the packets. Once a hacker successfully caused buffer overflows on a system, the system is practically vulnerable to all types of attacks. Once an attacker has gained a valid user account on a Windows 2000 system, one can take the advantage of privilege escalation, a system inherited problem in most operating systems today, to obtain the password hash of the administrator account. For instance, an attacker is able to execute a program as SYSTEM on the target system to trick the system to dump the password hash of the administrator. The attacker then is able to crack the password elsewhere. Some famous tools to obtain password hashes on Windows 2000 systems include pwdump2 and chntpw. 2.c UNIX As mentioned earlier, a buffer overflow can result in denial of service. In the case of UNIX systems, the consequence can be much more severe. For example, a hacker can simply send a large string to a known buffer, such as one in the sendmail, with /bin/sh embedded in the string. Because sendmail is running as root on the UNIX system, when the buffer overflows occur, sendmail will blindly process the large string as a system command and thus giving the attacker a shell access with root privileges. Besides the typical buffer overflowing attacks, one can also exploit programs that deal with input validations, such as web servers. The most infamous one is the PHF vulnerability. This attack is rather dated, but it perfectly demonstrates how input validation attacks functions. PHF is a CGI script that came standard with early

SE 4C03 Simon Tai 9812650

versions of Apache server. The program did not properly parse the input strings, and consequently, it accepted system commands and allowed it to be executed on the server via the web server service which is typically run with root privilege. Though PHF is no longer insecure, other CGI scripts still inherit the same problem today due to bad programming practice or improper installations of the web servers.

3. Prevention and Counter Measures


Understanding the methods of hacking is the first step to prevent hacking. As discussed in the previous section, hackings are very specific. Instead of preventing specific types of attacks, it is more effective to have general provision for preventing attacks. Most firewall programs or routers are proven highly secure these days. They are part of the necessities in almost every network as most operating systems do not provide sufficient network security. Proxy servers should be used whenever possible as it provides good barriers to the inside network. Information regarding the details and structures of the sub-networks should not be publicly accessible. Operating systems can be as secure as possible, such as SE Linux, but with current design model of software, most operating systems allow privilege escalations. Consequently, badly designed software can leave security holes for exploitation. Since most software have alternative choices, one should always use the most recognized ones, and keep up with the updates whenever possible to minimize the security holes.

4. Conclusion
Though there are literally thousands of ways and tools to cracking any known systems, it is unlikely that one is able to learn all of them. This report is only introductory in respect. From the software development point of view, there is no 100% secure design without compromising the usability of the software. The software designs and implementations will continue to evolve, but so will the methods and tools of hacking. To a certain degree, hacking can be considered proper and ethical only if the intensions are to learn and to discover security weaknesses. To err is human. After all, software is written by humans, thus mistakes are inevitable. On the other hand, hackings are inevitable due to humans greed for power and control. The battle between the good and evil will continue. Learn from the past mistakes and never repeat them.

SE 4C03 Simon Tai 9812650

References
1. Joel Scambray, Stuart McClure, George Kurtz, Hacking Exposed Second Edition, McGraw-Hill 2001 2. Pekka Himanen, The Hacker Ethic, Random House 2001 3. Jermey Quittner, Hacker Psych 101, http://tlc.discovery.com/convergence/hackers/articles/psych.html 4. J. A. N. Lee, Hacking, http://courses.cs.vt.edu/~cs3604/lib/Hacking/MacMillan.Hacking.html, Jan. 23 1991

You might also like