Scribd
Upload
35 views

U A N L Facultad de Ciencias Fisico Matematicas

This document summarizes a class on system hacking techniques. It discusses how to use online exploit databases to find and exploit vulnerabilities. It then explains different types of password cracking methods like dictionary attacks, brute force attacks, rainbow tables, Markov chains, and phishing. It also outlines the privilege escalation process and how attackers may pivot from one compromised system to others. Finally, it discusses some methods for covering tracks, such as wiping logs, hiding files, and manipulating timestamps.

Uploaded by

AzBlexx
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
35 views

U A N L Facultad de Ciencias Fisico Matematicas

This document summarizes a class on system hacking techniques. It discusses how to use online exploit databases to find and exploit vulnerabilities. It then explains different types of password cracking methods like dictionary attacks, brute force attacks, rainbow tables, Markov chains, and phishing. It also outlines the privilege escalation process and how attackers may pivot from one compromised system to others. Finally, it discusses some methods for covering tracks, such as wiping logs, hiding files, and manipulating timestamps.

Uploaded by

AzBlexx
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

UNIVERSIDAD AUTÓNOMA DE NUEVO LEÓN

FACULTAD DE CIENCIAS FISICO MATEMATICAS

Practicas Avanzadas de Seguridad en Informatica


Week 7 - System Hacking

Maestro: Eleazar Fuentes Oaxaca


INTEGRANTE

Gilberto Alejandro Contreras Silva – 1683471


GRUPO: 006 AULA: 103

FECHA: Monterrey, N.L., 25 de septiembre de 2019


Content
How online available exploit databases may be used to find and exploit. ...................................... 3
Types of password cracking ............................................................................................................. 4
1. Dictionary Attack ................................................................................................................... 4
2. Brute Force Attack................................................................................................................. 4
3. Rainbow attacks .................................................................................................................... 4
4. Markov Chains Attacks .......................................................................................................... 4
5. Phishing ................................................................................................................................. 5
Privilege escalation process and pivoting ........................................................................................ 5
Covering tracks methods.................................................................................................................. 6
How online available exploit databases may be used to find and exploit.
The exploitation has two main reasons. The most important for me is to demonstrate that
vulnerabilities are legitime and existing on the system. The second reason is that exploiting a
vulnerability and compromising a system can lead us further into the organization, potentially
exposing additional vulnerabilities. This can have serious consequences to the company by getting
credentials.
These two reasons convened gives you the main according to the book: “You need to
demonstrate that a vulnerability is exploitable for when you report to your customer/ employer.”
There is a lot of git repositories and kali tools to help on this task, but once you get a list you need
a specific exploit to take advantage of a certain vulnerability in the operating system, service, or
application. There is not any magical tool can hack all the system, this is kind of specific.
EDB includes exploits categorized by platform, type, language, port, etc. to help you find the
exploit that will work in your particular circumstance. Then, if you feel it will work on your target,
you can simply copy and paste it into Kali for your attack.
Types of password cracking
This not just help you to understand how this password cracking techniques work, also it would
help you to ensure than you will protect yourself against this. There are 5 techniques:

1. Dictionary Attack
Dictionary attacks quickly compare a set of known dictionary-type words (including many
common passwords) against a password database. This database is a text file with hundreds if not
thousands of dictionary words typically listed in alphabetical order. Many password-cracking
utilities can use a separate dictionary that you create or download from the Internet.
For instance, suppose that you have a dictionary file that you downloaded from one of the sites
in the following list. The English dictionary file at the Purdue site contains one word per line
starting with 10th, 1st . . . all the way to zygote.

2. Brute Force Attack


This particular attack is not recommended according to the subject specification task. However,
is in top 2 most common password cracking techniques, so here we are:
Brute-force attacks can crack practically any password, given enough time. Brute-force attacks try
every combination of numbers, letters, and special characters until the password is discovered,
instead of simply using words, a brute force attack lets them detect non-dictionary words by
working through all possible alpha-numeric combinations from aaa1 to zzz10.

3. Rainbow attacks
Neither recommended by the same reasons as I mentioned before.
A rainbow password attack uses rainbow cracking to crack various password hashes for LM,
NTLM, Cisco PIX, and MD5 much more quickly and with extremely high success rates (near 100
percent). Password-cracking speed is increased in a rainbow attack because the hashes are
precalculated and thus don’t have to be generated individually on the fly as they are with
dictionary and brute-force cracking methods. As I read this takes a lot time to take down a
password.

4. Markov Chains Attacks


To use the Markov Chains technique hackers need to assemble a certain password database, split
each password into 2-grams and 3-grams (2- and 3-character-long syllables), develop a new
alphabet where these different elements act as letters and then match it with the existing
password database. Finally, the hacker sets a threshold of occurrences that will be the basis of
the next step and selects only the letters from the new alphabet that appear at least the minimum
number of times, as chosen by the hacker. Then the method combines these into words of a
maximum eight characters in length and utilizes the dictionary attack once again.
5. Phishing
Probably the most common and innocent way to crack a password: ask the user for his or her
password. A phishing email leads the unsuspecting reader to a faked log in page associated with
whatever service it is the hacker wants to access, requesting the user to put right some terrible
problem with their security. That page then skims their password and the hacker can go use it for
their own purpose.

Privilege escalation process and pivoting


Attackers start by exploiting a privilege escalation vulnerability in a target system or application,
which lets them override the limitations of the current user account. They can then access the
functionality and data of another user (horizontal privilege escalation) or obtain elevated
privileges, typically of a system administrator or other power user (vertical privilege escalation).
Such privilege escalation is generally just one of the steps performed in preparation for the main
attack.
Potentially more dangerous is vertical privilege escalation (also called privilege elevation), where
the attacker starts from a less privileged account and obtains the rights of a more powerful user
– typically the administrator or system user on Microsoft Windows, or root on Unix and Linux
systems. With these elevated privileges, the attacker can wreak all sorts of havoc in your
computer systems and applications: steal access credentials and other sensitive information,
download and execute malware, erase data, or execute arbitrary code. Worse still, skilled
attackers can use elevated privileges to cover their tracks by deleting access logs and other
evidence of their activity. This can potentially leave the victim unaware that an attack took place
at all. That way, cybercriminals can covertly steal information or plant malware directly in
company systems.
Pivoting is basically successful fishing, at this point, the attack will begin to do some additional
fact finding. They will try to find information like what additional users have access to this
machine, what networks can this machine talk to, are there any shares on this system and
perhaps, where the local DNS servers or even domain controllers are. They do all of this because
in most cases the person they've infected isn't actually their goal. It's typically some other system
or other data point in the network. Once they gain enough information from this user, they will
then begin to try and blend in with the normal network traffic and attempt gaining access to these
other systems.
Covering tracks methods
This may include wiping or manipulating logs. This is another place where elevated privileges are
useful. There are a few ways to hide files on the compromised system. This will help with casual
observation, for sure. Really hiding files and processes may require a rootkit. You can also
manipulate time stamps on files, which may be necessary if you are altering any system provided
files.

You might also like