Computer Security
Fundamentals
by Chuck Easttom
Chapter 6 Techniques Used by Hackers
Chapter 6 Objectives



Understand the basic methodology used by
hackers
Be familiar with some of the basic tools
Understand the hacking mentality
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
2
Introduction

Basic Terminology

Reconnaissance

Passive Scanning
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
3
Netcraft.com
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
4
Archive.org
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
5
Port Scanning

NMap
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
6
NMAP Flags














-O detects operating system
-sP is a ping scan
-sT TCP connect scan
-sS SYN scan
-sF FIN scan
-sX XMAS Tree scan
-sN NULL scan
-sU UDP scan
-sO Protocol scan
-sA ACK Scan
-sW Windows scan
-sR RPC scan
-sL List/DNS scan
-sI Idle scan
© 2012 Pearson, Inc.

-Po Don’t ping

-PT TCP ping

-PS SYN ping

-PI ICMP ping

-PB TCP and ICMP ping

-PM ICMP netmask

-oN Normal output

-oX XML output

-oG Greppable output

-oA all output

-T timing

-T0 paranoid

-T 1 Sneaking

-T 2 Polite

-T 3 Normal

-T 4 Aggressive

-T 5 Insane
Chapter 6 Techniques Used by Hackers
7
Ping Scan

The ping scan sends a single ICMP echo
request from the source to the destination
device. A response from an active device
returns an ICMP echo reply, unless the IP
address is not available on the network or the
ICMP protocol is filtered.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
8
Connect Scan

Fully connect to the target ip address and
port. Does a complete TCP handshake. This
is the most reliable but will absolutely be
detected.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
9
Syn Scan

Sends syn (synchronize) requests to the
target to gather information about open ports
without completing the TCP handshake
process. When an open port is identified, the
TCP handshake is reset before it can be
completed. This technique is sometimes
called to as "half open" scanning.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
10
Fin Scan



Sends a FIN (or finish) packet to target.
If that port is not listening, no response.
If it is listening an error response is received.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
11
Enumeration







Sid2User
Cheops (Linux only)
UserInfo
UserDump
DumpSec
Netcat
NBTDump
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
12
Cain and Abel
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
13
SQL Injection




One of the most common attacks
Depends on knowledge of SQL
Basics are easy
Versatile and can do a lot more than many
realize
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
14
What Is SQL?




A relational database contains one or more tables
identified each by a name.
Tables contain records (rows) with data.
For example, the following table is called "users" and
contains data distributed in rows and columns:
SQL (Structured Query Language) uses commands like
such as SELECT, UPDATE, DELETE, INSERT,
WHERE, and others. Example:
SELECT * FROM tblUsers WHERE USERNAME =
‘admin’
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
15
More on SQL
Web sites are written in some programming language such as PHP, ASP,
JSP, ASP.net. Those programming languages have their own syntax (NOT
SQL). So programmers put the SQL into their code in strings. So lets say
you type your username into a text field called txtUsername and your
password into a text field called txtPassword. The code in their program has
to put SQL statements into a string and append whatever you entered in
those two text fields. It will look something like this:

string sSQLstatement;

sSQLstatement = “SELECT * FROM tblUSERS WHERE UserName = ‘ “
+ txtUsername.Text +’” + “ AND Password = ‘” + txtPassword.Text +”’”;
so the string will contain
‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password =
‘password’’;
However whatever you type in, gets put into the text field.

© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
16
SQL Script Injection

Single quote added to password:

Add the following to the username box and the password:









' or ‘1' =‘1
OR
' or 'a' ='a
Also try password’ or (1=1)
Or people try
anything' OR 'x'='x
or people try
password:’1=1- Try using double quote (") if single quote (') is not working
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
17
What Does This Cause?
Well you would have had
‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND
Password = ‘password’’;
Instead you have
‘SELECT * FROM tblUSERS WHERE UserName =‘' or ‘1' =‘1
’ AND Password = ‘' or ‘1' =‘1
’’;
So now it says to get all entries from table = tblUsers if the username is
‘’ (blank) OR IF 1 =1. And if password = ‘’ (blank) OR IF 1=1!

© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
18
Cross Site Scripting
An attacker injects client-side script into web pages
viewed by other users. The term cross-site scripting
originally referred to the act of loading the attacked,
third-party web application from an unrelated attack site,
in a manner that executes a fragment of JavaScript
prepared by the attacker in the security context of the
targeted domain
Essentially you enter scripts into an area that other users
interact with. So that when they go to that part of the site,
you have your own script run, rather than the intended
Web site functionality. This can include redirecting them.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
19
OphCrack- How It Works




Download OphCrack and burn the image to a
CD.
Put the CD in the target computer and boot
through CD.
It boots as Linux, grabs the Windows password
file, and then uses cracking tools to crack that
file and produces a text file with username and
passwords.
You cannot even consider yourself a hacker
without this tool in your toolkit.
© 2012 Pearson, Inc.
Chapter 6 Techniques Used by Hackers
20