4.Tools-and-Methods-Used-in-Cybercrime-part-1.ppt
KalvikarasiR19
59 views
55 slides
Jun 19, 2024
Slide 1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
About This Presentation
Cybercrime tools and methodologies
Slide Content
4. Tools and Methods Used in
Cybercrime
Cybercrime
Unit4:ToolsandMethodsUsedinCybercrime
•Introduction
•Proxy servers and
anonymizers
•Phishing
•Password cracking
•Keyloggers and spywares
•Virus and Worms
•Trojan horses and
backdoors
•DoSandDDoSattacks
•SQLinjection
•Bufferoverflow
•Attacksonwirelessnetworks
•Phishing(indetail)
•Identitytheft
•Introduction
•Proxy servers and
anonymizers
•Phishing
•Password cracking
•Keyloggers and spywares
•Virus and Worms
•Trojan horses and
backdoors
•DoSandDDoSattacks
•SQLinjection
•Bufferoverflow
•Attacksonwirelessnetworks
•Phishing(indetail)
•Identitytheft
Introduction
•Basicstagesofanattack:
–Initialuncovering
–Networkprobe
–Crossingthelinetowardelectroniccrime
–Capturingthenetworktraffic
–Grabthedata
–Coveringtracks
•Basicstagesofanattack:
–Initialuncovering
–Networkprobe
–Crossingthelinetowardelectroniccrime
–Capturingthenetworktraffic
–Grabthedata
–Coveringtracks
ImportantTerms
•Scareware
•Scareware
ImportantTerms
•Scareware
•Malvertising
•Scareware
•Malvertising
ImportantTerms
•Scareware
•Malvertising
•Clickjacking
•Scareware
•Malvertising
•Clickjacking
ImportantTerms
•Scareware
•Malvertising
•Clickjacking
•Ransomware
•Scareware
•Malvertising
•Clickjacking
•Ransomware
ProxyServersandAnonymizers
•Proxy server is a computer on a network which comes in
between the client (user) and other computers
Internet
•Proxy server is a computer on a network which comes in
between the client (user) and other computers
Internet
ProxyServersandAnonymizers...
ProxyServersandAnonymizers...
•Purposeofproxyserver:
–Hidecompanyserversorsystems
–Caching
–Filterunwantedcontent(ex:advertisements)
–IPaddressmultiplexer
•Purposeofproxyserver:
–Hidecompanyserversorsystems
–Caching
–Filterunwantedcontent(ex:advertisements)
–IPaddressmultiplexer
ProxyServersandAnonymizers...
•Anonymizer is an anonymous proxy which
allows the user to browse Internet
anonymously
•Generally used by crackers to cover their
tracks
•Anonymizer is an anonymous proxy which
allows the user to browse Internet
anonymously
•Generally used by crackers to cover their
tracks
Typesofproxies
•Transparent –Victim will know you are using a
proxy and can trace your real IP
•Anonymous –Victim will know you are using a
proxy, but, cannot trace your real IP
•Elite –Victim doesn’t know if the
communication is from a proxy or not
•Transparent –Victim will know you are using a
proxy and can trace your real IP
•Anonymous –Victim will know you are using a
proxy, but, cannot trace your real IP
•Elite –Victim doesn’t know if the
communication is from a proxy or not
Typesofproxies...
TypeofProxy UsingaProxy TraceRealIP Anonymity
Transparent
Anonymous
Elite
TypeofProxy UsingaProxy TraceRealIP Anonymity
Transparent
Anonymous
Elite
ProxySoftwareExamples
Tor vs.VPN
Source:https://thebestvpn.com/tor-vs-vpn/
PrivacyAnonymity
Source:https://thebestvpn.com/tor-vs-vpn/
PrivacyAnonymity
Demonstration
•Proxychains(built-inintoKaliLinux)
–UsesTornetwork
–Needtomodify configfile(/etc/proxychains.conf)
•Anonsurf(availableon Github)
–UsesTornetwork
•Proxychains(built-inintoKaliLinux)
–UsesTornetwork
–Needtomodify configfile(/etc/proxychains.conf)
•Anonsurf(availableon Github)
–UsesTornetwork
Phishing
•Steps inphishingcampaign:
1.Planning(gatherinformation)
2.Setup(createemailsorwebsite)
3.Attack(sendthemessagewithfakelinks)
4.Collection(gatherdata)
5.Identitytheftandfraud
•Steps inphishingcampaign:
1.Planning(gatherinformation)
2.Setup(createemailsorwebsite)
3.Attack(sendthemessagewithfakelinks)
4.Collection(gatherdata)
5.Identitytheftandfraud
Demonstration
•Maltego
•Shodan.io
•FOCA (Fingerprinting Organisations with Collected
Archives)
•Theharvester
•Recon-ng
•SET (Social Engineering Toolkit)
•Maltego
•Shodan.io
•FOCA (Fingerprinting Organisations with Collected
Archives)
•Theharvester
•Recon-ng
•SET (Social Engineering Toolkit)
Demonstration...
•Passive reconnaissance –Maltego
–Maltego is a passive and semi-active reconnaissance
software
–Available in commercial and as well as community
editions
–Community edition is free, but has limited functionality
•Passive reconnaissance –Maltego
–Maltego is a passive and semi-active reconnaissance
software
–Available in commercial and as well as community
editions
–Community edition is free, but has limited functionality
Demonstration...
•Shodan.io
–SearchengineforIoT
–GoogleindexesonlyWWW
–ShodanindexeseverythingconnectedtoInternet
–We cansearchforvariousdevicesusingdifferentfilters
•Shodan.io
–SearchengineforIoT
–GoogleindexesonlyWWW
–ShodanindexeseverythingconnectedtoInternet
–We cansearchforvariousdevicesusingdifferentfilters
Demonstration...
•FOCA
–Downloadsfilesfromsearchenginesand otherpublicrepositories
–Gathersmeta datafromthosefiles
–Analyzesthatmeta dataandpresentsinterestinginformation
•FOCA
–Downloadsfilesfromsearchenginesand otherpublicrepositories
–Gathersmeta datafromthosefiles
–Analyzesthatmeta dataandpresentsinterestinginformation
Demonstration...
•theharvester
–Pythontoolfor passivereconnaissance
–Usage:theharvester-dvishnu.edu.in-l100-ball
•-dspecifiesdomain
•-lspecifieslengthofresultstobefetched
•-bspecifiessourcestosearchinformationfrom
•theharvester
–Pythontoolfor passivereconnaissance
–Usage:theharvester-dvishnu.edu.in-l100-ball
•-dspecifiesdomain
•-lspecifieslengthofresultstobefetched
•-bspecifiessourcestosearchinformationfrom
Demonstration...
•Recon-ng
–Pythontoolfor passivereconnaissance
–LookandfeelisverysimilartoMetasploit
–Containsseveralmodules(scripts)
–Usage: Demo
•Recon-ng
–Pythontoolfor passivereconnaissance
–LookandfeelisverysimilartoMetasploit
–Containsseveralmodules(scripts)
–Usage: Demo
Demonstration...
•SET(SocialEngineeringToolkit)
–Open-sourcetooldevelopedbyTrustedSec
–Python-driven
–Standardforsocial-engineeringpenetrationtests
•ngrok
–Reverseproxysoftwareforestablishingatunnelbetweenourmachine
andtheInternet
•SET(SocialEngineeringToolkit)
–Open-sourcetooldevelopedbyTrustedSec
–Python-driven
–Standardforsocial-engineeringpenetrationtests
•ngrok
–Reverseproxysoftwareforestablishingatunnelbetweenourmachine
andtheInternet
Demonstration...
•SET(SocialEngineeringToolkit)
Internet
Router
Host Machine
(Windows 8.1)
Guest
Machine 1
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
•SET(SocialEngineeringToolkit)
Internet
Router
Host Machine
(Windows 8.1)
Guest
Machine 1
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
Demonstration...
•SET(SocialEngineeringToolkit)
Internet
Router
Host Machine
(Windows 8.1)
Guest
10.0.2.15
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
10.0.2.6
(Ubuntu)
NATNetwork
•SET(SocialEngineeringToolkit)
Internet
Router
Host Machine
(Windows 8.1)
Guest
10.0.2.15
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
10.0.2.6
(Ubuntu)
NATNetwork
ForwardProxyvs.ReverseProxy
PasswordCracking
PasswordCracking
•Purposeofpasswordcracking:
–Torecoveraforgottenpassword
–Testingthestrengthofapassword
–Togainunauthorizedaccesstoasystem
•Purposeofpasswordcracking:
–Torecoveraforgottenpassword
–Testingthestrengthofapassword
–Togainunauthorizedaccesstoasystem
PasswordCracking...
•Manualprocessofpasswordcracking:
1.Find avaliduser account
2.Createalistofpossiblepasswords(dictionary)
3.Rankthepasswordsfromhightolowprobability
4.Key-in eachpassword
5.Tryagainuntilasuccessfulpasswordisfound
•Manualprocessofpasswordcracking:
1.Find avaliduser account
2.Createalistofpossiblepasswords(dictionary)
3.Rankthepasswordsfromhightolowprobability
4.Key-in eachpassword
5.Tryagainuntilasuccessfulpasswordisfound
PasswordCracking...
•Guessable password characteristics:
–Blank (no password)
–General passwords like password, admin, 123456, etc.
–Series of letters like QWERTY
–User’s name or login name
–Name of user’s friend/relative/pet
–User’s birth date or birth place
–User’s vehicle number, office number, residence or mobile number
–Name of a celebrity or idol
–Simple modification of the above mentioned passwords (like adding
numbers)
•Guessable password characteristics:
–Blank (no password)
–General passwords like password, admin, 123456, etc.
–Series of letters like QWERTY
–User’s name or login name
–Name of user’s friend/relative/pet
–User’s birth date or birth place
–User’s vehicle number, office number, residence or mobile number
–Name of a celebrity or idol
–Simple modification of the above mentioned passwords (like adding
numbers)
PasswordCracking...
•Classification of password cracking attacks:
–Online attacks
–Offline attacks
–Non-electronic attacks (social engineering,
shoulder surfing, dumpster diving etc)
•Classification of password cracking attacks:
–Online attacks
–Offline attacks
–Non-electronic attacks (social engineering,
shoulder surfing, dumpster diving etc)
PasswordCracking...
•Online attacks
–Use a program or script
–Attacks the target machine directly
–MITM (also called bucket-brigade or
Janus attack)
•Offline attacks
–Performed on machines other than the target
location
–Requires physical access to the target for
copying password files
Hacker/Cracker
Victim
Machine
Hacker/Cracker
Victim
Machine
•Online attacks
–Use a program or script
–Attacks the target machine directly
–MITM (also called bucket-brigade or
Janus attack)
•Offline attacks
–Performed on machines other than the target
location
–Requires physical access to the target for
copying password files
Hacker/Cracker
Victim
Machine
Hacker/Cracker
Victim
Machine
PasswordCracking...
Passwordhashingprocess
Passwordhashingprocess
Strong,Weak,andRandomPasswords
•Refertextbookpages135,136,and137
•Refertextbookpages135,136,and137
Demonstration
•OWASPBWA(VulnerableVirtualMachine)
•Hydra(onlineattack-webpage)
•Hydra(onlineattack-SSH)
•CainandAbel(offlineattack)
•JohntheRipper(offlineattack)
•OWASPBWA(VulnerableVirtualMachine)
•Hydra(onlineattack-webpage)
•Hydra(onlineattack-SSH)
•CainandAbel(offlineattack)
•JohntheRipper(offlineattack)
Demonstration...
Internet
Router
Host Machine
(Windows 8.1)
Guest
Machine 1
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
Internet
Router
Host Machine
(Windows 8.1)
Guest
Machine 1
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
Machine 3
(OWASP
BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
Demonstration...
Internet
Router
Host Machine
(Windows 8.1)
Guest
10.0.2.15
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
10.0.2.5
(OWASP BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
Internet
Router
Host Machine
(Windows 8.1)
Guest
10.0.2.15
(Kali Linux)
Guest
Machine 2
(Metasploitabl
e 2)
Guest
10.0.2.5
(OWASP BWA)
Guest
Machine 4
(Ubuntu)
NATNetwork
Demonstration...
•Hydra(onlineattack-webpage)
–Anonlinepasswordcrackingtool
–Commandoptions:
•-l forusername
•-Lforuserlist
•-pforpassword
•-Pforpasswordlist
•-fexitatfirstsuccessfulresult
•-Vprintusernameandpasswordcombinations
•IPaddress
•http(s)-post-form for form basedauthentication
•<URL>:<FormParameters>:<Failedattemptkeyword>-serviceparameters
•Hydra(onlineattack-webpage)
–Anonlinepasswordcrackingtool
–Commandoptions:
•-l forusername
•-Lforuserlist
•-pforpassword
•-Pforpasswordlist
•-fexitatfirstsuccessfulresult
•-Vprintusernameandpasswordcombinations
•IPaddress
•http(s)-post-form for form basedauthentication
•<URL>:<FormParameters>:<Failedattemptkeyword>-serviceparameters
Demonstration...
•Hydra (online attack -webpage)
–Example
hydra-l admin-P 10-million-password-list-top-
1000000.txt192.168.91.160 http-post-form
"/dvwa/login.php:username=^USER^&password=^PASS^&
Login=Login:Login failed"–f–V
•Hydra (online attack -webpage)
–Example
hydra-l admin-P 10-million-password-list-top-
1000000.txt192.168.91.160 http-post-form
"/dvwa/login.php:username=^USER^&password=^PASS^&
Login=Login:Login failed"–f–V
Demonstration...
•Hydra (online attack -SSH)
–Scan the victim machine ports for SSH availability
–Command: nmap 192.168.91.160 --top-ports 100 –sV
–Now use Hydra
–Command:
•hydra -l root -P 10-million-password-list-top-1000000.txt -f -V
192.168.91.160 ssh -t 5
•-V prints the username and password combination
•-t maintains number of connections in parallel to the target server
•Hydra (online attack -SSH)
–Scan the victim machine ports for SSH availability
–Command: nmap 192.168.91.160 --top-ports 100 –sV
–Now use Hydra
–Command:
•hydra -l root -P 10-million-password-list-top-1000000.txt -f -V
192.168.91.160 ssh -t 5
•-V prints the username and password combination
•-t maintains number of connections in parallel to the target server
Demonstration...
•CainandAbel(offlineattack)
–Dictionaryattack
–Bruteforceattack
–Rainbowtableattack
•CainandAbel(offlineattack)
–Dictionaryattack
–Bruteforceattack
–Rainbowtableattack
Demonstration...
•JohntheRipper(offlineattack)
–Oneofthemostpopularpasswordcrackers
–Auto-detectspasswordhashtypes
–AvailableforUnixandWindows
–Availablein3differentversions:
•Freeandopensourceversion
•Professionaledition
•Communityedition
•JohntheRipper(offlineattack)
–Oneofthemostpopularpasswordcrackers
–Auto-detectspasswordhashtypes
–AvailableforUnixandWindows
–Availablein3differentversions:
•Freeandopensourceversion
•Professionaledition
•Communityedition
Demonstration...
•John the Ripper (offline attack)
–Example:
•john MD5.txt --wordlist=10-million-password-list-top-
1000000.txt --format=Raw-MD5
•John the Ripper (offline attack)
–Example:
•john MD5.txt --wordlist=10-million-password-list-top-
1000000.txt --format=Raw-MD5
KeyloggerandSpyware
•Keylogger is used to capture passwords and other
information while the user is keying
•Types of keyloggers:
–Software keyloggers
–Hardware keyloggers
•Keylogger is used to capture passwords and other
information while the user is keying
•Types of keyloggers:
–Software keyloggers
–Hardware keyloggers
KeyloggerandSpyware...
•Softwarekeyloggers:
–Softwareprograminstalledonthevictimmachineforkeylogging
–Generallyspreadastrojansorviruses
–AkeyloggergenerallycontainsaDLLfileandanEXEfile
•Softwarekeyloggers:
–Softwareprograminstalledonthevictimmachineforkeylogging
–Generallyspreadastrojansorviruses
–AkeyloggergenerallycontainsaDLLfileandanEXEfile
Demonstration
•Nifty keylogger
–Akeyloggerforfirefox
–Add-onthatlogskeysincludingsuchkeysasALT,SHIFT,andBACKSPACE
–Hardtodetectthiskeyloggerthroughanti-virussoftware
–Toaccessthelog,simultaneouslypress ALT +SHIFT+KorALT+SHIFT+O
•Nifty keylogger
–Akeyloggerforfirefox
–Add-onthatlogskeysincludingsuchkeysasALT,SHIFT,andBACKSPACE
–Hardtodetectthiskeyloggerthroughanti-virussoftware
–Toaccessthelog,simultaneouslypress ALT +SHIFT+KorALT+SHIFT+O
KeyloggerandSpyware...
•Hardwarekeyloggers:
–Smallhardwaredevices
–Requiresphysicalaccesstothevictimmachine
–GenerallyinstalledonATMs
•Hardwarekeyloggers:
–Smallhardwaredevices
–Requiresphysicalaccesstothevictimmachine
–GenerallyinstalledonATMs
KeyloggerandSpyware...
Source:https://thehackernews.com/2016/05/usb-charger-keylogger.html
Source:https://thehackernews.com/2016/05/usb-charger-keylogger.html
KeyloggerandSpyware...
Source:http://www.keelog.com/airdrive-keylogger/
Source:http://www.keelog.com/airdrive-keylogger/
KeyloggerandSpyware...
•Anti-keylogger:
–Programthatdetectskeyloggers
–PreventsInternetbankingfrauds
–PreventsIDtheft
–ItsecuresE-Mailandinstantmessaging/chatting
•Anti-keylogger:
–Programthatdetectskeyloggers
–PreventsInternetbankingfrauds
–PreventsIDtheft
–ItsecuresE-Mailandinstantmessaging/chatting
KeyloggerandSpyware...
•Spyware:
–Malwareinstalledtospyonvictim’sactivities
–Sometimes,spywareisinstalledpurposefullybyadministration
–Spywaremonitorsvictim’ssurfingpatterns
–Spywarecanalsomodifysystemsettings
–Installanti-spywareforprotection
•Spyware:
–Malwareinstalledtospyonvictim’sactivities
–Sometimes,spywareisinstalledpurposefullybyadministration
–Spywaremonitorsvictim’ssurfingpatterns
–Spywarecanalsomodifysystemsettings
–Installanti-spywareforprotection
VirusandWorms
•Typesofvirus:
1.Bootsectorvirus
2.Programvirus
3.Multipartitevirus(bootsector+programvirus)
4.Stealthvirus
5.Polymorphicvirus(changesvirussignature)
6.Macrovirus
7.ActiveXandJavavirus
•Typesofvirus:
1.Bootsectorvirus
2.Programvirus
3.Multipartitevirus(bootsector+programvirus)
4.Stealthvirus
5.Polymorphicvirus(changesvirussignature)
6.Macrovirus
7.ActiveXandJavavirus
TrojanHorseandBackdoor
•Backdoor:
–A backdoor is a means of access to computer program that bypasses
security mechanisms
–Hackers use backdoor to maintain access to the victim system
•Backdoor:
–A backdoor is a means of access to computer program that bypasses
security mechanisms
–Hackers use backdoor to maintain access to the victim system
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 59
- Slides 55
- Age 544 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
39 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
42 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
38 views
14
Fertility awareness methods for women in the society
Isaiah47
36 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
34 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
37 views