[ Pobierz całość w formacie PDF ]
Breaking into computer
networks from the Internet.
2000/12/31 First run
2001/07/01 Updated a bit
2001/09/20 Added Trojans
© 2000,2001 Roelof Temmingh & SensePost (Pty) Ltd
- 1 - Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]
- 2 - Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]
- 3 - Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]
Chapter 0: What is this document about anyway?
While I was writing this document a book "Hack Proofing Your Network" was
released. I haven't been able to read it (dunno if its in print yet, and
besides - everything takes a while to get to South Africa). I did however
read the first chapter, as it is available to the public. In this chapter
the author writes about different views on IT security - hackers, crackers,
script kiddies and everything in between. I had some thoughts about this and
decided that it was a good starting point for this document.
I want to simplify the issue - let us forget motives at the moment, and
simply look at the different characters in this play. To do this we will
look at a real world analogy. Let us assume the ultimate goal is breaking
into a safe (the safe is a database, a password file, confidential records
or whatever). The safe is located inside of a physical building (the
computer that hosts the data). The building is located inside of a town (the
computer is connected to a network). There is a path/highway leading to the
town and the path connects the town to other towns and/or cities. (read
Internet/Intranet). The town/city is protected by a tollgate or an
inspection point (the network is protected by a firewall, screening router
etc.) There might be certain residents (the police) in the town looking for
suspicious activity, and reporting it to the town's mayor (the police being
an IDS, reporting attacks to the sysadmin). Buildings have their own
protection methods, locks chains, and access doors (on-host firewalling, TCP
wrappers, usernames and passwords). The analogy can be extended to very
detailed levels, but this is not the idea.
In this world there are the ones that specialize in building or safe
cracking. They are not concerned with the tollgates, or the police. They are
lock-picking experts - be that those of the house, or of the safe. They buy
a similar safe, put it in their labs and spend months analyzing it. At the
end of this period they write a report on this particular safe - they
contact the manufacturer, and might even build a tool that can assist in the
breaking of the safe. Maybe they don't even manage to crack into the safe -
they might just provide ways to determine the type of metal the safe is made
of - which might be interesting on its own. These people are the toolmakers,
the Bugtraq 0-day report writers, the people that other hackers consider to
be fellow hackers.
And the rest? The rest are considered to be tool users - a.k.a. script
kiddies. They are portrayed as those rushing into towns, looting and
throwing bricks through windows, bricks that were built by the toolmakers
mentioned in the previous paragraph. They don't have any idea of the inner
workings of these tools. They are portrayed as those that ring the doorbell
and then runs away, just to do it a trillion times a day - those that steals
liquor from the village restaurant to sell it in their own twisted village.
A scary and dangerous crowd.
Is there nothing in between these groups of people? Imagine a person with a
toolbox with over a thousand specialized tools in it. He knows how to use
every one of these tools - what tool to use in what situation. He can make
some changes to these tools - not major changes, but he can mold a tool for
a specific occasion. He knows exactly where to start looking for a safe - in
which town, in what building. He knows of ways to slip into the town totally
undetected, with no real ID. He knows how to inspect the safe, use the
correct tools, take the good stuff and be out of town before anyone detected
it. He has a X-ray machine to look inside a building, yet he does not know
the inner workings of the machine. He will use any means possible to get to
the safe - even if it means paying bribes to the mayor and police to turn a
blind eye. He has a network of friends that include tool builders,
connections in "script kiddie" gangs and those that build the road to the
town. He knows the fabric of the buildings, the roads, the safes and the
servants inside the buildings. He is very agile and can hop from village to
city to town. He has safe deposit boxes in every city and an ultra modern
house at the coast. He knows ways of getting remote control surveillance
- 4 - Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]
 devices into the very insides of security complexes, and yet he does not
know the intricacies of the device itself. He knows the environment, he
knows the principals of this world and everything that lives inside the
world. He is not focused on one device/safe/building/tollgate but
understands all the issues surrounding the objects. Such a person is not a
toolmaker, neither is he a script kiddie, yet he is regarded as a Script
Kiddie by those who calls themselves "hackers", and as such he has no real
reason for existence.
This document is written for the in-between group of people. Toolmakers will
frown upon this document and yet it may provide you with some useful insight
(even if it better the tools you manufacture). It attempts to provide a
methodology for hacking. It attempt to answers to "how to" question, not the
"why" or the "who". It completely sidesteps the moral issue of hacking; it
also does not address the issue of hackers/crackers/black hats/gray
hats/white hats. It assumes that you have been in this industry long enough
to be beyond the point of worrying about it. It does not try to make any
excuses for hacking - it does not try to pretend that hacking is a
interesting past-time. The document is written for the serious cyber
criminal. All of this sounds a bit hectic and harsh. The fact of the matter
is that sysadmins, security consultants, and IT managers will find this
document just as interesting as cyber criminals will. Looking at your
network and IT infrastructure from a different viewpoint could give you a
lot of insight into REAL security issues (this point has been made over and
over and over and I really don't to spend my time explaining it again [full
disclosure blah blah whadda whadda wat wat]).
A note to the authors of the book "Hack proofing your network" - I truly
respect the work that you have done and are doing (even though I have not
read your book - I see your work every now and again). This document will go
on the Internet free of charge - this document does NOT try to be a cheap
imitation of what you have done, it does not in any way try to be a
substitute (I am a tool user, where as you are tool writers...remember? :) )
Before we start, a few prerequisites for reading this document. Unless you
want to feel a bit left in the cold you should have knowledge of the
following:
1. Unix (the basics, scripting, AWK, PERL, etc.)
2. TCP/IP (routing, addressing, subnetting etc.)
3. The Internet (the services available on the 'net-e.g. DNS, FTP, HTTP,
SSH, telnet etc.)
4. Experience in IT security (packetfiltering, firewalling, proxies etc.)
I have written this document over a rather long period of time. Sites and
tools could be outdated by the time you read this. I wrote the document with
no prior knowledge about the "targets". You will find that in many cases I
make assumptions that are later found not to be true. Reading through the
text will thus provide you with an un-edited view of the thought processes
that I had.
Chances are very good that I am talking a load of bullshit at times - if you
are a terminology expert, and I have used your pet word in the wrong context
- I am really sorry - it won't ever happen again. Now please leave. In the
case that I totally go off track on technical issues - please let me know.
Also my English sucks, so if I loose track of the language please bear with
me - I tried to write it in simple words. This is not an academic paper!!
Chapter 1: Setting the stage.
Before you can start to hack systems you need a platform to work from. This
platform must be stable and not easily traceable. How does one become
anonymous on the Internet? It's is not that easy. Let us look at the
- 5 - Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]
Â
[ Pobierz całość w formacie PDF ]