Monday, 31 August 2015

Ethical Hacking - Module 3 : Scanning4

6. Draw Network Diagrams

The mapping of networks into diagrams helps you to identify the topology or the architecture of the target network. The network diagram also helps you to trace out the path to the target host in the network. It also allows you to understand the position of firewalls, routers, and other access control devices.Based on 
the network diagram, the attacker can analyze the target 
network's topology and security mechanisms.It helps an attacker to see the firewalls, IDSs, and other security mechanisms of the target network.


Tools:
       LANsurveyor
       OpManager




7.Prepare Proxies

A proxy is a network computer that can serve as an intermediary for connecting with other computers. When you use a proxy to request a particular web page on an actual server, it first sends your request to the proxy server. The proxy server then sends your request to the actual server on behalf of your request, i.e., it mediates between you and the actual server to send and respond to the request.





In this process, the proxy receives the communication between the client and the destination application. In order to take advantage of a proxy server, client programs must be configured
so they can send their requests to the proxy server instead of the final destination.


Why Attackers Use Proxy Servers

For an attacker, it is easy to attack or hack a particular system than to conceal the attack source. So the main challenge for an attacker is to hide his identity so that no one can trace him or her. To conceal the identity, the attacker uses the proxy server. The main cause behind using a proxy is to avoid detection of attack evidence. With help of the proxy server, an attacker can mask his or her IP address so that he or she can hack the computer system witho ut any fear of legal repercussion. When the attacker uses a proxy to connect to the destination, the proxy's source address will be recorded in the server logs instead of the actual source address of the attacker.






Use of Proxies for Attack













Proxy chaining helps you to become more anonymous on the Internet. Your anonymity on the Internet depends on the number of proxies used for fetching the target application. If you use a larger number of proxy servers, then you will become more
anonymous on the Internet and vice versa. 




Proxy Chaining :

                     Proxy WorkBench
                     Proxifier
                     Proxy Switcher
                     Socks Chain
                    Burp Suite



Http Tunneling :

HTTP Tunneling technology allows users to despite the restrictions imposed by firewalls.

Encapsulates datainside ( port 80)


HTTP Tunneling is another technique that allows you to use the Internet despite restrictions imposed by the firewalls. The HTTP protocol acts as wrapper for communication channels.

An attacker uses HTTP tunnel software to perform HTTP tunneling. 

It is a client-server-based application used to communicate through the HTTP protocol. This software creates an HTTP
tunnel between two machines, using a web proxy option. The technique involves sending POST requests to an "HTTP server" and receiving replies.


The attacker uses the client application of HTTP tunnel software installed on his or her system to communicate with other machines. All requests sent through the HTTP tunnel client
application go through the HTTP protocol.


The HTTP tunneling technique is used in network activities such as:
   Streaming video and audio
   Remote procedure calls for network management
   For intrusion detection alerts
   Firewalls


Why do I Need HTTP Tunneling

Organizations firewall all ports except 80 and 443, and you may want to use FTP.

HTTP tunneling will enable use of FTP via HTTP protocol


 

Tools:-
         Super Network tunnel
         HTTP-Tunnel

HTTP Tunnel acts as a SOCKS server, allowing you to access the Internet by bypassing firewall restrictions. It is very secure software. Using this software does not allow others to monitor
your Internet activities. It hides your IP address; therefore, it does not allow tracing of your system. It allows you the unlimited transfer of data. It runs in your system tray acting as a SOCKS server, managing all data transmissions between the computer and the network.


SSH Tunneling:

SSH tunneling is another technique that an attacker can use to bypass firewall restrictions. It also helps you hide your IP address on the Internet; therefore, no one can trace
or monitor you.

The prerequisite of SSH tunneling is raised from the problems caused by the public IP address,the means for accessing computers from anywhere in the world. The computers networked with the public IP address are universally accessible, so they could be attacked by anyone on the global Internet easily and can be victimized by attackers. The development of SSH tunneling solves the problems faced by the public IP address.

An SSH tunnel is a link that proceeds traffic from an indiscriminate port on one machine to a remote machine through

an intermediate machine. An SSH tunnel comprises an encrypted
tunnel, so all your data is encrypted as it uses a secure shell to create the tunnel.

Creating a tunnel for a privately addressed machine needs to implement three basic steps and also requires three machines.

 The three requisite machines are:
 

* Local machine
* An intermediate machine with a public IP address
* Target machine with a private address to which the 

  connection must be established


You can create a tunnel as follows:

* Start an SSH connection from local machine to the 

  intermediate machine with public IP address.

* Instruct the SSH connection to wait and observe traffic on 

  the local port, and use intermediate machine to send the
  traffic to an explicit port on the target machine with 
  a private address. This is called port acceleration or port
  forwarding.

* On the local machine, select the application that you want 

  to use for connection with the remote machine and configure 
  it to use port forwarding on the local machine. Now,when 
  you connect to the local port, it will redirect the 
  traffic to the remote machine.

Attackers use OpenSSH to encrypt and tunnel all the traffic 
from a local machine to a remote machine to avoid detection by
perimeter security controls.



Tunneling Another TCP Session Through SSH


  Toosl:  OpenSSH
          Bitvise

No comments:

Post a Comment