Case Study

Previous page
Table of content
Next page
 < Day Day Up > 

This case study gives you an idea of how to penetrate a network that might ordinarily appear impenetrable. The steps given here are somewhat out of bounds for penetration testing, but if the contract is open to any possible penetration, view this case study as a novel idea and a workable possibility. This study also serves to generate a little anxiety over how a hacker can gain access to any system. If one way does not work, the hacker can try another way.

Evil Jimmy has been tirelessly trying to get past a PIX firewall into Little Company Network (LCN). Finally, after exhausting scanning, web hacking, and endless SQL injection attacks to no avail, Jimmy resorts to a dark and evil path. He will send LCN a Trojan horse that can be installed on any computer and will come back through that tough PIX firewall and right to his home computer.

Jimmy will take a brilliant and popular backdoor program called Beast (as covered previously in the chapter) and place it on a CD with autorun configured to execute it when someone puts the CD in his computer. Next, he will sit back and wait for someone to run the CD and allow the Trojan to become installed. The Trojan will contact Jimmy's hacking computer at his home.

Step 1.

The first thing is to create the backdoor server with Beast. By clicking on the Build Server button, Jimmy selects explorer.exe, the program that Beast should inject itself into. This enables Beast to go undetected by most anti-virus software programs. (See Figure 12-69.)

Figure 12-69. Setting Injects Itself into Explorer.exe


Step 2.

Because a firewall is involved, Evil Jimmy creates not a listening Beast, but a Beast that can send connection requests to Evil Jimmy's attack computer (Reverse Connection). On the basic screen, he enters port 80 as the listening port he will be using and selects the Reverse connection radio button. (See Figure 12-70.)

Figure 12-70. Setting Attacker Port Number


Step 3.

The next setting is to configure the IP address of Evil Jimmy's attacking computer so that the backdoor knows where to go. By clicking on Notifications, Jimmy can either enter the DNS name or an IP address. He enters his attacking computer's IP address of 172.16.0.13. (See Figure 12-71.)

Figure 12-71. Setting Attacker IP Address


Step 4.

Next, Evil Jimmy saves the server and renames it to installprep.exe, which looks fairly innocuous on any installation CD. Jimmy uses this file on his autorun CD.

Step 5.

Now it is time to build the autorun CD that will run the Beast server program called installprep.exe. Creating an autorun.inf file is shown here:

[AutoRun] open=installprep.exe

The installprep.exe file executes if the CD is configured for auto start.

Note

For a great article on autorun, see http://www.ezau.com/latest/articles/autorun.shtml. Autorun allows autorun.inf to execute multiple programs.

Step 6.

Next, Jimmy takes all the files from a normal anti-virus CD that he uses as a disguise and replaces autorun.inf with his modified one. He places installprep.exe into the folder, too.

Step 7.

Jimmy burns the CD and creates a professional-looking anti-virus label for it.

Step 8.

Next, he creates a polite cover letter and instruction sheet explaining that the content of the CD is a "90-day trial version of the next generation of enterprise, active anti-virus software. Install the software on your server to enable the full features of the product."

Step 9.

Jimmy creates ten copies of the CD, includes instructions, and mails them to eight different people at LCN. He leaves the last two copies in the parking lot of LCN for anyone to pick up and read. He hopes employees will insert the CD into their office computer and execute his version of installprep.exe.

Step 10.

Jimmy launches the Beast client on his attack computer and configures it to listen for incoming requests on port 80.

Step 11.

He sits back and waits for a few days until someone actually installs the CD. It comes as no surprise that it works. (See Figure 12-72.)

Figure 12-72. LCN Compromised by Beast and Evil Jimmy


Step 12.

Now Jimmy can use the initial computer as a springboard into the rest of the network. Jimmy starts downloading his entire hacker toolkit and settles in for a long session at LCN.

Imagine if this was to actually happen and just one person clicked on the setup program or inserted the CD to autoplay. Beast would be installed and start to execute, allowing external access to the system. The best course of defense against an attack such as this can only be user education and continuous AV monitoring.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Software Configuration Management
    101 Microsoft Visual Basic .NET Applications
    Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
    AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
    Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
    .NET-A Complete Development Cycle
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy