SlideShare a Scribd company logo

PPIT Lecture 20

Download as PPT, PDF
Kashif Sohail, profile picture
Kashif Sohail

The document discusses several modes and types of hacker attacks, including spoofing, denial of service attacks, session hijacking, and buffer overflow attacks. Spoofing involves altering one's identity to masquerade as another user or system. Specific types of spoofing covered include IP, email, and web spoofing. Denial of service attacks aim to overload systems to render them unusable. Session hijacking involves taking over an active session between another user and a server. Buffer overflow attacks exploit program vulnerabilities to overwrite memory and execute malicious code.

Software
1 of 15
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Lecture 20 Hacking
‱ Over the Internet ‱ Over LAN ‱ Locally ‱ Offline ‱ Theft ‱ Deception Modes of Hacker Attack
Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, 
 – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing
Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 ‱ Attacker changes his own IP address to spoofed address ‱ Attacker can send messages to a machine masquerading as spoofed machine ‱ Attacker can not receive messages from that machine
Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 ‱ The path a packet may change can vary over time ‱ To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 10.10.20.30
Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 1. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 1. Telnet to port 25 – Most mail servers use port 25 for mails. Attacker logs on to this port and composes a message for the user. Email Spoofing
‱ Basic – Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com ‱ Man-in-the-Middle Attack – Attacker acts as a proxy between the web server and the client – Attacker has to compromise the router or a node through which the relevant traffic flows ‱ URL Rewriting – Attacker redirects web traffic to another site that is controlled by the attacker – Attacker writes his own web site address before the legitimate link ‱ Tracking State – When a user logs on to a site a persistent authentication is maintained – This authentication can be stolen for masquerading as the user Web Spoofing
‱ Web Site maintains authentication so that the user does not have to authenticate repeatedly ‱ Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 1. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 1. Hidden Form Elements – ID is hidden in form elements which are not visible to user – Hacker can modify these to masquerade as another user Web Spoofing – Tracking State
Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking
‱ Attacker can – monitor the session – periodically inject commands into session – launch passive and active attacks from the session Session Hijacking Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die! Hi! I am Bob
‱ Attackers exploit sequence numbers to hijack sessions ‱ Sequence numbers are 32-bit counters used to: – tell receiving machines the correct order of packets – Tell sender which packets are received and which are lost ‱ Receiver and Sender have their own sequence numbers ‱ When two parties communicate the following are needed: – IP addresses – Port Numbers – Sequence Number ‱ IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking – How Does it Work?
Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – Send the victim data or packets which will cause system to crash or reboot. 1. Exhausting the resources by flooding the system or network with information – Since all resources are exhausted others are denied access to the resources 1. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) Attack
Types: 1. Ping of Death 2. SSPing 3. Land 4. Smurf 5. SYN Flood 6. CPU Hog 7. Win Nuke 8. RPC Locator 9. Jolt2 10. Bubonic 11. Microsoft Incomplete TCP/IP Packet Vulnerability 12. HP Openview Node Manager SNMP DOS Vulneability 13. Netscreen Firewall DOS Vulnerability 14. Checkpoint Firewall DOS Vulnerability Denial of Service (DOS) Attack
‱ This attack takes advantage of the way in which information is stored by computer programs ‱ An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer Overflow Attacks ‱ Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments ‱ Fill Direction Bottom of Memory Top of Memory Normal Stack ‱ Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments ‱ Fill Direction Bottom of Memory Top of Memory Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten
‱ Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack ‱ Simple weaknesses can be exploited – If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters ‱ Can be used for espionage, denial of service or compromising the integrity of the data Examples – NetMeeting Buffer Overflow – Outlook Buffer Overflow – AOL Instant Messenger Buffer Overflow – SQL Server 2000 Extended Stored Procedure Buffer Overflow Buffer Overflow Attacks

More Related Content

PPT
Ethical Hacking : Why Do Hackers Attack And How ?
HBServices7
 
PPTX
Session hijacking
Gayatri Kapse
 
PDF
Aw36294299
IJERA Editor
 
PPTX
Web spoofing hacking
jignesh khunt
 
PDF
DDoS Attack
Gopi Krishnan S
 
PPTX
Attacks and their mitigations
Mukesh Chaudhari
 
PDF
DDoS-bdNOG
Zobair Khan
 
PPT
Ip Spoofing
arpit.arp
 
Ethical Hacking : Why Do Hackers Attack And How ?
HBServices7
 
Session hijacking
Gayatri Kapse
 
Aw36294299
IJERA Editor
 
Web spoofing hacking
jignesh khunt
 
DDoS Attack
Gopi Krishnan S
 
Attacks and their mitigations
Mukesh Chaudhari
 
DDoS-bdNOG
Zobair Khan
 
Ip Spoofing
arpit.arp
 

What's hot (19)

PPT
Hacking 1224807880385377-9
Geoff Pesimo
 
PPT
Hacking In Detail
Greater Noida Institute Of Technology
 
PPT
Hack the hack
Shakti Ranjan
 
PPTX
Ip spoofing ppt
Anushakp9
 
PPT
Module 6 Session Hijacking
leminhvuong
 
PPTX
Internet security
gohel
 
PPT
SSL MITM Attack Over Wireless
SecurityTube.Net
 
PPTX
My ppt..priya
priya_kp03
 
PPTX
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
PPT
Module 8 System Hacking
leminhvuong
 
PPTX
Mitm(man in the middle) ssl proxy attacks
JaeYeoul Ahn
 
PPT
Himanshupptx
Himanshu Chaurishiya
 
PPT
Hacking
Roshan Chaudhary
 
PPT
Hacking
rameswara reddy venkat
 
PPT
Hacking tutorial
MSA Technosoft
 
PPTX
DDoS attacks
Ch Anas Irshad
 
PPT
DDos
rohit verma
 
PPTX
Ddos
university of Gujrat, pakistan
 
PPTX
Entropy and denial of service attacks
chris zlatis
 
Hacking 1224807880385377-9
Geoff Pesimo
 
Hacking In Detail
Greater Noida Institute Of Technology
 
Hack the hack
Shakti Ranjan
 
Ip spoofing ppt
Anushakp9
 
Module 6 Session Hijacking
leminhvuong
 
Internet security
gohel
 
SSL MITM Attack Over Wireless
SecurityTube.Net
 
My ppt..priya
priya_kp03
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
Module 8 System Hacking
leminhvuong
 
Mitm(man in the middle) ssl proxy attacks
JaeYeoul Ahn
 
Himanshupptx
Himanshu Chaurishiya
 
Hacking
Roshan Chaudhary
 
Hacking
rameswara reddy venkat
 
Hacking tutorial
MSA Technosoft
 
DDoS attacks
Ch Anas Irshad
 
DDos
rohit verma
 
Ddos
university of Gujrat, pakistan
 
Entropy and denial of service attacks
chris zlatis
 
Ad

Viewers also liked (6)

PPT
10a98 virus111
Nihar Taranekar
 
PPTX
dos attacks
AMAL PERUMPALLIL
 
PPTX
Cyper security & Ethical hacking
Cmano Kar
 
PPTX
Hacking
Arpit Verma
 
PPT
Module 9 Dos
leminhvuong
 
PPT
Hacking
LutfulM
 
10a98 virus111
Nihar Taranekar
 
dos attacks
AMAL PERUMPALLIL
 
Cyper security & Ethical hacking
Cmano Kar
 
Hacking
Arpit Verma
 
Module 9 Dos
leminhvuong
 
Hacking
LutfulM
 
Ad

Similar to PPIT Lecture 20 (20)

PPT
hacking lecture 3c.ppt
peter722626
 
PPTX
Avirup_Ray_18700219054_Cyber_Security_1.pptx
AvirupRay2
 
PPT
Computer Security Hacking
Erdo Deshiant Garnaby
 
PPT
Computer Security
Greater Noida Institute Of Technology
 
PPT
hacking.ppt project (1) computer science
NatashaDalal1
 
PPT
hackingggggggggggggggggggggggggggggg.ppt
ganeshdas9449
 
PPT
Hacking
Anil Shrivastav
 
PPT
Hacking
Muhammad Ruhul Mowla
 
PPT
2hacking.ppt
LatinaLatina1
 
PPTX
APpresebtstuobvghgftytfhyrfyttrfgPT.pptx
sarojrk0710
 
PDF
what is transport layer what are the typical attacks in transport l.pdf
brijeshagarwa329898l
 
PPTX
Cryptography and Network security # Lecture 3
Kabul Education University
 
PPTX
DDoS ATTACKS
Anil Antony
 
PPT
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
PPT
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
mohammednisath
 
PPTX
Lecture 7 Attacker and there tools.pptx
AsmaaLafi1
 
PPTX
IP Spoofing
Akmal Hussain
 
PDF
denialofservice.pdfdos attacck basic details with interactive design
perfetbyedshareen
 
PPTX
Denial of service
garishma bhatia
 
PPTX
Ethicak hacking
Kshitij Rokde
 
hacking lecture 3c.ppt
peter722626
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
AvirupRay2
 
Computer Security Hacking
Erdo Deshiant Garnaby
 
Computer Security
Greater Noida Institute Of Technology
 
hacking.ppt project (1) computer science
NatashaDalal1
 
hackingggggggggggggggggggggggggggggg.ppt
ganeshdas9449
 
Hacking
Anil Shrivastav
 
Hacking
Muhammad Ruhul Mowla
 
2hacking.ppt
LatinaLatina1
 
APpresebtstuobvghgftytfhyrfyttrfgPT.pptx
sarojrk0710
 
what is transport layer what are the typical attacks in transport l.pdf
brijeshagarwa329898l
 
Cryptography and Network security # Lecture 3
Kabul Education University
 
DDoS ATTACKS
Anil Antony
 
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
mohammednisath
 
Lecture 7 Attacker and there tools.pptx
AsmaaLafi1
 
IP Spoofing
Akmal Hussain
 
denialofservice.pdfdos attacck basic details with interactive design
perfetbyedshareen
 
Denial of service
garishma bhatia
 
Ethicak hacking
Kshitij Rokde
 

More from Kashif Sohail (13)

PPTX
PPIT Lecture 19
Kashif Sohail
 
PPTX
PPIT Lecture 17
Kashif Sohail
 
PPTX
PPIT Lecture 18
Kashif Sohail
 
PPT
PPIT Lecture 10
Kashif Sohail
 
PPT
PPIT Lecture 9
Kashif Sohail
 
PPT
PPIT Lecture 8
Kashif Sohail
 
PPT
PPIT Lecture 7
Kashif Sohail
 
PPTX
PPIT Lecture 06
Kashif Sohail
 
PPT
PPIT Lecture 4
Kashif Sohail
 
PPT
PPIT Lecture 5
Kashif Sohail
 
PPT
PPIT Lecture 2
Kashif Sohail
 
PPTX
PPIT Lecture 1
Kashif Sohail
 
PPT
Introduction to Human Resource Management - HRM Dessler 12e Chapter 01
Kashif Sohail
 
PPIT Lecture 19
Kashif Sohail
 
PPIT Lecture 17
Kashif Sohail
 
PPIT Lecture 18
Kashif Sohail
 
PPIT Lecture 10
Kashif Sohail
 
PPIT Lecture 9
Kashif Sohail
 
PPIT Lecture 8
Kashif Sohail
 
PPIT Lecture 7
Kashif Sohail
 
PPIT Lecture 06
Kashif Sohail
 
PPIT Lecture 4
Kashif Sohail
 
PPIT Lecture 5
Kashif Sohail
 
PPIT Lecture 2
Kashif Sohail
 
PPIT Lecture 1
Kashif Sohail
 
Introduction to Human Resource Management - HRM Dessler 12e Chapter 01
Kashif Sohail
 

Recently uploaded (20)

PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PDF
Complete Guide to Website Development in Malaysia for SMEs
Asian Business Services & Technologies
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
DOCX
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PPTX
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PDF
iTop VPN Free 5.6.0.5262 Crack latest version 2025
itskinga12
 
PDF
Website Design Services for Small Businesses.pdf
ecomme9
 
PDF
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
Complete Guide to Website Development in Malaysia for SMEs
Asian Business Services & Technologies
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
iTop VPN Free 5.6.0.5262 Crack latest version 2025
itskinga12
 
Website Design Services for Small Businesses.pdf
ecomme9
 
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 

PPIT Lecture 20

  • 2. ‱ Over the Internet ‱ Over LAN ‱ Locally ‱ Offline ‱ Theft ‱ Deception Modes of Hacker Attack
  • 3. Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, 
 – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing
  • 4. Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 ‱ Attacker changes his own IP address to spoofed address ‱ Attacker can send messages to a machine masquerading as spoofed machine ‱ Attacker can not receive messages from that machine
  • 5. Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 ‱ The path a packet may change can vary over time ‱ To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 10.10.20.30
  • 6. Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 1. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 1. Telnet to port 25 – Most mail servers use port 25 for mails. Attacker logs on to this port and composes a message for the user. Email Spoofing
  • 7. ‱ Basic – Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com ‱ Man-in-the-Middle Attack – Attacker acts as a proxy between the web server and the client – Attacker has to compromise the router or a node through which the relevant traffic flows ‱ URL Rewriting – Attacker redirects web traffic to another site that is controlled by the attacker – Attacker writes his own web site address before the legitimate link ‱ Tracking State – When a user logs on to a site a persistent authentication is maintained – This authentication can be stolen for masquerading as the user Web Spoofing
  • 8. ‱ Web Site maintains authentication so that the user does not have to authenticate repeatedly ‱ Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 1. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 1. Hidden Form Elements – ID is hidden in form elements which are not visible to user – Hacker can modify these to masquerade as another user Web Spoofing – Tracking State
  • 9. Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking
  • 10. ‱ Attacker can – monitor the session – periodically inject commands into session – launch passive and active attacks from the session Session Hijacking Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die! Hi! I am Bob
  • 11. ‱ Attackers exploit sequence numbers to hijack sessions ‱ Sequence numbers are 32-bit counters used to: – tell receiving machines the correct order of packets – Tell sender which packets are received and which are lost ‱ Receiver and Sender have their own sequence numbers ‱ When two parties communicate the following are needed: – IP addresses – Port Numbers – Sequence Number ‱ IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking – How Does it Work?
  • 12. Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – Send the victim data or packets which will cause system to crash or reboot. 1. Exhausting the resources by flooding the system or network with information – Since all resources are exhausted others are denied access to the resources 1. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) Attack
  • 13. Types: 1. Ping of Death 2. SSPing 3. Land 4. Smurf 5. SYN Flood 6. CPU Hog 7. Win Nuke 8. RPC Locator 9. Jolt2 10. Bubonic 11. Microsoft Incomplete TCP/IP Packet Vulnerability 12. HP Openview Node Manager SNMP DOS Vulneability 13. Netscreen Firewall DOS Vulnerability 14. Checkpoint Firewall DOS Vulnerability Denial of Service (DOS) Attack
  • 14. ‱ This attack takes advantage of the way in which information is stored by computer programs ‱ An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer Overflow Attacks ‱ Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments ‱ Fill Direction Bottom of Memory Top of Memory Normal Stack ‱ Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments ‱ Fill Direction Bottom of Memory Top of Memory Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten
  • 15. ‱ Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack ‱ Simple weaknesses can be exploited – If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters ‱ Can be used for espionage, denial of service or compromising the integrity of the data Examples – NetMeeting Buffer Overflow – Outlook Buffer Overflow – AOL Instant Messenger Buffer Overflow – SQL Server 2000 Extended Stored Procedure Buffer Overflow Buffer Overflow Attacks

Editor's Notes

  • #3: Get some stories about hackings
  • #4: 1. Normally users log on to one machine and have access to a number of computers.
  • #5: 1. Normally users log on to one machine and have access to a number of computers.
  • #6: 1. Normally users log on to one machine and have access to a number of computers.
  • #7: Repercussions:
  • #8: Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases
  • #9: Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases
  • #10: Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  • #11: Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  • #12: Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  • #13: Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  • #14: Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  • #15: Page 245 (Chapter 7 – Hackers Beware by Eric Cole) When a program calls a subroutine, the function variables and the subroutine return address pointers are stored in a logical data structure known as a stack. A stack is a portion of memory that stores information the current program needs. A return pointer contains the address of the point in the program to return to after the subroutine has completed execution. The variable space is filled LIFO I.e. higher address to lower address. When variable space is exceeded the data goes to neighboring variable space. To cause code to be executed an attacker takes advantage of this by precisely tuning the amount and content of data necessary to cause the buffer to over flow and the operating system stack to crash. The data that the attacker sends usually consists of machine specific byte code to execute a command, plus a new address of the return pointer. This address points back into the address space of the stack, causing the program to run the attacker’s instructions when it attempts to return from the subroutine. The attackers code will run at whatever privileges the host code is running. So normally hackers try to use programs which run with root privileges.