Home>Blog>anakyst>Rootkits Clipping salting bots bot nets
anakyst

Rootkits Clipping salting bots bot nets

System and network assessments

Leighton Johnson, in Security Controls Evaluation, Testing, and Assessment Handbook (Second Edition), 2020

Theoretically all passwords are “crackable”

Password cracking can also be performed with rainbow tables, which are lookup tables with pre-computed password hashes. For example, a rainbow table can be created that contains every possible password for a given character set up to a certain character length. Assessors may then search the table for the password hashes that they are trying to crack. Rainbow tables require large amounts of storage space and can take a long time to generate, but their primary shortcoming is that they may be ineffective against password hashing that uses salting. Salting is the inclusion of a random piece of information in the password hashing process that decreases the likelihood of identical passwords returning the same hash. Rainbow tables will not produce correct results without taking salting into account—but this dramatically increases the amount of storage space that the tables require. Many operating systems use salted password hashing mechanisms to reduce the effectiveness of rainbow tables and other forms of password cracking.17

Cybercrime

John Sammons, Michael Cross, in The Basics of Cyber Safety, 2017

Botnets and Rootkits

Rootkits are tools that may be installed on a computer to give a person elevated privileges to a system and/or to install other software. The rootkit may be installed automatically by hiding it in other software you’ve downloaded, as a Trojan horse, or installed manually once a hacker’s gained access to your system. Once installed, it may create a backdoor that gives a hacker remote access to your computer, install other malware, or install bots (small programs designed to perform a specific task).

Bots aren’t always malicious, as seen by spiders or crawlers that are used by search engines to access websites and gather information about what content is on a site. Unfortunately, the ones that aren’t innocuous may be designed to access accounts, or determine what downloads are on a site so malware can be created that’s disguised as programs that site offers. Another kind of bot is a spambot, which gathers valid email addresses, so mailing lists can be created to send SPAM. Bots are particularly dangerous when they’re deployed to large collections of computers, called botnets. Once a computer is infected, the bot can lay dormant until an attacker chooses to activate them. At this point, the attacker has control of your computer (now called a zombie) and all the other computers in the botnet (also called a zombie army). The attacker can send a signal to have these computers distribute viruses, or send messages to a particular server in a coordinated attack called a Distributed Denial of Service attack. Because the server gets so many messages from the zombie army, it can’t serve legitimate requests to provide a web page or send-and-receive emails. By flooding the targeted server with traffic, the websites and services it provides become inaccessible and the server may crash.

Password cracking

Despite improvements in authenticating a user, passwords are still a common method of determining if a person or process is supposed have access. While someone may try and crack your password manually by guessing and/or using social engineering tactics, there are also tools that will automatically try combinations of letters, numbers, special characters, dictionary words, check for patterns, and other methods to determine the password. Even if a password is encrypted, it doesn’t mean that it can’t be cracked. A brute force cracking tool may try millions of combinations per second until the hacker gives up or the password is finally discovered.

Password cracking tools are often associated with hacking an account on a site, app, or computer, but there are also ones designed to crack the encryption keys used on Wi-Fi networks. Some of the password-cracking tools that may be used include:

John the Ripper (www.openwall.com/john/)

Cain and Able (www.oxid.it/cain.html)

AirCrack (www.aircrack-ng.org)

Because the tool goes through a calculated method of guessing passwords, the time it takes to crack a password varies. The strength of the password, whether encryption is used, and whether there is a limited number of attempts before the account is locked out are all variables in this. In August 2014, Apple’s cloud services called iCloud was hacked, resulting in almost 500 private images of celebrities, including those with nudity be stolen. The accounts were accessed using a combination of spear phishing and brute force attacks, and Apple later patched a vulnerability that allowed unlimited attempts to guess usernames and passwords (VoVPN, 2015). Such a vulnerability isn’t unique. When AppBugs (www.appbugs.co) randomly tested 100 popular apps, they found that 53 of them allowed unlimited logon attempts, meaning a hacker could try over and over again to guess the password without being locked out (AppBugs, 2015).

Another way to get someone’s password is to use recovery tools. In using recovery tools, you’re able to do such things as see the passwords saved on a person’s computer, such as those used in email clients and ones saved in the browser, as well as view other information and restore data that may have been deleted.

Keylogger

Keyloggers are programs that record what you type, logging each keystroke. Some provide the ability to record mouse clicks, what programs you’re using, and may even take screenshots at regular intervals. They can be installed manually or automatically without your knowledge, such as by inserting a flash drive into a USB slot or through a rootkit. Once it’s on your computer, someone can discreetly monitor everything you’re doing. The keylogger may save the recorded keystrokes on your machine (such as to a local or external drive, or flash drive), to a remote location (such as sending it to an FTP site), or emailed.

As seen in the Fig. 5.1 (www.blazingtools.com/bpk.html), Perfect Keylogger provides an easy-to-use interface that allows you to navigate through different dates. Once you’ve selected a particular date in question, you can then choose to see the text someone typed on their keyboard, chats, websites they visited, and screenshots of their activity. If you’re using it to monitor someone, it also includes useful date and time stamps to show when the person did something.

Sign in to download full-size image

Figure 5.1. Perfect keylogger.

As we’ll see in Chapter 10, Protecting your kids, and Chapter 13, keyloggers can be useful in situations where you want to monitor someone’s activity, such as when your child is using the Internet. However, in the hands of a cybercriminal, it can be a vital resource in seeing the usernames and passwords someone typed, the sites those credentials are used for, and other data that may be used for identity theft, blackmail, fraud, and countless other crimes.

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.