operating system vulnerability

Upload: thinageran-rajendran

Post on 06-Mar-2016




0 download




Ethical hacking assignment 2

Ethical hacking assignment 2

Contents1.0 Introduction.12.0 Operating system vulnerability.22.1 Windows vulnerability32.1.1 DoS vulnerability32.1.2 Auto play vulnerability42.1.3 Clipboard vulnerability52.1.4 Register vulnerability52.2 Linux vulnerability.62.2.1 Missing pointer checks.62.2.2 Missing permission checks.72.2.3 Buffer overflow73.0 password cracking techniques83.0.1 Dictionary attack83.0.2 Brute forcing attack.93.03 Hybrid Attack93.0.4 Syllabus Attack103.0.5 Rule-Based Attack104.0 Tools for Hacking114.0.1 Ophcrack.114.0.2 Offline NT password & Registry Editor.124.0.3 Kon boot134.0.4 Cain & Abel v4.9.56144.0.5 John the ripper password cracker.155.0 Hacking Steps166.0 Demonstration.187.0 Conculsion228.0 Referencing23

1.0 Introduction.

Windows operating system is one of the well-known operating system in the world. It is not just a well-known operating system but it is one of the wide used operating system as well. This reason why windows as become this much popular among the user is because windows operating system is one of the user friendly operating system and less expensive compare to the other operating system. When compare the price of the operating system of course that the Linux operating system is much cheaper than windows or it a free operating system. Although it a free operating system but still it has fail to meet the requirement of the user friendly. Other than that if we look at the percentage around 90% or the user uses the windows the preferable operating system.

However now we that most of the user in world uses the windows but here is the question is the windows operation system is safe to be used. As per research show that in 2002 the was countless viruses such as Trojan, worm, and other else were found out. However according to the research that most of the virus is design to attack the windows based operating system only. Other than that, their also some study show that they a lot of security loop that are can be find in the windows operating system.

2.0 Operating system vulnerability.

Operating system is something that is interacting between the hardware and the human being. When it comes to the operating system there are many type of operating system that is available in the market. The user has a wide Varity of choice on picking up the operating system that their wanted to have. Even though there is wide range of operating system but still there is only three type of operating system that dominates the world market operating system. There three popular operating systems are known as the window operating system which the one of the high used operating system compare to the others. The second operating system is Linux. The Linux is a free operating system. The third operating system is known as the apple os. The apple os is considered one of the one of the expensive operation system compare to the other two. Other than that the apple os also is only compatible for apple product only.

Although this three operating system is the one that dominate the world but still there not free from the vulnerability. However in this case each operating has its own vulnerability or security flaws that can bring harm to own system. However when look into statistics it shows that most usable operating system is the one that are having the most flaws or vulnerability that could bring harm to the system.

2.1 Windows vulnerability

Windows is one of the ubiquitous operating system. According to the statistic most of end user is prefer to use the windows platform as the operating system. Compare to the other two major operating system windows are consider the most user friendly and lease expansive operating system that are affordable and easy to use. Moreover unlike the apple operating system, the widows operating are comparable with all type of hardware that is sold in the market. Although the window operating system dominates the market but still it cant be specify as the safes or zero vulnerability operating system. Yes most likely the all of the window operating system in this world are designed which a few numbers of vulnerability that are needed to fix. Some of most common vulnerability that can be found in from most of the windows operating system is DoS, Remote Code Execution, Memory Corruption, Overflow, SQL Injection, XSS, HTTP Response Splitting.

2.1.1 DoS vulnerability

Dos is stand for denial of service attack. Dos are types of attack that may interrupt of suspend the services of the computer. Mostly the dos attack will launch to the network but it can be used to float the CPU usage of the computer. According to the research the windows operating system was found with few of software that install with the high potential of causing the Dos attacks for example such as the MS14-006 update that was released in February 2015. According to the Microsoft TechNet the update was released in order to fix the vulnerability of the ipv6 in the windows 8, windows RT and windows server 2012 that can allow the denial of services attack to the particular operating system.

2.1.2 Auto play vulnerability

Auto play is one type of features in the windows operating system. The auto play system was introduced in windows xp operating system ever since that the auto play vulnerability take place in the windows operating until this day. The auto play system was invented to make the life of the end user to be easy. Basically the auto play is design to execute the code form the removable device that has been plug into the computer. Actually it work in this way where when the user plugs in the removable devices the system will automatically read the auto run script that will tell the system what to execute form the removable device. Normally the auto run script will written in the notepad file and it will be save as the hidden file into the removable devices such as the once shown in figure 2.1.2a . Since the auto run script and the auto play function ha rights to run without the knowledge of the user. The attacker can just write script to execute the file content with the malicious program. One of the prefect examples that auto run script could affect the computer with virus and malicious program is a virus that called as secure browsing. These secure browsing viruses will automatic copy to the system when the user plugs in the infected removable devices into the system. Basically the virus work in a simple way where the attacker code a script into the auto run file in the removable device which will execute the virus when auto play reads the file.

Figure 2.1.2a shows an example of auto run script.

2.1.3 Clipboard vulnerability

Clipboard is a type of software that has developed by windows operating system ad it was install in the windows operating system as well. Clipboard is actually software that used to data storage and transfer document or application via the copy and paste operations. According the research the clipboard was confirmed as the zero day vulnerability in the windows kernel system. According to security researcher this flaw was found in windows 7 window server 2008, windows server 2003. According to the security research this clipboard can cause damage to the operating system by having buffer overflows in windows kernel. The buffer overflows in kernel can a result of elevation of privilege attacks to the system (jabulani leffall.2010).

2.1.4 Register vulnerability

Almost all of the windows configuration setting and option are stored in a hierarchical database which the database is known as the windows registry. Window registry is considered as the low level OS setting and it also used for the applications setting as well. As normal end user the also able to access the registry and there can edit the setting of the operating system and also the application that has been install thru the registry. However this registry editor program in the window is not a secure program. The reason that put the program is not secure is the registry program allow to edit the registry without the permissions of the user. Other that the registry files also can be edit thru the cmd terminal. The only thing that the attacker need is windows install cd to boot in the system and run the registry thru the cmd. As a result the attacker also can gain privilege of the operating system thru the process and it also can post a serious threat to the end user.

2.2 Linux vulnerability.

Linux is one of the operating system that is a similar to the UNIX. Compare to the windows operating system Linux is less famous and it is prefer to be used by most of the end user. Basically the Linux operating system is one of the open source operating system. When come to open source operating system the end user who using the particular operating system will be charge for the license of the product on the other word it free operating system. Other than free operating system the Linux operating system also allows the user to modify the operating system where the user can get access on the source code of the operating system. Even though Linux is consider as free operating system and it also has no any type of virus for the operating system but still it also offer a few vulnerability as well. Some of the common vulnerability that are from the Linux operating system such as missing pointer checks, missing permission check, integer overflows, uninitialized data, memory mismanagement, miscellaneous.

2.2.1 Missing pointer checks.

The missing pointer checker program normally comes from the Linux kernel. Mostly this type of problem will occur at the kernel omits access ok check. By referencing to the research this vulnerability may allow the denial of services attack to occur to the operating system. Other than that this missing pointer checks also may cause the attacker to gain privilegas by leveraging a bug. Normally his type problem will occur in operations like get_user. Which this does not validate the value of the user.

2.2.2 Missing permission checks.

In this case the kernel must normally check on the operation and it also need to divide the operation where only the privilege user can perform the operation. But in this case the kernel fails to check the operation. Where the kernel performs the privilege operation without checking and this may lead to the violation of kernel security. Whereby the attacker can exploit this vulnerability and gain the access as the privilege user.

2.2.3 Buffer overflow

Buffer overflow occur to the operating system when the kernel incorrectly check the upper or lower bound when accessing a buffer. Where the kernel will allocate a smaller buffer than what it supposed to allocate. In this case, the attacker can exploit the vulnerability thru corrupting the memory of the kernel. Other than that an adversary can mount privilege-escalation attacks by overwriting nearby function pointers and subverting the kernels control flow integrity.

3.0 password cracking techniques

Password cracking is techniques that are used to find the password for the system. These are the Normal classic way to gain access or to gain privileges to the computer system. There few classic way to find out the password for the system, one of it can by guessing the password that has been set by the user from known the about the user. Other than that according to research that most of the people set their password by using the something that like the most for example such as the name of someone that they like the most, car no, hand phone no. this are most type of password that has been used by the user around. If these cases then guess the password for users accounts will easy if the hacker knows the user well. Other than that there are also five types of techniques that can be used to crack the password.

3.0.1 Dictionary attack

A dictionary attack is one of the ways to crack or break the password, or a way to break into a password protected computer system. A dictionary attack also can be used to fine the key to decrypt an encrypted document such the word document. Basically the dictionary attack work in such way where the attack the based on a dictionary file. Whereby the dictionary file will loaded into the cracking application that will run against the victim account. Normally the dictionary will be filled with the list of word that can be possible password for that account. The cracking application will run the word that contains in the dictionary file to find the password. Although the dictionary attack is actually useful than brute force attack but still it can be used to attack the system that uses the passphrases.

3.0.2 Brute forcing attack.

Brute force attack are simple process that can be understand and used the by the attacker easily but protecting against the attack is not easily. The process of the brute force attack is stated by RSA as exhaustive key search or as brute force search. This technique that brute force uses to find the password is actually very easy where it tries every possible key by order until it find out the correct key that matches the password. However since the brute force attack will use evert single key to try to attack the system the brute force attack take a lot of time to break the password. But still the process can speed up by using the grid computing system where by the grid computing will speed up the cracking process by dividing the task.

3.03 Hybrid Attack

Hybrid attack is actually similar to the dictionary attack where by it also uses the dictionary file to find out the password of the system. Even though it also use the dictionary file to attack but it not fully some with the dictionary. Normally the dictionary attack will used to find out the password for the system for first where the password was not been discover before. But the hybrid attack normally it launched when the user change the password. But new password that has been change by adding a new character only for example such the old password is pass and the new password is pass2. This is when the hybrid attack is used to crack password. The hybrid attack actually used the dictionary file to find one for one or two new character.

3.0.4 Syllabus Attack

Syllabus attack is one of the powerful attack compare to other attacking techniques. The syllabus attack is a combination of the brute force attack which tried every single password for find the matching password, and the dictionary attack which uses a word file to find out the password of the system. Normally this type attack will be launched when the password is not an existing word, whereby the attacker will use the dictionary and some other types of cracking techniques to find out the password of the system.

3.0.5 Rule-Based Attack

Rule-based Attack is normally used when the attacker know some basic information on the password that the victim has set. This rule based attack can considered as one of the powerful attack as well due to the attacker knows the type of password that has been set for the system. An example of the rule based is, when the attacker know the type of the password such password is contain number and letter then the attacker can set the rules for type of the password the tool will follow the techniques to crack the password.

4.0 Tools for Hacking

4.0.1 Ophcrack.

Ophcrack is one of the windows password cracking tools. Which according to the online review the ophcrack is one of the best and fasters windows password cracking tools. Opcharck is considered as one of the easy tools to crack the windows password. However the ophcrack is a one of the free open source software. Normally all type of windows password will be stored in LM hash key form which is one of the harder password to crack. However the ophcrack tools used the rainbow tables as the main source to find the windows password. The program also includes the ability to import the hash file that is from a wide range of format, which includes the dumping directly for the window SAM files.

Most of the rainbow table for the LM hashes file can find for free. In this case the ophcrack tool is included with the rainbow table that allows it to crack the password that is no longer than 14 characters. Even though it is able to crack the password that is 14 character long but still the password should be only build with alphanumeric characters. The ophcrack software also is available in the live usb or live cd form as well. Where in this case the attacker do not need to login in to system to crack the password the user can just boot up the cd or usb to run the program.

4.0.2 Offline NT password & Registry Editor. Offline NT password & Registry Editor is one of the tools that can be used to recover the password for the windows operating system. However this program is design in way it will not recover the password for the windows but instead of that it will delete the password of the windows operating system. This is why that this cracking tools different than other cracking tools such the ophcrack. The offline nt password & Registry editor tool can be download form the website call pogostick.net. The tools will save in a zip file format where it needed to be extract the iso file that are inside the zip file. This offline NT password &registry Editor is capable to crack the password for the window 8(local account only).windows 7, windows vista, and windows xp. However inorder to use the tool the tools must burn into a cd only. Which unlike the ophcrack tool that can be used thru the live usb method.

Even though it only can be used if the tool is burn in cd but running the tool is similar to the ophcrack tool. In-order to run this tool the need to boot into the victims personal computer. However this tool is not included with the gui interface instead of that this tool is using the normally command line terminal as the interface of the program.

4.0.3 Kon boot

Kon-boot is another windows password hacking tool that is the easiest and the fastest tool to crack the windows password. However this tool is also one of the free version tools that can be find and download thru online. This can tool is also available in this site www.piotrbania.com. However the hacker also can learn how to use these tools from the site itself. Even though is easy to use but still the download file of this tools will be in iso type file. The cons of the tool is the tool only can use if the tool is burn into the cd. Where else it will not work if the tool is made into the live usb.

However this tool is similar to the offline NT & registry editor tool where it will only remove or reset the administrator password. This tool is also not similar to the ophcrack where it does not have the option to recover the for the windows user. The interface of the tool is also same with the offline NT password &registry editor tools where it also offers only the command line interface. Although it offers the command line interface, the tool still has its own preset option to select in order to perform the hacking process.

4.0.4 Cain & Abel v4.9.56

Cain & Abel is also a type of tool that can be used to crack the windows password. Unlike the other tools the Cain &Abel are required to be installed in the operating system. In order to do that the attacker need to have a work user account in the particular operating system. In this way this tool is not consider as the best tools to hack the password for the windows operating system for a hacker. If the person needs to retrieve or reset the password for their own account then this tool is recommended to use.

However this tool can be installed in windows operating system as well the Linux operating system. Plus this tool also can be downloaded for free thru the online from the website oxide.net. even though this tools need to be install into the operating system but this tools still offer the both option crack the password, which is the tool are able to reset the password as well the tool is able recover the password by using the rainbow table. However the cons this tool is the rainbow table is needed to download separately.

4.0.5 John the ripper password cracker.

John the ripper is also one of the types of tool that can be used to crack the windows operating system password. The John the ripper tools are considers one of the popular tools that can be used to crack the password. Other that this tool also is based on the open source code where the user do not need to pay for the services. This john the ripper tool is man design for the UNIX operating system. Other than that the john ripper tools also is install in some of the Linux operating system as well such as the kali Linux which is design for penetration test.

However the john the ripper tools has a few type of password cracking techniques one of it the dictionary attack where the john the ripper tool will use a dictionary file to find the matching password for the system. Other than that john the ripper tools also offer the brute force attack as well. Where it can be used to retrieve the password that uses the hash file.

5.0 Hacking Steps

Prepared tools to use to hack the windows 8.1 passwords is ophcrack. Step 1 downloading the tools The iso file of the ophcrack tools needed to be download form the ophrcrack websiteAfter downloading the liv usb tools also need to be download to make the live usb or it can be burn into the cd as well.Step 2 making the bootable pen drive.Once the live usb software is download run the application.Once the application is run select the iso file and then insert the pendrive and run the software to make the live usb.Step 3 boots the tools into the system.Insert the ophcrack live usb into the usb port and then restart the system.Once you see the initial screen which the black screen that show before the windows start then press on DEL button to interpret and enter into the setup mode.Once you are in the setup mode select the usb storage as the boot up option. Then the ophcrack tool will start boot up into the system.

Step 4 loads the tools and crack the password. Once the boot option was selected as usd or cd then the tool will ask to choose the option to boot into in this part we need choose the ophcrack graphic mode.Then once the mode has been select the tool will automatically start to launched the attack and try to find the password.

6.0 Demonstration.

Figure 6.0 a show to burn the tool into a cd. Once the iso file for the tools has been finish insert a blank CD then use the window dise image burner to burn the tool in to the CD.

figure 6.0 BOnce the tool has finished burn into the CD drive then we need to restart the system. To run the tool.

Figure 6.0 C.Once the system has reboot press on the f9 button to choose on the boot option.Once you are in the boot option select on the internal cd drive to run the live cd.

Figure 6.0 DOnce boot up is complete the system will ask to select the mode that you wanted to enter into in this part need select on the ophcrack graphical mode automatic to run the hacking tools.

Figure 6.0 EOnce the program start it will start cracking the password the administrator account in the windows.

Figure 6.0 FOnce the software finish cracking the password then the system will automatically show the password for the local administrator account.

7.0 Conculsion In conclusion, there many type of tool that are available online that can be used to crack the password not just for the operating system but the for other application as well. However they is no any type operating system or application that are free form vulnerability or on the word all software and operating system are created with the unknown vulnerability. But it doesnt mean that the vulnerability will not be found of fix. However to reduce the vulnerability as well to reduce the risk to get hack extra precocious needed to be take. such setting a strong password could one, the reason of setting a strong password may avoid from getting hack is by setting the strong password it will take a longer time to hack into the system.

8.0 Referencing

Jabulani Leffall. 2010. Zero-Day Windows Kernel Flaw Linked to Clipboard. [ONLINE] Available at: http://mcpmag.com/articles/2010/08/09/zero-day-windows-kernel-flaw-linked-to-clipboard.aspx. [Accessed 03 April 15].

Chin-Tser Huang. 2007. denial of service attack. [ONLINE] Available at: http://www.cs.utexas.edu/users/chuang/dos.html. [Accessed 03 April 15].

Nicolas Economou. 2014. MS14-006: Microsoft Windows TCP IPv6 Denial of Service Vulnerability. [ONLINE] Available at: https://blog.coresecurity.com/2014/03/25/ms14-006-microsoft-windows-tcp-ipv6-denial-of-service-vulnerability/. [Accessed 03 April 15].

swiat. 2010. Registry vulnerabilities addressed by MS10-021. [ONLINE] Available at: http://blogs.technet.com/b/srd/archive/2010/04/12/registry-vulnerabilities-addressed-by-ms10-021.aspx. [Accessed 03 April 15].

cobb.m. 2007. How secure is the Windows registry?. [ONLINE] Available at: http://searchsecurity.techtarget.com/answer/How-secure-is-the-Windows-registry. [Accessed 04 April 15].

Yarden .j. 2007. Be aware of this Windows registry vulnerability. [ONLINE] Available at: http://www.techrepublic.com/article/be-aware-of-this-windows-registry-vulnerability/. [Accessed 04 April 15].

anon. 2007. conman vulnerability . [ONLINE] Available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258. [Accessed 04 April 15].

anon. 2011. WINDOWS OPERATING SYSTEM VULNERABILITIES. [ONLINE] Available at: http://www.ijccr.com. [Accessed 04 April 15].

margaret.r. 2005. what is dictionary attack. [ONLINE] Available at: http://searchsecurity.techtarget.com/definition/dictionary-attack. [Accessed 04 April 15].

johan .l. 2013. brute force attack. [ONLINE] Available at: http://www.howtogeek.com/166832/brute-force-attacks-explained-how-all-encryption-is-vulnerable/. [Accessed 04 April 15].

Nakib Momin . 2014. 6 Most Common Password Cracking Methods And Their Countermeasures. [ONLINE] Available at: http://www.coolhackingtrick.com/2014/01/6-most-common-password-cracking-methods.html. [Accessed 04 April 15].

Thinageran RajenadranPage 0