NT SECURITY: HACKINGAND HOW TO PREVENT IT

BY GREG WATSON

WHAT IS HACKING?

HACKING VS. "CRACKING"THE WORD HACKING HAS TWO DEFINITIONS: 1) THE HOBBY OR PROFESSION OF WORKING WITH COMPUTERS. 2) BREAKING INTO COMPUTER SYSTEMS OR "CRACKING" INTO THEM.

WHY HACK OR WHY CRACK?

THE MIND OF THE HACKER OR WHATARE THE MOTIVATIONS OF HACKERS:

SOCIAL MOTIVATIONS - peer acceptance, a feeling of self superiority.

TECHNICAL MOTIVATIONS - people who hack who hack to help, in their minds, progress the evolution of technology.

FINANCIAL MOTIVATIONS - people who hack for personal gain. Corporate espionage, financial institutions, and even people who are pirating (or cracking) software for profit.

POLITICAL MOTIVATIONS - hackers who break into systems related to a political movement they want to speak out against.

GOVERNMENT MOTIVATIONS - acts committed by one government against another. Information warfare and governmental espionage would fit into this category.

NT HACKER TOOLS

NT Recover and NT Locksmith by Sysinternals.

With NTRecover you can access a dead x86 NT system's disks from a good system over a serial connection. You can then salvage data off of the drives using native NT commands and utilities.

NTLocksmith is an add-on program to NTRecover that allows for the changing of passwords on systems where the administrative password has been lost. It works 100% of the time, and if you've forgotten the password to your machine, you can gain entry within minutes using NTLocksmith.

MORE NT HACKING TIPS

pwdump - http://www.inch.com/~agagescu/hp/Ntpass.htm#crack2.

It walks through your SAM database and writes out a file with userid's and the hash values associated with the user's password.

SYN ATTACK

Multiple TCP connection requests (SYN) are sent to the target computer with an unreachable source IP address.

On receiving the connection request, the target computer allocates resources to handle and track the new connection, then responds with a "SYN-ACK" to the unreachable address.

10

• An Internet Browsing Hacking Tip

• A URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory.

• A URL such as 'http://www.domain.com/scripts..\..\scriptname' allows you to execute the target script.

11

THE GUEST ACCOUNT

• By default user 'Guest' or IUSR_WWW has read access to all files on an NT disk. These files can be browsed, executed or downloaded by wandering guests.

12

KNOWN NT EXPLOITS

• http://xforce.iss.net/library/bill_stout/ntexploits.htm

NT HACKING PREVENTION

18 basic NT Security Tips available athttp://www.ntsecurity.net

Rule #1: Always use NTFS disk partitionsinstead of FAT.

/

14

• Disable the Guest Account

• Create a New Administrator Account, and take the permissions away from the existing Administrator Account.

15

• Make sure routers between your UN-trusted bordering networks (Internet, etc) can (and are configured to) stop source routing, IP spoofing, and ICMP redirects