SYSTEM HACKING

Trong cc chng trc, chng ta kho st qua qu trnh thu thp thng tin ca mc tiu cn tn cng. Nhng k thut nh Footprinting, Social engineering, Enumeration, Google Hacking c p dng cho mc ch truy tm thng tin.n chng ny, bn bt u i vo qu trnh tn cng h thng tht s. Mc tiu ca bn by gi l r trc mt, bn phi tin hnh nhng k thut khc nhau lm sao vo c trong h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy chng trnh trojan, keyloggerQu trnh tn cng h thng

Hnh 8. 1: Quy trnh tn cng h thngTrc khi tip tc ni v System Hacking chng ta dnh cht thi gian cho vic tm hiu mt qu trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh. Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng on nh sau:1. Enumerate (lit k): Trch ra tt c nhng thng tin c th v user trong h thng. S dng phng php thm d SNMP c c nhng thng tin hu ch, chnh xc hn. Bn tm hiu v phng php SNMP trong phn trc.2. Crack: Cng on ny c l hp dn nhiu hacker nht. Bc ny yu cu chng ta b kha mt khu ng nhp ca user. Hoc bng mt cch no khc, mc tiu phi t ti l quyn truy cp vo h thng.3. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy cp t user binh thng ln admin hoc user c quyn cao hn cho chng ta tn cng.4. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc malware, keylogger, rootkit chy n trn my tnh tn cng.5. Hide (n file): Nhng file thc thi, file soucecode chy chng trnhcn phi c lm n i, trnh b mc tiu pht hin tiu dit.6. Tracks (du vt): Tt nhin khng phi l li du vt. Nhng thng tin c lin quan n bn cn phi b xa sch, khng li bt c th g. Nu khng kh nng bn b pht hin l k t nhp l rt cao.Trong chng ny, bn s cng tri qua nhng cng ngh thc hin cc bc trn tn cng h thng. Qua chng ta s a ra nhng gii php chng li tn cng . Phn Enumeration c tho lun trong chng trc, nn s khng cp trong phn ny.Phn 1: Cracking PasswordsMt khu v cc kiu tn cng mt khuMt vi kiu password dng truy cp vo h thng. Cc k t dng lm mt khu c th ri vo cc trng hp sau. Ch l ch ci. VD: ABCDJ Ch l s. VD: 457895 Ch l nhng k t c bit. VD: #$^@&* Ch ci v s. VD: asw04d5s Ch l s v k t c bit. VD: #$345%4#4 Ch ci ,s, v k t c bit. VD: P@ssw0rd mnh ca mt khu ph thuc vo kh nng nhy cm ca hacker. Quy tc sau y, ngh ca Hi ng EC, phi c p dng khi bn to mt mt khu, bo v n chng li cc cuc tn cng. Khng cha tn ti khon ngi dng Ngn nht phi 8 k t Phi cha cc k t t t nht ba trong s cc loi sau C cha cc k t c bit/ Cha ch s. Ch ci vit thng Ch ci vit hoa.Mt hacker dng cc cch tn cng khc nhau tm password v tip tc truy cp vo h thng. Cc kiu tn cng password thng dng sau:

Hnh 8. 2: Cc kiu tn cng mt khu Passive Online: Nghe trm s thay i mt khu trn mng. Cuc tn cng th ng trc tuyn bao gm: sniffing, man-in-the-middle, v replay attacks (tn cng da vo phn hi) Active Online: on trc mt khu ngui qun tr. Cc cuc tn cng trc tuyn bao gm vic on password t ng. Offline: Cc kiu tn cng nh Dictionary, hybrid, v brute-force. Non-Electronic: Cc cuc tn cng da vo yu t con ngi nh Social engineering, PhisingPassive Online AttacksMt cuc tn cng th ng trc tuyn l nh hi (sniffing) tm cc du vt, cc mt khu trn mt mng. Mt khu l b bt (capture) trong qu trnh xc thc v sau c th c so snh vi mt t in (dictionary) hoc l danh sch t (word list). Ti khon ngi dng c mt khu thng c bm (hashed) hoc m ha (encrypted) trc khi gi ln mng ngn chn truy cp tri php v s dng. Nu mt khu c bo v bng cch trn,mt s cng c c bit gip hacker c th ph v cc thut ton m ha mt khu.Active Online AttacksCch d nht t c cp truy cp ca mt qun tr vin h thng l phi on t n gin thng qua gi nh l cc qun tr vin s dng mt mt khu n gin. Mt khu on l tn cng. Active Online Attack da trn cc yu t con ngi tham gia vo vic to ra mt khu v cch tn cng ny ch hu dng vi nhng mt khu yu.Trong chng 6, khi chng ta tho lun v cc giai on Enumeration, bn hc c nhng l hng ca NetBIOS Enumeration v Null Session. Gi s rng NetBIOS TCP m port 139, phng php hiu qu nht t nhp vo Win NT hoc h thng Windows 2000 l on mt khu. Ci ny c thc hin bng cch c gng kt ni n h thng ging nh mt qun tr vin thc hin. Ti khon v mt khu c kt hp ng nhp vo h thng. Mt hacker, u tin c th th kt ni vi ti nguyn chia s mc nh l Admin$, C$ hoc C:\Windows. kt ni ti cc a my tnh, a chia s, g lnh sau y trong Start > Run: \\ ip_address \ c$Cc chng trnh t ng c th nhanh chng to ra file t in, danh sch t, hoc kt hp tt c c th c ca cc ch ci, s v k t c bit v c gng ng nhp vo. Hu ht cc h thng ngn chn kiu tn cng ny bng cch thit lp mt s lng ti a ca cc n lc ng nhp vo mt h thng trc khi ti khon b kha. (v d khi bn ng nhp vo mt trang web m bn nhp sai password 5 ln th ti khon bn t ng b kha li 1 ngy)Trong cc phn sau, chng ta s tho lun lm th no hacker c th thc hin vic t ng on mt khu cht ch hn, cng nh cc bin php i ph vi cc cuc tn cng nh vy.Performing Automated Password Guessing: (T ng on Mt Khu) tng tc on ca mt khu, hacker thng dng cng c t ng. Mt cch c qu trnh, d dng t ng on mt khu l s dng ca s lnh da trn c php chun ca lnh NET USE. to ra mt kch bn n gin cho vic on mt khu t ng, thc hin cc bc sau y:1. To ra mt tn ngi dng n gin v tp tin mt khu bng cch s dng cc ca s notepad. Dng cc dng lnh to ra danh sch cc t in. V sau lu vo cc tp tin vo a C, vi tn l credentials.txt2. S dng lnh FORC:\> FOR /F token=1, 2* %i in (credentials.txt)3. G lnhnet use \\targetIP\IPC$ %i /u: %j s dng file credentials.txt c gng logon vo h thng chia s n trn h thng mc tiu

Bo V Chng Li Cc Hot ng on Mt KhuC hai vn tn ti l bo v chng li on mt khu v tn cng mt khu. C hai cch tn cng u rt thng minh to trng thi bt an khi ngi dng to mt khu ring ca h. Mt ngi s dng cng c th c chng thc (authenticated) v xc nhn (validated) bng cch kim tra. Trong yu cu hai hnh thc nhn dng (chng hn nh cc th thng minh (smart card) v mt khu) khi xc thc ngi dng. Bng cch yu cu mt ci g ngi dng c th c (smart card) v mt ci g m ngi dng bit (mt khu) , bo mt tng, v khng d dng tn cng .Offline AttacksCuc tn cng Offline c thc hin ti mt v tr khc hn l hnh ng ti my tnh c cha mt khu hoc ni mt khu c s dng. Cuc tn cng Offline yu cu phn cng truy cp vt l vo my tnh v sao chp cc tp tin mt khu t h thng ln phng tin di ng. Hacker sau c file v tip tc khai thc l hng bo mt. Bng sau minh ha vi loi hnh tn cng offline:Bang 8.1: Cc kiu tn cng OfflineType of AttackCharacteristicsExample Password

Dictionary attackN lc s dng mt khu t t inAdministrator

Hybrid attack

Thay th mt vi k t ca mt khuAdm1n1strator

Brute-force-attackThay i ton b k t ca mt khuMs!tr245@F5a

Dictionary Attack l cch tn cng n gin v nhanh nht trong cc loi hnh tn cng. N c s dng xc nh mt mt khu t thc t, v mt khu c th c tm thy trong t in. Thng thng nht, cuc tn cng s dng mt tp tin t in cc t c th, sau s dng mt thut ton c s dng bi qu trnh xc thc. Cc hm bm (hash) ca cc t trong t in c so snh vi hm bm ca mt khu ngi dng ng nhp vo, hoc vi cc mt khu c lu tr trong mt tp tin trn my ch. Dictionary Attack ch lm vic nu mt khu l mt thc th c trong t in. Nhng kiu tn cng ny c mt s hn ch l n khng th c s dng vi cc mt khu mnh c cha s hoc k hiu khc .Hybrid Attack l cp tip theo ca hacker, mt n lc nu mt khu khng th c tm thy bng cch s dng Dictionary Attack. Cc cuc tn cng Hybrid bt u vi mt tp tin t in v thay th cc con s v cc k hiu cho cc k t trong mt khu. V d, nhiu ngi s dng thm s 1 vo cui mt khu ca h p ng yu cu mt khu mnh. Hybrid c thit k tm nhng loi bt thng trong mt khu.Brute Force Attack l mt cuc tn cng bng thut ton brute-force, m mi c gng kt hp c th c ca ch hoa v ch thng, ch ci, s, v biu tng. Mt cuc tn cng bng thut ton brute-force l chm nht trong ba loi tn cng v c th kt hp nhiu k t trong mt khu. Tuy nhin, cch ny c hiu qu, cn c thi gian v sc mnh x l tt c.Noneelectronic AttacksCc cuc tn cng nonelectronicor l cuc tn cng m khng s dng bt k kin thc k thut no. Loi tn cng c th bao gm cc k thut nh social engineering, shoulder surfing, keyboard sniffing, dumpster diving.Microsoft AuthenticationMicrosoft xut ra hng lot cc giao thc thc dnh cho h iu hnh my khch v my ch, mi trng workstation hoc domain u p dng c. Nhng giao thc c th k ra nh trong hnh, km theo l nhng phin bn h iu hnh s dng n.Mi giao thc chng thc c mt cch m ha d liu khc nhau, v di m ha cng khc nhau. Bng 8.2 di y l bng thng tin m ha dnh cho cc loi chng thc c bn.

Hnh 8. 3: Cc giao thc chng thc ca MicrosoftBang 8.2:Thng tin chng thc c bn

Giao thc xc thc NTLMS dng mt c ch thch thc-p ng (challenge-response) xc thc ngi dng v my tnh chy Windows Me hoc h iu hnh trc , hoc my tnh chy Windows 2000 hoc sau m khng phi l mt phn ca doamin. Mt ngi dng c thch thc (challenge) c cung cp mt s phn thng tin c nhn duy nht cho ngi s dng (response).

Hnh 8. 4: M hnh chng thc Challenge-ResponseWindows Server 2003 h tr ba phng php xc thc theo kiu challenge- response sau y:1. LAN Manager (LM): c pht trin bi IBM v Microsoft s dng trong OS2 v Windows cho Workgroups (Windows 95, Windows 98 v Windows Me). y l hnh thc km an ton ca xc thc challenge-response v n l d b k tn cng nghe trm, v my ch chng thc ngi dng phi lu tr cc thng tin trong LMHash .2. NTLM version 1: Mt hnh thc an ton hn so vi kiu LM. N c s dng kt ni vi my ch chy Windows NT vi Service Pack 3 hoc sm hn. NTLMv1 s dng giao thc m ha 56-bit. My ch xc thc ngi dng vi bt k phin bn ca NTLM no, vic xc thc phi lu tr cc thng tin trong mt Hash NT.3. NTLM version 2: Hnh thc an ton nht c sn trong chng thc challenge-response. Phin bn ny bao gm mt knh an ton bo v qu trnh xc thc. N c s dng kt ni vi my ch chy Windows 2000, Windows XP, v Windows NT vi Service Pack 4 hoc cao hn. NTLMv2 s dng m ha 128-bit m bo cc giao thc an ton.LM AuthenticationLM Authentication cung cp kh nng tng thch vi h iu hnh trc , bao gm Windows 95, Windows 98 v Windows NT 4.0 Service Pack 3 hoc sm hn. Ngoi ra cn c cc ng dng trc m c th da vo c ch xc thc ny. Tuy nhin, giao thc LM l yu nht, v d dng nht tn cng. Khng s dng chng thc LM trong mt mi trng Windows Server 2003. Nng cp cc my tnh da trn giao thc LM loi b l hng bo mt ny.Storing LM passwordsL do chnh khng s dng giao thc LM l khi mt khu c to ra bi ngi s dng v c lu tr s dng, mt khu c chuyn i LMHash mt ln. LMHash cha tn ngi dng v hash ca mt khu tng ng. Hash l mt hnh thc m ha mt chiu. Khi mt khch hng c gng xc thc vi chng thc LM cc hash ca mt khu c truyn trn mng. My ch ch c th xc thc ngi s dng nu my ch c lu tr LMHash .LMHash c mt vi im yu m lm cho n d b tn cng hn Hash NT. Cc LMHash c lu tr l cc ch hoa, c gii hn trong 14 k t. Nu c hiu bit, k tn cng c c quyn truy cp vo LMHashes ly c mt s lng ln ngi s dng, c kh nng l k tn cng s gii m c mt khu.Bang 8.3: V d v mt khu v cc LMHashes tng ng m c th c lu tr.

Ch rng vi hash ca mt khu lun c 14 k t, nu cha th k t E (m 16) c thm vo sau cng. Trong qu trnh tnh ton cc hash, mt khu ban u c chia thnh hai b by k t. Nu mt khu l by k t hoc t hn, tp th hai ca by k t l null. iu ny dn n cc k E cui cng l mt gi tr gip cho k tn cng bit cc mt khu ban u l t hn tm k t. iu ny gip k tn cng gim bt thi gian d tm m.V hiu ha mt khu LMWindows Server 2003 cho php bn v hiu ha cc LMHash loi b cc l hng c trnh by trn. Tuy nhin, nu bn c client ang chy Windows 3.1 hoc bn pht hnh ban u ca Windows 95 kt ni vi mt my tnh chy Windows Server 2003, th bn khng v hiu ha cc LMHash. Tuy nhin, bn vn c th v hiu ha vic s dng LMHash trn c s account-by-account bng cch lm mt trong nhng iu sau y: S dng mt khu vi 15 k t hoc di hn. Kch hot cc gi tr registry NoLMHash cc b trn mt my tnh hoc bng cch s dng chnh sch an ninh. S dng cc k t ALT trong mt khu. K t ALT c a vo mt mt khu bng cch gi phm ALT, g cc phm s, v sau th phm ALT.NTLM AuthenticationNh cp trc , NTLM bao gm ba phng php xc thc challenge-response: LM, NTLMv1, v NTLMv2. Qu trnh xc thc cho tt c cc phng php l nh nhau, nhng chng khc nhau mc m ha.Qu trnh xc thcCc bc sau y chng t qu trnh ca mt s kin xc thc xy ra khi mt client xc nhn n domain controller bng cch s dng bt k cc giao thc NTLM:

Hnh 8. 5: M hnh chng thc NTLM1. Cc client v server thng lng mt giao thc xc thc. iu ny c thc hin thng qua vic thng lng nh cung cp dch v h tr bo mt ca Microsoft (Security Support Provider). Client gi tn ngi dng v tn min ti domain controller.2. Domain controller chn ngu nhin 16 byte to ra mt chui k t c gi l nonce3. Client m ha nonce ny vi mt hash ca mt khu v gi n tr li domain controller.4. Domain controller tr li hash ca mt khu t c s d liu ti khon bo mt.5. Domain controller s dng cc gi tr bm ly t c s d liu ti khon bo mt m ha nonce. Gi tr ny c so snh vi gi tr nhn c t client Nu cc gi tr ph hp, client c chng thc.Giao thc chng thcKerberosL mt giao thc xc thc mc nh cho Windows Server 2003, Windows 2000 v Windows XP Professional. Kerberos c thit k c an ton hn v kh nng m rng hn so vi NTLM trn mng ln. Kerberos cung cp thm cc li ch sau y: Hiu qu (Efficiency):Khi mt my ch cn xc thc mt client, my ch Kerberos c th xc nhn cc thng tin ca client m khng cn phi lin h vi domain controller. T chng thc (Mutual authentication)Ngoi vic chng thc cliet n server, Kerberos cho php my ch xc thc ln nhau. y quyn chng thc (Delegated authentication): Cho php cc dch v ng vai client khi truy cp vo ti nguyn. n gin ha qun l (TrustKerberos): c th s dng trust gia cc domain trong cng mt forest v cc domain kt ni vi mt forest. Kh nng cng tc ( Interoperability): Kerberos c da trn tiu chun Internet Engineering Task Force (IETF) v do tng thch vi IETF khc tun theo li Kerberos.Quy trnh xc thc KerberosGiao thc Kerberos ly tng t cc con ch ba u trong thn thoi Hy Lp. Ba thnh phn ca Kerberos l:1. Cc client yu cu dch v hoc chng thc.2. Cc server lu tr cc dch v theo yu cu ca client.3. Mt my tnh c ngha l ng tin cy ca khch hng v my ch (trong trng hp ny, Windows Server 2003 domain controller chy dch v Kerberos Key Distribution Center).Xc thc Kerberos c da trn cc gi d liu nh dng c bit c gi l ticket. Trong Kerberos, cc ticket i qua mng thay v mt khu. Truyn ticket thay v mt khu lm cho qu trnh xc thc tng kh nng chng tn cng.Kerberos Key Distribution CenterKey Distribution Center (KDC) duy tr mt c s d liu cc thng tin ti khon cho tt c cc hiu trng an ninh (security principals) trong min. Cc KDC lu tr mt kho mt m ch c cc nsecurity principals c bit n. Kha ny c s dng giao tip gia security principals v KDC, v c bit n nh mt cha kha di hn. Cha kha di hn c bt ngun t mt khu ng nhp ca ngi dng.Qu trnh xc thc KerberosSau y l m t mt phin giao dch (gin lc) ca Kerberos. Trong : AS = My ch chng thc (authentication server), TGS = My ch cp v (ticket granting server), SS = My ch dch v (service server).Mt cch vn tt: ngi s dng chng thc mnh vi my ch chng thc AS, sau chng minh vi my ch cp v TGS rng mnh c chng thc nhn v, cui cng chng minh vi my ch dch v SS rng mnh c chp thun s dng dch v.

Hnh 8. 6: M t vn tt quy trnh chng thc Kerberos1. Ngi s dng nhp tn v mt khu ti my tnh ca mnh (my khch).2. Phn mm my khch thc hin hm bm mt chiu trn mt khu nhn c. Kt qu s c dng lm kha b mt ca ngi s dng.3. Phn mm my khch gi mt gi tin (khng gi mt m ha) ti my ch dch v AS yu cu dch v. Ni dung ca gi tin i : ngi dng XYZ mun s dng dch v. Cn ch l c kha b mt ln mt khu u khng c gi ti AS.4. AS kim tra nhn dng ca ngi yu cu c nm trong c s d liu ca mnh khng. Nu c th AS gi 2 gi tin sau ti ngi s dng: Gi tin A: Kha phin TGS/client c mt m ha vi kha b mt ca ngi s dng. Gi tin B: Chp Thun V (bao gm ch danh ngi s dng (ID), a ch mng ca ngi s dng, thi hn ca v v Kha phin TGS/client) c mt m ha vi kha b mt ca TGS.5. Khi nhn c 2 gi tin trn, phn mm my khch gii m gi tin A c kha phin vi TGS. (Ngi s dng khng th gii m c gi tin B v n c m ha vi kha b mt ca TGS). Ti thi im ny, ngi dng c th xc thc mnh vi TGS.6. Khi yu cu dch v, ngi s dng gi 2 gi tin sau ti TGS: Gi tin C: Bao gm V chp thun t gi tin B v ch danh (ID) ca yu cu dch v. Gi tin D: Phn nhn thc (bao gm ch danh ngi s dng v thi im yu cu), mt m ha vi Kha phin TGS/my khch.7. Khi nhn c 2 gi tin C v D, TGS gii m D ri gi 2 gi tin sau ti ngi s dng: Gi tin E: V (bao gm ch danh ngi s dng, a ch mng ngi s dng, thi hn s dng v Kha phin my ch/my khch) mt m ha vi kha b mt ca my ch cung cp dch v. Gi tin F: Kha phin my ch/my khch mt m ha vi Kha phin TGS/my khch.8. Khi nhn c 2 gi tin E v F, ngi s dng c thng tin xc thc vi my ch cung cp dch v SS. My khch gi ti SS 2 gi tin: Gi tin E thu c t bc trc (trong c Kha phin my ch/my khch mt m ha vi kha b mt ca SS). Gi tin G: phn nhn thc mi, bao gm ch danh ngi s dng, thi im yu cu v c mt m ha vi Kha phin my ch/my khch.9. SS gii m V bng kha b mt ca mnh v gi gi tin sau ti ngi s dng xc nhn nh danh ca mnh v khng nh s ng cung cp dch v: Gi tin H: Thi im trong gi tin yu cu dch v cng thm 1, mt m ha vi Kha phin my ch/my khch.10. My khch gii m gi tin xc nhn v kim tra thi gian c c cp nht chnh xc. Nu ng th ngi s dng c th tin tng vo my ch SS v bt u gi yu cu s dng dch v.11. My ch cung cp dch v cho ngi s dng.K Thut Crack PasswordCng Ngh Crack PasswordC rt nhiu hacker n lc trong vic b kha password. Passwords l chic cha kha, thng tin cn thit truy cp h thng. User, khi m h to ra password thng l nhng password kh on. Nhiu password c ti s dng hoc chn mt k t, hoc l mt tn no gip h d nh n. Bi v yu t con ngi nn c rt nhiu password c b gy thnh cng. N l im mu cht ca qu trnh leo thang, thc thi ng dng, n file, v che du thng tin. Password c th c b th cng hoc tm trong t in.Crack password th cng lin quan n vic c gng ng nhp vi mt password khc. Cc bc m hacker tin hnh:1. Tm ti khon ngi dng (c th l ti khon administractor hoc khch)2. To ra mt danh sch cc mt khu c th3. Xp hng cc mt khu c xc xut t cao xung thp4. Mc quan trng ca mt khu.5. C gng lm i lm li cho n khi no b password thnh cng

Hnh 8. 7: Cc bc cack password th cngMt hacker c gng to ra tp tin kch bn vi mi password trong danh sch. Nhng y ch l cch th cng, n thng tn nhiu thi gian v khng hiu qu. tng hiu qu, hacker c th s dng nhng cng c h tr cho vic truy tm mt khu mt cch t ng.Mt cch hiu qu hn ph mt khu l truy cp vo cc tp tin mt khu trn h thng. Hu ht cc mt khu c m ha lu tr trong h thng. Trong lc ng nhp vo h thng, password do ngi dng nhp vo thng c m ha bng cc thut ton v sau so snh vi password c lu trong file. Mt hacker c th c gng truy cp vo server ly file, bng cc thut ton thay v c gng on hoc nu khng xc nh c password. Nu hacker thnh cng, h c th gii m password lu tr trn server.Mt khu c lu trong file SAM trn Windows v trong file Shadow trn LinuxHacking ToolsGii thiu mt s phn mm d tm password. Hacker c th t ng on mt khu trong cc phin bn ca NetBIOS. Hacker qut qua nhiu a ch IP trn cc h thng chia s v thng tn cng bng cc cng c th cng.NTInfoScan l mt my qut an ninh. Qut tt c cc l hng to ra mt bo co da vo cc vn an ninh c tm thy trn my ch v mt s thng tin khc.LophtCrack l phn mm khi phc mt khu v cc gi phn mm c phn phi bi cng ty @stake software, nhng by gi thuc s hu ca Symantec. y l phn mm chn cc gi tin trn mng v nm bt cc phin ng nhp c nhn. LophtCrack cha t in hnh ng v kh nng tn cng li.John the ripper l mt cng c dng lnh c thit k crack mt khu c Unix v NT. Cc mt khu phn bit trng hp dng ch v c th khng thnh cng cho mt khu hn hp.Kerbcrack bao gm hai chng trnh: kerbsniff v kerbcrack sniffer. Vic lng nghe kt ni vi internet v bt gi phin ng nhp trong Windows 2000/XP, s dng thut ton Kerberos. Soft ny c th c s dng tm cc mt khu t cc tp tin bt bng cch tn cng vo h thng.B Kha Password Windows 2000Ti khon c lu trong file gm usernames v password m ha. N nm v tr theo ng dn: Windows\system32\config. y l file kha, khi h thng ang chy. Hacker khng th sao chp file khi h thng ang khi ng. Mt la chn cho vic sao chp tp tin ny l khi ng t dos hoc trong linux th khi ng t CD, hoc sao chp t th mc repair. Numtqun tr vinh thngs dngcctnh nngRDISKca Windows sao luh thng,sau mtbn saocatp tinnn c gi lSAM._ c to ratrong C:\windows\repair. m file, bns dnglnhsauti du nhc lnh.C:>expand sam._samSau tp tin khng cn c nn, cc kiu tn cng dictionary, hybrid, or brute-force c th c p dng khai thc file SAM.Hacking ToolsWin32CreateLocalAdminUser: l chng trnh to ngi dng mi vi username v password l X v thm ngi dng vo nhm qun tr vin. Phn mm ny l mt d n ca Metasploits v c th a vo th vin netframwork ca window.Offline NT Password Resetter l phng thc t li password ca ngi qun tr h thng khi h thng khng khi ng c window. a s cc phng php khi ng h iu hnh linux bng CD vi phn vng l NTFS m h iu hnh khng c password bo v, nn c th thay i password .K Thut Tn Cng Chuyn HngMt hng khc khm ph mt khu trn mng l chuyn hng ng nhp ca my ch, lm chn gi tin nhn n my khch, m gi password n cho hacker. lm c iu ny hacker phi gi nhng phn hi xc thc t server v la nn nhn vo ca s xc thc ca k tn cng. Mt k thut ph bin l gi n nn nhn mt email vi mt lin kt la o, khi lin kt c click, th ngi dng v tn gi thng tin ca h qua mng.Chuyn hng SMB (Server Message Block)Mt s phn mm c th t ng thc hin chuyn hng.SMBRelay l phn mm c th capture li tn ng nhp v mt khu m ha. y c th gi l phn mm trung gian ca k tn cng.SMBRelay2 l phn mm ging SMBRelay nhng dng tn NetBIOS ca a ch IP ghi li tn ng nhp v mt khu.pwdump2 l chng trnh ghi li chnh xc mt khu m ha trong file ca h thng window. Mt khu chnh xc c th chy cng vi chng trnh b password Lophtcrack.samdumplmt chng trnhgii m mt khu m ha t mttp tinSAM.c2MYAZZl mtchng trnhphn mm gin iplm chocc ca skhch hnggimt khudi dng vn bnr rng.N s hin thtn ngi dngvmt khuca hnh lngi s dng gnviti nguynmy ch .Tn Cng SMB Relay MITM & Bin Php i PhTn Cng SMB Relay MITM l khi k tn cng ci t la my ch vi a ch no (Relay Address). Khi client l nn nhn (victim client) kt ni ti my ch la o, cc MITM server chn phin li,m ha password,vchuyn kt niti my chnn nhn.

Hnh 8. 8: SMB relay MITM attackBin php i ph bao gm cc cu hnh trong windows 2000 dng SMB. m ha khi thng tin lin lc. Thit lp ny c tm thy trong ng dn Security Policies/Security Options.Hacking ToolsSMBGrind l phn mm lm tng tc lm vic bng cch loi b bt cc trng lp v cung cp cc tin ch cho ngi s dng m ngi dng khng cn chnh sa bng cch th cng SMBDie l cng c x l s c my tnh chy window 2000/xp/NT bng cch gi cc yu cu thit k c bit SMB.NBTdeputy l mt chng trnh c th ng k mt tn my tnh NetBIOS trn mng v ng ph vi NetBIOS thng qua yu cu TCP IP. Tn truy vn ca n c n gin ho. Gip vic s dng cc SMBRelay c th c gi bng tn my tnh thay v a ch ip.Tn Cng NetBIOS DosTn cng NetBIOS Denial of Service (DoS) bng cch gi bn tin NetBIOS Name Release n dch v NetBIOS Name Service trn h thng mc tiu chy h iu hnh Windows v ngay lp tc h thng qu ti, khng p ng c cc yu cu ngi dng na.L cch tn cng bng cch gi cc thng ip t chi my ch. Cc cng c ca my c th t tn li cho cuoc tn cng . Do cuc tn cng ch yu t pha my khch hng .To ra mt mng li tn cng dos rng ln .Hacking Tools NBName l cng c c th disable ton b mng LAN v ngn chn cc my trong h thng ca chng. Cc nt trn mt mng Net-BIOS b nhim, m chng li cng trn mi trng mng nn chng ngh rng tn ca chng sn sng s dng bi mt my tnh khc.Bin Php i Ph Vi Crack Password1. Password quan trng nht l phi thc hin nhim v bo v. Password phi bao gm t 8-12 k t hoc ch s. di ca mt khu c bn ti phn trc.2. bo v cc thut ton m ha cho cc mt khu c lu tr trn my ch, bn phi c c th c lp v bo v my ch. Ngi qun tr h thng c th s dng tin ch Syskey trong cc ca s bo v mt khu c lu tr trn cng my ch.Nht k my ch cng nn c theo di cho cc cuc tn cng brute-force trn cc ti khon ngi dng.3. Mt vin qun tr h thng c th thc hin cc bin php phng nga bo mt sau gim nhng ri do cho mt khu ca ngi qun tr cng nh ngi dng. ng bao gi mt password mc nh ng bo gi dng password trong t in Khng nn dng password lin quan ti tn host ,tn min ,hoc bt k ci g m hacker d on c. Khng nn dng password lin quan ti ngy k ngh ca bn, vt nui, thn nhn hoc ngy sinh nht. Dng mt t c nhiu hn 21 k t trong t in lm password.Thi Hn Mt KhuKhi mt khu ht hn sau mt khong thi gian th buc ngi dng phi thay i mt khu. Nu mt khu c thit lp thi hn qu ngn, c th l ngi dng s qun mt khu hin ti, kt qu l ngi qun tr h thng s phi thit lp li password thng xuyn. Mt trng hp khc l nu password cho php ngi dng thit lp thi hn qu di th mc an ton s b tn thng. Mt li ngh l password nn thay i trong khong 30 ngy. Ngoi ra, cng ngh l khng cho php ngi dng dng li password 3 ln.Theo Di Ngi Dng ng Nhp Vo H ThngNgi qun tr h thng phi theo di ton b s thm nhp h thng ca hacker, trc khi m h xm nhp hoc l h ang xm nhp. Ni chung, vi ln tht bi s c lu li trong h thng, trc khi mt cuc tn cng xm nhp thnh cng hay ph c mt khu. Nht k s an ton tt n mc no l do ngi qun tr h thng, ngi phi theo di qu trnh ng nhp. Cng c tm kim VisuaLast h tr ngi ngi qun tr mng gii m v phn tch trong file c m ha an ton. Visualast cung cp mt ci nhn ton b gip ngi qun tr c ci nhn ton b v nh gi chnh xc, hiu qu. Chng trnh cho php ngi qun tr xem v bo co c nhn v qu trnh ng nhp v ng xut. N ghi li s kin chnh xc trn tng trang, v l ti liu v gi cho cc nh phn tch an ninh. S kin ny c lu theo ng dn c:\windows\system32\config\sec.evt. y l ng dn cha du vt ca k tn cng.Phn 2: Escalating PrivilegesEscalating Privileges (K Thut Leo Thang c Quyn)Leo thang c quyn l bc th ba trong chu trnh Hacking System, leo thang c quyn v c bn c ngha l thm nhiu quyn hn hoc cho php mt ti khon ngi dng thm quyn, leo thang c quyn lm cho mt ti khon ngi dng c quyn nh l ti khon qun tr.Ni chung, cc ti khon qun tr vin c yu cu mt khu nghim ngt hn, v mt khu ca h c bo v cht ch hn. Nu khng th tm thy mt tn ngi dng v mt khu ca mt ti khon vi quyn qun tr vin, mt hacker c th chn s dng mt ti khon vi quyn thp hn. Ti trng hp ny, cc hacker sau phi leo thang c quyn c nhiu quyn nh quyn ca qun tr.Ci ny c thc hin bng cch nm ly quyn truy cp bng cch s dng mt ti khon ngi dng khng phi l qun tr vin. Thng bng cch thu thp cc tn ngi dng v mt khu thng qua mt bc trung gian gia tng cc c quyn trn ti khon vi mc qun tr vin. Mt khi hacker c mt ti khon ngi dng hp l v mt khu, cc bc tip theo l thc thi cc ng dng ni chung hacker cn phi c mt ti khon c quyn truy cp cp qun tr vin ci t chng trnh. l l do ti sao leo thang c quyn l rt quan trng. Trong cc phn k tip , chng ti s xem nhng g hacker c th lm vi h thng ca bn mt khi h c quyn qun tr.Hacking Tools Getadmin.exe l mt chng trnh nh n c th thm mt ngi dng vo nhm Local Administrator. Mt vi kernel NT cp thp, thng xuyn truy cp cho php qu trnh chy. Mt ng nhp vo giao din iu khin my ch l cn thit thc hin chng trnh. Getadmin.exe c chy t dng lnh v ch hot ng trn Win NT 4.0 Service Pack 3.Tin ch HK.exe l ra k h trong giao thc gi hm cc b (Local Procedure Call) ca Windows NT. Mt ngi dng c th l khng phi ngi qun tr c th leo thang vo nhm qun tr vin bng cch s dng cng c ny.Phn 3: Executing ApplicationsMt khi hacker c th truy cp ti khon vi quyn qun tr, iu tip theo cn lm l thc thi cc ng dng trn h thng ch. Mc ch ca vic thc thi ng dng c th ci t mt ca sau trn h thng, ci t mt keylogger thu thp thng tin b mt, sao chp cc tp tin, hoc ch gy thit hi c bn cho h thng, bt c iu g hacker mun lm trn h thng.Mt khi hacker c th thc thi cc ng dng, h thng ph thuc vo s kim sot ca hacker.Hacking tools PsExec l mt chng trnh kt ni vo v thc thi cc tp tin trn h thng t xa. Phn mm khng cn phi c ci t trn h thng t xa.Remoxec thc thi mt chng trnh bng cch s dng dch v RPC (Task Scheduler) hoc WMI (Windows Management Instrumentation). Administrators vi mt khu rng hay yu c th khai thc thng qua lch trnh cng vic (Task Scheduler - 1025/tcp) hoc ch phn phi thnh phn i tng (Distributed Component Object Mode; 135/tcp).1. Buffer OverflowsHacker c gng khai thc mt l hng trong m ng dng (Application). V bn cht, cuc tn cng trn b m gi qu nhiu thng tin cho mt bin no trong ng dng, c th gy ra li ng dng. Hu ht cc ln, ng dng khng bit hnh ng tip theo bi v n c ghi bng cc d liu b trn. V th n hoc thc thi cc lnh trong cc d liu b trn hoc gim trong mt du nhc lnh cho php ngi dng nhp lnh tip theo ny. Du nhc lnh (command prompt hoc shell) l cha kha cho hacker c th c s dng thc thi cc ng dng khc.Chuyn v Buffer Overflows s c tho lun chi tit trong chng 19: Buffer OverflowsRootkitsRootKits: phn mm dn ip Rootkit l mt loi chng trnh thng c s dng che du cc tin ch trn h thng b xm nhp. Rootkit bao gm ci gi l back doors, n gip cho k tn cng truy cp vo h thng s d dng hn trong ln sau. V d, cc rootkit c th n mt ng dng, ng dng ny c th sinh ra mt lnh kt ni vo mt cng mng c th trn h thng. Back door cho php cc qu trnh bt u bi mt ngi khng c c quyn, dng thc hin chc nng thng dnh cho cc qun tr vin. Rootkit thng xuyn c s dng cho php lp trnh vin ra rootkit c th xem v truy cp vo tn ngi dng v thng tin ng nhp trn cc trang site c yu cu h.Khi nim Site y khng phi l website, m l mt min (domain) trong h thng cc my tnh.Mt s loi rootkit thng gp:Kernel-level rootkits: Rootkit cp Kernel thng thm hoc thay th mt vi thnh phn ca nhn h thng, thay bng m c sa i gip che giu mt chng trnh trn h thng my tnh. iu ny thng c thc hin bng cch thm m mi cho nhn h thng thng qua mt thit b a c kh nng np m-un, chng hn nh cc kernel m-un c th np c trong linux hoc cc thit b iu khin trong Microsoft Windows. Rootkit c bit nguy him bi v n c th kh pht hin m khng c phn mm ph hp.Library-level rootkits: Rootkit cp th vin thng chp v, sa cha, hoc thay th h thng. Mt s phin bn c th giu thng tin ty theo mc ch ca hacker.Application-level rootkits: Rootkit cp ng dng th c th thay th nhng chng trnh ng dng ging trojan c hi, hoc h c th thay i hnh vi ca cc ng dng hin c bng cch s dng cc mc (hook), cc bn v li (patch), m c hi (injected code), hoc cc phng tin khc.Trong cc phn sau s tho lun qu trnh ly nhim ca rootkit cho mt h thng .

Trin khai Rootkits trn Windows 2000 & XPTrong h iu hnh Window NT/2000 th rookit c xy dng nh mt trnh iu khin ch kernel ca driver, c th c t ng np trong ch runtime. Rootkit c th chy vi c quyn h thng (system privileges ) trong NT Kernel. Do , n truy cp vo tt c cc ngun ti nguyn ca h iu hnh. Cc rootkit cng c th n cc quy trnh, n cc tp tin, n cc mc ng k, t hp phm tt trn h thng, giao din iu khin, pht hnh gin on tng bc gy ra mt mn hnh mu xanh ca s cht chc (death) v chuyn cc tp tin EXE.Rootkit ny c cha mt trnh iu khin hot ng ch kernel (kernel mode device driver) c tn gi l _root_.sys v khi chy chng trnh c tn l DEPLOY.EXE. Sau khi t c quyn truy cp vo h thng, chng copy file -root-.sys v DEPLOY.EXE thnh nhiu file vo h thng v thc thi file DEPLOY.EXE. Sau s ci t trnh iu khin thit b rootkit v k tn cng bt u xa DEPLOY.EXE t cc my tnh mc tiu. Nhng k tn cng sau c th dng li v khi ng li cc rootkit bng cch s dng lnh net stop _root_and _root_ v cc tp tin _root_.sys khng cn xut hin trong danh sch th mc. Rootkit chn khng cho h thng gi tp tin trong danh sch v giu tt c cc file bt u vi _root_ .Trong h iu hnh, c hai ch hot ng l usermode v kernel mode. Vi Kernel mode, cc trnh ng dng c ton quyn truy cp vng nh ca RAM, cc ch lnh CPUni chung l ton quyn.Rootkit c nhng vo giao thc TCP/IPMt tnh nng mi ca rootkit trong window NT/2000 l n hot ng bng cch xc nh tnh trng kt ni da trn cc d liu trong gi d liu n (incoming). Rootkit c mt a ch IP c nh m n s tr li. Rootkit s dng cc kt ni Ethernet qua h thng card mng, v th n rt mnh m. Mt hacker c th kt ni n port bt k trn h thng. Ngoi ra, n cho php nhiu ngi c th ng nhp cng mt lc.Phng chng RootkitTt c cc rootkit truy cp h thng ch c quyn ging nh qun tr vin (administrator), do , bo mt mt khu l rt quan trng. Nu bn pht hin mt rootkit, li khuyn rng bn nn sao lu d liu quan trng v ci t li h iu hnh v cc ng dng t mt ngun ng tin cy. Cc qun tr vin cng nn gi sn mt ngun ng tin cy ci t v phc hi t ng.Bin php i ph khc l s dng thut ton m ha MD5, checksum MD5 ca mt tp tin l mt gi tr 128-bit, n ging nh l du vn tay tp tin. Thut ton ny c thit k pht hin s thay i, ngay c mt cht trong tp tin d liu, kim tra cc nguyn nhn khc nhau. Thut ton ny c tnh nng rt hu ch so snh cc tp tin v m bo tnh ton vn ca n. Mt tnh nng hay l kim tra chiu di c nh, bt k kch thc ca tp tin ngun l nh th no.Vic tng kim tra MD5 m bo mt file khng thay i ny c th hu ch trong vic kim tra tnh ton vn file nu rootkit c tm thy trn h thng. Cc cng c nh Tripwire c thc hin kim tra MD5, xc nh cc tp tin c b nh hng bi rootkit hay khng.Countermeasure ToolsTripwire l mt chng trnh kim tra tnh ton vn h thng tp tin h iu hnh Unix, Linux, thm vo kim tra mt m mt hoc nhiu ni dung trong mi th mc v tp tin. Tripwire c c s d liu cha thng tin cng cho php bn xc minh, cho php truy cp v ci t ch tp tin, tn ngi dng ch s hu tp tin, ngy thng v thi gian tp tin c truy cp ln cui, v sa i cui.Keyloggers and Other Spyware

Nu tt c nhng n lc thu thp mt khu khng thnh cng, th keylogger l cng c la chn cho cc hacker. c thc hin nh l phn mm c ci t trn my tnh hoc l phn cng gn vo my tnh. Keylogger l cc phn mm n, ngi gia phn cng (bn phm) v h iu hnh, h c th ghi li mi phm tt. Keylogger phn mm c th ph hoi h thng nh Trojans hoc viruses.Keylogger l phn mm gin ip c dung lng nh, gip kt ni cc bn phm my tnh v lu tt c cc thao tc phm vo mt file. Hacker c th ci thm tnh nng l t ng gi ni dung file n my ch ca hacker.i vi kiu keylogger cng, c mt thit b, ging usb, c gn vo my tnh. Qu trnh thao tc phm c ghi li trong usb . lm c iu ny th mt hacker phi c quyn truy cp vt l vo h thng.Keylogger cng thng c ci cc im internet cng cng c xu. Do khi truy cp net ti ni cng cng, bn nn quan st k lng cc thit b bt thng c cm vo my tnh.Hacking Tools Spector l phn mm gin ip ghi li mi iu t h thng no trn mng Internet, ging nh mt camera gim st t ng. Spector c hng trm bc nh chp mi gi ca bt c th g trn mn hnh my tnh v lu nhng bc nh chp mt v tr n trn a cng ca h thng. Spector c th c pht hin v loi b b phn mm chng Spector.eBlaster l phn mm gin ip internet chp cc email gi n v gi i, v ngay lp tc chuyn chng n mt a ch email. Eblaster cng c th chp c hai mt ca mt cuc hi thoi nhn tin tc thi (Instant Messenger), thc hin t hp phm ng nhp v cc trang web truy cp thng xuyn.Spyanywhere l mt cng c cho php bn xem cc hot ng h thng v hnh ng ca ngi s dng, tt/khi ng li my, kha/ng bng, v ngay c trnh duyt g b tp tin h thng. Spyanywhere cho php bn kim sot chng trnh m v ng ca s trn h thng t xa v xem lch s internet v cc thng tin lin quan.Kkeylogger l mt phn mm gin ip hiu sut cao, trnh iu khin thit b o, chy m thm mc thp nht ca h iu hnh Windows 95/98/ME. Tt c cc t hp phm c ghi li trong mt tp tin.Email keylogger l phn mm ghi li tt c cc email c gi v nhn trn mt h thng. Mc tiu cc hacker l c th xem ngi gi, ngi nhn, ch , v thi gian/ngy. ni dung email v bt k file nh km cng c ghi li.

Phn 4: Hiding FilesMt hacker c th mun che du cc tp tin trn mt h thng, ngn chn b pht hin, sau c th c dng khi ng mt cuc tn cng khc trn h thng. C hai cch n cc tp tin trong Windows. u tin l s dng lnh attrib. n mt tp tin vi lnh attrib, g nh sau ti du nhc lnh:attrib +h [file/directory]Cch th hai n mt tp tin trong Windows l vi lung d liu xen k NTFS (alternate data streaming - ADS). 1. NTFS File StreamingNTFS s dng bi Windows NT, 2000, v XP c mt tnh nng gi l ADS cho php d liu c lu tr trong cc tp tin lin kt n mt cch bnh thng, c th nhn thy c tp tin. Streams khng gii hn v kch thc, hn na mt stream c th lin kt n mt file bnh thng. to v kim tra NTFS file stream, ta thc hin cc bc sau:1. Ti dng lnh, nhp vo notepad test.txt2. t mt s d liu trong tp tin, lu tp tin, v ng notepad3. Ti dng lnh, nhp dir test.txt v lu kch thc tp tin4. Ti dng lnh, nhp vo notepad test.txt:hidden.txt thay i mt s ni dung vo Notepad, lu cc tp tin, v ng n li.5. Kim tra kch thc tp tin li (ging nh bc 3).6. M li test.txt. bn ch nhn thy nhng d liu ban u.7. Nhp type test.txt:hidden.txt ti dng lnh mt thng bo li c hin th. The filename, directory name, or volume label syntax is incorrect.Hacking ToolsMakestrm.exe l mt tin ch chuyn d liu t mt tp tin vo mt tp tin lin kt ADS v thay th lin kt vi cc tp tin ban u.NTFS File Streaming Countermeasures

xa mt stream file, u tin l copy n n phn vng FAT, v sau cpoy n trvo phn vng NTFS.Stream b mt khi tp tin c chuyn n phn vng FAT, v n c mt tnh nng ca phn vng NTFS v do ch tn ti trn mt phn vng NTFS.Countermeasure ToolsBn c th s dng LNS.exe pht hin ra Stream. LNS bo co s tn ti v v tr ca nhng file cha d liu stream.

Steganography TechnologiesSteganography l qu trnh giu d liu trong cc loi d liu khc nh hnh nh hay tp tin vn bn.Cc phng php ph bin nht ca d liu n trong cc tp tin l s dng hnh nh ha nh l ni ct giu. K tn cng c th nhng cc thng tin trong mt tp tin hnh nh bng cch s dng steganography. Cc hacker c th n cc ch dn thc hin mt qu bom, s b mt ca ti khon ngn hng... Hnh ng bt k c th c n trong hnh nh.i vi file hnh nh JGP, c mt thut ton gi l Disrete Sosine Transform (DCT) m ha, nn thm d liu n vo trong file. Thut ton ny tnh bng cng thc nh sau:

Hacking Tools 1. Imagehide l mt chng trnh steganography, n giu s lng ln vn bn trong hnh nh. Ngay c sau khi thm d liu,vn khng c s gia tng kch thc hnh nh, hnh nh trng ging nh trong mt chng trnh ha bnh thng. N np v lu cc tp tin v do l c th trnh c nghe ln.2. Blindside l mt ng dng steganography m giu thng tin bn trong nh BMP (bitmap). l mt tin ch dng lnh.3. MP3stego giu thng tin trong file mp3 trong qu trnh nn. D liu c nn, m ha, v chng n trong cc dng bit MP3.4. Snow l mt chng trnh whitespace steganography c ngha l che giu thng ip trong ASCII text, bng cch ph thm cc khong trng cui file. V spaces and tabs khng th nhn thy ngi xem vn bn. Nu c s dng mt thut ton m ha, tin nhn khng th c ngay c khi n b pht hin.5. Camera/shy lm vic vi Window v trnh duyt Internet Explorer, cho php ngi dng chia s tm kim hoc thng tin nhy cm c lu gi trong mt hnh nh GIF thng.6. Stealth l mt cng c lc, cho cc tp tin PGP. N loi b thng tin nhn dng t tiu , sau cc tp tin c th c s dng cho steganography.Chng li SteganographySteganography c th c pht hin bi mt s chng trnh, mc d lm nh vy l kh khn. Bcu tin trong vic pht hin l xc nh v tr cc tp tin vi cc vn bn n, c th c thc hin bng cch phn tch cc mu trong cc hnh nh v thay i bng mu.Countermeasure ToolsStegdetect l mt cng c t ng pht hin ni dung steganographic trong hnh nh.Dskprobe l mt cng c trn a CD ci t Windows 2000. N l qut a cng cp thp c th pht hin steganography.Phn 5: Cover Your Tracks & Erase Evidence Cover Your Tracks & Erase Evidence: Che du thng tin v xa b du vtMt khi k xm nhp thnh cng, t c quyn truy cp qun tr vin trn mt h thng, c gng che du vt ca chng ngn chn b pht hin. Mt hacker cng c th c gng loi b cc bng chng hoc cc hot ng ca h trn h thng, ngn nga truy tm danh tnh hoc v tr ca c quan hacker. Xa bt k thng bo li hoc cc s kin an ninh c lu li, trnh pht hin.Trong cc phn sau y, chng ti s xem xt vic v hiu ha kim ton (auditing) v xa b cc bn ghi s kin (event log), l hai phng php c s dng bi hacker bao bc du vt v trnh b pht hin.Auditing l tnh nng ghi li Event Log. Windows Event Viewer l chng trnh dng qun l Auditing trn windows.1. V hiu ha AuditingNhng vic lm u tin ca k xm nhp sau khi ginh c quyn qun tr l v hiu ha auditing. Auditing trong Windows ghi li tt c cc s kin nht nh Windows Event Viewer. S kin c th bao gm ng nhp vo h thng, mt ng dng, hoc mt s kin. Mt qun tr vin c th chn mc ghi nht k trn h thng. Hacker cn xc nh mc ghi nht k xem liu h cn lm g xa nhng du vt trn h thng.Hacking tools auditPol l mt cng c c trong b Win NT dnh cho cc qun tr ti nguyn h thng. Cng c ny c th v hiu ha hoc kch hot tnh nng kim ton t ca s dng lnh. N cng c th c s dng xc nh mc ghi nht k c thc hin bi mt qun tr vin h thng.Xa Nht K X KinNhng k xm nhp c th d dng xa b cc bn ghi bo mt trong Windows Event Viewer. Mt bn ghi s kin c cha mt hoc mt vi s kin l ng ng bi v n thng cho thy rng cc s kin khc b xa. Vn cn cn thit xa cc bn ghi s kin sau khi tt Auditing, bi v s dng cng c AuditPol th vn cn s kin ghi nhn vic tt tnh nng Auditing. Hacking Tools Mt s cng d xa cc bn ghi s kin, hoc mt hacker c th thc hin bng tay trong Windows Event Viewer.Tin ch elsave.exe l mt cng c n gin xa cc bn ghi s kin.Winzapper l mt cng c m mt k tn cng c th s dng xa cc bn ghi s kin, chn lc t cc ca s ng nhp bo mt trong nm 2000. Winzapper cng m bo rng khng c s kin bo mt s c lu li trong khi chng trnh ang chy.

Evidence Eliminator l mt trnh xa d liu trn my tnh Windows. N ngn nga khng cho d liu tr thnh file n vnh vin trn h thng. N lm sch thng rc, b nh cache internet, h thng tp tin, th mc temp Evidence Eliminator cng c th c hacker s dng loi b cc bng chng t mt h thng sau khi tn cng.Tng KtHiu c tm quan trng ca bo mt mt khu. Thc hin thay i mt khu trong khong thi gian no , mt khu nh th no l mnh, v cc bin php bo mt khc l rt quan trng i vi an ninh mng.Bit cc loi tn cng mt khu khc nhau. Passive online bao gm sniffing, man-in-the-middle, v replay. Active online bao gm on mt khu t ng. Offline attacks bao gm dictionary, hybrid, v brute force. Nonelectronic bao gm surfing, keyboard sniffing, v social engineering.Bit lm th no c bng chng v activite hacking l loi b bi nhng k tn cng. Xo bn ghi s kin v v hiu ho phng php kim tra ca nhng k tn cng s dng che du vt ca chng.Nhn ra rng cc tp tin n l phng tin c s dng ly ra nhng thng tin nhy cm. Steganography, NTFS File, v cc lnh attrib l nhng cch tin tc c th n v n cp cc tp tin.