5.3 Executing Applications
Executing Applications
- Attackers execute malicious applications in this stage. This is called "owning" the system.
- Attacker executes malicious programs remotely in the victim's machine to gather information that leads to exploitation or loss of privacy, gain unauthorized access to system resources, crack the password, capture the screenshots, install backdoor to maintain easy access, etc.
- Windows:
psexec \\IP -u USER -p PW cmd.exe
-s
: Run the remote process in the System account- Kali:
winexe -U USER%PW //IP cmd.exe
- 其中%後面的密碼也可放hash值
Executing Application Tools
- RemoteExec:
- RemoteExec remotely installs applications, executes programs/scripts, and updates files and folders on Windows systems throughout the network.
- It allows attacker to modify the registry, change local admin passwords, disable local accounts, and copy/update/delete files and folders.
- PDQ Deploy:
- PDQ Deploy is a software deployment tool that allows admins to silently install almost any application or patch.
- DameWare Remote Support:
- DameWare Remote Support lets you mange servers, notebooks, and laptops remotely.
- It allows attacker to remotely manage and administer Windows computers.
Keylogger
- Keystroke loggers are programs or hardware devices that monitor each keystroke as user types on a keyboard, logs onto a file, or transmits them to a remote location.
- Legitimate applications for keyloggers include in office and industrial settings to monitor employees' computer activities and in home environments where parents can monitor and spy on children's activity.
- It allows attacker to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
- Physical keyloggers are placed between the keyboard hardware and the operating system.
Types of Keystroke Loggers
- Keystroke Loggers:
- Hardware Keystroke Loggers:
- PC/BIOS Embedded
- Keylogger Keyboard
- External Keylogger:
- Wi-Fi Keylogger
- Bluetooth Keylogger
- Acoustic/CAM Keylogger
- PS/2 and USB Keylogger
- Software Keystroke Loggers:
- Application Keylogger
- Kernel Keylogger
- Hypervisor-based Keylogger
- Form Grabbing Based Keylogger
- Hardware Keystroke Loggers:
Hardware Keyloggers
Keysweeper
Keylogger: All In One Keylogger
- All In One Keylogger allows you to secretly track all activities from all computer users and automatically receive logs to a desire email/FTP/LAN accounting.
Keyloggers for Windows
keylogger for Mac: Amac Keylogger for Mac
- Amac Keylogger for Mac invisibly records all keystrokes types, IM chats, websites visited and takes screenshots and also sends all reports to the attacker by email, or upload everything to attacker's website.
Spyware
- Spyware is a program that records user's interaction with the computer and Internet without the user's knowledge and sends them to the remote attackers.
- Spyware hides its process, files, and other objects in order to avoid detection and removal.
- It is similar to Trojan horse, which is usually bundled as a hidden component of freeware programs that can be available on the Internet for download.
- It allows attacker to gather information about a victim or organization such as email addresses, user logins, passwords, credit card numbers, banking credentials, etc.
- Spyware Propagation:
- Drive-by download
- Masquerading as anti-spyware
- Web browser vulnerability exploits (IE)
- Piggybacked software installation
- Browser add-ons (Firefox)
- Cookies
Watering hole attack (水坑攻擊): 在合法網站上插入攻擊語法以攻擊網站訪客
Spywares
- Spytech SpyAgent:
- Spytech SpyAgent allows you to monitor everything users do on your computer.
- It provides a large array of essential computer monitoring features, website, application, and chat client blocking, lockdown scheduling, and remote delivery of logs via email or FTP.
- Power Spy 2014:
- Power Spy secretly monitors and records all activities on your computer.
- It records all Facebook use, keystrokes, emails, web sites visited, chats, and IMs in Windows Live Messenger, Skype, Yahoo Messenger, Tencent QQ, Google Talk, AOL Instant Messenger (AIM), and others.
USB Spyware: USBSpy
- USBSpy lets you capture, display, record, and analyze data what is transferred between any USB device connected to PC and applications.
usbdumper
Audio Spyware: Spy Voice Recorder and Sound Snooper
- Spy Voice Recorder:
- Spy Voice Recorder records voice chat message of instant messengers, including MSN voice chat, Skype voice chat, Yahoo! messenger voice chat, ICQ voice chat, QQ voice chat, etc.
- Sound Snooper:
- Voice activated recording
- Store records in any sound format
- Conference recordings
- Radio broadcasts logging
Video Spyware: WebCam Recorder
Cellphone Spyware: Mobile Spy
- Mobile Spy records GPS locations and every SMS and logs every call including phone numbers with durations and afterwards you can view real-time results in your private online account.
Telephone/Cellphone Spyware
GPS Spyware: SPYPhone
- SPYPhone software have ability to send events (captured data) from target phone to your web account via Wi-Fi, 3G, GPRS, or SMS.
How to Defend Against Keyloggers
- Use pop-up blocker.
- Install anti-spyware/antivirus programs and keeps the signatures up to date.
- Install good professional firewall software and anti-keylogging software.
- Recognize phishing emails and delete them.
- Choose new passwords for different online accounts and change them frequently.
- Avoid opening junk emails.
- Do not click on links in unwanted or doubtful emails that may point to malicious sites.
- Use keystroke interference software, which inserts randomized characters into every keystroke.
- Scan the files before installing them on to the computer and use registry editor or process explorer to check for the keystroke loggers.
- Keep your hardware systems secure in a locked environment and frequently check the keyboard cables for the attached connectors.
- Use Windows on-screen keyboard accessibility utility to enter the password or any other confidential information.
- Install a host-based IDS, which can monitor your system and disable the installation of keyloggers.
- Use automatic form-filling programs or virtual keyboard to enter user name and password.
- Use software that frequently scans and monitors the changes in the system or network.
- Hardware Keylogger Countermeasures:
- Restrict physical access to sensitive computer systems
- Periodically check all the computers and check whether there is any hardware device connected to the computer
- Use encryption between the keyboard and its driver
- Use an anti-keylogger that detects the presence of a hardware keylogger such as Oxynger KeyShield
Q1) Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)
- Alternate between typing the login credentials and typing characters somewhere else in the focus window
- Type a wrong password first,later type the correct password on the login page defeating the keylogger recording
- Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
- The next key typed replaces selected text portion. E.g. if the password is "secret",one could type "s",then some dummy keys "asdfsd". Then these dummies could be selected with mouse,and next character from the password "e" is typed,which replaces the dummies "asdfsd"
- The next key typed replaces selected text portion. E.g. if the password is "secret",one could type "s",then some dummy keys "asdfsd". Then these dummies could be selected with mouse,and next character from the password "e" is typed,which replaces the dummies "asdfsd"
Q2) Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
- Covert keylogger
- Stealth keylogger
- Software keylogger
- Hardware keylogger
A2) As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.
Q3) What is necessary in order to install a hardware keylogger on a target system?
- The IP address of the system
- The Administrator username and password
- Physical access to the system
- Telnet access to the system
A3) A hardware keylogger is an adapter that connects the keyboard to the PC. A hacker needs physical access to the PC in order to plug in the hardware keylogger.
Q4) Which of the following attacks can be perpetrated by a hacker against an organization with weak physical security controls?
- Denial of service
- Radio frequency jamming
- Hardware keylogger
- Banner grabbing
A4) A hardware keylogger can be installed to capture passwords or other confidential data once a hacker gains physical access to a client system.
Q5) Keyloggers are a form of _.
- Spyware
- Shoulder surfing
- Trojan
- Social engineering
A5) Keyloggers are a form of hardware or software spyware installed between the keyboard and operating system.
Q6) What is not a benefit of hardware keyloggers?
- Easy to hide
- Difficult to install
- Difficult to detect
- Difficult to log
A6) Hardware keyloggers are not difficult to install on a target system.
Anti-Keylogger: Zemana AntiLogger
- Zemana AntiLogger eliminates threats from keyloggers, SSL banker Trojans, spyware, and more.
How to Defend Against Spyware
- Try to avoid using any computer system which is not totally under your control.
- Adjust browser security settings to medium or higher for Internet zone.
- Be cautious about suspicious emails and sites.
- Enhance the security level of the computer.
- Update the software regularly and use a firewall with outbound protection.
- Regularly check task manager report and MS configuration manager report.
- Update virus definition files and scan the system for spyware regularly.
- Install and use anti-spyware software.
- Perform web surfing safely and download cautiously.
- Do not use administrative mode unless it is necessary.
- Do not use public terminals for banking and other sensitive activities.
- Do not download free music files, screensavers, or smiley faces from Internet.
- Beware of pop-up windows or web pages. Never click anywhere on these windows.
- Carefully read all disclosures, including the license agreement and privacy statement before installing any application.
- Do not store personal information on any computer system that is not totally under your control.
Anti-Spyware: SUPERAntiSpyware
- Identify potentially unwanted programs and securely removes them.
- Detect and remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, Keyloggers, Hijackers, Parasites, Rootkits, Rogue security products and many other types of threats.