Key loggers are often used for various nefarious purposes, usually to extract data from the victim's keystrokes. This can provide information on a variety of sensitive subjects, like bank account details and important passwords. A black hat hacker can use a multitude of different applications in order to accomplish this task. Four I tried today are Advanced Key logger, Spytector, Powered Key logger, and Keyprowler.
Advanced key logger was the first key logger I tried. The user interface and installation is simple and straightforward, and is well hidden to prying eyes. In fact, one must press a certain key combination (Ctrl + Shift + Alt + R) in order to access options. Otherwise, it is near impossible to detect.
Next, I tried Powered Key logger. This application is developed by the same company as Advanced, but is more "lean" - it lacks hidden options and advanced recording techniques. While the idea looked promising, it failed to install on my virtual machine, even after multiple tries. As such, it is difficult to recommend.
Afterward, I tried Spytector. Spytector offers additional features and skins, such as connection to email clients to automatically log and send keystrokes. This makes Spytector ideal for remote access attacks, as it only requires one-time access to the machine. As such, it can be recommended for certain applications, while it does not contain decent tools for hiding the application itself.
Lastly, I tried Keyprowler. Like Advanced, it remains hidden until a keypress is detected (Ctrl + Shift + K), and does one better by adding password authentication into the mix. Additionally, you can set the application to start on startup, and run invisibly. It also seems to include Spytector's best features, like scheduled screenshots, as well as automatic logs to an email address. As such, keyprowler appears to be the best, although it does cost money after a 7 day free trial.
Thursday, July 11, 2013
Ethical Behavior: Is it ethical to download music that is free to stream?
Ethics are defined by Webster's dictionary as "a set of moral principles : a theory or system of moral values". This differs from morals, as morals are defined as "of or relating to principles of right and wrong in behavior". Put simply, ethics are often defined by culture, while morals are defined by the individual.
Personally, I believe that it is not moral or ethical to download music using this tool, as downloading music to a hard disk signifies ownership, while streaming music does not. Additionally, streaming music videos provide credit and revenue to the original artist, while download sites do not. As such, it is not ethical to download music using free YouTube to audio tools, as it does not benefit the original artist or copyrighter.
Tuesday, July 9, 2013
Stenography using Mozaiq
Today, Dr. Medlin asked the class to download a specific file and decrypt the hidden message contained within. To do that, we had to import the image into Mozaiq.org's decyption page and provide the password, which was already provided.
After this was done, I obtained the message "hope you are enjoying the class". Truth be told, I am enjoying the class immensely.
Afterward, I made my own encrypted image. The password is "dawn", and the image can be found below.
To decrypt, simply go to http://mozaiq.org/decrypt and enter the password.
.png)
After this was done, I obtained the message "hope you are enjoying the class". Truth be told, I am enjoying the class immensely.
Afterward, I made my own encrypted image. The password is "dawn", and the image can be found below.
To decrypt, simply go to http://mozaiq.org/decrypt and enter the password.
.png)
Friday, July 5, 2013
Trojans and other Backdoors
Trojans are a subclass of Malware that work by binding a malicious application to a trusted application. Often, this leads to a backdoor into the victim's system, which can be used to steal information or remotely disable certain services or system features.
In class, we tested the use of Trojan malware by using the HTTP RAT (Remote Access Trojan) tool. The tool itself is simple - the application generates a new application via a straightforward user interface. One can configure the new application to also log data to your email address, allowing the hacker to gain better access into the victim's network. Once the new .exe is generated under a false name, it can be executed to run silently in the background, allowing access to the machine remotely by navigating to the machine's IP address in the browser. There, one can change, delete, or execute a multitude of programs, and can access system files with ease.
However, this attack can be prevented by maintaining access to the ports frequently hijacked by malicious programs. As such, Trojans should be relatively easy to avoid with anti-viral software and common sense.
In class, we tested the use of Trojan malware by using the HTTP RAT (Remote Access Trojan) tool. The tool itself is simple - the application generates a new application via a straightforward user interface. One can configure the new application to also log data to your email address, allowing the hacker to gain better access into the victim's network. Once the new .exe is generated under a false name, it can be executed to run silently in the background, allowing access to the machine remotely by navigating to the machine's IP address in the browser. There, one can change, delete, or execute a multitude of programs, and can access system files with ease.
However, this attack can be prevented by maintaining access to the ports frequently hijacked by malicious programs. As such, Trojans should be relatively easy to avoid with anti-viral software and common sense.
Thursday, July 4, 2013
Denial of Service Attacks
The idea behind denial of service attacks is simple - the attacker tries to overload the server by trying to access the server's services. If done quickly and in large amounts, the system will invariably crash due to a loss of memory. Due to their simple nature, DOS's are used quite often in cyber vandalism attacks.
In class, we used Hping3 to overload a Windows Server 2003 instance in VirtualBox. A simple command was all that was required to push virtual CPU usage to 100%. Simultaneously, page file allocation increased at a steady rate after the DOS was started. However, it still took more than five minutes for a small instance to be overloaded, showing that DOS's are often difficult to finish on large systems. This problem can be abated, however, if multiple individuals begin DOS attacks on the same target from separate locations. This is called a distributed denial of service attack, and are usually done to disrupt large-scale websites and web services like banks and search engines, and is often undertaken by large hacker groups with political or social agendas. Understanding how denial of service attack work is essential to being an ethical hacker and web developer, as it forces individuals and businesses to develop well-scaled and secure web applications.
In class, we used Hping3 to overload a Windows Server 2003 instance in VirtualBox. A simple command was all that was required to push virtual CPU usage to 100%. Simultaneously, page file allocation increased at a steady rate after the DOS was started. However, it still took more than five minutes for a small instance to be overloaded, showing that DOS's are often difficult to finish on large systems. This problem can be abated, however, if multiple individuals begin DOS attacks on the same target from separate locations. This is called a distributed denial of service attack, and are usually done to disrupt large-scale websites and web services like banks and search engines, and is often undertaken by large hacker groups with political or social agendas. Understanding how denial of service attack work is essential to being an ethical hacker and web developer, as it forces individuals and businesses to develop well-scaled and secure web applications.
Wednesday, July 3, 2013
Zenmap vs Nmap:
Nmap and Zenmap are two different cross platform tools used for port scanning. While they operate under similar circumstances and do similar operations, Nmap operates only on the command line, while Zenmap can be used from a graphical user interface. This means that visual elements, such as listviews, textboxes, and spinners replace lists of parameters during command line execution. This makes the latter significantly more user friendly, as the user does not have to know or memorize the position or syntax for each parameter. While Zenmap does hold an advantage in ease of use, Nmap appears to have slightly better performance, presumably due to lower system load. Despite these differences, Nmap and Zenmap are actually identical in operation, as Zenmap is simply a GUI overlay for the base application. As such, either application may be used to effectively scan open ports on the network.
Tuesday, July 2, 2013
First Post!
First post on my blog. This blog will be used to submit assignments relating to my Demonstration Class, Ethical Hacking.
Subscribe to:
Posts (Atom)