Posted on Leave a comment

Data-Link layer attacks

Hello, aspiring ethical hackers. In this blogpost, you will learn about various Data-Link Layer attacks (various hacking attacks that take place on the Data-Link layer).

The Data-link layer is the second layer of the seven-layer OSI model. This layer is the protocol layer that transports data between network nodes in a wide Area Network or nodes in the same Local Area Network (LAN). It is responsible for ensuring and confirming that the bits and bytes received are similar to the bits and bytes being transmitted. In this layer, data is transferred in frames and communication takes place using MAC addresses instead of IP addresses. The attacks in the Data-link Layer take place in a LAN.

Fig: Network Switch
Image source: Wikipedia
Network Hub
Image Source: Wikipedia

What is a MAC address?

Just now, you have read that communication between devices in a LAN takes place using MAC addresses. But what is a MAC address? Every computing device on Internet (Desktop, Laptop and Mobiles etc) has a Network Interface Card (NIC). This Network Interface Card (NIC) is a hardware circuit in the computing devices that enables the devices to be able to connect to a network.

Each NIC is given a unique hardware address that is also popularly known as a Media Access Control (MAC) address. A MAC addresses is a 48-bit number consisting of six groups of two hexadecimal digits. To learn how MAC addresses are assigned to devices and how to find MAC address of your device, you can read this blogpost.

Types of Data-Link layer attacks

Since now you have understood how Data-Link layer works and what is a MAC address, let’s learn about various Data-link layer attacks.

  1. MAC spoofing
  2. MAC flooding
  3. ARP spoofing or poisoning
  4. DNS spoofing
  5. DHCP starvation

Let’s learn about each attack in detail.

1. MAC spoofing:

Although every computing device has its unique MAC address, it can be spoofed. Normally, when a MAC address of a device (say A) is spoofed to that of another device (say B) all the traffic that is intended to move toward device B goes to device A and the attacker can view all the traffic belonging to device B.

2. MAC flooding:

You have just now learnt about what is a Hub and what is a Switch and the differences between a Hub and Switch. You also learnt about CAM table or ARP table. In a MAC flooding attack, the CAM table is bombarded with a number of fake MAC addresses disabling the Switch’s ability to detect which MAC address belongs to which port.

To overcome this problem, a network Switch uses its broadcast address to transmit frames to the intended destination. In typical sense, the network switch here behaves like a Hub and you know about the dangers of using a Hub. A hacker already in the network can monitor the network traffic he wants via packet sniffing.

3. ARP spoofing and poisoning:

In this type of attack, the attacker sends fake ARP packets to the network from the attacker-controlled system (System A). Here, the attacker-controlled system acts as the gateway. This leads to all other devices querying the attacker-controlled system resulting in the attackers using packet sniffing again to sniff on traffic.

4. DNS spoofing:

This attack requires ARP spoofing to work. In this type of attack, attacker responds to DNS queries of the target system instead of the legitimate DNS server.

Posted on

Linux privilege escalation for beginners

Hello, aspiring ethical hackers. This blogpost is a detailed guide on Linux privilege escalation. Linux privilege escalation comes afterLinux hackingand is part ofPost-exploitationof Linux.

What is Linux privilege escalation?

Linux privilege escalation is the process of elevating privileges on a Linux system after successfullygaining accessto a Linux system.

Why is it important?

Linux hacking is one of the most important topics in ethical hacking. Why? According to the Statcounter global stats, as of March 2024 operating system market share, the topmost operating systems being used around the world are Linux or its variants. The same report also states that usage of Linux as desktop increased to 4.05% this year. Also note that majority of the servers around the world are Linux servers. So, learning Linux hacking can provide lot of knowledge. But what are the various methods used for hacking Linux systems.

Linux privilege escalation techniques

There are multiple ways by which hackers can elevate privileges on a Linux system. They are,

  1. Exploiting SUID binaries.
  2. Exploiting SUDO privileges.
  3. Exploiting services running as root.
  4. Exploiting misconfigured cron jobs.
  5. Exploiting kernel vulnerabilities.

1.Exploiting SUID binaries:

Just like Windows, Linux too has many binaries on the system. These binary files too have permissions just like any file in Windows. Apart from the regular permissions of a file, Linux has special permissions for some binaries.

These permissions are called SUID or SetUID permissions also known as Set Owner User Identification (SUID). This permission allows a user with low privileges to run a binary or script under the power of the original owner of the particular file. So, if a SUID or SetUID bit is set to a particular binary or a root user has created a binary file and has set a SUID bit to it, this file can be exploited to gain root permissions on the target Linux system.

2. Exploiting SUDO rights:

SUDO is a very important concept in Linux. Sudo stands for ‘Super User Do’ and is pronounced as “su dough”. SUDO lets users run commands with root privileges from their own account. Learn more about exploiting SUDO privileges.

3. Exploiting services running as root:

Privileges can also be elevated on Linux by exploiting services running as root. Some services running on Linux are configured to run with root privileges. By exploiting any vulnerability in these services Root privileges can be acquired.

4. Exploiting misconfigured cron jobs:

In Unix system, cron is used to schedule jobs for automation. Some jobs that are misconfigured can be exploited to gain root privileges.

5. Exploiting kernel vulnerabilities:

Vulnerabilities in the Linux kernel can be exploited to gain root privileges.

Posted on

Windows privilege escalation for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn about Windows privilege escalation. Windows privilege escalation comes after Windows hacking and is part of Post-exploitation of Windows.

What is Windows privilege escalation?

Windows privilege escalation is the process of elevating privileges on a Windows system after successfully gaining access to a Windows system.

Why is it important?

According to StatCounter Global Stats, over 72.52% of people worldwide use Windows as their Desktop. That is the reason why Windows privilege escalation is one of the most important topics of ethical hacking.

Windows privilege escalation techniques

There are multiple ways by which hackers can elevate privileges on a Windows systems. They are,

  1. Exposed credentials
  2. Bypassing UAC
  3. Exploiting services running with administrator privileges.
  4. Windows kernel vulnerabilities.
  5. Misconfigured services.
  6. Windows Registry.
  7. Scheduled Tasks.

1. Exposed credentials:

Sometimes, the credentials of user accounts with administrator privileges on a Windows system are exposed. Most people still store Windows credentials on Desktop for easy access (you may not believe this but this is true). So, attackers can login as user with high privileges using these exposed credentials.

2. Bypassing UAC:

User Account Control (UAC) is a Windows security feature that was designed to protect the operating system. Introduced with Windows Vista, it is a mandatory access control enforcement feature. It works by limiting application software to standard user privileges until a user with administrator privileges authorizes an elevation in privileges.

This allows only applications that are trusted by users to be assigned administrator privileges. However, vulnerabilities in this UAC sometimes allows hackers to bypass UAC and get administration privileges on the target system.

3. Exploiting services running with administration privileges:

Some applications installed on Windows by users need administrative privileged on the system to run. If attackers exploit any vulnerabilities in these applications, they can easily elevate their privileges on the Windows system.

4. Windows kernel vulnerabilities:

Windows kernel in Windows (or for that matter any operating system) has the highest privileges assigned to it. If attackers exploit any vulnerabilities in the Windows kernel, they can elevate their privileges on the Windows system.

5. Misconfigured services:

Misconfigurations in services on Windows can also be exploited to escalate privileges on Windows system.

6. Windows Registry:

Windows registry is a hierarchical database that stores all low level; settings of Microsoft Windows. Weak permissions in the Windows registry can also be exploited to elevate privileges.

7. Scheduled Tasks:

Windows Task Scheduler (formerly known as Scheduled Tasks) is used to automate jobs and tasks in Windows just like cron jobs in Linux. Weak file permission setting in Task scheduler can be exploited to elevate privileges on a Windows system.

Posted on

Beginners guide to IDS and IPS

Hello, aspiring ethical hackers. This blogpost is a beginner guide to IDS (Intrusion Detection System) and IPS (Intrusion Preventions System). IDS and IPS are two of the security technologies used for securing the network of any organization from hackers.

What is an IDS and what is an IPS?

Intrusion Detection system (IDS) is an appliance or software that detects any malicious activity on the network and reports it. Intrusion Prevention System (IPS) on the other hand acts just like Intrusion Detection System but, unlike it doesn’t just make a report but tries to prevent its occurrence. This malicious activity can be anything like modification of system or important files, suspicious network traffic and execution of some files etc. Both Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are useful in enhancing the security of the network.

IDS and IPS 1

Based on the mode of operation, Intrusion Detection System and Intrusion Prevention System can be classified into two types. They are, 1) Host based (Software) 2) Network based (Hardware).

  1. Host based Intrusion Detection and Prevention Systems: They work by detecting or preventing threats on a single system.
  2. Network based Intrusion Detection and Prevention Systems: These are most probably a hardware appliance that detects or prevents threats on the entire network.

Types of IPS and IDS

IDS and IPS 2

Based on the techniques they use to identify and prevent threats, Intrusion Detection Systems and Intrusion Prevention Systems can be classified into two types. They are,

    1. Signature-based :

    This type of Intrusion Prevention Systems and Intrusion Detection Systems detect threats by comparing actions with predefined signatures. For example, If action of an executable matches with a pre-defined signature of an IDS or IPS, it is classified as a threat.

    2. Anomaly based:

    Anomaly based Intrusion Detection Systems and Intrusion Prevention Systems detect threats by observing the behavior of the assumed threat. If the IDS and IPS see any different behavior than that is considered to be normal, it classifies it as a threat. For example, if a program being installed is trying to alter system files, this can be considered as an anomaly.

    Posted on

    POST-exploitation for beginners

    Hello, aspiring ethical hackers. In this blogpost, you will learn about POST-exploitation. POST-exploitation comes after the phase of gaining access in ethical hacking.

    What is POST-exploitation?

    POST- exploitation refers to all the operations that are performed after gaining initial access on the target system. It is done to further gain control of the target system and network. POST -Exploitation consists of three phases mainly. They are,

    1. Privilege escalation.
    2. Maintaining access.
    3. Covering tracks.

    Let’s learn about each in detail.

    1. Privilege escalation:

    Privilege escalation is an act of gaining elevated access to resources that are normally restricted to an application or user. Privilege escalation is an act or process of gaining access to privileges of the other user account using any means or techniques. Normally privileges of user account with higher privileges are targeted by hackers. Learn more about privilege escalation.

    2. Maintaining access:

    Maintaining access is the fourth phase in the total5 phases of ethical hacking. In this phase, hackers try to hold on to the initial access or foothold they have gained on the network. For this, they use various techniques like elevating privileges, installing backdoors, running persistence scripts and tunneling.

    3. Covering Tracks:

    Covering tracks or clearing tracks is the phase of ethical hacking in which a hacker tries to erase all the evidence on the target system that can lead back to the hacker. For covering tracks, hackers perform various actions like clearing logs, time stamping files etc.