Ceh v8: tháng 4 2014

Thứ Ba, 29 tháng 4, 2014

System Hacking - p.17

Lab 16

Image Steganography Using QuickStsgo

QnickStego hides text in pictures so that only other users of OnickStego can retrieve and read the hidden secret messages.

Lab Scenario
Porn sites are tilled with images that sometimes change multiple times each day, require authentication in some cases to access their "better" areas of content, and by using stenograpluc techniques, would allow an agent to retrieve messages from their home bases and send back updates, all in porn trading. Thumbnails could be scanned to find out if there are any new messages for die day; once decrypted, these messages would point to links on die same site with the remaining information encrypted.

Terrorists know that so many different types of files can hold all sorts of hidden information, and tracking or finding these files can be an almost impossible task. These messages can be placed in plain sight, and the servers that supply these files will never know it. Finding these messages is like finding the proverbial "needle" in the World Wide Web haystack.

in order to be an expert an etlucal hacker and penetration tester, you must understand how to lude the text inside the image. in tliis lab, we show how text is hidden inside an image using the QuickStego tool.

Lab Objectives

The objective of tins lab is to help the smdents learn how to hide secret text
messages in an image.

Lab Environment

To perform the lab, you need:
■ A computer ninning Windows Server 2012
■ Administrative privileges to install and run tools

■ QuickStego is located at D:\CEH-Tools\CEHv8 Module 05 System Hacking\Steganography\lmage Steganography\QuickStego
■ You can also download Quick Stego tool from http: / /quickc1Tpto.com/ H־ee-steganog1־aphv-soitware.html
■ II you decided to download latest version screenshots may differ
■ Run diis tool 111 Windows Server 2012

Lab Duration

Time: 10 Minutes

Overview of Steganography

Steganography is the art and science of writing hidden messages in such a way diat no one, apart from the sender and intended recipient, suspects the existence of die message, a form of security through obscurity. Steganography includes die concealment of information within computer hies. in digital steganography, electronic communications may include stenographic coding inside of a transport layer, such as a document tile, image file, program, or protocol.

Lab Tasks

The basic idea in diis section is to:
1. Follow die wizard-driven installation steps to install Quick Stego
2. Launch Quick Stego from Start menu apps

FIGURE 16.1: Main window of the QuickStego

3. Click Open Image in the Picture, Image, Photo File dialog box

FIGURE 16.2: Opening the image

4. Browse the image from D:\CEH-Tools\CEHv8 Module 05 System Hacking\Steganography\lmage Steganography\QuickStego.

5. Select lamborgini_5.jpg. and then click the Open button.

FIGURE 16.3: Selecting die image

6. The selected image is added; it will show a message that reads: THIS IMAGE DOES NOT HAVE A QUICK STEGO SECRET TEXT MESSAGE

FIGURE 16.4: Selected image is displayed

7. To add the text to the image, click Open Text from the Text File dialog box

FIGURE 16.5: Selected text file

8. Browse the text file from D:\CEH-Tools\CEHv8 Module 05 System Hacking\Steganography\lmage Steganography\QuickStego.
9. Select Text F11e.txt tile, and then click the Open button.

FIGURE 16.6: Selecting tlie text file

10. The selected text will be added; click Hide Text 111 the Steganography dialog box.

11. It shows the following message: The text me ssa g e is now hidden in image.

FIGURE 16.7: Hiding the test

12. To save the image (where the text is hidden inside the image) click Save Image in the Picture, Image, Photo File dialog box.

FIGURE 16.8: Save the steganography image

13. Provide the tile name as stego, and click Save (to save tins file on the desktop).

FIGURE 16.9: Browse for saved file

14. Exit from the QuickStego window. Again open QmckStego, and click Open Image in the Picture, Image, Photo File dialog box.
15. Browse the Stego file (which is saved on desktop).
16. The hidden text inside the image will appear as displayed in the following figure.

FIGURE 16.10: Hidden text is showed

Lab Analysis

Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.

System Hacking - p.16

Lab 15

Web Activity Monitoring and Recording Using Power Spy 2013

Power Spy 2013 sojhmre allows yon to secretly won !tor and record all activities on yonr computer, and this is completely legal.

Lab Scenario

Today, employees are given access to computers, telephones, and other electronic communication equipment. Email, instant messaging, global positioning systems, telephone systems, and video cameras have given employers new ways to monitor the conduct and performance of their employees. ]Many employees also are given laptop computers and wireless telephones diev can take home and use for business outside die workplace. Whedier an employee can claim a reasonable expectation of privacy when using such company-supplied equipment in large part depends upon the steps die employer has made to minimize that expectation. in tins lab, we explain monitoring employee or student activity using Power Spy 2013.

Lab Objectives

The objective of tins lab is to help students use the Activity Monitor tool. After completing diis lab, students will be able to:
■ Install and configure Power Spy 2013
■ Monitor keystrokes typed, websites visited, and Internet Traffic Data

Lab Environment

To perform die lab, you need:
■ A computer running Windows Server 2012
■ Administrative privileges to install and mn tools
■ You can also download Power Spy tool from
http:/ / ematr1xsoft.com/ download-power-spy-software.php

■ If you decided to download latest version screenshots may differ
■ Run this tool 111 Windows Server 2012

Lab Duration

Time: 15 Minutes

Overview of Power Spy 2013

Power Spy software records Facebook use and all keystrokes typed, and captures all chats and INIs in Windows Live Messenger (MSN Messenger) , Skype, Yahoo Messenger, Tencent QQ, Google Talk, GADU-GADU, ICQ, AOL Instant Messenger (AIM), and odiers. It records all websites visited, emails read, documents opened, windows opened, clipboard activities, passwords typed, and applications executed.

Lab Tasks

The basic idea 111 dus section is to:

1. Navigate to D:\CEH-Tools\CEHv8 Module 05 System Hacking\Spywares\Email and Internet Spyware\Power Spy.
2. Double-click pcspy.exe. The Software License Agreement window appears. You must accept the agreement to install Power Spy.
3. Click Next in die License Agreement wizard.

FIGURE 15.1: Installation of Spytech SpyAgent

4. Setup has finished the installation on the system. Click Finish.

FIGURE 15.2: Select die Agreement

5. The Run a s administrator window appears. Click Run

FIGURE 15.3: Selecting folder for installation

6. Tlie Setup login password window appears. Enter the password in the New password field, and retype the same password in the Confirm password held.
7. Click Submit.

FIGURE 15.4: Selecting New Password

8. The Information dialog box appears. Click OK.

FIGURE 15.5: password confirmation window

9. The Enter login Password window appears. Enter the password (which is already set).
10. Click Submit

FIGURE 15.6: Enter the password

11. The Register product window appears. Click Later to continue

FIGURE 15.7: Register product window

12. The main window o f Power Spy appears, as displayed in die following figure.

FIGURE 15.8: Main window o f Power Spy

13. Click Start monitoring

FIGURE 15.9: Start monitoring

14. The System Reboot Recommended window appears. Click OK

FIGURE 15.10: System Reboot Recommended w in d ow

15. Click Stealth Mode (stealth mode runs the Power Spy completely invisibly on the computer) .
16. The Hotkey reminder window appears. Click OK (to unhide Power Spy, use the Ctrl+Alt+X keys together on your PC keyboard).

FIGURE 15.11: Stealth mode window

17. The Confirm window appears Click Yes.

FIGURE 15.12: Stealth mode notice

18. Now browse the Internet (anytiling). To bring Power Spy out of stealth mode, press CONTROL+ALT+X on your keyboard.

19. The Run a s administrator window appears. Click Run.

FIGURE 15.13: Rim as administra

20. The Enter login password window appears. Enter the password (which is already set) .
21. Click Submit.

FIGURE 15.14: Enter the password

22. Click Later in the Register product window to continue if it appears.
23. Click Stop monito

FIGURE 15.15: Stop the monitoring

24. To check user keystrokes from the keyboard, click Keystrokes in Power Spy Control Panel.

FIGURE 15.16: Selecting keystrokes from Power spy control panel

25. It will show all the resulted keystrokes as shown in the following screenshot.

26. Click the Close button.

FIGURE 15.17: Resulted keystrokes

27. To check the websites visited by the user, click Website visited in the Power Spy Control Panel.
28. It will show all the visited websites, as shown in the following screenshot.

FIGURE 15.18: Result o f visited websites

Lab Analysis
Analyze and document die results related to the lab exercise. Give your opinion on your target’s security posture and exposure

System Hacking - p.15

Lab 14

User System Monitoring and Surveillance Needs Using Spytech SpyAgent

Spytech SpyAgent is powerful computer spy sojhrare that allons yon to monitor everything users do on your computer, in total stealth. SpyAgent provides a large array of essential computer monitoring features, as well as website, application, and chat client blocking, lockdown scheduling, and remote delivery of logs via email or FTP.

Lab Scenario

Today, employees are given access to computer, telephone, and other electronic communication equipment. Email, instant messaging, global positioning systems, telephone systems, and video cameras have given employers new ways to monitor the conduct and performance of their employees. Many employees also are given laptop computer and wireless phones they can take home and use for business outside the workplace. Whether an employee can claim a reasonable expectation of privacy when using such company-supplied equipment in large part depends upon the steps die employer has made to minimize that expectation. in tins lab, we explain monitoring employee or suident activity using Spytech SpyAgent.

Lab Objectives

The objective of tins lab is to help smdents use Spytech and the SpyAgent tool. After completing tins lab, smdents will be able to:
■ Install and configure Spytech SpyAgent
■ Monitor keystrokes typed, websites visited, and Internet Traffic Data

Lab Environment

To perform the lab, you need

■ A computer running Windows Server 2012
■ Administrative pnvileges to install and mn tools
■ Run tins tool in Windows Server 2012
■ You can also download Spytech SpyAgent from http://www.spytechweb. com/spyagent.shtml
■ II you decided to download the latest version, screenshots may differ

Lab Duration

Time: 15 Minutes

Overview of Spytech SpyAgent

SpyAgent is a powerful solution diat can log all keystrokes, emails, windows, websites, applications, Internet connections, chat conversations, passwords, print jobs, documents viewed, and even screenshots. SpyAgent runs 111 complete stealth with optional email delivery and logging and lockdown scheduling. SpyAgent also features powerful filtering and access control featares, such as Chat Blocking (to restnct access to chat software), Application Blocking (to prevent specific applications from being executed), and Website Filtering.

Lab Tasks

The basic idea in diis section is to:
1. Navigate to D:\CEH-Tools\CEHv8 Module 05 System Hacking\Keyloggers\Spytech SpyAgent
2. Double-click Setup.exe. You will see die following window. Click Next.

FIGURE 14.1: Installation of Spytech SpyAgent

3. Tlie Welcome wizard of Spytech SpyAgent setup program window appears; read die instructions and click Next.

FIGURE 14.2: Installation wizard of Spytech SpyAgent

4. Tlie Important Notes window appears, read die note and click Next

FIGURE 14.3: Installation wizard

5. The Software License Agreement window appears; you must accept the agreement to install Spytech SpyAgent.
6. Click Yes to continue.

FIGURE 14.4: Select the Agreem

7. Choose die Destination Location to install Spytech SpvAgent.
8. Click Next to continue installation.

FIGURE 14.5: Selecting folder for installation

9. Select SpyAgent installation type, and select Administrator/Tester die setup type.
10. Click Next.

FIGURE 14.6: selecting installation type

11. The Ready to Install window appears. Click Next to start installing Spvtech SpyAgent.

FIGURE 14.7: Ready to install window

12. It will prompt for include an uninstaller. Click Yes.

FIGURE 14.8: Selecting an uninstaller

13. A Notice For Antivirus Users window appears; read die text click Next

FIGURE 14.9: Accept Antivirus notice

14. The Finished window appears. Click Close to end the setup.

FIGURE 14.10: Finish window

15. The following window appears. Click click to continue...

FIGURE 14.11: Welcome SpyAgent wi

16. The following window appears. Enter the password in New Password field, and retype the same password in Confirm field.
17. Click OK.

FIGURE 14.12: Selecting New Password

18. The following window appears. Click click to continue.

FIGURE 14.13: Welcome SpyAgent window

19. Configuration package wizard appears. Select the Complete + Stealth Configuration package.
20. Click Next

FIGURE 14.14: Selecting configuration package

21. Choose additional options, and select the Display Alert on Startup check box.
22. Click Next.

FIGURE 14.15: Selecting additional option

23. The Confirm Settings wizard appears. To continue click Next

FIGURE 14.16: Confimi setting wizard

24. Tlie Configurations Applied window appears. Click Next

FIGURE 14.17: Configuration applied window

25. The Configuration Finished window appears. Click Finish to successfully set up SpyAgent

FIGURE 14.18: Configuration finished window

26. The main window of Spytech SpyAgent appears, as show in the following tigure. Click Click to continue...

FIGURE 14.19: Main window of SpyAgent

27. To check the general user activities, click Start Monitoring

FIGURE 14.20: Start monitoing

28. When the Enter A c c e ss Password window appears, enter the password.
29. Click OK.

FIGURE 14.21: Entering the password

30. Stealth Notice window appears, read the instructions click OK NOTE : To bring SpyAgent out of stealth mode, press CONTROL+SHIFT+ALT+M on your keyboard.

FIGURE 14.22: Stealth mode notice

31. It will show the following window, with the options select Do not show this Help Tip again and select Do not show Related Help Tips like this again. Click click to continue...

FIGURE 14.23: Start monitoing

32. Now browse the Internet (anything). To bring spyAgent out ot stealth mode press CONTROL+SHIFT+ALT+M on your keyboard.
33. It will ask for the Access Password; enter the password and click OK.

FIGURE 14.24: Entering the password

34. To check user keystrokes from the keyboard, click Keystrokes Typed Irom General User Activities.

35. It will show all the resulting keystrokes as shown in the following screenshot

FIGURE 14.25: Resulted keystrokes

36. To check the websites visited by the user, click Website Visited from Internet Activities.

37. It will show all the user visited websites results, as shown in the following screenshot

Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure