1. Network Security
NCTU CSCC xatier
2012.12.10

2. Security?

3. Security?

4. True Story

17. After about 2 weeks ...
I shared the vulnerability with my friend, Crboy

20. Some injection tests ...

21. Some injection tests ...
Another hacker, renoGGG :
他手上拿著盾牌可是沒穿褲子

22. 只好我幫您穿上褲子惹...

24. getting start
ESR how to become a hacker
http://www.catb.org/esr/faqs/hacker-howto.html

25. The Hacker Attitude
1. The world is full of fascinating
problems waiting to be solved.
2. No problem should ever have to be
solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.

26. Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source Unixes
and learn to use and run it.
3. Learn how to use the World Wide
Web and write HTML.
4. If you don't have functional English,
learn it.

27. Status in the hacker Culture
1. Write open-source software
2. Help test and debug open-source
software
3. Publish useful information
4. Help keep the infrastructure working
5. Serve the hacker culture itself

28. Be Ethical !

30. scanning
孫子：知己知彼，百戰百勝

31. nmap http://nmap.
org/

32. nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine

33. nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine
what hosts are available on the network,
what services (application name and version),
what operating systems (and OS versions),
what type of packet filters/firewalls are in use ...

34. nmap http://nmap.
org/
Nmap uses raw IP packets in novel ways to
determine
what hosts are available on the network,
what services (application name and version),
what operating systems (and OS versions),
what type of packet filters/firewalls are in use ...
it's designed to rapidly scan large networks, but
works fine against single hosts.

35. google hacking

36. google hacking
http://www.exploit-db.com/google-dorks/

37. 潮爽的，撿到一個 Web Shell

38. 拿到 root (?)

39. plain text password
http://plainpass.com/
http://plaintextoffenders.com
[忘記密碼] (按下去！)
您的密碼為：XXXXXX

40. sniffing 封包過濾呼吸法

41. sniffing 封包過濾呼吸法

42. sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network.

43. sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network.
As data streams flow across the network, the sniffer
captures each packet and,
if needed, decodes the packet's raw data,
showing the values of various fields in the packet,

44. sniffing 封包過濾呼吸法
A packet analyzer is a computer program that can
intercept and log traffic passing over a digital network.
As data streams flow across the network, the sniffer
captures each packet and,
if needed, decodes the packet's raw data,
showing the values of various fields in the packet,
and analyzes its content according to the appropriate
RFC or other specifications.

45. tcpdump / wireshark

46. MITM
in which the attacker makes independent
connections with the victims and relays
messages between them,
making them believe that they are talking
directly to each other over a private connection,
when in fact the entire conversation is
controlled by the attacker.

47. MITM

48. arp spoofing
帥哥帥哥，這是我的 MAC address 啊
你拿著一下啦
拿著啦
拿啦拿啦拿啦拿啦拿啦
拿啦拿啦拿啦拿啦拿啦
拿啦拿啦拿啦拿啦拿啦

49. ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.

50. ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.
runs on various Unix-like operating systems ,
and on Microsoft Windows.

51. ettercap
Ettercap is a free and open source network
security tool for man-in-the-middle attacks on
LAN.
runs on various Unix-like operating systems ,
and on Microsoft Windows.
capable of intercepting traffic on a network
segment, capturing passwords, and conducting
active eavesdropping against a number of
common protocols.

52. The Zen poem
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.