01. Cara_Melumpuhkan_Hacker_dengan_Mikrotik_sahoobi.pdf ...

Viewer
Transcript

m o

c . i Fools your enemy with Mikrotik b o o h a s BY: DIDIET KUSUMADIHARDJA

MIKROTIK USER MEETING (MUM) 2016 JAKARTA, INDONESIA 14 OCTOBER 2016

2

m o

About Me Didiet Kusumadihardja 1.



2.

b o o h a

IT Security Specialist

PT. Mitra Solusi Telematika

c .i

Trainer & IT Consultant 

s

Arch Networks

Didiet Kusumadihardja - [email protected]

MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE

3

m o

PT. Mitra Solusi Telematika Gedung TMT 2. GF Jl. Cilandak KKO Jakarta

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

4

b o o h a

Global IT Security Incident

s

Didiet Kusumadihardja - [email protected]

c .i

m o

5

m o

Global IT Security Incident 2014 Entire Network

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Canceled

6

m o

Global IT Security Incident 2015

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

3 Tahun di Hack ( 2012 – 2015)

7

m o

Global IT Security Incident 2016

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

500 Juta Account 3 Miliar Account ??? Source: Tech Times

8

b o o h a

Indonesia IT Security Incident

s

Didiet Kusumadihardja - [email protected]

c .i

m o

9

b o o h a

c .i

m o

INDONESIA IS SAFE?

s

Didiet Kusumadihardja - [email protected]

Source: Akamai

10

m o

Indonesia IT Security Incident 2013 polri.go.id 2013

b o o h a

s

Deface

Didiet Kusumadihardja - [email protected]

c .i

Motive: Fame?

11

m o

Indonesia IT Security Incident 2016

b o o h a

Teman Ahok

s

c .i

DDoS Attack Didiet Kusumadihardja - [email protected]

Motive: Politics?

12

m o

Indonesia IT Security Incident 2016

b o o h a

Videotron

c .i

Kebayoran Baru Jakarta Selatan

s

Didiet Kusumadihardja - [email protected]

Motive: Curiosity?

13

b o o h a

s

Didiet Kusumadihardja - [email protected]

m o

c .i

IT Security Trends

Gak Perlu Pinter Buat Hacking Source: Carnegie Mellon University

14

m o

Hacking Tools Example

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Cain & Abel Kali Linux

15

b o o h a

s

Didiet Kusumadihardja - [email protected]

m o

c .i

Cybercrime as a Service (CaaS)

Modern Business Source: SCMagazine

16

b o o h a

How Hackers do it?

s

Didiet Kusumadihardja - [email protected]

c .i

m o

17

m o

Hacking Phase

b o o h a

1.Reconnaissance 2.Scanning

c .i

3.Gaining

Access 4.Maintaining Access 5.Clearing Tracks

s

Didiet Kusumadihardja - [email protected]

Source: Ethical Hacking by EC-Council

18

m o

Hacking Phase (Cont’d)

b o o h a

1.Reconnaissance 2.Scanning 3.Gaining

Access 4.Maintaining Access 5.Clearing Tracks

s

Didiet Kusumadihardja - [email protected]

c .i

Information Gathering OS Detail

Application

Open Port

Version

Exploit Vulnerability

Device Type

Vulnerability

Backdoors

Escalate Privilege Data harvesting Delete/overwrite Event/Logs

19

m o

Hacking Phase Analogy

b o o h a

1.Reconnaissance 2.Scanning 3.Gaining

Access 4.Maintaining Access 5.Clearing Tracks

s

Didiet Kusumadihardja - [email protected]

c .i

20

m o

When we fools them?

b o o h a

1.Reconnaissance 2.Scanning 3.Gaining

Access 4.Maintaining Access 5.Clearing Tracks

s

Didiet Kusumadihardja - [email protected]

c .i

21

m o

Why at Scanning Phase?

b o o h a

TELNET

s

Didiet Kusumadihardja - [email protected]

SSH

c .i

22

m o

Scanning Tools SoftPerfect Network Scanner

b o o h a The Dude

s

Didiet Kusumadihardja - [email protected]

c .i

23

b o o h a

How to fools them?

s

Didiet Kusumadihardja - [email protected]

c .i

m o

24

m o

Use a bait

Hacker

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Bait Honey Pot

25

m o

Web Server Example

Web Server

b o = o h a s

c .i

HTTP

Didiet Kusumadihardja - [email protected]

HTTPS

26

m o

Confuse your enemy

b o o h a HTTP

s

Didiet Kusumadihardja - [email protected]

HTTPS

c .i

27

m o

Server Farm Network Example

c .i

SERVER X

b o o h a

s

192.168.1.2  DNS Server 192.168.1.5  Web Server 192.168.1.10  DB Server 192.168.1.15  Mail Server Didiet Kusumadihardja - [email protected]

192.168.1.0/24

28

m o

Confuse your enemy 192.168.1.1  Fake Server 1 192.168.1.2  DNS Server 192.168.1.3  Fake Server 2 192.168.1.4  Fake Server 3 192.168.1.5  Web Server 192.168.1.6  Fake Server 4 192.168.1.7  Fake Server 5 192.168.1.8  Fake Server 6 192.168.1.9  Fake Server 7 192.168.1.10  DB Server 192.168.1.11  Fake Server 8 192.168.1.12  Fake Server 9 192.168.1.13  Fake Server 10 192.168.1.14  Fake Server 11 192.168.1.15  Mail Server

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

192.168.1.0/24

29

b o o h a

How we do it with Mikrotik?

s

Didiet Kusumadihardja - [email protected]

c .i

m o

30

b o o h a

c .i

m o

NAT (Network Address Translation)

s

Didiet Kusumadihardja - [email protected]

31

b o o h a Fake NAT

s

Didiet Kusumadihardja - [email protected]

c .i

m o

32

m o

Fake Ports at your Web Server

b o o h a

c .i

HTTP & HTTPS to Legitimate Server

s

Didiet Kusumadihardja - [email protected]

Other Ports to Fake Server

33

m o

Simple NAT for Web Server

c .i

NAT (Port Mapping)

b o o h a

INTERNET

ROUTER

s

WEB SERVER 192.168.2.3

Didiet Kusumadihardja - [email protected]

Chain

Action

34

m o

Add Additional NAT for Bait Chain

Action

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Web Server 192.168.2.3

Fake Server (Honey Pot) 192.168.2.4

35

m o

Fake Server at your Server Farm Network

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Only one legitimate server

Others are Fake Server

36

m o

Another Example Chain

Action

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Web Server 192.168.2.3

Fake Server (Honey Pot) 192.168.2.4

37

m o

Combine with Honey Pot

b o o h a

c .i

s

KFSensor

Didiet Kusumadihardja - [email protected]

Others HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes

38

m o

What Hacker See (NMAP)

b o o h a

Nmap / Zenmap

s

Before

Didiet Kusumadihardja - [email protected]

c .i

After

39

m o

What Hacker See (SoftPerfect NetScan) SoftPerfect Network Scanner

b o o h a

s

Before

Didiet Kusumadihardja - [email protected]

c .i

After

40

m o

I don’t want to use HoneyPot Step 1: Chain

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Step 2: Action

41

m o

What we see, If someone PING

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

SRC-MAC ADDRESS SRC-IP ADDRESS

42

m o

What we see, If someone NMAP

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

Mikrotik LOG:

43

m o

The Dude, Hotspot & Userman

b o o h a

s

c .i

IP Address  MAC Address  User ID  Person Didiet Kusumadihardja - [email protected]

44

m o

Use Case 1

b o o h a

s

Internet Café (WARNET)

Didiet Kusumadihardja - [email protected]

c .i

University

Insider Threat

Office

45

m o

Use Case 2 http://public.honeynet.id

b o o h a

s

Analytics

(Low Interaction Honeypot) Didiet Kusumadihardja - [email protected]

c .i

Research

For Fun Learn hacking method from hacker / script kiddies (High Interaction Honeypot)

46

m o

DIDIET KUSUMADIHARDJA

Thank you . . Question?

b o o h a

s

Didiet Kusumadihardja - [email protected]

c .i

[email protected] http://didiet.arch.web.id/ https://www.facebook.com/ArchNetID/