Security Fundamentals

6. Exploiting Vulnerabilities For Attacks

Taking advantage ....

The preceding exercises revealed some common vulnerabilities of networked devices. What follows here, is how these vulnerabilities can be exploited by hackers to gain access to data and personal information.

1. Brute force attack

To gain entry to someone's data or personal information, it possible to guess or make a series of guesses. Hacker's often use a brute force attack. This is using a program to make guesses about someone's password and work through a series of combinations until the password is cracked

This type of attack isn't very subtle and just relies on time until the correct letter combination is guessed. Simple passwords can be broken easily. More complicated passwords can take a long time to break.

This approach is used by attacker for situations where:

  1. Weak or default passwords.
  2. Weak authentication procedures are used.
brute force

It's not subtle. All you need is patience.


Who's that looking over your shoulder?

This approach is used by attacker for situations where:

  1. Lack of care when entering or recording passwords.
  2. Weak authentication procedures are used.
  3. Wireless networks are left unsecured.

2. Eavesdropping & Observation

Shoulder surfing or watching users enter passwords is the least intrusive way of gaining access. Observing the habits of others and discovering where they record passwords is another.

Slightly more intrusive, there are computer programmes called spy ware. These programmes 'spy' on users and can report back to the hacker without the user knowing. For example, key loggers record the keys pressed when users enter passwords: packet sniffer programmes can pick up passwords and information being passed over networks.

Hackers can use scanners to detect the transmission of unencrypted data and then use software to gather and 'read' the data.

3. Spoofing

Another common technique is 'spoofing'. This is where a hacker or a program pretends to be something else in order to gain access. E-mail spoofing is very common where emails are sent from false addresses.

This approach is used by attacker for situations where:

  1. Weak authentication procedures are used.
  2. Wireless networks are left unsecured.

Who are you really communicating with?


Malware covers a large group of malicious software.

This approach is used by attackers for situations where:

  1. Been a failure to update the operating system.
  2. 'Old' or out of date software continues to be used.
  3. Been a failure to activate security software
  4. Communication ports have been left open.

4. Trojans, viruses and other malware

Hackers are constantly developing malicious software (malware) to exploit loopholes in the security of digital devices. They will attempt to smuggle them in through attachments in emails, hidden in program, game or file downloads or through connected hardware e.g. USB drives.

  • Trojans: Small programs that appear to do very little, but can open 'back-doors' that provide full access for hackers.
  • Viruses: Like biological viruses, these are small programs that set out to disrupt or corrupt the normal working of digital devices. Unlike Trojans, their presence is easily detected as data is lost or things begin to go wrong.
  • Malware: Short for malicious software this is an umbrella term that includes all program that set out to interrupt the normal working of the digital device.
    1. Ransomeware: Once hackers have access to a computer will encrypt data or set passwords and will only decrypt or provide the password after a 'ransom' has been paid.
    2. Adware: Programs that also shows particular ads or redirects users to particular sites.
    3. Scare-ware: Programmes used to scare people into buying often useless software for no good reason.

5. Jail-breaking or 'Rooting'

Compromises security by effectively changing how the security of the device is managed. Installing unauthorised software, functions or applications bypasses the software checking features created by the manufacturer. This increases the risk of inadvertently installing 'malware'.


Loose your warranty, Compromise Security

6. Social Engineering

An unusual term used to describe the methods used to exploit the weakest link in any security system, which is to say people in the system. These methods rely on psychological manipulation of people into performing actions or divulging confidential information which then enable hackers to get into the system.

Popular methods include:-

  1. Phishing attack: A criminal sends a large number of consumers a deceptive email appearing to come from a respected brand with the aim of getting account credentials.
  2. Spear phishing attack: Highly targeted and carefully crafted emails combined with social engineering tactics to convince the victim to open and engage with the email.
  3. Pretexting: Criminals use a pretext or false motive to obtain privileged data. Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to.
  4. Watering Hole or Baiting: A hacker observes which sites are visited regularly (the waterhole) by the victim. Then places tempting links (the bait) relevant to the user on the site which are in fact linked to some form of malware.

7. Distributed Denial of Service (DDoS)

This isn't really a hacking technique for gaining entry to a secure system. Instead its a method to cause websites and services to collapse under the weight of traffic from multiple sources.

Distributed Denial of Service (DDoS) attacks are very popular with 'hacktivists. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

In Summary


1. The Exploited

The preceding page was all about vulnerabilities in digital devices. Now include

  1. Alongside your list of vulnerabilities a list 'exploits' that can be used to take advantage of those holes.

Follow the homework instructions to hack your WiFi router at home. Make sure:-

  1. Add to your notebook Hacking Commands the subtitle Hacking a Wifi Router - known profile with the WPS enabled
  2. Copy and paste the command prompt code instructions. Include an explanation of what they do.

If you can see the password that goes with your router, then Congratulations! You have completed your first hack.

This method only works with WiFi networks that you have logged on to before. i.e. your computer already has a profile associated with that SSID. You don't necessarily have to know the password only that a profile for exists on your system.

For other networks with unknown profiles, a different more advanced method has to be used. We will be doing this later.

2. Try this At Home: Homework

Time to do a bit of hacking. What's shown in the video is a useful technique for recovering the password from your router/modem if you forget it. It also introduces the command prompt window. This is going to become your best friend.

Create a page called Hacking Commands in your notebook. This is where you are going to store commands that are going to be helpful to you.

  1. Watch and work along with this video. Make sure you disconnect from the network before you start. A summary of the steps follows.
    1. Start up the Command Prompt terminal. - Go to Start Button. Enter Command Prompt. Then right click on the result choose Run as administrator
    2. Type netsh wlan show profiles so that your prompt should look like C:\WINDOWS\system32>netsh wlan show profiles. [What this command means Show all wireless local area network profiles - the name of your router SSID should be in the list]
    3. To reveal the password for the router type the command netsh wlan show profile SSIDname key=clear. The prompt will look similar to C:\WINDOWS\system32>netsh wlan show profile dlink25 key=clear - where dlink25 is your router SSID. [The command means reveal the password in clear text for the wireless network with the given SSID. Watch that missing s in profiles so we get the single item.]
    4. Find the password and log into the network using the password you've just copied. [If you couldn't see any profiles following the first command type netsh wlan show networks - this will reveal all networks available in the area, even if they've been hidden.]

Social Engineering

Social engineering is all about manipulating the user into providing information they wouldn't otherwise provide. Watch the video and:-

  1. Create a heading Social Engineering Methods
  2. List all the methods used on the web page towards the end of the video.
  3. Check with your neighbour that you've got the same answers.

It's not just nations that conduct cyber war on one another. Although, they the ones that can bring the biggest set of resources to bear. Companies can also attack one another and of course hackers including hacktivist protest groups like Anonymous attack large agencies.

  1. Search for 'war chalking' and explain what it is.
  2. Take a look at the following sites in turn to discover the scale of the cyber attacks taking place.
    1. Discover if we are under attack. Check out Kaspersky Cyber-threat real time map.
    2. All threat maps are not the same. Look at FireEye Cyber Map
    3. Finally a favourite representation. Look at ThreatCloud Live Cyber Attack Threat Map.
  3. Choose a favourite threat-map and copy the link into your notebook.

Watch this massive DDoS attack against USA by China on Christmas day 2015 bringing down Playstation and Xbox sites.

You should be able to:-
  • Provide at least 5 exploits that hackers can use to gain access to devices, data and personal information
  • Explain the term 'Social Engineering' and provide at least 3 different methods used by hackers to manipulate users.
  • Explain the term DDoS attack and what it involves.
  • Access the Command Prompt and open a terminal window.
  • Successfully use terminal commands to gain entry to a WPS enabled WiFi network.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee