| |
| |
Foreword | |
| |
| |
Acknowledgments | |
| |
| |
Introduction | |
| |
| |
| |
Casing the Establishment | |
| |
| |
Case Study: Target Acquisition | |
| |
| |
| |
Footprinting | |
| |
| |
What Is Footprinting? | |
| |
| |
Why Is Footprinting Necessary? | |
| |
| |
Internet Footprinting | |
| |
| |
| |
Determine the Scope of Your Activities | |
| |
| |
| |
Network Enumeration | |
| |
| |
| |
DNS Interrogation | |
| |
| |
| |
Network Reconnaissance | |
| |
| |
Summary | |
| |
| |
| |
Scanning | |
| |
| |
Scan Types | |
| |
| |
Identifying TCP and UDP Services Running | |
| |
| |
Windows-Based Port Scanners | |
| |
| |
Port Scanning Breakdown | |
| |
| |
Active Stack Fingerprinting | |
| |
| |
Passive Stack Fingerprinting | |
| |
| |
The Whole Enchilada: Automated Discovery Tools | |
| |
| |
Summary | |
| |
| |
| |
Enumeration | |
| |
| |
Windows NT/2000 Enumeration | |
| |
| |
NT/2000 Network Resource Enumeration | |
| |
| |
NT/2000 User and Group Enumeration | |
| |
| |
NT/2000 Applications and Banner Enumeration | |
| |
| |
Let Your Scripts Do the Walking | |
| |
| |
Novell Enumeration | |
| |
| |
Browsing the Network Neighborhood | |
| |
| |
UNIX Enumeration | |
| |
| |
Summary | |
| |
| |
| |
System Hacking | |
| |
| |
Case Study: Know Your Enemy | |
| |
| |
| |
Hacking Windows 95/98 and ME | |
| |
| |
Win 9x Remote Exploits | |
| |
| |
Direct Connection to Win 9x Shared Resources | |
| |
| |
Win 9x Backdoor Servers and Trojans | |
| |
| |
Known Server Application Vulnerabilities | |
| |
| |
Win 9x Denial of Service | |
| |
| |
Win 9x Local Exploits | |
| |
| |
Windows Millennium Edition (ME) | |
| |
| |
Summary | |
| |
| |
| |
Hacking Windows NT | |
| |
| |
Overview | |
| |
| |
Where We're Headed | |
| |
| |
What About Windows 2000? | |
| |
| |
The Quest for Administrator | |
| |
| |
Remote Exploits: Denial of Service and Buffer Overflows | |
| |
| |
Privilege Escalation | |
| |
| |
Consolidation of Power | |
| |
| |
Exploiting Trust | |
| |
| |
Sniffers | |
| |
| |
Remote Control and Back Doors | |
| |
| |
Port Redirection | |
| |
| |
General Countermeasures to Privileged Compromise | |
| |
| |
Rootkit: The Ultimate Compromise | |
| |
| |
Covering Tracks | |
| |
| |
Disabling Auditing | |
| |
| |
Clearing the Event Log | |
| |
| |
Hiding Files | |
| |
| |
Summary | |
| |
| |
| |
Hacking Windows 2000 | |
| |
| |
Footprinting | |
| |
| |
Scanning | |
| |
| |
Enumeration | |
| |
| |
Penetration | |
| |
| |
NetBIOS-SMB Password Guessing | |
| |
| |
Eavesdropping on Password Hashes | |
| |
| |
Attacks Against IIS 5 | |
| |
| |
Remote Buffer Overflows | |
| |
| |
Denial of Service | |
| |
| |
Privilege Escalation | |
| |
| |
Pilfering | |
| |
| |
Grabbing the Win 2000 Password Hashes | |
| |
| |
The Encrypting File System (EFS) | |
| |
| |
Exploiting Trust | |
| |
| |
Covering Tracks | |
| |
| |
Disabling Auditing | |
| |
| |
Clearing the Event Log | |
| |
| |
Hiding Files | |
| |
| |
Back Doors | |
| |
| |
Startup Manipulation | |
| |
| |
Remote Control | |
| |
| |
Keystroke Loggers | |
| |
| |
General Countermeasures: New Windows Security Tools | |
| |
| |
Group Policy | |
| |
| |
Runas | |
| |
| |
Summary | |
| |
| |
| |
Novell NetWare Hacking | |
| |
| |
Attaching but Not Touching | |
| |
| |
Enumerate Bindery and Trees | |
| |
| |
Opening the Unlocked Doors | |
| |
| |
Authenticated Enumeration | |
| |
| |
Gaining Admin | |
| |
| |
Application Vulnerabilities | |
| |
| |
Spoofing Attacks (Pandora) | |
| |
| |
Once You Have Admin on a Server | |
| |
| |
Owning the NDS Files | |
| |
| |
Log Doctoring | |
| |
| |
Console Logs | |
| |
| |
Further Resources | |
| |
| |
Web Sites (ftp://ftp.novell.com/pub/updates/nw/nw411/) | |
| |
| |
Usenet Groups | |
| |
| |
Summary | |
| |
| |
| |
Hacking UNIX | |
| |
| |
The Quest for Root | |
| |
| |
A Brief Review | |
| |
| |
Vulnerability Mapping | |
| |
| |
Remote Access Versus Local Access | |
| |
| |
Remote Access | |
| |
| |
Data Driven Attacks | |
| |
| |
I Want My Shell | |
| |
| |
Common Types of Remote Attacks | |
| |
| |
Local Access | |
| |
| |
After Hacking Root | |
| |
| |
Trojans | |
| |
| |
Rootkit Recovery | |
| |
| |
Summary | |
| |
| |
| |
Network Hacking | |
| |
| |
Case Study: Sweat the Small Stuff! | |
| |
| |
| |
Dial-Up, PBX, Voicemail, and VPN Hacking | |
| |
| |
Wardialing | |
| |
| |
Hardware | |
| |
| |
Legal Issues | |
| |
| |
Peripheral Costs | |
| |
| |
Software | |
| |
| |
A Final Note | |
| |
| |
PBX Hacking | |
| |
| |
Virtual Private Network (VPN) Hacking | |
| |
| |
Summary | |
| |
| |
| |
Network Devices | |
| |
| |
Discovery | |
| |
| |
Detection | |
| |
| |
SNMP | |
| |
| |
Back Doors | |
| |
| |
Default Accounts | |
| |
| |
Lower the Gates (Vulnerabilities) | |
| |
| |
Shared Versus Switched | |
| |
| |
Detecting the Media You're On | |
| |
| |
Passwords on a Silver Platter: Dsniff | |
| |
| |
Sniffing on a Network Switch | |
| |
| |
snmpsniff | |
| |
| |
Summary | |
| |
| |
| |
Firewalls | |
| |
| |
Firewall Landscape | |
| |
| |
Firewall Identification | |
| |
| |
Advanced Firewall Discovery | |
| |
| |
Scanning Through Firewalls | |
| |
| |
Packet Filtering | |
| |
| |
Application Proxy Vulnerabilities | |
| |
| |
WinGate Vulnerabilities | |
| |
| |
Summary | |
| |
| |
| |
Denial of Service (DoS) Attacks | |
| |
| |
Motivation of DoS Attackers | |
| |
| |
Types of DoS Attacks | |
| |
| |
Bandwidth Consumption | |
| |
| |
Resource Starvation | |
| |
| |
Programming Flaws | |
| |
| |
Routing and DNS Attacks | |
| |
| |
Generic DoS Attacks | |
| |
| |
Sites Under Attack | |
| |
| |
UNIX and Windows NT DoS | |
| |
| |
Remote DoS Attacks | |
| |
| |
Distributed Denial of Service Attacks | |
| |
| |
Local DoS Attacks | |
| |
| |
Summary | |
| |
| |
| |
Software Hacking | |
| |
| |
Case Study: Using All the Dirty Tricks to Get In | |
| |
| |
| |
Remote Control Insecurities | |
| |
| |
Discovering Remote Control Software | |
| |
| |
Connecting | |
| |
| |
Weaknesses | |
| |
| |
Revealed Passwords | |
| |
| |
Uploading Profiles | |
| |
| |
What Software Package Is the Best in Terms of Security? | |
| |
| |
pcAnywhere | |
| |
| |
ReachOut | |
| |
| |
Remotely Anywhere | |
| |
| |
Remotely Possible/ControlIT | |
| |
| |
Timbuktu | |
| |
| |
Virtual Network Computing (VNC) | |
| |
| |
Citrix | |
| |
| |
Summary | |
| |
| |
| |
Advanced Techniques | |
| |
| |
Session Hijacking | |
| |
| |
Back Doors | |
| |
| |
Trojans | |
| |
| |
Subverting the System Environment: Rootkits and Imaging Tools | |
| |
| |
Social Engineering | |
| |
| |
Summary | |
| |
| |
| |
Web Hacking | |
| |
| |
Web Pilfering | |
| |
| |
Finding Well-Known Vulnerabilities | |
| |
| |
Automated Scripts, for All Those "Script Kiddies" | |
| |
| |
Automated Applications | |
| |
| |
Script Inadequacies: Input Validation Attacks | |
| |
| |
Active Server Pages (ASP) Vulnerabilities | |
| |
| |
Buffer Overflows | |
| |
| |
Poor Web Design | |
| |
| |
Summary | |
| |
| |
| |
Hacking the Internet User | |
| |
| |
Malicious Mobile Code | |
| |
| |
Microsoft ActiveX | |
| |
| |
Java Security Holes | |
| |
| |
Beware the Cookie Monster | |
| |
| |
Internet Explorer HTML Frame Vulnerabilities | |
| |
| |
SSL Fraud | |
| |
| |
Email Hacking | |
| |
| |
Mail Hacking 101 | |
| |
| |
Executing Arbitrary Code Through Email | |
| |
| |
Outlook Address Book Worms | |
| |
| |
File Attachment Attacks | |
| |
| |
IRC Hacking | |
| |
| |
Napster Hacking with Wrapster | |
| |
| |
Global Countermeasures to Internet User Hacking | |
| |
| |
Keep Antivirus Signatures Updated | |
| |
| |
Guarding the Gateways | |
| |
| |
Summary | |
| |
| |
| |
Appendixes | |
| |
| |
| |
Ports | |
| |
| |
| |
Top 14 Security Vulnerabilities | |
| |
| |
| |
About the Companion Web Site | |
| |
| |
Novell | |
| |
| |
UNIX | |
| |
| |
Windows NT | |
| |
| |
Wordlists and Dictionaries | |
| |
| |
Wardialing | |
| |
| |
Enumeration Scripts | |
| |
| |
Index | |