Foreword | p. xvii |
Acknowledgments | p. xxi |
Introduction | p. xxiii |
Casing the Establishment | |
Case Study: Target Acquisition | p. 2 |
Footprinting | p. 5 |
What Is Footprinting? | p. 6 |
Why Is Footprinting Necessary? | p. 6 |
Internet Footprinting | p. 6 |
Determine the Scope of Your Activities | p. 8 |
Network Enumeration | p. 13 |
DNS Interrogation | p. 22 |
Network Reconnaissance | p. 27 |
Summary | p. 31 |
Scanning | p. 33 |
Scan Types | p. 44 |
Identifying TCP and UDP Services Running | p. 46 |
Windows-Based Port Scanners | p. 51 |
Port Scanning Breakdown | p. 57 |
Active Stack Fingerprinting | p. 61 |
Passive Stack Fingerprinting | p. 65 |
The Whole Enchilada: Automated Discovery Tools | p. 67 |
Summary | p. 68 |
Enumeration | p. 71 |
Windows NT/2000 Enumeration | p. 72 |
NT/2000 Network Resource Enumeration | p. 76 |
NT/2000 User and Group Enumeration | p. 87 |
NT/2000 Applications and Banner Enumeration | p. 95 |
Let Your Scripts Do the Walking | p. 99 |
Novell Enumeration | p. 100 |
Browsing the Network Neighborhood | p. 100 |
UNIX Enumeration | p. 106 |
Summary | p. 113 |
System Hacking | |
Case Study: Know Your Enemy | p. 116 |
Hacking Windows 95/98 and ME | p. 117 |
Win 9x Remote Exploits | p. 118 |
Direct Connection to Win 9x Shared Resources | p. 119 |
Win 9x Backdoor Servers and Trojans | p. 124 |
Known Server Application Vulnerabilities | p. 129 |
Win 9x Denial of Service | p. 130 |
Win 9x Local Exploits | p. 130 |
Windows Millennium Edition (ME) | p. 137 |
Summary | p. 138 |
Hacking Windows NT | p. 141 |
Overview | p. 143 |
Where We're Headed | p. 143 |
What About Windows 2000? | p. 143 |
The Quest for Administrator | p. 144 |
Remote Exploits: Denial of Service and Buffer Overflows | p. 160 |
Privilege Escalation | p. 164 |
Consolidation of Power | p. 174 |
Exploiting Trust | p. 185 |
Sniffers | p. 190 |
Remote Control and Back Doors | p. 194 |
Port Redirection | p. 203 |
General Countermeasures to Privileged Compromise | p. 207 |
Rootkit: The Ultimate Compromise | p. 211 |
Covering Tracks | p. 214 |
Disabling Auditing | p. 214 |
Clearing the Event Log | p. 214 |
Hiding Files | p. 215 |
Summary | p. 216 |
Hacking Windows 2000 | p. 219 |
Footprinting | p. 221 |
Scanning | p. 221 |
Enumeration | p. 226 |
Penetration | p. 229 |
NetBIOS-SMB Password Guessing | p. 229 |
Eavesdropping on Password Hashes | p. 229 |
Attacks Against IIS 5 | p. 229 |
Remote Buffer Overflows | p. 233 |
Denial of Service | p. 233 |
Privilege Escalation | p. 238 |
Pilfering | p. 241 |
Grabbing the Win 2000 Password Hashes | p. 241 |
The Encrypting File System (EFS) | p. 246 |
Exploiting Trust | p. 249 |
Covering Tracks | p. 251 |
Disabling Auditing | p. 251 |
Clearing the Event Log | p. 252 |
Hiding Files | p. 252 |
Back Doors | p. 252 |
Startup Manipulation | p. 252 |
Remote Control | p. 255 |
Keystroke Loggers | p. 257 |
General Countermeasures: New Windows Security Tools | p. 257 |
Group Policy | p. 257 |
Runas | p. 260 |
Summary | p. 261 |
Novell NetWare Hacking | p. 265 |
Attaching but Not Touching | p. 267 |
Enumerate Bindery and Trees | p. 268 |
Opening the Unlocked Doors | p. 275 |
Authenticated Enumeration | p. 277 |
Gaining Admin | p. 282 |
Application Vulnerabilities | p. 285 |
Spoofing Attacks (Pandora) | p. 287 |
Once You Have Admin on a Server | p. 290 |
Owning the NDS Files | p. 292 |
Log Doctoring | p. 298 |
Console Logs | p. 299 |
Further Resources | p. 302 |
Web Sites (ftp://ftp.novell.com/pub/updates/nw/nw411/) | p. 302 |
Usenet Groups | p. 303 |
Summary | p. 303 |
Hacking UNIX | p. 305 |
The Quest for Root | p. 306 |
A Brief Review | p. 306 |
Vulnerability Mapping | p. 307 |
Remote Access Versus Local Access | p. 307 |
Remote Access | p. 308 |
Data Driven Attacks | p. 312 |
I Want My Shell | p. 317 |
Common Types of Remote Attacks | p. 322 |
Local Access | p. 339 |
After Hacking Root | p. 357 |
Trojans | p. 358 |
Rootkit Recovery | p. 369 |
Summary | p. 370 |
Network Hacking | |
Case Study: Sweat the Small Stuff! | p. 374 |
Dial-Up, PBX, Voicemail, and VPN Hacking | p. 377 |
Wardialing | p. 380 |
Hardware | p. 380 |
Legal Issues | p. 381 |
Peripheral Costs | p. 382 |
Software | p. 382 |
A Final Note | p. 403 |
PBX Hacking | p. 405 |
Virtual Private Network (VPN) Hacking | p. 415 |
Summary | p. 419 |
Network Devices | p. 421 |
Discovery | p. 422 |
Detection | p. 422 |
SNMP | p. 429 |
Back Doors | p. 433 |
Default Accounts | p. 433 |
Lower the Gates (Vulnerabilities) | p. 437 |
Shared Versus Switched | p. 443 |
Detecting the Media You're On | p. 444 |
Passwords on a Silver Platter: Dsniff | p. 445 |
Sniffing on a Network Switch | p. 448 |
snmpsniff | p. 452 |
Summary | p. 457 |
Firewalls | p. 459 |
Firewall Landscape | p. 460 |
Firewall Identification | p. 460 |
Advanced Firewall Discovery | p. 465 |
Scanning Through Firewalls | p. 469 |
Packet Filtering | p. 473 |
Application Proxy Vulnerabilities | p. 477 |
WinGate Vulnerabilities | p. 479 |
Summary | p. 481 |
Denial of Service (DoS) Attacks | p. 483 |
Motivation of DoS Attackers | p. 484 |
Types of DoS Attacks | p. 485 |
Bandwidth Consumption | p. 485 |
Resource Starvation | p. 486 |
Programming Flaws | p. 486 |
Routing and DNS Attacks | p. 487 |
Generic DoS Attacks | p. 488 |
Sites Under Attack | p. 491 |
UNIX and Windows NT DoS | p. 494 |
Remote DoS Attacks | p. 495 |
Distributed Denial of Service Attacks | p. 499 |
Local DoS Attacks | p. 504 |
Summary | p. 506 |
Software Hacking | |
Case Study: Using All the Dirty Tricks to Get In | p. 508 |
Remote Control Insecurities | p. 511 |
Discovering Remote Control Software | p. 512 |
Connecting | p. 513 |
Weaknesses | p. 514 |
Revealed Passwords | p. 516 |
Uploading Profiles | p. 517 |
What Software Package Is the Best in Terms of Security? | p. 521 |
pcAnywhere | p. 521 |
ReachOut | p. 521 |
Remotely Anywhere | p. 521 |
Remotely Possible/ControlIT | p. 523 |
Timbuktu | p. 523 |
Virtual Network Computing (VNC) | p. 523 |
Citrix | p. 526 |
Summary | p. 527 |
Advanced Techniques | p. 529 |
Session Hijacking | p. 530 |
Back Doors | p. 533 |
Trojans | p. 555 |
Subverting the System Environment: Rootkits and Imaging Tools | p. 558 |
Social Engineering | p. 561 |
Summary | p. 563 |
Web Hacking | p. 565 |
Web Pilfering | p. 566 |
Finding Well-Known Vulnerabilities | p. 570 |
Automated Scripts, for All Those "Script Kiddies" | p. 570 |
Automated Applications | p. 572 |
Script Inadequacies: Input Validation Attacks | p. 573 |
Active Server Pages (ASP) Vulnerabilities | p. 582 |
Buffer Overflows | p. 590 |
Poor Web Design | p. 598 |
Summary | p. 600 |
Hacking the Internet User | p. 601 |
Malicious Mobile Code | p. 603 |
Microsoft ActiveX | p. 603 |
Java Security Holes | p. 614 |
Beware the Cookie Monster | p. 618 |
Internet Explorer HTML Frame Vulnerabilities | p. 621 |
SSL Fraud | p. 623 |
Email Hacking | p. 626 |
Mail Hacking 101 | p. 626 |
Executing Arbitrary Code Through Email | p. 629 |
Outlook Address Book Worms | p. 637 |
File Attachment Attacks | p. 639 |
IRC Hacking | p. 647 |
Napster Hacking with Wrapster | p. 649 |
Global Countermeasures to Internet User Hacking | p. 650 |
Keep Antivirus Signatures Updated | p. 650 |
Guarding the Gateways | p. 651 |
Summary | p. 652 |
Appendixes | |
Ports | p. 657 |
Top 14 Security Vulnerabilities | p. 661 |
About the Companion Web Site | p. 663 |
Novell | p. 664 |
UNIX | p. 665 |
Windows NT | p. 665 |
Wordlists and Dictionaries | p. 666 |
Wardialing | p. 666 |
Enumeration Scripts | p. 666 |
Index | p. 667 |
Table of Contents provided by Syndetics. All Rights Reserved. |