Foreword | p. xv |
Acknowledgments | p. xix |
Introduction | p. xxi |
Casing the Establishment | |
Case Study: Network Security Monitoring | p. 2 |
Footprinting | p. 9 |
What Is Footprinting? | p. 10 |
Internet Footprinting | p. 11 |
Determine the Scope of Your Activities | p. 12 |
Network Enumeration | p. 16 |
DNS Interrogation | p. 25 |
Network Reconnaissance | p. 29 |
Summary | p. 33 |
Scanning | p. 35 |
Determining If the System Is Alive | p. 36 |
Determining Which Services Are Running or Listening | p. 44 |
Scan Types | p. 44 |
Identifying TCP and UDP Services Running | p. 46 |
Windows-Based Port Scanners | p. 52 |
Port Scanning Breakdown | p. 57 |
Detecting the Operating System | p. 60 |
Active Stack Fingerprinting | p. 61 |
Passive Stack Fingerprinting | p. 64 |
The Whole Enchilada: Automated Discovery Tools | p. 66 |
Summary | p. 68 |
Enumeration | p. 69 |
Basic Banner Grabbing | p. 71 |
Enumerating Common Network Services | p. 73 |
Summary | p. 123 |
System Hacking | |
Case Study: The Perils of Pen-Testing | p. 126 |
Hacking Windows 95/98 and Me | p. 129 |
Windows 9x Remote Exploits | p. 131 |
Direct Connection to Windows 9x Shared Resources | p. 131 |
Windows 9x Backdoor Servers and Trojans | p. 137 |
Known Server Application Vulnerabilities | p. 142 |
Windows 9x Local Exploits | p. 143 |
Windows Millennium Edition (Me) | p. 150 |
Windows Me Remote Attacks | p. 150 |
Windows Me Local Attacks | p. 150 |
Summary | p. 152 |
Hacking the Windows NT Family | p. 153 |
Overview | p. 155 |
What's Not Covered | p. 156 |
Unauthenticated Attacks | p. 156 |
Server Message Block (SMB) Attacks | p. 156 |
IIS Attacks | p. 175 |
Authenticated Attacks | p. 185 |
Privilege Escalation | p. 185 |
Pilfering | p. 190 |
Remote Control and Back Doors | p. 200 |
Port Redirection | p. 204 |
General Countermeasures to Authenticated Compromise | p. 206 |
Covering Tracks | p. 210 |
NT Family Security Features | p. 212 |
Keeping Up with Patches | p. 212 |
Group Policy | p. 213 |
IPSec | p. 215 |
runas | p. 216 |
NET Framework | p. 217 |
Internet Connection Firewall | p. 217 |
The Encrypting File System (EFS) | p. 217 |
A Note on Raw Sockets and Other Unsubstantiated Claims | p. 218 |
Summary | p. 219 |
Novell NetWare Hacking | p. 221 |
Attaching but Not Touching | p. 223 |
Enumerating Bindery and Trees | p. 224 |
Opening the Unlocked Doors | p. 231 |
Authenticated Enumeration | p. 233 |
Gaining Admin | p. 238 |
Application Vulnerabilities | p. 241 |
Spoofing Attacks (Pandora) | p. 248 |
Once You Have Admin on a Server | p. 251 |
Owning the NDS Files | p. 253 |
Log Doctoring | p. 259 |
Console Logs | p. 260 |
Summary | p. 263 |
Hacking UNIX | p. 265 |
The Quest for Root | p. 266 |
A Brief Review | p. 266 |
Vulnerability Mapping | p. 267 |
Remote Access vs. Local Access | p. 267 |
Remote Access | p. 268 |
Data Driven Attacks | p. 272 |
I Want My Shell | p. 279 |
Common Types of Remote Attacks | p. 283 |
Local Access | p. 307 |
After Hacking Root | p. 321 |
Rootkits | p. 322 |
Rootkit Recovery | p. 333 |
Summary | p. 334 |
Network Hacking | |
Case Study: Tunneling Out of Firewalls | p. 338 |
Dial-Up, PBX, Voicemail, and VPN Hacking | p. 341 |
Preparing to Dial Up | p. 342 |
War-Dialing | p. 344 |
Hardware | p. 344 |
Legal Issues | p. 345 |
Peripheral Costs | p. 346 |
Software | p. 346 |
Brute-Force Scripting--The Home-Grown Way | p. 362 |
PBX Hacking | p. 374 |
Voicemail Hacking | p. 378 |
Virtual Private Network (VPN) Hacking | p. 383 |
Summary | p. 388 |
Network Devices | p. 391 |
Discovery | p. 392 |
Detection | p. 392 |
Autonomous System Lookup | p. 396 |
Normal Traceroute | p. 396 |
Traceroute with ASN Information | p. 397 |
show ip bgp | p. 397 |
Public Newsgroups | p. 398 |
Service Detection | p. 399 |
Network Vulnerability | p. 405 |
OSI Layer 1 | p. 406 |
OSI Layer 2 | p. 406 |
Detecting Layer 2 Media | p. 406 |
Switch Sniffing | p. 408 |
OSI Layer 3 | p. 416 |
Dsniff | p. 418 |
Misconfigurations | p. 420 |
Route Protocol Hacking | p. 427 |
Summary | p. 437 |
Wireless Hacking | p. 439 |
Wireless Footprinting | p. 440 |
Equipment | p. 441 |
Wireless Scanning and Enumeration | p. 455 |
Wireless Sniffers | p. 456 |
Wireless Monitoring Tools | p. 458 |
MAC Access Control | p. 467 |
Gaining Access (Hacking 802.11) | p. 468 |
MAC Access Control | p. 470 |
Attacks Against the WEP Algorithm | p. 471 |
Securing WEP | p. 473 |
Tools That Exploit WEP Weaknesses | p. 473 |
Denial of Service (DoS) Attacks | p. 477 |
An 802.1x Overview | p. 477 |
Summary | p. 479 |
Firewalls | p. 481 |
Firewall Landscape | p. 482 |
Firewall Identification | p. 483 |
Advanced Firewall Discovery | p. 487 |
Scanning Through Firewalls | p. 490 |
Packet Filtering | p. 494 |
Application Proxy Vulnerabilities | p. 498 |
WinGate Vulnerabilities | p. 500 |
Summary | p. 502 |
Denial of Service (DoS) Attacks | p. 503 |
Motivation of DoS Attackers | p. 504 |
Types of DoS Attacks | p. 505 |
Bandwidth Consumption | p. 505 |
Resource Starvation | p. 506 |
Programming Flaws | p. 506 |
Routing and DNS Attacks | p. 507 |
Generic DoS Attacks | p. 508 |
Sites Under Attack | p. 510 |
UNIX and Windows DoS | p. 514 |
Remote DoS Attacks | p. 514 |
Distributed Denial of Service Attacks | p. 518 |
Local DoS Attacks | p. 524 |
Summary | p. 525 |
Software Hacking | |
Case Study: You Say Goodbye, I Say Hello | p. 528 |
Remote Control Insecurities | p. 529 |
Discovering Remote Control Software | p. 530 |
Connecting | p. 531 |
Weaknesses | p. 532 |
Virtual Network Computing (VNC) | p. 539 |
Microsoft Terminal Server and Citrix ICA | p. 543 |
Server | p. 544 |
Clients | p. 544 |
Data Transmission | p. 544 |
Finding Targets | p. 544 |
Attacking Terminal Server | p. 547 |
Additional Security Considerations | p. 551 |
Resources | p. 552 |
Summary | p. 553 |
Advanced Techniques | p. 555 |
Session Hijacking | p. 556 |
Back Doors | p. 558 |
Trojans | p. 580 |
Cryptography | p. 583 |
Terminology | p. 583 |
Classes of Attacks | p. 583 |
Secure Shell (SSH) Attacks | p. 584 |
Subverting the System Environment: Rootkits and Imaging Tools | p. 586 |
Social Engineering | p. 589 |
Summary | p. 591 |
Web Hacking | p. 593 |
Web Server Hacking | p. 594 |
Source Code Disclosure | p. 595 |
Canonicalization Attacks | p. 597 |
WebDAV Vulnerabilities | p. 597 |
Buffer Overflows | p. 600 |
ColdFusion Vulnerabilities | p. 609 |
Web Server Vulnerability Scanners | p. 611 |
Web Application Hacking | p. 612 |
Finding Vulnerable Web Apps with Google | p. 613 |
Web Crawling | p. 614 |
Web Application Assessment | p. 615 |
Common Web Application Vulnerabilities | p. 623 |
Summary | p. 629 |
Hacking the Internet User | p. 631 |
Malicious Mobile Code | p. 633 |
Microsoft ActiveX | p. 633 |
Java Security Holes | p. 645 |
Beware the Cookie Monster | p. 649 |
Internet Explorer HTML Frame Vulnerabilities | p. 654 |
SSL Fraud | p. 656 |
E-mail Hacking | p. 659 |
Mail Hacking 101 | p. 659 |
Executing Arbitrary Code Through E-Mail | p. 662 |
Outlook Address Book Worms | p. 676 |
File Attachment Attacks | p. 679 |
Writing Attachments to Disk Without User Intervention | p. 682 |
Invoking Outbound Client Connections | p. 687 |
IRC Hacking | p. 690 |
Global Countermeasures to Internet User Hacking | p. 692 |
Summary | p. 693 |
Appendixes | |
Ports | p. 697 |
Top 14 Security Vulnerabilities | p. 703 |
Index | p. 705 |
Table of Contents provided by Ingram. All Rights Reserved. |