Preface p. xv Introduction p. xxi Hacking Today p. 1 Defining the Hacker p. 9 Hacker Skill Levels p. 10 Information Security Consultants p. 13 Hacker Myths p. 14 Information Security Myths p. 15 Penetration for Hire p. 19 Ramifications of Penetration Testing p. 20 Requirements for a Freelance Consultant p. 21 Announced vs. Unannounced Penetration Testing p. 25 Where the Exposures Lie p. 29 Application Holes p. 32 Berkeley Internet Name Domain (BIND) Implementations p. 32 Common Gateway Interface (CGI) p. 33 Clear Text Services p. 33 Default Accounts p. 34 Domain Name Service (DNS) p. 34 File Permissions p. 35 FTP and telnet p. 35 ICMP p. 36 IMAP and POP p. 37 Modems p. 37 Lack of Monitoring and Intrusion Detection p. 38 Network Architecture p. 38 Network File System (NFS) p. 40 NT Ports 135-139 p. 40 NT Null Connection p. 40 Poor Passwords and User IDs p. 41 Remote Administration Services p. 43 Remote Procedure Call (RPC) p. 43 sendmail p. 44 Services Started by Default p. 44 Simple Mail Transport Protocol (SMTP) p. 45 Simple Network Management Protocol (SNMP) Community Strings p. 45 Viruses and Hidden Code p. 46 Web Server Sample Files p. 47 Web Server General Vulnerabilities p. 48 Monitoring Vulnerabilities p. 48 Internet Penetration p. 51
Network Enumeration/Discovery p. 52 Vulnerability Analysis p. 59 Exploitation p. 65 Case Study: Dual-Homed Hosts p. 68 Dial-In Penetration p. 71 War Dialing p. 71 War Dialing Method p. 72 Gathering Numbers p. 75 Precautionary Methods p. 77 War Dialing Tools p. 78 Case Study: War Dialing p. 87 Internal Penetration Testing p. 91 Scenarios p. 92 Network Discovery p. 93 NT Enumeration p. 99 UNIX p. 102 Searching for Exploits p. 104 Sniffing p. 105 Remotely Installing a Hacker Tool Kit p. 107 Vulnerability Scanning p. 108 Case Study: Snoop the User Desktop p. 109 Social Engineering p. 113 The Telephone p. 114 Dumpster Diving p. 120 Desktop Information p. 121 Common Countermeasures p. 123 UNIX Methods p. 125 UNIX Services p. 127 Buffer Overflow Attacks p. 136 File Permissions p. 137 Applications p. 140 Misconfigurations p. 145 UNIX Tools p. 146 Case Study: UNIX Penetration p. 154 The Tool Kit p. 157 Hardware p. 158 Software p. 159 VMware p. 161 Automated Vulnerability Scanners p. 165 Definition p. 165 Testing Use p. 166
Shortfalls p. 166 Network-Based and Host-Based Scanners p. 168 Tools p. 169 Network-Based Scanners p. 171 Host-Based Scanners p. 181 Pentasafe VigilEnt p. 184 Conclusion p. 186 Discovery Tools p. 187 WS_Ping ProPack p. 187 NetScanTools p. 198 Sam Spade p. 207 Rhino9 Pinger p. 221 VisualRoute p. 223 Nmap p. 226 What's running p. 228 Port Scanners p. 229 Nmap p. 229 7th Sphere Port Scanner p. 237 Strobe p. 238 SuperScan p. 239 Sniffers p. 243 Dsniff p. 244 Linsniff p. 246 Tcpdump p. 247 BUTTSniffer p. 248 SessionWall-3 (Now etrust Intrusion Detection) p. 249 AntiSniff p. 251 Password Crackers p. 255 LOphtCrack p. 255 pwdump2 p. 263 John the Ripper p. 264 Cain p. 266 ShowPass p. 267 Windows NT Tools p. 271 Net Use p. 271 Null Connection p. 272 Net View p. 273 Nltest p. 275 Nbtstat p. 276 epdump p. 277 Netdom p. 278
Getmac p. 279 Local Administrators p. 280 Global ("Domain Admins") p. 280 Usrstat p. 281 DumpSec p. 282 user2sid/sid2user p. 286 NetBIOS Auditing Tool (NAT) p. 287 SMBGrind p. 289 Srvcheck p. 291 Srvinfo p. 291 AuditPol p. 292 Regdmp p. 293 Somarsoft DumpReg p. 295 Remote p. 297 Netcat p. 298 SC p. 300 AT p. 301 FPipe p. 302 Case Study: Weak Passwords p. 304 Case Study: Internal Penetration to Windows p. 310 Web-Testing Tools p. 315 Whisker p. 316 SiteScan p. 318 THC Happy Browser p. 319 wwwhack p. 320 Web Cracker p. 322 Brutus p. 323 Case Study: Compaq Management Agents Vulnerability p. 325 Remote Control p. 329 pcanywhere p. 330 Virtual Network Computing p. 335 NetBus p. 338 Back Orifice 2000 p. 344 Intrusion Detection Systems p. 347 Definition p. 347 IDS Evasion p. 350 Pitfalls p. 356 Traits of Effective IDSs p. 356 IDS Selection p. 362 Firewalls p. 369 Definition p. 369
Monitoring p. 370 Configuration p. 372 Change Control p. 372 Firewall Types p. 373 Network Address Translation p. 375 Evasive Techniques p. 376 Firewalls and Virtual Private Networks p. 379 Case Study: Internet Information Server Exploit--MDAC p. 380 Denial-of-Service Attacks p. 383 Resource Exhaustion Attacks p. 386 Port Flooding p. 390 SYN Flooding p. 391 IP Fragmentation Attacks p. 393 Distributed Denial-of-Service Attacks p. 396 Application-Based DoS Attacks p. 405 Concatenated DoS Tools p. 412 Summary p. 416 Wrapping It Up p. 419 Countermeasures p. 420 Keeping Current p. 423 Future Trends p. 433 Authentication p. 433 Encryption p. 437 Public Key Infrastructure p. 438 Distributed Systems p. 438 Forensics p. 439 Government Regulation p. 440 Hacking Techniques p. 441 Countermeasures p. 442 Cyber-Crime Insurance p. 442 CD-ROM Contents p. 445 The Twenty Most Critical Internet Security Vulnerabilities--The Experts' Consensus p. 451 Index p. 497 Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.