Ads 468x60px

Wednesday, January 16, 2013

PRACTICAL HACKING TECHNIQUES AND COUNTERMEASURES









November 2, 2006  0849370574  978-0849370571




Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.


Written in a lab manual style, the book begins with the installation of the VMware® Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks.

Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures 

By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.


Content


Preparation ............................................................................................1
Installing VMware Workstation............................................................................ 3
Configuring Virtual Machines............................................................................ 10
Installing a Virtual Windows 2000 Workstation ....................................... 11
Installing VMware Tools for Windows 2000 Virtual Machines................. 29
Installing a Red Hat Version 8 Virtual Machine ....................................... 35
Installing VMware Tools for Red Hat Virtual Machines............................ 55
What Is on the CD?........................................................................................... 60
Restrict Anonymous........................................................................................... 60
To Restrict Anonymous ............................................................................ 60
In Windows NT ............................................................................... 60
For Windows XP, 2003..................................................................... 60
For Windows 2000 .......................................................................... 61
What Is the Difference? ........................................................................... 61
2
Banner Identification..........................................................................63
Lab 1: Banner Identification .............................................................................. 65
Lab 2: Banner Identification .............................................................................. 67
Lab 3: Banner Identification .............................................................................. 73
Lab 4: Operating System Identification............................................................. 75
Detect Operating System of Target: Xprobe2
Lab 5: Banner Identification .............................................................................. 79
Lab 6: Banner Identification .............................................................................. 84
Lab 7: Personal Social Engineering ................................................................... 86
Social Engineering Techniques: Dumpster Diving/Personnel

3
Target Enumeration ............................................................................87
Lab 8: Establish a NULL Session........................................................................ 89
Establish a NULL Session: NULL Session
Lab 9: Enumerate Target MAC Address.............................................................. 90
Enumerate MAC Address and Total NICs: GETMAC
Lab 10: Enumerate SID from User ID ............................................................... 91
Enumerate the SID from the Username: USER2SID
Lab 11: Enumerate User ID from SID ............................................................... 93
Enumerate the Username from the Known SID: SID2USER
Lab 12: Enumerate User Information ................................................................ 96
Enumerate User Information from Target: USERDUMP
Lab 13: Enumerate User Information ................................................................ 97
Exploit Data from Target Computer: USERINFO
Lab 14: Enumerate User Information ................................................................ 98
Exploit User Information from Target: DUMPSEC
Lab 15: Host/Domain Enumeration................................................................. 102
Enumerate Hosts and Domains of LAN: Net Commands
Lab 16: Target Connectivity/Route .................................................................. 105
Detect Target Connectivity: PingG
Lab 17: Target Connectivity/Route .................................................................. 107
Connectivity/Routing Test: Pathping
Lab 18: Operating System Identification......................................................... 109
Identify Target Operating System: Nmap/nmapFE
Lab 19: Operating System Identification......................................................... 117
Identify Target Operating System: NmapNT
Lab 20: IP/Hostname Enumeration ................................................................. 123
Enumerate IP or Hostname: Nslookup
Lab 21: IP/Hostname Enumeration ................................................................. 124
Enumerate IP or Hostname: Nmblookup
Lab 22: RPC Reporting .................................................................................... 125
Report the RPC of Target: Rpcinfo
Lab 23: Location/Registrant Identification ...................................................... 126
Gather Registration Info/Trace Visual Route: Visual Route
Lab 24: Registrant Identification ..................................................................... 128
Gather IP or Hostname: Sam Spade
Lab 25: Operating System Identification......................................................... 131
Gather OS Runtime and Registered IPs: Netcraft
Lab 26: Operating System Identification......................................................... 133
Scan Open Ports of Target: Sprint
Lab 27: Default Shares ..................................................................................... 135
Disable Default Shares: Windows Operating System
Lab 28: Host Enumeration............................................................................... 139
Scan Open Ports of Target: WinFingerprint
4
Scanning.............................................................................................145
Lab 29: Target Scan/Share Enumeration .......................................................... 147
Scan Open Ports of Target: Angry IP

Lab 30: Target Scan/Penetration ...................................................................... 151
Scan Open Ports/Penetration Testing: LANguard
Lab 31: Target Scan through Firewall .............................................................. 153
Scan Open Ports of Target: Fscan
Lab 32: Passive Network Discovery ................................................................ 154
Passively Identify Target Information on the LAN: Passifist
Lab 33: Network Discovery............................................................................. 158
Identify Target Information: LanSpy
Lab 34: Open Ports/Services ........................................................................... 161
Scan Open Ports/Services of Target: Netcat
Lab 35: Port Scan/Service Identification ......................................................... 163
Scan Open Ports of Target: SuperScan
Lab 36: Port Scanner ....................................................................................... 166
Identify Ports Open: Strobe
Lab 37: Anonymous FTP Locator..................................................................... 169
Locate Anonymous FTP Servers: FTPScanner
Lab 38: CGI Vulnerability Scanner................................................................... 171
Identify CGI Vulnerabilities: TCS CGI Scanner
Lab 39: Shared Resources Locator .................................................................. 178
Identify Open Shared Resources: Hydra
Lab 40: Locate Wingate Proxy Servers ............................................................ 187
Locate Wingate Proxy Servers: WGateScan/ADM Gates
5
Sniffing Traffic ..................................................................................193
Lab 41: Packet Capture — Sniffer ................................................................... 195
Exploit Data from Network Traffic: Ethereal
To Install Ethereal on a Red Hat Linux Computer....................... 196
To Install Ethereal on Microsoft Windows.................................... 206
Lab 42: Packet Capture — Sniffer ................................................................... 213
Exploit Data from Network Traffic: Ngrep
For Linux ....................................................................................... 213
For Windows ................................................................................. 219
Lab 43: Packet Capture — Sniffer ................................................................... 223
Exploit Data from Network Traffic
:
TcpDump
Lab 44: Packet Capture — Sniffer ................................................................... 230
Exploit Data from Network Traffic: WinDump
Lab 45: Packet Capture — Sniffer ................................................................... 234
Monitor IP Network Traffic Flow: IPDump2
For Linux ....................................................................................... 234
For Windows ................................................................................ 237
Lab 46: Password Capture — Sniffer .............................................................. 240
Exploit Passwords and Sniff the Network: ZxSniffer
Lab 47: Exploit Data from Target Computer — Sniffit ................................... 249
6
Spoofing .............................................................................................261
Lab 48: Spoofing IP Addresses......................................................................... 263
Send Packets via False IP Address: RafaleX
Lab 49: Spoofing MAC Addresses .................................................................... 268
Send Packets via a False MAC Address: SMAC

Lab 50: Spoofing MAC Addresses .................................................................... 277
Send Packets via a False MAC Address: Linux
Lab 51: Packet Injection/Capture/Trace.......................................................... 284
Send Packets via a False IP/MAC Address: Packit
Lab 52: Spoof MAC Address ............................................................................ 295
Altering the MAC Address: VMware Workstation
7
Brute Force ........................................................................................299
Lab 53: Brute-Force FTP Server....................................................................... 301
Crack an FTP Password: NETWOX/NETWAG
Lab 54: Retrieve Password Hashes .................................................................. 309
Extract Password Hashes: FGDump
Lab 55: Crack Password Hashes ...................................................................... 313
Crack and Capture Password Hashes: LC5
Lab 56: Overwrite Administrator Password..................................................... 325
Change the Administrator Password: CHNTPW
Lab 57: Brute-Force Passwords........................................................................ 337
Brute-Force Passwords for a Hashed File: John the Ripper
Lab 58: Brute-Force FTP Password.................................................................. 346
Brute-Force an FTP Password Connection: BruteFTP
Lab 59: Brute-Force Terminal Server ............................................................... 354
Brute-Force Terminal Server Passwords: TSGrinder II
8
Vulnerability Scanning .....................................................................357
Lab 60: Vulnerability Scanner .......................................................................... 359
Perform Vulnerability Assessment: SAINT
Lab 61: SNMP Walk.......................................................................................... 379
Exploit Data via SNMP Walk: NETWOX/NETWAG
Lab 62: Brute-Force Community Strings ......................................................... 386
Exploit the SNMP Community Strings: Solar Winds
Lab 63: Target Assessment ............................................................................... 392
Assessment of Target Security: Retina
Lab 64: Target Assessment ............................................................................... 397
Assessment of Target Security: X-Scan
Lab 65: Vulnerability Scanner .......................................................................... 402
Perform Vulnerability Assessment: SARA
Lab 66: Web Server Target Assessment ............................................................ 414
Assessment of Web Server Security: N-Stealth
Lab 67: Vulnerability Scanner .......................................................................... 421
Exploit Data from Target Computer: Pluto
Lab 68: Vulnerability Assessment..................................................................... 429
Perform Vulnerability Assessment: Metasploit
On Windows.................................................................................. 429
On Linux ....................................................................................... 441
Lab 69: Web Server Target Assessment ............................................................ 451
Assessment of Web Server Security: Nikto
Lab 70: Vulnerability Scanner .......................................................................... 455
Assessment of Target Security: Shadow Scanner

Lab 71: Internet Vulnerability Scanner ............................................................ 468
Assessment of Target Security: Cerberus
Lab 72: WHAX — Auto Exploit Reverse Shell ................................................ 474
Automatically Exploit the Target: AutoScan
Lab 73: Unique Fake Lock Screen XP ............................................................. 491
Grab the Administrator Password: Fake Lock Screen XP
Lab 74: Bypassing Microsoft Serial Numbers.................................................. 499
Bypassing Serial Number Protection: RockXP/Custom Script
Lab 75: Vulnerability Exploit ........................................................................... 507
Assessment of Target Security: Web Hack Control Center
9
Wireless ..............................................................................................511
Lab 76: Locate Unsecured Wireless................................................................. 513
Locate Unsecured Wireless: NetStumbler/Mini-Stumbler
Lab 77: Trojan .................................................................................................. 519
Unauthorized Access and Control: Back Orifice
On the Target Computer ............................................................... 519
On the Attacker’s Computer ......................................................... 528
Lab 78: Trojan .................................................................................................. 534
Unauthorized Access and Control: NetBus
On the Target (Server)................................................................... 534
On the Attacker’s Computer ......................................................... 540
Lab 79: ICMP Tunnel Backdoor....................................................................... 545
Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky
On the Target (Server)................................................................... 545
On the Attacker’s Machine............................................................ 548
Lab 80: Hiding Tools on the Target.................................................................. 553
Hiding Files on the Target: CP
Scenario: Hiding Netcat inside the Calculator Application .......... 553
To Verify ........................................................................................ 555
Lab 81: Capturing Switched Network Traffic.................................................. 556
Intercept/Exploit Traffic: Ettercap
Lab 82: Password Capture ............................................................................... 573
Capture Passwords Traversing the Network: Dsniff
Lab 83: Data Manipulation .............................................................................. 574
Manipulate the Live Data Stream: Achilles
Lab 84: Covert Reverse Telnet Session............................................................ 588
Create a Reverse Telnet Session: Netcat
Lab 85: Covert Channel — Reverse Shell ....................................................... 596
Exploit Data from Target Computer: Reverse Shell
10 Redirection.........................................................................................603
Lab 86: PortMapper ......................................................................................... 605
Traffic Redirection: PortMapper
Lab 87: Executing Applications — Elitewrap.................................................. 618
Executing Hidden Applications: Elitewrap
Lab 88: TCP Relay — Bypass Firewalls............................................................ 627
Traffic Redirection: Fpipe

Lab 89: Remote Execution .............................................................................. 633
Remote Execution on Target: PsExec
Lab 90: TCP Relay — Bypass Firewalls............................................................ 638
Traffic Redirection: NETWOX/NETWAG
11 Denial-of-Service (DoS).....................................................................643
Lab 91: Denial-of-Service — Land Attack ........................................................ 645
DoS Land Attack: Land Attack
Lab 92: Denial-of-Service — Smurf Attack ...................................................... 650
DoS Smurf Attack: Smurf Attack
Lab 93: Denial-of-Service — SYN Attack ......................................................... 655
DoS Land Attack: SYN Attack
Lab 94: Denial-of-Service — UDP Flood ......................................................... 660
DoS UDP Flood Attack: UDP Flood Attack
Lab 95: Denial-of-Service — Trash2.c .............................................................. 665
Create Denial-of-Service Traffic: Trash2.c
Appendix A: References ...........................................................................671
Appendix B: Tool Syntax..........................................................................675
Index...........................................................................................................725



DOWNLOAD :: LINKs : PART-1 :: PART-2 :: PART-3