Thông tin tài liệu
I l@ve RuBoard
Front Matter
Table of Contents
About the Author
Examples
Hack I.T.: Security Through Penetration Testing
T. J. Klevinsky
Scott Laliberte
Ajay Gupta
Publisher: Addison Wesley
First Edition February 01, 2002
ISBN: 0-201-71956-8, 544 pages
"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls,
contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and
error, as well as experience, and documented a previously unknown black art."
-From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team
Penetration testing in which professional, "white hat" hackers attempt to break through an
organization’s security defenses has become a key defense weapon in today’s information systems
security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent
true "black hat" hackers from compromising systems and exploiting proprietary information.
Hack I.T.introduces penetration testing and its vital role in an overall network security plan. You will
learn about the roles and responsibilities of a penetration testing professional, the motivation and
strategies of the underground hacking community, and potential system vulnerabilities, along with
corresponding avenues of attack. Most importantly, the book provides a framework for performing
penetration testing and offers step-by-step descriptions of each stage in the process. The latest
information on the necessary hardware for performing penetration testing, as well as an extensive
reference on the available security tools, is included.
Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies,
techniques, and tools you need to test and protect your system before the real hackers attack.
I l@ve RuBoard
I l@ve RuBoard
Hack I.T.: Security Through Penetration Testing
Foreword
Preface
Audience
Authors
How to Use This Book
Acknowledgments
Introduction
1. Hacking Today
2. Defining the Hacker
2.1 Hacker Skill Levels
2.2 Information Security Consultants
2.3 Hacker Myths
2.4 Information Security Myths
3. Penetration for Hire
3.1 Ramifications of Penetration Testing
3.2 Requirements for a Freelance Consultant
3.3 Announced vs. Unannounced Penetration Testing
4. Where the Exposures Lie
4.1 Application Holes
4.2 Berkeley Internet Name Domain ( BIND ) Implementations
4.3 Common Gateway Interface ( CGI )
4.4 Clear Text Services
4.5 Default Accounts
4.6 Domain Name Service ( DNS )
4.7 File Permissions
4.8 FTP and telnet
4.9 ICMP
4.10 IMAP and POP
4.11 Modems
4.12 Lack of Monitoring and Intrusion Detection
4.13 Network Architecture
4.14 Network File System ( NFS )
4.15 NT Ports 135?139
4.16 NT Null Connection
4.17 Poor Passwords and User IDs
4.18 Remote Administration Services
4.19 Remote Procedure Call ( RPC )
4.20 SENDMAIL
4.21 Services Started by Default
4.22 Simple Mail Transport Protocol ( SMTP )
4.23 Simple Network Management Protocol ( SNMP ) Community Strings
4.24 Viruses and Hidden Code
4.25 Web Server Sample Files
4.26 Web Server General Vulnerabilities
4.27 Monitoring Vulnerabilities
5. Internet Penetration
5.1 Network Enumeration/Discovery
5.2 Vulnerability Analysis
5.3 Exploitation
Case Study: Dual-Homed Hosts
6. Dial-In Penetration
6.1 War Dialing
6.2 War Dialing Method
6.3 Gathering Numbers
6.4 Precautionary Methods
6.5 War Dialing Tools
Case Study: War Dialing
7. Testing Internal Penetration
7.1 Scenarios
7.2 Network Discovery
7.3 NT Enumeration
7.4 UNIX
7.5 Searching for Exploits
7.6 Sniffing
7.7 Remotely Installing a Hacker Tool Kit
7.8 Vulnerability Scanning
Case Study: Snoop the User Desktop
8. Social Engineering
8.1 The Telephone
8.2 Dumpster Diving
8.3 Desktop Information
8.4 Common Countermeasures
9. UNIX Methods
9.1 UNIX Services
9.2 Buffer Overflow Attacks
9.3 File Permissions
9.4 Applications
9.5 Misconfigurations
9.6 UNIX Tools
Case Study: UNIX Penetration
10. The Tool Kit
10.1 Hardware
10.2 Software
10.3 VMware
11. Automated Vulnerability Scanners
11.1 Definition
11.2 Testing Use
11.3 Shortfalls
11.4 Network-Based and Host-Based Scanners
11.5 Tools
11.6 Network-Based Scanners
11.7 Host-Based Scanners
11.8 Pentasafe VigilEnt
11.9 Conclusion
12. Discovery Tools
12.1 WS_Ping ProPack
12.2 NetScanTools
12.3 Sam Spade
12.4 Rhino9 Pinger
12.5 VisualRoute
12.6 Nmap
12.7 What's running
13. Port Scanners
13.1 Nmap
13.2 7th Sphere Port Scanner
13.3 Strobe
13.4 SuperScan
14. Sniffers
14.1 Dsniff
14.2 Linsniff
14.3 Tcpdump
14.4 BUTTSniffer
14.5 SessionWall-3 (Now eTrust Intrusion Detection)
14.6 AntiSniff
15. Password Crackers
15.1 L0phtCrack
15.2 pwdump2
15.3 John the Ripper
15.4 Cain
15.5 ShowPass
16. Windows NT Tools
16.1 NET USE
16.2 Null Connection
16.3 NET VIEW
16.4 NLTEST
16.5 NBTSTAT
16.6 epdump
16.7 NETDOM
16.8 Getmac
16.9 Local Administrators
16.10 Global (?Domain Admins?)
16.11 Usrstat
16.12 DumpSec
16.13 user2Sid/sid2User
16.14 NetBIOS Auditing Tool ( NAT )
16.15 SMBGrind
16.16 SRVCHECK
16.17 SRVINFO
16.18 AuditPol
16.19 REGDMP
16.20 Somarsoft DumpReg
16.21 Remote
16.22 Netcat
16.23 SC
16.24 AT
16.25 FPipe
Case Study: Weak Passwords
Case Study: Internal Penetration to Windows
17. Web-Testing Tools
17.1 Whisker
17.2 SiteScan
17.3 THC Happy Browser
17.4 wwwhack
17.5 Web Cracker
17.6 Brutus
Case Study: Compaq Management Agents Vulnerability
18. Remote Control
18.1 pcAnywhere
18.2 Virtual Network Computing
18.3 NetBus
18.4 Back Orifice 2000
19. Intrusion Detection Systems
19.1 Definition
19.2 IDS Evasion
19.3 Pitfalls
19.4 Traits of Effective IDSs
19.5 IDS Selection
20. Firewalls
20.1 Definition
20.2 Monitoring
20.3 Configuration
20.4 Change Control
20.5 Firewall Types
20.6 Network Address Translation
20.7 Evasive Techniques
20.8 Firewalls and Virtual Private Networks
Case Study: Internet Information Server Exploit?MDAC
21. Denial-of-Service Attacks
21.1 Resource Exhaustion Attacks
21.2 Port Flooding
21.3 SYN Flooding
21.4 IP Fragmentation Attacks
21.5 Distributed Denial-of-Service Attacks
21.6 Application-Based DoS Attacks
21.7 Concatenated DoS Tools
21.8 Summary
22. Wrapping It Up
22.1 Countermeasures
22.2 Keeping Current
23. Future Trends
23.1 Authentication
23.2 Encryption
23.3 Public Key Infrastructure
23.4 Distributed Systems
23.5 Forensics
23.6 Government Regulation
23.7 Hacking Techniques
23.8 Countermeasures
23.9 Cyber-Crime Insurance
A. CD-ROM Contents
Organization of the CD-ROM
Compilation of Programs
B. The Twenty Most Critical Internet Security Vulnerabilities?The Experts'
Consensus
The SANS Institute
G1?Default Installs of Operating Systems and Applications
G2?Accounts with No Passwords or Weak Passwords
G3?Non-existent or Incomplete Backups
G4?Large Number of Open Ports
G5?Not Filtering Packets for Correct Incoming and Outgoing Addresses
G6?Non-existent or Incomplete Logging
G7?Vulnerable CGI Programs
W1? Unicode Vulnerability (Web Server Folder Traversal)
W2?ISAPI Extension Buffer Overflows
W3? IIS RDS Exploit (Microsoft Remote Data Services)
W4?NETBIOS?Unprotected Windows Networking Shares
W5?Information Leakage Via Null Session Connections
W6?Weak Hashing in SAM ( LM Hash)
U1?Buffer Overflows in RPC Services
U2?Sendmail Vulnerabilities
U3?Bind Weaknesses
U4?R Commands
U5?LPD (Remote Print Protocol Daemon)
U6?Sadmind and Mountd
U7?Default SNMP Strings
Appendix Appendix A ?Common Vulnerable Ports
Appendix Appendix B ?The Experts Who Helped Create the Top Ten and Top
Twenty Internet Vulnerability Lists
I l@ve RuBoard
I l@ve RuBoard
Hack I.T.: Security Through Penetration Testing
Many of the designations used by manufacturers and sellers to distinguish
their products are claimed as trademarks. Where those designations appear
in this book, and Addison-Wesley, Inc. was aware of a trademark claim, the
designations have been printed with initial capital letters or in all capitals.
The authors and publisher have taken care in the preparation of this book,
but they make no expressed or implied warranty of any kind and assume no
responsibility for errors or omissions. No liability is assumed for incidental or
consequential damages in connection with or arising out of the use of the
information or programs contained herein.
The publisher offers discounts on this book when ordered in quantity for
special sales. For more information, please contact:
Pearson Education Corporate Sales Division
201 W. 103rd Street
Indianapolis, IN 46290
(800) 428-5331
corpsales@pearsoned.com
Visit AW on the Web: www.aw.com/cseng/
Library of Congress Cataloging-in-Publication Data
Klevinsky, T.J.
Hack I.T. : security through penetration testing / T.J. Klevinsky, Scott
Laliberte, Ajay Gupta.
p. cm.
Includes index.
0-201-71956-8 (pbk.)
1. Computer security. 2. Computer—Access control—Testing. I. Laliberte,
Scott. II. Gupta, Ajay. III. Title.
QA76.9.A25 K56 2002
005.8—dc21
2001056058
Copyright © 2002 by Pearson Education, Inc.
All rights reserved. No part of this publication may be reproduced, stored in
a retrieval system, or transmitted, in any form, or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior
consent of the publisher. Printed in the United States of America. Published
simultaneously in Canada.
For information on obtaining permission for use of material from this work,
please submit a written request to:
Pearson Education, Inc.
Rights and Contracts Department
75 Arlington Street, Suite 300
Boston, MA 02116
Fax: (617) 848-7047
[...]... genius-level hackers (first tier), many more second-tier hackers, and a large population in the third tier Within our categorization, we discuss their capabilities and motivations I l@ve RuBoard I l@ve RuBoard 2.1 Hacker Skill Levels 2.1.1 First-Tier Hackers First-tier hackers are programmers who have the ability to find unique vulnerabilities in existing software and to create working exploit code These hackers,... All hackers are the same This myth is borne out of a lack of knowledge among the general public about the hacker community All hackers are not the same As mentioned above, different hackers focus on different technologies and have different purposes and skill levels Some hackers have malicious intent; some don't They are not all teenagers who spend far too much time in front of a computer Not all hackers... RuBoard I l@ve RuBoard 2.3 Hacker Myths All the perceptions of hackers and their portrayal in movies and entertainment have lead to the development of “hacker myths.” These myths involve common misconceptions about hackers and can lead to misconceptions about how to defend against them Here we have attempted to identify some of these myths and dispel common misconceptions 1 Hackers are a well-organized,... computer-savvy friends Often one first-tier hacker creates the programs and other members of the team run them against target networks This creates a reputation for the group rather than a single individual 2.1.2 Second-Tier Hackers Hackers in this tier have a technical skill level equivalent to that of system administrators Tier-two hackers are far more common than tier-one hackers and may have experience with... its source code In May 1999, the FBI investigated several hacking groups based in the United States After the FBI seized a suspected teenage hacker's computer, several hacker groups retaliated by defacing government Web sites At one point, a DoS attack caused the FBI Web site to be taken offline for seven days.[5] In January 2000, an Internet hacker threatened CD Universe, stating that if the company... prepackaged hacking tools downloaded from the Internet to do their hacking Script kiddies are usually individuals who are intrigued by the notion of gaining unauthorized access and are open to using untested pieces of code, especially while others (target networks and users) are at risk For this reason, tier-three hackers get the least respect but are often the most annoying and dangerous Tier-three hackers... refer to malicious computer hackers Unfortunately, the media and general population have given the term hacker a negative connotation, so we use it to describe any person who attempts to access a system through unauthorized channels This chapter also presents a profile of information security professionals and discusses popular hacker and information security myths Categorizing hackers by the technology... Hackers are a well-organized, malicious group There is indeed a community within the hacker underground There are hacking-related groups such as Alt-2600 and Cult of the Dead Cow, IRC “hacking” channels, and related newsgroups However, these groups are not formed into a well-organized group that targets specific networks for hacking They share a common interest in methods for avoiding security defenses and... Those who believe writing such a book is dangerous since it may result in teaching people how to hack do not see the value in improving security through testing and measuring defenses against the techniques of opponents Hackers already know how to hack and have the time and energy to research (and develop) hacking techniques The good guys, who are busy battling the day-to-day fires of maintaining the... are actively involved in developing technologies that can be used to improve overall network security, such as hackers from the ISS X-force, the Bindview Razor Team, and the AXENT SWAT team (AXENT has been purchased by Symantec) Tier-one hackers can work independently or through a network of hacking teams that run exploits from a variety of locations, making it difficult to trace the activities back . representatives of companies that want to legitimately test
their security posture and intrusion detection or incident response capabilities. In addition,
other. This
insight is essential to creating a comprehensive network security structure.
Some may argue that providing this penetration-testing information gives
Ngày đăng: 07/03/2014, 16:20
Xem thêm: Hack I.T pptx