Hacking Exposed 5th Edition

2017-07-07 02:10:07

packet-filtering firewalls, 464, 477-480

packets, 38-39

ACK, 46-47, 52-54, 491-492

analyzing, 426-427

ARP, 369-370

BGP packet injection, 400-403

capturing, 426-427

FIN, 53, 69

forged source addresses, 501

fragments , 490

ICMP, 44, 50-51

OOB, 490

oversized, 490

raw packet transmissions, 473-474

RST, 53, 57

SYN, 52-54, 491-492

TTL, 467-468

UDP, 492-493

Paros Proxy scanner, 549-552

partitions, 171

Passfilt DLL, 152-153

passive detection, 73-75

passive signatures, 73-75

passive stack fingerprinting, 73-75

Passport vulnerability, 585, 620-621

Passprop tool, 153

passwd file, 86

password cracking

brute force attacks, 179, 261-262

cleartext passwords, 178, 185

L0phtcrack tool, 179-183

Windows family, 178-183

password hashes

L0phtcrack (LC) tool, 178-183

UNIX, 262-264, 270

Windows 2000, 176-178

Windows family, 158-161, 176-178

password hint applications, 546

password policies, 104-105

passwords

/etc/passwd file, 236, 245-246, 261-262

administrative contacts and, 144-146

ASCII characters as, 183

BGP, 401

BIOS, 210

brute-force attacks, 179, 261-262

Cisco devices, 389-392

cleartext. See cleartext passwords

cracking. See password cracking

cross-site scripting exploits, 582

default, 145-146, 360

dsniff tool, 383-386

guessing, 104-105, 143-157

guidelines, 151-153, 217-218

high probability combinations, 145-146

hints for, 546

length of, 153

Linux platform, 384

low hanging fruit, 314-315

Microsoft Passport, 620-621

network devices, 360

network eavesdropping and, 158-161

null, 147

online services, 622

Passfilt DLL, 152-153

PHF exploit, 225-226

policies, 151-153

remote access to internal networks, 345-346

shadow password file, 261-262

social engineering and, 30

SSH and, 386

SYSKEY-encrypted, 177, 210

UNIX, 216-218, 261-265

user accounts, 143-157

voicemail, 330-335

patches

Apache attacks, 259

ASP code disclosure, 539

codebrws.asp, 539

DoS attacks and, 502

exprcalc.cfm, 538-539

GDI+/JPEG exploits, 594

GRSecurity, 221

HTML Help control, 600

IIS, 168-169, 537, 540, 542

improper URL canonicalization, 598

JSP code disclosure, 539

LSASS buffer overflows, 163-165

Microsoft Office, 590

PNG exploits, 618

rootkits and, 646

RPC vulnerabilities, 240-241

sendmail, 237

server extensions, 542

SNMP, 405

SSH service, 255-256

Translate: f exploit, 542

trap handling, 405

vs. Windows Update, 604

Windows family, 199-200, 208, 210

Windows XP Service Pack 2, 208

WLAN drivers, 427-428

Patchfinder tool, 644

payloads, 565, 586-587, 635, 637

PayPal, 621-622, 624

PBX systems, 300-302, 325-329

pcAnywhere program, 312

PCMCIA cards, 427

PCMCIA drivers, 410

PCT (Private Communications Transport), 166-168

Peakflow tool, 503

penetration testing, 529-530

Perl scripts, 465, 541

permissions

Active Directory, 121

administrator, 172

NTFS, 171

system utilities, 172

UNIX platform, 273-276

personally identifiable information (PII), 622

Pest Patrol program, 631

PGP (Pretty Good Privacy), 32, 623

Phatbot attacks, 497

Phenoelit toolset, 366, 393

PHF attacks, 225-226

phishing scams, 598, 623-628

phone book script. See PHF

phone closets, 366-367

phone number footprinting, 9, 11, 31-32, 295-296, 303

phone numbers

looking up physical address with, 11

social-engineering attacks, 11

war-dialing attacks. See war-dialing

PhoneSweep tool, 298, 308-311

PHP vulnerabilities, 520, 522, 543

Phrack Magazine, 49

physical security, 10, 646-647

PIDs (process IDs), 195

PII (personally identifiable information), 622

pilfering, 175-176

ping of death, 490

Ping Sweep tool, 45

ping sweeps , 42-50, 94

pingd daemon, 50

pings , ICMP, 42-50, 480

pipes, named, 110, 174

PipeUpAdmin tool, 170-171, 175

plain old telephone service (POTS) line, 324, 336

plaintext, 590, 600, 610, 626-627

PNG exploits, 593, 615-618

Point-to-Point Tunneling Protocol. See PPTP

policies, security, 151-153

pop-up blocker, 607

pop.c tool, 216

port mappers, MSRPC, 161-163

port redirection

fpipe, 191-193

Windows family, 190-192

port scanning, 51-68

active operating system detection, 69-72

blocked ICMP traffic and, 45-46

countermeasures, 66-68

described, 52

firewalls, 465-467, 475-476

ipEye, 63

Mac systems, 136-138

netcat utility, 55-56, 66, 476, 478

NetScanTools, 45

nmap, 56-59, 66, 134, 360

ScanLine tool, 63-65

strobe tool, 54-55

SuperScan tool, 44, 46, 61-62, 66

TCP services, 53-59

techniques for, 52-54

UDP services, 53-59

udp_scan tool, 55

UNIX, 52-59, 66

Windows-based, 60-66

Windows UDP Port Scanner, 63-64

WinScan, 62

portmappers, 91-92, 128-129, 238, 244

ports

Ascend routers, 361

Bay routers, 361

blocking, 362-363, 466

Cisco routers, 360-361, 364-365

Cisco switches, 361

filtered, 470-471

firewalls and, 465-467, 472

hiding, 638

listed, 651-656

listening, 51-52, 361

LPC port requests , 173-174

NetBIOS, 149-150

network devices, 360-363

scanning. See port scanning

source, 475-476

TCP. See TCP ports

traffic sourced on, 191-192

trunk, 381

UDP. See UDP ports

unfiltered , 471

virtual terminal, 364-365

vty, 362

Windows family, 195-196

PortSentry, 67, 362-363

POST request, 554

Postfix, 238

Postgress databases, 563

POTS (plain old telephone service) line, 324, 336

PPTP (Point-to-Point Tunneling Protocol), 159-160, 335-339

PPTP sniffer, 159-160

PREfast tool, 514, 527

Pretty Good Privacy. See PGP

Prexis tool, 527

print sharing, 151

printers, 169-170

printf function, 223-224, 516-517

Prism2 card drivers, 410

Prism2 cards, 410, 420, 430, 436, 441

Prism2 kernel drivers, 430

Prism2dump tool, 430-431

Prismdump utility, 427-428

privacy issues. See also identity theft

credit histories, 11

criminal records, 11

obtaining personal information via Web, 11

online resumes and, 15-18

public databases, 8-18

search engines and, 15-18

social security numbers, 11

Usenet forums and, 15-16

Private Communications Transport (PCT), 166-168

privilege escalation

showModalDialog cross-zone exploit, 595-597

UNIX, 213, 261

Windows family, 173-175, 600

probe requests, 439

probe responses, 439

Process Explorer utility, 195

process IDs (PIDs), 195

Process List, 195

processes, hiding, 638

Procomm Plus software, 316-323

profiling, 353-356

Project Rainbow crack, 181

promiscuous mode, 214-215, 281, 409, 427-429

promiscuous mode attacks, 259-261

Protolog program, 49

Protos Project, 241

proxies

application, 464

HTTP, 553-554

HTTPS, 553-554

SPIKE Proxy tool, 553-554

proxy firewalls, 234-235, 480-484

proxy servers, 465, 481, 556-557

ps script, 282

pscan tool, 128, 131

psexec tool, 174, 187, 193

psexec.exe file, 193

Psionic Logcheck, 67

Psionic PortSentry, 67

public databases, 8-32

public keys, 205-206, 218

public newsgroups, 359

publicly available information, 8-18

pulist tool, 195

pwdump tool, 177-178

pwdump2 tool, 177-178, 184

pwdump3e tool, 178

pwdumpX tool, 177-179

pwscan.pl utility, 217

Pynnonen, Jouko, 84

Python, 553

Категории