Electronic Books

These tools
can then be extracted at any time in the future, even if the tool is found
and deleted. This can obviously be a very damaging technique.
Procedure: The netcat tool will be hidden inside the valid calculator tool
found in Windows. The Date/Time stamp does NOT change on the
calculator application, and by using this technique the MD5 checksum
(the standard for computer forensics) is defeated!
Scenario: Hiding Netcat inside the Calculator Application
Verify the Date/Time Stamp of the netcat application with the DIR command.
554
Practical Hacking Techniques and Countermeasures
Stream the netcat application into the calculator file by typing (case sensitive):
cp nc11nt.zip calc.exe:nc11nt.zip
Verify that the Date/Time Stamp has not changed on the netcat application
with the DIR command.
Wireless
555
Execute the calculator program to verify that the application still works by
typing calc and pressing the Enter key.
The Windows calculator opens without incident.
To Verify
Delete the nc11nt.zip file by typing del nc11nt.zip and pressing Enter.
Run the following command (case sensitive):
cp calc.exe:nc11nt.zip calc.exe
The nc11nt.zip file will be extracted again into the directory.
*Note: Streaming files is such an easy thing to do and I personally know of no
Administrator even searching for ???streamed??? files on his or her network. This
technique can be very dangerous as it defeats the MD5 checksum, and at this
point there are only a couple of applications that have the ability to detect
these ???streamed??? files.


Pages:
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193