Electronic Books

Back Orifice, 534
how it works, 534
removal tools for, 544
syntax, 719
on target (server), 534??“540
Netcat
banner identification with, 67??“72
covert reverse Telnet session with,
588??“595
hiding on wireless, 553??“555
locating open ports with, 161??“162
reference for, 671
syntax, 676
Netcraft
retrieving targeted OS (Operating System)
with, 131??“132
syntax, 694
NetStumbler
locating unsecured wireless, 513??“518
analyzing results, 516??“518
executing, 515??“516
how it works, 513
installing, 514
syntax, 719
NETWAG
brute force FTP passwords, 301??“308
defined, 378
importance of, 385
syntax, 712??“713
traffic redirection with, 638??“641
walking SNMP, 379??“385
NETWLIB, 301
Network Address Translation,
see
NAT
Network cards,
see
NICs
Network Identification Wizard, 27??“28
NETWork toolbox,
see
NETWOX (NETWork
toolbOX)
Networks, virtual machines
configuring, 13
Red Hat Version 8, 37, 47
Windows 2000 Workstation components,
24??“25
NETWOX (NETWork toolbOX)
brute force FTP passwords with,
301??“308
importance of, 385
SNMP (Single Network Management
Protocol) walk with, 379??“385
syntax, 712??“713
traffic redirection with, 638??“641
New Virtual Machine Wizard, 11??“14, 35??“38
Ngrep, 213??“222
how it works, 213
for Linux, 213??“218
syntax, 697??“698
for Windows, 219??“222
NICs (network cards)
for NetStumbler, 515
target enumeration and, 90
Nikto
assessing Web server security with, 451??“454
importing for WHCC (Web Hack Control
Center), 507
syntax, 717??“719
Nmap, 109??“116
compiling/creating Linux executable,
109??“111
executing against target, 112??“116
how it works, 109
syntax, 682
NmapNT, 117??“122
execute against target, 121??“122
how it works, 117
install drivers, 117??“120
syntax, 691
Nmblookup, 124, 692??“694
Nslookup, 123, 691
NULL session, 89, 678
O
Open shares, scanning with Hydra, 178??“186
Operating system,
see
OS
OS (operating system)
CGI (Common Gateway Interface) Scanner
countermeasures, 171??“177
identifying
with Netcraft, 131??“132
with nmap/nmapFE, 109??“116
with nmapNT, 117??“122
with Sprint, 133??“134
with XProbe2, 75??“78
penetration testing with LANguard, 151??“152
P
Packit, 284??“294
compile, 284??“285
create, 286
execute, 290??“294
how it works, 284
install, 287
set parameters, 288??“289
syntax, 707??“712
PAGE DOWN keys, 49
PAGE UP keys, 49
Passifist, 154??“157, 695
Passwords,
see also
Administrator passwords
attackers looking for, 222
Ettercap intercepting, 564??“565
Index


731
John the Ripper and, 345
PsExec countermeasure, 633
Red Hat Linux Boot Loader, 46
Red Hat Version 8 virtual machine root, 49, 55
Passwords, brute force
cracking hashes, 313??“324
extracting hashes, 309??“312
FTP (File Transfer Protocol), 346??“353
for hashed files, 337??“345
Terminal Server, 354??“356
Patches, SAINT (Security Administrator??™s
Integrated Network Tool), 378
Pathping, 107??“108, 682
Penetration testing, with LANguard, 151??“152
Ping, 681??“691
PingG, 105??“106
Pluto, 421??“428
custom audit checks, 427
reviewing results, 426??“428
setting parameters, 423??“425
starting, 421??“422
syntax, 717
Point-to-Point Protocol,
see
PPP
Port 13, 74
Port 19, 74
Port 23, 65
Port 6666, 74
PortMapper, 605??“617
configure parameters, 605??“612
execute, 613??“617
how it works, 605
install, 605??“607
syntax, 721
Ports, open
finding port redirection, 617
locating with Angry IP, 147??“150
locating with Cryptcat, 161
locating with LANguard, 151??“152
locating with netcat, 161??“162
locating with Strobe, 166??“168
locating with SuperScan, 163??“165
PPP (Point-to-Point Protocol), 213
Preparation
about CD-ROM accompanying book, 60
installing VMware Workstation, 3??“10
Restrict Anonymous, 60??“62
virtual machines,
see
Virtual machines
PsExec, 633??“637, 722??“723
R
RafaleX
DoS (Denial-of-Service) land attack with,
645??“649
DoS smurf attack with, 650??“654
DoS SYN (Synchronize) attack with, 655??“659
DoS UDP (User Datagram Protocol) flood
attack with, 660??“664
spoofing IP (Internet Protocol) addresses
with, 263??“267
syntax, 706, 723
RAM (Random Access Memory), virtual machine
settings, 15, 39
Random Access Memory,
see
RAM
README files, Ethereal, 199
Red Hat Linux
banner grabbing via netcat, 69??“72
banner grabbing via Telnet in, 66
installing amap on, 79
installing Ethereal, 196??“205
Red Hat Version 8 virtual machine, installing,
35??“55
beginning, 51??“55
configuring settings, 38??“51
New Virtual Machine Wizard, 35??“38
VMware Tools, 55??“59
Redirection, 603??“641
Elitewrap, 618??“626
how it works, 618
listening netcat session on target, 622??“626
obtaining list of ports in use, 618??“621
stop listening on target, 626
Fpipe, 627??“632
NETWOX/NETWAG, 638??“641
PortMapper, 605??“617
configure parameters, 605??“612
execute, 613??“617
how it works, 605
install, 605??“607
PsExec, 633??“637
References
Linux download, 10
overview of, 671??“674
VMware Workstation demo, 3
Registrant identification
Sam Spade protecting, 128??“130
Visual Route Web Site obtaining, 126??“127
Registry Edit, 135??“138
Relative Identifiers,
see
RIDs
Remote Procedure Calls,
see
RPCs
Restrict Anonymous, as countermeasure
Angry IP, 147??“150
DUMPSEC, 98??“101
GETMAC, 90
NULL session, 89
settings for, 60??“62
SID2USER, 93??“95
USER2SID, 91
USERDUMP, 96
USERINFO, 97
Windows default shares, 135??“138
WinFingerprint, 139??“143
732


Practical Hacking Techniques and Countermeasures
Retina
high quality of, 396
syntax, 717
target assessment with, 392??“396
X-Scan as free equivalent of, 397??“401
Reverse Shell, 476??“481
auto exploit: WHAX, 474??“490
booting from CD, 474??“475
executing AutoScan, 482??“490
how it works, 474
setting parameters, 476??“481
covert channel
executing on target, 599??“601
how it works, 596
listening netcat session, 597??“598
removing antivirus, 601??“602
syntax, 721
RIDs (Relative Identifiers), 92, 93??“95
RockXP, 499??“506
executing, 499??“500, 506
gathering data, 501??“504
inserting into custom script, 504??“506
stealing Microsoft serial numbers, 502
syntax, 719
Root password, 49, 55
Router IP (Internet Protocol) addresses,
222
Rpcinfo
RPC (Remote Procedure Call) reporting with,
125
syntax, 692
RPCs (Remote Procedure Calls), 125
S
SAINT (Security Administrator's Integrated
Network Tool), 359??“378
executing against target, 364??“373
how it works, 359
installing, 359??“364
patches, 378
reviewing results, 373??“378
syntax, 717
SAM (Security Accounts Manager), FGDump
and, 309
Sam Spade, 694
Sam Spade Web site, 128??“130
SARA (Security Auditor??™s Research Assistant),
402??“413
compiling, 402??“404
executing against target, 404??“407
how it works, 402
reviewing results, 408??“413
syntax, 717
SATAN, 359
Scanline
banner identification, 73??“74
reference for, 671
syntax, 676??“677
Scanning, 145??“192.


Pages:
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289