Hjem

Introduction xxiii
Chapter 1 Ethical Hacking Basics 3 "Do I Know This Already?" Quiz 3 Foundation Topics 6 Security Fundamentals 6 Goals of Security 7 Risk, Assets, Threats, and Vulnerabilities 8 Defining an Exploit 10 Security Testing 10 No-Knowledge Tests (Black Box) 11 Full-Knowledge Testing (White Box) 11 Partial-Knowledge Testing (Gray Box) 11 Types of Security Tests 12 Hacker and Cracker Descriptions 13 Who Attackers Are 15 Hacker and Cracker History 16 Ethical Hackers 17 Required Skills of an Ethical Hacker 18 Modes of Ethical Hacking 19 Test Plans-Keeping It Legal 21 Test Phases 23 Establishing Goals 24 Getting Approval 25 Ethical Hacking Report 25 Vulnerability Research-Keeping Up with Changes 26 Ethics and Legality 27 Overview of U.S. Federal Laws 28 Compliance Regulations 30
Chapter Summary 31 Exam Preparation Tasks 32 Review All Key Topics 32 Hands-On Labs 32 Lab 1-1 Examining Security Policies 32 Review Questions 33 Define Key Terms 36 View Recommended Resources 36
Chapter 2 The Technical Foundations of Hacking 39 "Do I Know This Already?" Quiz 39 Foundation Topics 42 The Attacker''s Process 42 Performing Reconnaissance and Footprinting 42 Scanning and Enumeration 43 Gaining Access 44 Escalation of Privilege 45 Maintaining Access 45 Covering Tracks and Planting Backdoors 45 The Ethical Hacker''s Process 46 National Institute of Standards and Technology 47 Operational Critical Threat, Asset, and Vulnerability Evaluation 47 Open Source Security Testing Methodology Manual 48 Security and the Stack 48 The OSI Model 48 Anatomy of TCP/IP Protocols 51 The Application Layer 53 The Transport Layer 57 The Internet Layer 60 The Network Access Layer 65
Chapter Summary 67 Exam Preparation Tasks 67 Review All Key Topics 67 Define Key Terms 68 Exercises 68
2.1 Install a Sniffer and Perform Packet Captures 68
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 70 Review Questions 71 Suggested Reading and Resources 75
Chapter 3 Footprinting and Scanning 77 "Do I Know This Already?" Quiz 77 Foundation Topics 80 The Seven-Step Information-Gathering Process 80 Information Gathering 80 Documentation 80 The Organization''s Website 81 Job Boards 83 Employee and People Searches 84 EDGAR Database 87 Google Hacking 88 Usenet 92 Registrar Query 93 DNS Enumeration 96 Determine the Network Range 101 Traceroute 101 Identifying Active Machines 104 Finding Open Ports and Access Points 105 Nmap 112 SuperScan 115 THC-Amap 115 Scanrand 116 Hping 116 Port Knocking 117 War Dialers 117 War Driving 118 OS Fingerprinting 118 Active Fingerprinting Tools 120 Fingerprinting Services 122 Default Ports and Services 122 Finding Open Services 123 Mapping the Network Attack Surface 125 Manual Mapping 125 Automated Mapping 125
Chapter Summary 127 Exam Preparation Tasks 127 Review All Key Topics 127 Define Key Terms 128 Command Reference to Check Your Memory 128 Exercises 129
3.1 Performing Passive Reconnaissance 129
3.2 Performing Active Reconnaissance 130 Review Questions 131 Suggested Reading and Resources 134
Chapter 4 Enumeration and System Hacking 137 "Do I Know This Already?" Quiz 137 Foundation Topics 140 Enumeration 140 Windows Enumeration 140 Windows Security 142 NetBIOS and LDAP Enumeration 143 NetBIOS Enumeration Tools 145 SNMP Enumeration 148 Linux/UNIX Enumeration 149 NTP Enumeration 150 SMTP Enumeration 150 DNS Enumeration 151 System Hacking 151 Nontechnical Password Attacks 151 Technical Password Attacks 152 Password Guessing 152 Automated Password Guessing 153 Password Sniffing 154 Keystroke Loggers 155 Privilege Escalation and Exploiting Vulnerabilities 155 Exploiting an Application 156 Exploiting a Buffer Overflow 156 Owning the Box 157 Authentication Types 158 Cracking the Passwords 159 Hiding Files and Covering Tracks 162 File Hiding 163
Chapter Summary 165 Exam Preparation Tasks 165 Review All Key Topics 165 Define Key Terms 166 Command Reference to Check Your Memory 166 Exercise 166
4.1 NTFS File Streaming 166 Review Questions 167 Suggested Reading and Resources 171
Chapter 5 Linux and Automated Assessment Tools 173 "Do I Know This Already?" Quiz 173 Foundation Topics 176 Linux 176 Linux or Windows? Picking the Right Platform 176 Linux File Structure 177 Linux Basics 179 Passwords and the Shadow File 182 Linux Passwords 183 Compressing, Installing, and Compiling Linux 185 Hacking Linux 186 Reconnaissance 186 Scanning 186 Enumeration 188 Gaining Access 188 Privilege Escalation 190 Maintaining Access and Covering Tracks 191 Hardening Linux 194 Automated Assessment Tools 196 Automated Assessment Tools 196 Source Code Scanners 197 Application-Level Scanners 197 System-Level Scanners 198 Automated Exploit Tools 201
Chapter Summary 203 Exam Preparation Tasks 204 Review All Key Topics 204 Define Key Terms 204 Command Reference to Check Your Memory 205 Exercises 205
5.1 Downloading and Running Backtrack 205
5.2 Using Backtrack to Perform a Port Scan 206
5.3 Creating a Virtual Machine 206
5.4 Cracking Passwords with John the Ripper 207 Review Questions 208 Suggested Reading and Resources 210
Chapter 6 Trojans and Backdoors 213 "Do I Know This Already?" Quiz 213 Foundation Topics 216 Trojans 216 Trojan Types 216 Trojan Ports and Communication Methods 217 Trojan Goals 219 Trojan Infection Mechanisms 219 Effects of Trojans 220 Trojan Tools 221 Distributing Trojans 225 Trojan Tool Kits 226 Covert Communication 227 Covert Communication Tools 231 Port Redirection 232 Other Redirection and Covert Tools 234 Keystroke Logging and Spyware 235 Hardware 236 Software 236 Spyware 237 Trojan and Backdoor Countermeasures 238
Chapter Summary 240 Exam Preparation Tasks 241 Review All Key Topics 241 Define Key Terms 242 Command Reference to Check Your Memory 242 Exercises 243
6.1 Finding Malicious Programs 243
6.2 Using a Scrap Document to Hide Malicious Code 244
6.3 Using Process Explorer 244 Review Questions 246 Suggested Reading and Resources 248
Chapter 7 Sniffers, Session Hijacking, and Denial of Service 251 "Do I Know This Already?" Quiz 251 Foundation Topics 254 Sniffers 254 Passive Sniffing 254 Active Sniffing 255 Address Resolution Protocol 255 ARP Poisoning and Flooding 256 Tools for Sniffing 260 Wireshark 260 Other Sniffing Tools 262 Sniffing and Spoofing Countermeasures 263 Session Hijacking 264 Transport Layer Hijacking 264 Predict the Sequence Number 265 Take One of the Parties Offline 267 Take Control of the Session 267 Application Layer Hijacking 267 Session Sniffing 267 Predictable Session Token ID 268 Man-in-the-Middle Attacks 268 Man-in-the-Browser Attacks 269 Client-Side Attacks 269 Session-Hijacking Tools 271 Preventing Session Hijacking 273 Denial of Service, Distributed Denial of Service, and Botnets 274 Types of DoS 275 Bandwidth Attacks 276 SYN Flood Attacks 277 Program and Application Attacks 277 Distributed Denial of Service 278 DDoS Tools 280 Botnets 282 DoS, DDOS, and Botnet Countermeasures 285 Summary 288 Exam Preparation Tasks 289 Review All Key Topics 289 Define Key Terms 290 Exercises 290
7.1 Scanning for DDoS Programs 290
7.2 Using SMAC to Spoof Your MAC Address 291 Review Questions 291 Suggested Reading and Resources 294
Chapter 8 Web Server Hacking, Web Applications, and Database Attacks 297 "Do I Know This Already?" Quiz 297 Foundation Topics 300 Web Server Hacking 300 Scanning Web Servers 302 Banner Grabbing and Enumeration 302 Web Server Vulnerability Identification 306 Attacks Against Web Servers 307 IIS Vulnerabilities 308 Securing IIS and Apache Web Servers 312 Web Application Hacking 314 Unvalidated Input 315 Parameter/Form Tampering 315 Injection Flaws 315 Cross-Site Scripting and Cross-Site Request Forgery Attacks 316 Hidden Field Attacks 317 Other Web Application Attacks 318 Web-Based Authentication 319 Web-Based Password Cracking and Authentication Attacks 320 Cookies 324 URL Obfuscation 324 Intercepting Web Traffic 326 Database Hacking 329 Identifying SQL Servers 330 SQL Inject