Book description
"This book covers not just the glamorous aspects such as the
intrusion act itself, but all of the pitfalls, contracts, clauses,
and other gotchas that can occur. The authors have taken their
years of trial and error, as well as experience, and documented a
previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst,
BindView RAZOR Team
Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.
Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.
Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.
Specific topics covered in this book include:
Hacking myths
Potential drawbacks of penetration testing
Announced versus unannounced testing
Application-level holes and defenses
Penetration through the Internet, including zone transfer, sniffing, and port scanning
War dialing
Enumerating NT systems to expose security holes
Social engineering methods
Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
The Windows NT Resource kit
Port scanners and discovery tools
Sniffers and password crackers
Web testing tools
Remote control tools
Firewalls and intrusion detection systems
Numerous DoS attacks and tools
0201719568B01042002
Table of contents
- Copyright
- Foreword
- Preface
- Introduction
- 1. Hacking Today
- 2. Defining the Hacker
- 3. Penetration for Hire
-
4. Where the Exposures Lie
- 4.1. Application Holes
- 4.2. Berkeley Internet Name Domain (BIND) Implementations
- 4.3. Common Gateway Interface (CGI)
- 4.4. Clear Text Services
- 4.5. Default Accounts
- 4.6. Domain Name Service (DNS)
- 4.7. File Permissions
- 4.8. FTP and telnet
- 4.9. ICMP
- 4.10. IMAP and POP
- 4.11. Modems
- 4.12. Lack of Monitoring and Intrusion Detection
- 4.13. Network Architecture
- 4.14. Network File System (NFS)
- 4.15. NT Ports 135–139
- 4.16. NT Null Connection
- 4.17. Poor Passwords and User IDs
- 4.18. Remote Administration Services
- 4.19. Remote Procedure Call (RPC)
- 4.20. SENDMAIL
- 4.21. Services Started by Default
- 4.22. Simple Mail Transport Protocol (SMTP)
- 4.23. Simple Network Management Protocol (SNMP) Community Strings
- 4.24. Viruses and Hidden Code
- 4.25. Web Server Sample Files
- 4.26. Web Server General Vulnerabilities
- 4.27. Monitoring Vulnerabilities
- 5. Internet Penetration
- 6. Dial-In Penetration
- 7. Testing Internal Penetration
- 8. Social Engineering
- 9. UNIX Methods
- 10. The Tool Kit
- 11. Automated Vulnerability Scanners
- 12. Discovery Tools
- 13. Port Scanners
- 14. Sniffers
- 15. Password Crackers
-
16. Windows NT Tools
- 16.1. NET USE
- 16.2. Null Connection
- 16.3. NET VIEW
- 16.4. NLTEST
- 16.5. NBTSTAT
- 16.6. epdump
- 16.7. NETDOM
- 16.8. Getmac
- 16.9. Local Administrators
- 16.10. Global (“Domain Admins”)
- 16.11. Usrstat
- 16.12. DumpSec
- 16.13. user2Sid/sid2User
- 16.14. NetBIOS Auditing Tool (NAT)
- 16.15. SMBGrind
- 16.16. SRVCHECK
- 16.17. SRVINFO
- 16.18. AuditPol
- 16.19. REGDMP
- 16.20. Somarsoft DumpReg
- 16.21. Remote
- 16.22. Netcat
- 16.23. SC
- 16.24. AT
- 16.25. FPipe
- Case Study: Weak Passwords
- Case Study: Internal Penetration to Windows
- 17. Web-Testing Tools
- 18. Remote Control
- 19. Intrusion Detection Systems
- 20. Firewalls
- 21. Denial-of-Service Attacks
-
22. Wrapping It Up
- 22.1. Countermeasures
-
22.2. Keeping Current
- 22.2.1. Web Sites
-
22.2.2. Mailing Lists
- 8lgm (Eight Little Green Men)—majordomo@8lgm.org
- Academic Firewalls—majordomo@net.tamu.edu
- Alert—request-alert@iss.net
- Best of Security—best-of-security-request@suburbia.net
- Bugtraq—listserv@netspace.org
- Computer Emergency Response Team—cert@cert.org
- Computer Incident Advisory Capability—ciac-listproc@llnl.gov
- Computer Underground Digest—cu-digest-request@weber.ucsd.edu
- Cypherpunks—majordomo@toad.com
- Firewalls—majordomo@greatcircle.com
- Information Systems Security Forum—listserv@etsuadmn.etsu.edu
- Intrusion Detection Systems—majordomo@uow.edu.au
- Microsoft Security—microsoft_security-subscribe-request@announce.microsoft.com
- NT Bugtraq—listserv@listserv.ntbugtraq.com
- NT Security—request-ntsecurity@iss.net
- Phrack—phrack@well.com
- Privacy Forum—privacy-request@vortex.com
- Risks—risks-request@csl.sri.com
- SANS Institute—digest@sans.org
- Sneakers—majordomo@cs.yale.edu
- Virus—listserv@lehigh.edu
- Virus Alert—listserv@lehigh.edu
- WWW Security—www-security-request@nsmx.rutgers.edu
- 23. Future Trends
- A. CD-ROM Contents
-
B. The Twenty Most Critical Internet Security Vulnerabilities—The Experts' Consensus
- The SANS Institute
- G1—Default Installs of Operating Systems and Applications
- G2—Accounts with No Passwords or Weak Passwords
- G3—Non-existent or Incomplete Backups
- G4—Large Number of Open Ports
- G5—Not Filtering Packets for Correct Incoming and Outgoing Addresses
- G6—Non-existent or Incomplete Logging
- G7—Vulnerable CGI Programs
- W1— Unicode Vulnerability (Web Server Folder Traversal)
- W2—ISAPI Extension Buffer Overflows
- W3—IIS RDS Exploit (Microsoft Remote Data Services)
- W4—NETBIOS—Unprotected Windows Networking Shares
- W5—Information Leakage Via Null Session Connections
- W6—Weak Hashing in SAM (LM Hash)
- U1—Buffer Overflows in RPC Services
- U2—Sendmail Vulnerabilities
- U3—Bind Weaknesses
- U4—R Commands
- U5—LPD (Remote Print Protocol Daemon)
- U6—Sadmind and Mountd
- U7—Default SNMP Strings
- Appendix A—Common Vulnerable Ports
- Appendix B—The Experts Who Helped Create the Top Ten and Top Twenty Internet Vulnerability Lists
Product information
- Title: Hack I.T.: Security Through Penetration Testing
- Author(s):
- Release date: February 2002
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780201719567
You might also like
book
Penetration Testing and Network Defense
The practical guide to simulating, detecting, and responding to network attacks Create step-by-step testing plans Learn …
book
Hands-On Web Penetration Testing with Metasploit
Identify, exploit, and test web application security with ease Key Features Get up to speed with …
book
Penetration Testing Bootcamp
Sharpen your pentesting skill in a bootcamp About This Book Get practical demonstrations with in-depth explanations …
book
Chained Exploits: Advanced Hacking Attacks from Start to Finish
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them Nowadays, it’s rare …