book

Hacking For Dummies® 3rd Edition

Name: Hacking For Dummies® 3rd Edition
Author: Kevin Beaver
ISBN: 9780470550939

by Kevin Beaver

January 2010

Beginner

408 pages

9h 3m

English

For Dummies

Read now

Unlock full access

Copyright
About the Author
Author's Acknowledgments
Publisher's Acknowledgments
Foreword
Introduction
Who Should Read This Book?About This BookHow to Use This BookWhat You Don't Need to ReadFoolish AssumptionsHow This Book Is OrganizedPart I: Building the Foundation for Ethical HackingPart II: Putting Ethical Hacking in MotionPart III: Hacking the NetworkPart IV: Hacking Operating SystemsPart V: Hacking ApplicationsPart VI: Ethical Hacking AftermathPart VII: The Part of TensIcons Used in This BookWhere to Go from Here
I. Building the Foundation for Ethical Hacking
1. Introduction to Ethical Hacking
1.1. Straightening Out the Terminology1.1.1. Defining hacker1.1.2. Defining malicious user1.2. Recognizing How Malicious Attackers Beget Ethical Hackers1.2.1. Ethical hacking versus auditing1.2.2. Policy considerations1.2.3. Compliance and regulatory concerns1.3. Understanding the Need to Hack Your Own Systems1.4. Understanding the Dangers Your Systems Face1.4.1. Nontechnical attacks1.4.2. Network infrastructure attacks1.4.3. Operating system attacks1.4.4. Application and other specialized attacks1.5. Obeying the Ethical Hacking Commandments1.5.1. Working ethically1.5.2. Respecting privacy1.5.3. Not crashing your systems1.6. Using the Ethical Hacking Process1.6.1. Formulating your plan1.6.2. Selecting tools1.6.3. Executing the plan1.6.4. Evaluating results1.6.5. Moving on
2. Cracking the Hacker Mindset
2.1. What You're Up Against2.2. Who Breaks into Computer Systems2.3. Why They Do It2.4. Planning and Performing Attacks2.5. Maintaining Anonymity
3. Developing Your Ethical Hacking Plan
3.1. Establishing Your Goals3.2. Determining Which Systems to Hack3.3. Creating Testing Standards3.3.1. Timing3.3.2. Specific tests3.3.3. Blind versus knowledge assessments3.3.4. Location3.3.5. Reacting to vulnerabilities you find3.3.6. Silly assumptions3.4. Selecting Security Assessment Tools

4. Hacking Methodology
4.1. Setting the Stage for Testing4.2. Seeing What Others See4.2.1. Gathering public information4.2.1.1. Web search4.2.1.2. Web crawling4.2.1.3. Web sites4.2.2. Mapping the network4.2.2.1. Whois4.2.2.2. Google Groups4.2.2.3. Privacy policies4.3. Scanning Systems4.3.1. Hosts4.3.2. Open ports4.4. Determining What's Running on Open Ports4.5. Assessing Vulnerabilities4.6. Penetrating the System
II. Putting Ethical Hacking in Motion
5. Social Engineering
5.1. Social Engineering 1015.2. Before You Start5.3. Why Attackers Use Social Engineering5.4. Understanding the Implications5.5. Performing Social Engineering Attacks5.5.1. Phishing for information5.5.1.1. Using the Internet5.5.1.2. Dumpster diving5.5.1.3. Phone systems5.5.2. Building trust5.5.3. Exploiting the relationship5.5.3.1. Deceit through words and actions5.5.3.2. Deceit through technology5.6. Social Engineering Countermeasures5.6.1. Policies5.6.2. User awareness and training
6. Physical Security
6.1. Physical Security Vulnerabilities6.2. What to Look For6.2.1. Building infrastructure6.2.1.1. Attack points6.2.1.2. Countermeasures6.2.2. Utilities6.2.2.1. Attack points6.2.2.2. Countermeasures6.2.3. Office layout and usage6.2.3.1. Attack points6.2.3.2. Countermeasures6.2.4. Network components and computers6.2.4.1. Attack points6.2.4.2. Countermeasures
7. Passwords
7.1. Password Vulnerabilities7.1.1. Organizational password vulnerabilities7.1.2. Technical password vulnerabilities7.2. Cracking Passwords7.2.1. Cracking passwords the old-fashioned way7.2.1.1. Social engineering7.2.1.1.1. Techniques7.2.1.1.2. Countermeasures7.2.1.2. Shoulder surfing7.2.1.2.1. Techniques7.2.1.2.2. Countermeasures7.2.1.3. Inference7.2.1.4. Weak authentication7.2.1.4.1. Bypassing authentication7.2.1.4.2. Countermeasures7.2.2. High-tech password cracking7.2.2.1. Password-cracking software7.2.2.2. Dictionary attacks7.2.2.3. Brute-force attacks7.2.2.4. Rainbow attacks7.2.2.5. Cracking Windows passwords with pwdump3 and John the Ripper7.2.2.6. Cracking UNIX passwords with John the Ripper7.2.2.7. Cracking Windows passwords using rainbow tables with ophcrack7.2.2.8. Checking for null/blank passwords in NetWare7.2.3. Password-protected files7.2.3.1. Cracking files7.2.3.2. Countermeasures7.2.4. Other ways to crack passwords7.2.4.1. Keystroke logging7.2.4.1.1. Logging tools7.2.4.1.2. Countermeasures7.2.4.2. Weak password storage7.2.4.2.1. Searching7.2.4.2.2. Countermeasures7.2.4.3. Network analyzer7.2.4.3.1. Testing7.2.4.3.2. Countermeasures7.2.4.4. Weak BIOS passwords7.2.4.4.1. Countermeasures7.2.4.5. Weak passwords in limbo7.2.4.5.1. Weaknesses7.2.4.5.2. Countermeasures7.2.4.6. Password-reset programs7.2.4.6.1. Tools7.2.4.6.2. Countermeasures7.3. General Password-Cracking Countermeasures7.3.1. Storing passwords7.3.2. Policy considerations7.3.3. Other considerations7.4. Securing Operating Systems7.4.1. Windows7.4.2. Linux and UNIX
III. Hacking the Network
8. Network Infrastructure
8.1. Network Infrastructure Vulnerabilities8.2. Choosing Tools8.2.1. Scanners and analyzers8.2.2. Vulnerability assessment8.3. Scanning, Poking, and Prodding8.3.1. Port scanners8.3.1.1. Ping sweeping8.3.1.2. Using port scanning tools8.3.1.2.1. SuperScan8.3.1.2.2. Nmap8.3.1.2.3. NetScanTools Pro8.3.1.3. Countermeasures against ping sweeping and port scanning8.3.2. SNMP scanning8.3.2.1. Vulnerabilities8.3.2.2. Countermeasures against SNMP attacks8.3.3. Banner grabbing8.3.3.1. telnet8.3.3.2. Countermeasures against banner-grabbing attacks8.3.4. Firewall rules8.3.4.1. Testing8.3.4.1.1. Netcat8.3.4.1.2. Traffic IQ Pro8.3.4.1.3. Firewalk8.3.4.2. Countermeasures against firewall rulebase vulnerabilities8.3.5. Network analyzers8.3.5.1. Network analyzer programs8.3.5.2. Countermeasures against network protocol vulnerabilities8.3.5.2.1. Physical security8.3.5.2.2. Network analyzer detection8.3.6. The MAC-daddy attack8.3.6.1. ARP spoofing8.3.6.2. Using Cain & Abel for ARP poisoning8.3.6.3. MAC address spoofing8.3.6.3.1. UNIX-based systems8.3.6.3.2. Windows8.3.6.4. Countermeasures against ARP poisoning and MAC address spoofing attacks8.3.7. Denial of service8.3.7.1. DoS attacks8.3.7.2. Testing8.3.7.3. Countermeasures against DoS attacks8.4. Common Router, Switch, and Firewall Weaknesses8.4.1. Unsecured interfaces8.4.2. IKE weaknesses8.5. General Network Defenses
9. Wireless LANs
9.1. Understanding the Implications of Wireless Network Vulnerabilities9.2. Choosing Your Tools9.3. Wireless LAN Discovery9.3.1. Checking for worldwide recognition9.3.2. Scanning your local airwaves9.4. Wireless Network Attacks and Countermeasures9.4.1. Encrypted traffic9.4.2. Countermeasures against encrypted traffic attacks9.4.3. Rogue wireless devices9.4.4. Countermeasures against rogue wireless devices9.4.5. MAC spoofing9.4.6. Countermeasures against MAC spoofing9.4.7. Queensland DoS attack9.4.8. Countermeasures against DoS attacks9.4.9. Physical security problems9.4.10. Countermeasures against physical security problems9.4.11. Vulnerable wireless workstations9.4.12. Countermeasures against vulnerable wireless workstations9.4.13. Default configuration settings9.4.14. Countermeasures against default configuration settings exploits
IV. Hacking Operating Systems
10. Windows
10.1. Windows Vulnerabilities10.2. Choosing Tools10.2.1. Free Microsoft tools10.2.2. All-in-one assessment tools10.2.3. Task-specific tools10.3. Information Gathering10.3.1. System scanning10.3.1.1. Testing10.3.1.2. Countermeasures against system scanning10.3.2. NetBIOS10.3.2.1. Hacks10.3.2.1.1. Unauthenticated enumeration10.3.2.1.2. Shares10.3.2.2. Countermeasures against NetBIOS attacks10.4. Null Sessions10.4.1. Mapping10.4.2. Gleaning information10.4.2.1. net view10.4.2.2. Configuration and user information10.4.2.3. NetUsers10.4.3. Countermeasures against null session hacks10.5. Share Permissions10.5.1. Windows defaults10.5.1.1. Windows 2000/NT10.5.1.2. Windows XP10.5.2. Testing10.6. Missing Patch Exploitation10.6.1. Using Metasploit10.6.2. Countermeasures against missing patch vulnerability exploits10.7. Authenticated Scans
11. Linux
11.1. Linux Vulnerabilities11.2. Choosing Tools11.3. Information Gathering11.3.1. System scanning11.3.2. Countermeasures against system scanning11.4. Unneeded and Unsecured Services11.4.1. Searches11.4.1.1. Vulnerabilities11.4.1.2. Tools11.4.2. Countermeasures against attacks on unneeded services11.4.2.1. Disabling unneeded services11.4.2.1.1. inetd.conf11.4.2.1.2. chkconfig11.4.2.2. Access control11.5. .rhosts and hosts.equiv Files11.5.1. Hacks using the .rhosts and hosts.equiv files11.5.1.1. hosts.equiv11.5.1.2. .rhosts11.5.2. Countermeasures against .rhosts and hosts.equiv file attacks11.5.2.1. Disabling commands11.5.2.2. Blocking access11.6. NFS11.6.1. NFS hacks11.6.2. Countermeasures against NFS attacks11.7. File Permissions11.7.1. File permission hacks11.7.2. Countermeasures against file permission attacks11.7.2.1. Manual testing11.7.2.2. Automatic testing11.8. Buffer Overflows11.8.1. Attacks11.8.2. Countermeasures against buffer-overflow attacks11.9. Physical Security11.9.1. Physical security hacks11.9.2. Countermeasures against physical security attacks11.10. General Security Tests11.11. Patching Linux11.11.1. Distribution updates11.11.2. Multiplatform update managers
12. Novell NetWare
12.1. NetWare Vulnerabilities12.2. Choosing Tools12.3. Getting Started12.3.1. Server access methods12.3.2. Port scanning12.4. Authentication12.4.1. rconsole12.4.1.1. rconsole attacks12.4.1.2. Countermeasures against rconsole attacks12.4.2. Server-console access12.4.3. Intruder detection12.4.3.1. Testing for intruders12.4.3.2. Countermeasures against intruders12.4.4. Testing for rogue NLMs12.4.4.1. Modules command12.4.4.2. Tcpcon12.4.4.3. Admin utilities12.4.5. Countermeasures against rogue NLM attacks12.4.5.1. Documentation12.4.5.2. Unauthorized logins12.4.6. Cleartext packets12.4.6.1. Packet capture12.4.6.2. Countermeasures against packet capture12.5. Solid Practices for Minimizing NetWare Security Risks12.5.1. Rename admin12.5.2. Disable eDirectory browsing12.5.2.1. NetWare Administrator12.5.2.2. Novell ConsoleOne12.5.3. Remove bindery contexts12.5.4. Audit the system12.5.5. TCP/IP parameters12.5.6. Patch
V. Hacking Applications
13. Communication and Messaging Systems
13.1. Messaging System Vulnerabilities13.2. E-Mail Attacks13.2.1. E-mail bombs13.2.1.1. Attachments13.2.1.1.1. Attacks using e-mail attachments13.2.1.1.2. Countermeasures against e-mail attachment attacks13.2.1.2. Connections13.2.1.2.1. Attacks using floods of e-mails13.2.1.2.2. Countermeasures against connection attacks13.2.1.3. Automated e-mail security controls13.2.2. Banners13.2.2.1. Gathering information13.2.2.2. Countermeasures against banner attacks13.2.3. SMTP attacks13.2.3.1. Account enumeration13.2.3.1.1. Attacks using account enumeration13.2.3.1.2. Countermeasures against account enumeration13.2.3.2. Relay13.2.3.2.1. Automatic testing13.2.3.2.2. Manual testing13.2.3.2.3. Countermeasures against SMTP relay attacks13.2.3.3. E-mail header disclosures13.2.3.3.1. Testing13.2.3.3.2. Countermeasures against header disclosures13.2.3.4. Capturing traffic13.2.3.5. Malware13.2.3.5.1. EICAR test string13.2.3.5.2. GFI's Email Security Testing Zone13.2.4. General best practices for minimizing e-mail security risks13.2.4.1. Software solutions13.2.4.2. Operating guidelines13.3. Instant Messaging13.3.1. IM vulnerabilities13.3.1.1. Sharing files13.3.1.2. Log files13.3.2. Countermeasures against IM vulnerabilities13.3.2.1. Detecting IM traffic13.3.2.2. Maintenance and configuration13.4. Voice over IP13.4.1. VoIP vulnerabilities13.4.1.1. Scanning for vulnerabilities13.4.1.2. Capturing and recording voice traffic13.4.2. Countermeasures against VoIP vulnerabilities
14. Web Sites and Applications
14.1. Choosing Your Web Application Tools14.2. Web Vulnerabilities14.2.1. Directory traversal14.2.1.1. Crawlers14.2.1.2. Google14.2.2. Countermeasures against directory traversals14.2.3. Input filtering attacks14.2.3.1. Buffer overflows14.2.3.2. URL manipulation14.2.3.3. Hidden field manipulation14.2.3.4. Code injection and SQL injection14.2.3.5. Cross-site scripting14.2.4. Countermeasures against input attacks14.2.5. Default script attacks14.2.6. Countermeasures against default script attacks14.2.7. Unsecured login mechanisms14.2.8. Countermeasures against unsecured login systems14.2.9. General security scans for Web application vulnerabilities14.3. Best Practices for Minimizing Web Security Risks14.3.1. Obscurity14.3.2. Firewalls14.3.3. Source code analysis
15. Databases and Storage Systems
15.1. Databases15.1.1. Choosing tools15.1.2. Finding databases on the network15.1.3. Cracking database passwords15.1.4. Scanning databases for vulnerabilities15.2. Best Practices for Minimizing Database Security Risks15.3. Storage Systems15.3.1. Choosing tools15.3.2. Finding storage systems on the network15.3.3. Rooting out sensitive text in network files15.4. Best Practices for Minimizing Storage Security Risks
VI. Ethical Hacking Aftermath
16. Reporting Your Results
16.1. Pulling the Results Together16.2. Prioritizing Vulnerabilities16.3. Reporting Methods
17. Plugging Security Holes
17.1. Turning Your Reports into Action17.2. Patching for Perfection17.2.1. Patch management17.2.2. Patch automation17.2.2.1. Commercial tools17.2.2.2. Free tools17.3. Hardening Your Systems17.4. Assessing Your Security Infrastructure
18. Managing Security Changes
18.1. Automating the Ethical Hacking Process18.2. Monitoring Malicious Use18.3. Outsourcing Ethical Hacking18.4. Instilling a Security-Aware Mindset18.5. Keeping Up with Other Security Issues
VII. The Part of Tens
19. Ten Tips for Getting Upper Management Buy-In
19.1. Cultivate an Ally and Sponsor19.2. Don't Be a FUDdy Duddy19.3. Demonstrate How the Organization Can't Afford to Be Hacked19.4. Outline the General Benefits of Ethical Hacking19.5. Show How Ethical Hacking Specifically Helps the Organization19.6. Get Involved in the Business19.7. Establish Your Credibility19.8. Speak on Management's Level19.9. Show Value in Your Efforts19.10. Be Flexible and Adaptable
20. Ten Reasons Hacking Is the Only Effective Way to Test
20.1. The Bad Guys Are Thinking Bad Thoughts, Using Good Tools, and Developing New Attack Methods20.2. IT Governance and Compliance Is More Than High-Level Checklist Audits20.3. Ethical Hacking Complements Audits and Security Evaluations20.4. Someone's Going to Ask How Secure Your Systems Are20.5. The Law of Averages Is Working Against Businesses20.6. Ethical Hacking Creates a Better Understanding of What the Business Is Up Against20.7. If a Breach Occurs, You Have Something to Fall Back On20.8. Ethical Hacking Brings Out the Worst in Your Systems20.9. Ethical Hacking Combines the Best of Penetration Testing and Vulnerability Testing20.10. Ethical Hacking Can Uncover Operational Weaknesses That Might Go Overlooked For Years
21. Ten Deadly Mistakes
21.1. Not Getting Prior Approval in Writing21.2. Assuming That You Can Find All Vulnerabilities during Your Tests21.3. Assuming That You Can Eliminate All Security Vulnerabilities21.4. Performing Tests Only Once21.5. Thinking That You Know It All21.6. Running Your Tests without Looking at Things from a Hacker's Viewpoint21.7. Not Testing the Right Systems21.8. Not Using the Right Tools21.9. Pounding Production Systems at the Wrong Time21.10. Outsourcing Testing and Not Staying Involved
A. Tools and Resources
A.1. BluetoothA.2. CertificationsA.3. DatabasesA.4. Exploit ToolsA.5. General Research ToolsA.6. Hacker StuffA.7. KeyloggersA.8. Laws and RegulationsA.9. LinuxA.10. Live ToolkitsA.11. Log AnalysisA.12. MessagingA.13. Miscellaneous ToolsA.14. NetWareA.15. NetworksA.16. Password CrackingA.17. Patch ManagementA.18. Security Education and Learning ResourcesA.19. Security Methods and ModelsA.20. Source Code AnalysisA.21. StorageA.22. System HardeningA.23. User Awareness and TrainingA.24. Voice over IPA.25. Vulnerability DatabasesA.26. Web ApplicationsA.27. WindowsA.28. Wireless Networks

Content preview from Hacking For Dummies® 3rd Edition

Chapter 4. Hacking Methodology

In This Chapter

Examining steps for successful ethical hacking
Gleaning information about your organization from the Internet
Scanning your network
Looking for vulnerabilities

Before you dive in head first with your ethical hacking, it's critical to have at least a basic methodology to work from. Ethical hacking involves more than just penetrating and patching a system or network. Proven techniques can help guide you along the hacking highway and ensure that you end up at the right destination. Using a methodology that supports your ethical hacking goals separates the professionals from the amateurs and helps ensure that you make the most of your time and effort.

Setting the Stage for Testing

In the past a lot of ethical hacking involved manual processes. Now, tools can automate various tasks. These tools allow you to focus on performing the tests and less on the specific steps involved. However, following a general methodology and understanding what's going on behind the scenes will help you.

Ethical hacking is similar to beta testing software. Think logically — like a programmer, a radiologist, or a home inspector — to dissect and interact with all the system components to see how they work. You gather information, often in many small pieces, and assemble the pieces of the puzzle. You start at point A with several goals in mind, run your tests (repeating many steps along the way), and move closer until you discover security vulnerabilities at point B.

The ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470550939Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Hacking For Dummies® 3rd Edition

by Kevin Beaver

Chapter 4. Hacking Methodology

Setting the Stage for Testing

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.