book

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin

August 2009

Beginner

298 pages

9h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Hacking: The Next Generation
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We’d Like to Hear from You
Safari® Books Online
Acknowledgments

1. Intelligence Gathering: Peering Through the Windows to Your Organization
Physical Security EngineeringDumpster DivingHanging Out at the Corporate Campus
Google Earth
Social Engineering Call Centers
Search Engine Hacking
Google HackingAutomating Google HackingExtracting Metadata from Online DocumentsSearching for Source Code
Leveraging Social Networks
Facebook and MySpaceAbusing FacebookTwitter
Tracking Employees
Email Harvesting with theHarvesterResumésJob PostingsGoogle Calendar
What Information Is Important?
Summary
2. Inside-Out Attacks: The Attacker Is the Insider
Man on the Inside
Cross-Site Scripting (XSS)
Stealing SessionsInjecting ContentStealing Usernames and PasswordsAdvanced and Automated Attacks
Cross-Site Request Forgery (CSRF)
Inside-Out Attacks
Content Ownership
Abusing Flash’s crossdomain.xmlAbusing JavaAttacking Code.google.com
Advanced Content Ownership Using GIFARs
Stealing Documents from Online Document Stores
Stealing Files from the Filesystem
Safari File StealingThe feed:// protocol handlerUsing Java to steal files
Summary
3. The Way It Works: There Is No Patch
Exploiting Telnet and FTPSniffing CredentialsBrute-Forcing Your Way InHijacking Sessions
Abusing SMTP
Snooping EmailsSpoofing Emails to Perform Social Engineering
Abusing ARP
Poisoning the NetworkCain & AbelSniffing SSH on a Switched NetworkLeveraging DNS for Remote ReconnaissanceDNS Cache SnoopingThe snooping attack in a nutshellA tool to snoop DNS cachesSample output of cache_snoop.pl
Summary
4. Blended Threats: When Applications Exploit Each Other
Application Protocol HandlersFinding Protocol Handlers on WindowsFinding Protocol Handlers on Mac OS XFinding Protocol Handlers on Linux
Blended Attacks
The Classic Blended Attack: Safari’s Carpet BombThe FireFoxUrl Application Protocol HandlerMailto:// and the Vulnerability in the ShellExecute Windows APIThe iPhoto Format String ExploitBlended Worms: Conficker/Downadup
Finding Blended Threats
Summary
5. Cloud Insecurity: Sharing the Cloud with Your Enemy
What Changes in the CloudAmazon’s Elastic Compute CloudGoogle’s App EngineOther Cloud Offerings
Attacks Against the Cloud
Poisoned Virtual MachinesAttacks Against Management ConsolesSecure by DefaultAbusing Cloud Billing Models and Cloud PhishingGoogling for Gold in the Cloud
Summary
6. Abusing Mobile Devices: Targeting Your Mobile Workforce
Targeting Your Mobile WorkforceYour Employees Are on My NetworkGetting on the NetworkDirect Attacks Against Your Employees and AssociatesPutting It Together: Attacks Against a Hotspot UserTapping into VoicemailExploiting Physical Access to Mobile Devices
Summary
7. Infiltrating the Phishing Underground: Learning from Online Criminals?
The Fresh Phish Is in the Tank
Examining the Phishers
No Time to PatchThank You for Signing My GuestbookSay Hello to Pedro!Isn’t It Ironic?
The Loot
Uncovering the Phishing KitsPhisher-on-Phisher Crime
Infiltrating the Underground
Google ReZulTFullz for Sale!Meet Cha0
Summary
8. Influencing Your Victims: Do What We Tell You, Please
The Calendar Is a Gold MineInformation in CalendarsWho Just Joined?Calendar Personalities
Social Identities
Abusing Social ProfilesStealing Social IdentitiesBreaking Authentication
Hacking the Psyche
Summary
9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
Fully Targeted Attacks Versus Opportunistic Attacks
Motives
Financial GainConverting information to currencyVengeanceBenefit and Risk
Information Gathering
Identifying ExecutivesThe Trusted CircleIdentifying the trusted circle: Network analysisFriends, family, and colleaguesTwitterTweetStatsClicking links on TwitterOther Social Applications
Attack Scenarios
Email AttackIdentifying the executive to attackFinding a potential lureIdentifying the email address of the lureConstructing the emailTargeting the AssistantTrusted circle attack on the assistantLeveraging the assistant’s trustMemory Sticks
Summary
10. Case Studies: Different Perspectives
The Disgruntled EmployeeThe Performance ReviewSpoofing into Conference CallsThe Win
The Silver Bullet
The Free LunchThe SSH ServerTurning the Network Inside OutA Fool with a Tool Is Still a Fool
Summary
A. Chapter 2 Source Code Samples
Datamine.js
Pingback.js
External-datamine.js
XHRIEsniperscope()
Codecrossdomain.java
HiddenClass.java
B. Cache_Snoop.pl
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Hacking: The Next Generation

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is the most popular avenue for attack against the corporate internal network. XSS remains the most popular attack against the masses because it is easy to find and to launch, while the consequences of the attack can be devastating. Although the scope of this chapter is beyond simple XSS tactics, no discussion of client-side exploitation would be complete without a mention of XSS. This section assumes that the reader is familiar with the concept of XSS. The goal of this section is to illustrate how sophisticated attackers today are able to leverage the most out of XSS vulnerabilities.

The amount of data that is passed between users and online applications is staggering. It seems that every significant business function has a web interface to manage various business actions and peruse data. The enormous amount of sensitive information passed in online transactions makes online data theft appealing and lucrative. Of the various online attacks, XSS remains one of the most prolific. Although numerous XSS attack techniques exist, this section will cover a few examples of attacks that focus on stealing user information. These attacks will progress in complexity and can be used as a foundation for more advanced, targeted attacks.

Note

If you are not familiar with XSS, the Wikipedia page at http://en.wikipedia.org/wiki/Cross-site_scripting is a good resource.

Stealing Sessions

Attackers often use XSS to steal user sessions. The following is ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596806309Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design