book

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin

August 2009

Beginner

298 pages

9h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Hacking: The Next Generation
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We’d Like to Hear from You
Safari® Books Online
Acknowledgments

1. Intelligence Gathering: Peering Through the Windows to Your Organization
Physical Security EngineeringDumpster DivingHanging Out at the Corporate Campus
Google Earth
Social Engineering Call Centers
Search Engine Hacking
Google HackingAutomating Google HackingExtracting Metadata from Online DocumentsSearching for Source Code
Leveraging Social Networks
Facebook and MySpaceAbusing FacebookTwitter
Tracking Employees
Email Harvesting with theHarvesterResumésJob PostingsGoogle Calendar
What Information Is Important?
Summary
2. Inside-Out Attacks: The Attacker Is the Insider
Man on the Inside
Cross-Site Scripting (XSS)
Stealing SessionsInjecting ContentStealing Usernames and PasswordsAdvanced and Automated Attacks
Cross-Site Request Forgery (CSRF)
Inside-Out Attacks
Content Ownership
Abusing Flash’s crossdomain.xmlAbusing JavaAttacking Code.google.com
Advanced Content Ownership Using GIFARs
Stealing Documents from Online Document Stores
Stealing Files from the Filesystem
Safari File StealingThe feed:// protocol handlerUsing Java to steal files
Summary
3. The Way It Works: There Is No Patch
Exploiting Telnet and FTPSniffing CredentialsBrute-Forcing Your Way InHijacking Sessions
Abusing SMTP
Snooping EmailsSpoofing Emails to Perform Social Engineering
Abusing ARP
Poisoning the NetworkCain & AbelSniffing SSH on a Switched NetworkLeveraging DNS for Remote ReconnaissanceDNS Cache SnoopingThe snooping attack in a nutshellA tool to snoop DNS cachesSample output of cache_snoop.pl
Summary
4. Blended Threats: When Applications Exploit Each Other
Application Protocol HandlersFinding Protocol Handlers on WindowsFinding Protocol Handlers on Mac OS XFinding Protocol Handlers on Linux
Blended Attacks
The Classic Blended Attack: Safari’s Carpet BombThe FireFoxUrl Application Protocol HandlerMailto:// and the Vulnerability in the ShellExecute Windows APIThe iPhoto Format String ExploitBlended Worms: Conficker/Downadup
Finding Blended Threats
Summary
5. Cloud Insecurity: Sharing the Cloud with Your Enemy
What Changes in the CloudAmazon’s Elastic Compute CloudGoogle’s App EngineOther Cloud Offerings
Attacks Against the Cloud
Poisoned Virtual MachinesAttacks Against Management ConsolesSecure by DefaultAbusing Cloud Billing Models and Cloud PhishingGoogling for Gold in the Cloud
Summary
6. Abusing Mobile Devices: Targeting Your Mobile Workforce
Targeting Your Mobile WorkforceYour Employees Are on My NetworkGetting on the NetworkDirect Attacks Against Your Employees and AssociatesPutting It Together: Attacks Against a Hotspot UserTapping into VoicemailExploiting Physical Access to Mobile Devices
Summary
7. Infiltrating the Phishing Underground: Learning from Online Criminals?
The Fresh Phish Is in the Tank
Examining the Phishers
No Time to PatchThank You for Signing My GuestbookSay Hello to Pedro!Isn’t It Ironic?
The Loot
Uncovering the Phishing KitsPhisher-on-Phisher Crime
Infiltrating the Underground
Google ReZulTFullz for Sale!Meet Cha0
Summary
8. Influencing Your Victims: Do What We Tell You, Please
The Calendar Is a Gold MineInformation in CalendarsWho Just Joined?Calendar Personalities
Social Identities
Abusing Social ProfilesStealing Social IdentitiesBreaking Authentication
Hacking the Psyche
Summary
9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
Fully Targeted Attacks Versus Opportunistic Attacks
Motives
Financial GainConverting information to currencyVengeanceBenefit and Risk
Information Gathering
Identifying ExecutivesThe Trusted CircleIdentifying the trusted circle: Network analysisFriends, family, and colleaguesTwitterTweetStatsClicking links on TwitterOther Social Applications
Attack Scenarios
Email AttackIdentifying the executive to attackFinding a potential lureIdentifying the email address of the lureConstructing the emailTargeting the AssistantTrusted circle attack on the assistantLeveraging the assistant’s trustMemory Sticks
Summary
10. Case Studies: Different Perspectives
The Disgruntled EmployeeThe Performance ReviewSpoofing into Conference CallsThe Win
The Silver Bullet
The Free LunchThe SSH ServerTurning the Network Inside OutA Fool with a Tool Is Still a Fool
Summary
A. Chapter 2 Source Code Samples
Datamine.js
Pingback.js
External-datamine.js
XHRIEsniperscope()
Codecrossdomain.java
HiddenClass.java
B. Cache_Snoop.pl
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Hacking: The Next Generation

Cross-Site Request Forgery (CSRF)

Cross-site request forgery (CSRF) is an extremely popular attack vector. Outside attackers often use it to perform transactions on corporate intranet applications that are not accessible externally. CSRF takes advantage of the vulnerable application’s inability to distinguish legitimate transaction requests against requests from the victim’s browser that are a result of malicious client-side code. As with XSS, the scope of this chapter is beyond simple CSRF tactics. This section assumes the reader is familiar with the concept of CSRF. The goal of this section is to illustrate how sophisticated attackers can combine CSRF and other attacks to maximize exploitation.

Note

To gather some elementary knowledge about CSRF, visit http://www.owasp.org/index.php/CSRF.

Inside-Out Attacks

Attacking internal network resources from the outside adds a bit of complexity and typically changes an attacker’s attack landscape. Attacks against internal resources are often targeted toward large corporations with large numbers of network devices and enterprise software that create a target-rich environment for the attacker. In this section, we’ll discuss a scenario in which the attacker is able to remotely manipulate an internal employee’s web browser to attack the internal resources of a large corporation.

The typical internal corporate web application is protected from access from attackers on the Internet by the use of corporate firewalls. The basic illustration in Figure 2-6 ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596806309Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design