book

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin

August 2009

Beginner

298 pages

9h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Hacking: The Next Generation
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We’d Like to Hear from You
Safari® Books Online
Acknowledgments

1. Intelligence Gathering: Peering Through the Windows to Your Organization
Physical Security EngineeringDumpster DivingHanging Out at the Corporate Campus
Google Earth
Social Engineering Call Centers
Search Engine Hacking
Google HackingAutomating Google HackingExtracting Metadata from Online DocumentsSearching for Source Code
Leveraging Social Networks
Facebook and MySpaceAbusing FacebookTwitter
Tracking Employees
Email Harvesting with theHarvesterResumésJob PostingsGoogle Calendar
What Information Is Important?
Summary
2. Inside-Out Attacks: The Attacker Is the Insider
Man on the Inside
Cross-Site Scripting (XSS)
Stealing SessionsInjecting ContentStealing Usernames and PasswordsAdvanced and Automated Attacks
Cross-Site Request Forgery (CSRF)
Inside-Out Attacks
Content Ownership
Abusing Flash’s crossdomain.xmlAbusing JavaAttacking Code.google.com
Advanced Content Ownership Using GIFARs
Stealing Documents from Online Document Stores
Stealing Files from the Filesystem
Safari File StealingThe feed:// protocol handlerUsing Java to steal files
Summary
3. The Way It Works: There Is No Patch
Exploiting Telnet and FTPSniffing CredentialsBrute-Forcing Your Way InHijacking Sessions
Abusing SMTP
Snooping EmailsSpoofing Emails to Perform Social Engineering
Abusing ARP
Poisoning the NetworkCain & AbelSniffing SSH on a Switched NetworkLeveraging DNS for Remote ReconnaissanceDNS Cache SnoopingThe snooping attack in a nutshellA tool to snoop DNS cachesSample output of cache_snoop.pl
Summary
4. Blended Threats: When Applications Exploit Each Other
Application Protocol HandlersFinding Protocol Handlers on WindowsFinding Protocol Handlers on Mac OS XFinding Protocol Handlers on Linux
Blended Attacks
The Classic Blended Attack: Safari’s Carpet BombThe FireFoxUrl Application Protocol HandlerMailto:// and the Vulnerability in the ShellExecute Windows APIThe iPhoto Format String ExploitBlended Worms: Conficker/Downadup
Finding Blended Threats
Summary
5. Cloud Insecurity: Sharing the Cloud with Your Enemy
What Changes in the CloudAmazon’s Elastic Compute CloudGoogle’s App EngineOther Cloud Offerings
Attacks Against the Cloud
Poisoned Virtual MachinesAttacks Against Management ConsolesSecure by DefaultAbusing Cloud Billing Models and Cloud PhishingGoogling for Gold in the Cloud
Summary
6. Abusing Mobile Devices: Targeting Your Mobile Workforce
Targeting Your Mobile WorkforceYour Employees Are on My NetworkGetting on the NetworkDirect Attacks Against Your Employees and AssociatesPutting It Together: Attacks Against a Hotspot UserTapping into VoicemailExploiting Physical Access to Mobile Devices
Summary
7. Infiltrating the Phishing Underground: Learning from Online Criminals?
The Fresh Phish Is in the Tank
Examining the Phishers
No Time to PatchThank You for Signing My GuestbookSay Hello to Pedro!Isn’t It Ironic?
The Loot
Uncovering the Phishing KitsPhisher-on-Phisher Crime
Infiltrating the Underground
Google ReZulTFullz for Sale!Meet Cha0
Summary
8. Influencing Your Victims: Do What We Tell You, Please
The Calendar Is a Gold MineInformation in CalendarsWho Just Joined?Calendar Personalities
Social Identities
Abusing Social ProfilesStealing Social IdentitiesBreaking Authentication
Hacking the Psyche
Summary
9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
Fully Targeted Attacks Versus Opportunistic Attacks
Motives
Financial GainConverting information to currencyVengeanceBenefit and Risk
Information Gathering
Identifying ExecutivesThe Trusted CircleIdentifying the trusted circle: Network analysisFriends, family, and colleaguesTwitterTweetStatsClicking links on TwitterOther Social Applications
Attack Scenarios
Email AttackIdentifying the executive to attackFinding a potential lureIdentifying the email address of the lureConstructing the emailTargeting the AssistantTrusted circle attack on the assistantLeveraging the assistant’s trustMemory Sticks
Summary
10. Case Studies: Different Perspectives
The Disgruntled EmployeeThe Performance ReviewSpoofing into Conference CallsThe Win
The Silver Bullet
The Free LunchThe SSH ServerTurning the Network Inside OutA Fool with a Tool Is Still a Fool
Summary
A. Chapter 2 Source Code Samples
Datamine.js
Pingback.js
External-datamine.js
XHRIEsniperscope()
Codecrossdomain.java
HiddenClass.java
B. Cache_Snoop.pl
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Hacking: The Next Generation

Attack Scenarios

Now that we have covered the motives and information-gathering techniques an attacker can use to target an executive, we will identify potential attack scenarios an attacker can use to exploit an executive.

Email Attack

Email attacks are the cheapest attacks to pull off against executives. They have the potential to be very efficient and can have a high success rate if the email is from a member of the executive’s trusted circle.

Earlier in the chapter, we demonstrated ways to identify members of an executive’s corporate circle using network analysis and by harvesting social networking sites. In this attack scenario, we will be using public websites to identify a member who could be in the victim’s trusted circle.

Let’s use O’Reilly Media as our target. Assuming the attacker didn’t know the CEO of O’Reilly Media, he could use a social networking site, such as LinkedIn, to identify potential victims.

Identifying the executive to attack

Using “O’Reilly” as the company search term and “CEO” as the title search term returns 34 results. We quickly identify the profile for Tim O’Reilly, CEO of O’Reilly Media, as shown in Figure 9-9.

Figure 9-9. Tim O’Reilly’s LinkedIn profile

Unfortunately for the attacker, Tim has more than 500 connections, so LinkedIn is not going to help the attacker identify potential members of Tim’s trusted circle. The attacker will have to use another ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596806309Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin

Attack Scenarios