Anti-Hacker Tool Kit, Third Edition

Acknowledgments

xxi

Introduction

xxiii

Part I Multifunctional Tools

Netcat and Cryptcat

(26)

Netcat

(5)

Implementation

(5)

Netcat6

(19)

Implementation

(1)

Netcat's 101 Uses

(17)

Cryptcat

(1)

SBD

(1)

The X Window System

(12)

Choosing a Window Manager

(1)

A Client / Server Model

(1)

How Remote X Servers and Clients Communicate

(1)

Securing X Hosts with xhost and xauth

(3)

Xhost

(1)

Xauth

(2)

Securing X Communications with Secure Shell

(2)

The Other Important Players

(2)

Xdm

(1)

Xinit and Startx

(1)

Xserver

(1)

Using X on Windows and Mac OS X

(1)

Now You Know

(2)

Virtual Machines & Emulators

(24)

VMware

(5)

Download and Installation

(1)

Configuration

(3)

Implementation

(1)

Open-Source Alternatives

(1)

Virtual PC

(4)

Configuration

(2)

Implementation

(2)

Gnoppix

(3)

Configuration

(1)

Implementation

(2)

Cygwin

(11)

Download and Installation

(2)

Implementation

(9)

Part II Tools for Auditing and Defending the Hosts

Port Scanners

(34)

Nmap

(20)

Implementation

(19)

THC-Amap

(7)

Implementation

(7)

IpEye

(1)

Implementation

(1)

WUPS

(1)

Implementation

(1)

ScanLine

(5)

Implementation

(5)

Unix Enumeration Tools

(18)

Samba

100

(6)

Smbclient

100

(2)

Nmblookup

102

(1)

Rpcclient

103

(3)

Finger

106

(1)

Implementation

106

(1)

Rpcinfo

107

(2)

Implementation

108

(1)

showmount

109

(1)

Implementation

109

(1)

R-tools

110

(2)

Rlogin, Rsh, and Rcp

111

(1)

R-tools Insecurity

111

(1)

Rwho

111

(1)

Rexec

112

(1)

who, w, and last

112

(5)

who

112

(1)

113

(1)

last

113

(4)

Windows Enumeration Tools

117

(44)

Net Tools

119

(4)

Implementation

119

(4)

NBTStat

123

(5)

Implementation

123

(3)

Retrieving a MAC Address

126

(2)

Winfingerprint

128

(4)

Implementation

128

(2)

Running a Development Build

130

(1)

Returning to the Command Line

130

(2)

GetUserInfo

132

(2)

Implementation

132

(2)

Enum

134

(2)

Implementation

134

(2)

PsTools

136

(15)

Implementation

137

(14)

MBSA Version 2

151

(10)

Implementation

151

(10)

Web Hacking Tools

161

(34)

Vulnerability Scanners

162

(10)

Nikto

162

(7)

LibWhisker

169

(3)

All-purpose Tools

172

(12)

Curl

172

(3)

OpenSSL

175

(4)

Stunnel

179

(5)

Application Inspection

184

(11)

Paros Proxy

184

(5)

Burp Proxy

189

(2)

Wget

191

(4)

Password Cracking / Brute-Force Tools

195

(36)

PAM and Unix Password Policies

197

(3)

Linux Implementation

197

(3)

OpenBSD login.conf

200

(3)

Implementation

201

(2)

John the Ripper

203

(12)

Implementation

203

(12)

L0phtCrack

215

(5)

Implementation

215

(5)

Grabbing Windows Password Hashes

220

(4)

Pwdump

220

(1)

Pwdump3

221

(1)

Pwdump4

221

(1)

Lsadump2

222

(2)

Active Brute-force Tools

224

(7)

THC-Hydra

224

(7)

Host Hardening

231

(18)

Clamav

232

(7)

Download and Installation

232

(1)

Implementation

233

(6)

Titan

239

(3)

Download and Installation

239

(1)

Implementation

240

(2)

Msec

242

(7)

Implementation

242

(7)

Backdoors and Remote Access Tools

249

(38)

VNC

251

(6)

Implementation

251

(6)

Netbus

257

(4)

Implementation

257

(4)

Back Orifice

261

(5)

Implementation

261

(5)

SubSeven

266

(6)

Implementation

267

(5)

Loki

272

(4)

Implementation

274

(2)

Stcpshell

276

(2)

Implementation

277

(1)

Knark

278

(9)

Implementation

279

(8)

Simple Source Auditing Tools

287

(14)

Flawfinder

288

(2)

Implementation

288

(2)

RATS

290

(11)

Implementation

290

(11)

Combination System Auditing Tools

301

(40)

Nessus

302

(16)

Installation

303

(1)

Implementation

304

(14)

Cain & Able

318

(2)

Implementation

318

(2)

AIDE

320

(2)

Installation

320

(1)

Implementation

320

(2)

Tripwire

322

(19)

Implementation: The Open-source Edition

323

(8)

Implementation: The Commercial Edition

331

(7)

Securing Your Files with Tripwire

338

(3)

Part III Tools for Auditing and Defending Your Network

Firewalls

341

(48)

Firewalls and Packet Filters--The Basics

342

(9)

What Is a Firewall?

342

(1)

What's the Difference Between a Firewall and a Packet Filter?

343

(1)

How Do Firewalls Protect Networks?

343

(1)

What Type of Packet Characteristics Can You Filter in a Ruleset?

344

(1)

What's the Difference Between Stateless and Stateful Firewalls?

345

(1)

Understanding Network Address Translation (NAT) and Port Forwarding

346

(3)

The Basics of Virtual Private Networks

349

(1)

Inside the Demilitarized Zones

349

(2)

When Do We Get to Talk About Actual Firewall Products?

351

(1)

Freeware Firewalls

351

(30)

Ipchains

352

(10)

Iptables (Netfilter)

362

(8)

IPFW2

370

(11)

Still Others

381

(1)

Commercial Firewalls

381

(8)

Linksys SOHO Firewall Units

381

(1)

SonicWall

382

(4)

Cisco PIX

386

(2)

Still Others

388

(1)

Network Reconnaissance Tools

389

(30)

whois/fwhois

390

(5)

Implementation

390

(5)

Host, Dig, and Nslookup

395

(4)

Implementation

396

(3)

Ping

399

(4)

Implementation

399

(4)

Fping

403

(3)

Implementation

403

(3)

Traceroute

406

(4)

Implementation

408

(2)

Hping

410

(9)

Implementation

410

(9)

Port Redirection

419

(14)

Datapipe

421

(2)

Implementation

421

(2)

FPipe

423

(2)

Implementation

424

(1)

WinRelay

425

(8)

Implementation

425

(8)

Sniffers

433

(62)

Sniffers Overview

434

(1)

ButtSniffer

435

(9)

Implementation

435

(5)

Disk Dump Mode

440

(4)

Topdump and WinDump

444

(14)

Installation

444

(1)

Implementation

445

(13)

Ethereal

458

(9)

Implementation

458

(9)

Dsniff

467

(7)

Installation

467

(1)

Implementation: The Tools

468

(6)

Dangerous Tools

474

(1)

Ettercap

474

(4)

Installation

474

(1)

Implementation

475

(3)

Potential for Disaster

478

(1)

Snort: An Intrusion-detection System

478

(17)

Installation and Implementation

479

(6)

Snort Plug-ins

485

(3)

So Much More

488

(7)

Wireless Tools

495

(18)

NetStumbler

497

(2)

Implementation

498

(1)

AiroPeek

499

(3)

Implementation

500

(2)

Wellenreiter

502

(1)

Implementation

502

(1)

Kismet

503

(10)

Implementation

504

(6)

Expanding Kismet's Capabilities

510

(3)

War Dialers

513

(20)

ToneLoc

514

(11)

Implementation: Creating the tl.cfg file

514

(4)

Implementation: Running a Scan

518

(2)

Implementation: Navigating the ToneLoc Interface

520

(1)

.dat File Techniques

520

(5)

THC-Scan

525

(6)

Implementation: Configuring THC-Scan

526

(2)

Implementation: Running THC-Scan

528

(1)

Implementation: Navigating THC-Scan

529

(1)

Implementation: Manipulating THC-Scan .dat Files

530

(1)

Shokdial

531

(1)

Implementation

532

(1)

Beyond the Connect String

532

(1)

TCP/IP Stack Tools

533

(22)

ISIC: IP Stack Integrity Checker

534

(7)

Implementation

534

(5)

Tips and Tricks

539

(2)

Iptest

541

(3)

Implementation

542

(2)

Nemesis: Packet-Weaving 101

544

(4)

Implementation

545

(3)

Beyond the Command Line

548

(7)

Part IV Tools for Computer Forensics and Incident Response

Creating a Bootable Environment and Live Response Tool Kit

555

(44)

Trinux

556

(5)

Implementation

556

(5)

Windows Live Response Tool Kit

561

(21)

cmd.exe

562

(1)

Fport

563

(1)

netstat

564

(3)

Nbtstat

567

(1)

ARP

567

(1)

PsList

568

(1)

kill

569

(1)

dir

570

(2)

Auditpol

572

(1)

PsLoggedOn

573

(1)

NTLast

573

(1)

Dump Event Log (dumpel)

574

(1)

Regdmp

575

(2)

SFind

577

(5)

Md5sum

582

(1)

Unix Live Response Tool Kit

582

(17)

bash

583

(1)

netstat

584

(1)

ARP

585

(1)

586

(2)

588

(1)

last and lastb

588

(1)

Isof

589

(1)

590

(4)

kill

594

(1)

Md5sum

594

(1)

Carbonite

595

(2)

Chkrootkit

597

(2)

Commercial Forensic Image Tool Kits

599

(42)

EnCase

600

(8)

Implementation

600

(8)

Format: Creating a Trusted Boot Disk

608

(1)

Implementation

608

(1)

PDBlock: Write Blocking Your Source Drives

609

(1)

Implementation

610

(1)

SafeBack

610

(9)

Implementation

611

(8)

SnapBack

619

(4)

Implementation

619

(4)

FTKImager

623

(5)

Implementation

623

(5)

Ghost

628

(7)

Implementation

628

(7)

Smart

635

(6)

Implementation

636

(5)

Open-Source Forensic Duplication Tool Kits

641

(18)

dd: A Forensic Duplication Tool

643

(6)

Implementation

643

(6)

dcfldd

649

(1)

split: Breaking Up Images on the Fly

649

(1)

dd: A Hard Drive Cleansing Tool

650

(1)

Implementation

650

(1)

Losetup: Transforming a Regular File into a Device on Linux

650

(2)

Implementation

651

(1)

The Enhanced Linux Loopback Device

652

(1)

Implementation

652

(1)

Vnode: Transforming a Regular File into a Device on FreeBSD

653

(2)

Implementation

653

(2)

Md5sum and md5: Validating the Evidence Collected

655

(4)

Implementation

655

(4)

Tool Kits to Aid in Forensic Analysis

659

(36)

The Forensic Toolkit

660

(11)

Implementation

660

(11)

EnCase

671

(10)

Implementation

672

(9)

The Coroner's Toolkit

681

(14)

Implementation

682

(13)

Tools to Aid in Internet Activity Reconstruction

695

(32)

Client- and Web-based E-mail

696

(1)

Outlook

697

(2)

Implementation

697

(2)

ReadPST and ReadDBX

699

(1)

Implementation

699

(1)

Paraben's E-mail Examiner

700

(4)

Implementation

701

(3)

Unix Mailboxes

704

(1)

Implementation

704

(1)

Guidance Software's EnCase Forensic Edition

705

(2)

Implementation

705

(2)

AccessData's FTK

707

(2)

Implementation

707

(2)

Searching for Internet History

709

(1)

NetAnalysis

710

(2)

Implementation

710

(2)

IE History

712

(4)

Implementation

712

(4)

X-Ways Trace

716

(2)

Implementation

717

(1)

Web Historian

718

(9)

Implementation

718

(9)

Generalized Editors and Viewers

727

(32)

The file Command

728

(2)

Implementation

729

(1)

Hexdump

730

(4)

Implementation

730

(4)

Hexedit

734

(3)

Implementation

734

(3)

737

(3)

Implementation

737

(3)

Frhed

740

(3)

Implementation

740

(3)

WinHex

743

(4)

Implementation

744

(3)

Quick View Plus

747

(4)

Implementation

748

(3)

Midnight Commander

751

(8)

Implementation

752

(7)

Reverse Engineering Binaries

759

(12)

The Anatomy of a Computer Program

760

(1)

Determining a Binary File Type

761

(1)

Black Box Analysis

761

(4)

Viewing the Text String in a Binary

762

(1)

Using LSOF to Determine What Files and Ports a Binary Uses

762

(1)

Determining Ports Using NMap

763

(1)

Using a Sniffer to Determine Network Traffic

763

(1)

Looking at the System Calls

763

(1)

Identifying Kernel-hiding Techniques

764

(1)

Creating a Sandbox Machine

765

(1)

Getting Your Hands Dirty: Working with the Code

765

(2)

Getting at the Memory

765

(1)

Working with objdump

766

(1)

IDA Pro

767

(1)

GNU DeBugger (GDB)

767

(1)

Java Programs

767

(4)

Obfuscation

768

(1)

Decompiling a Java Program

768

(3)

Part V Appendixes

A. Useful Charts and Diagrams

771

(12)

Protocol Headers

772

(4)

Ethernet Headers

772

(1)

Address Resolution Protocol (ARP) Headers

772

(1)

Internet Protocol (IP) Headers

773

(1)

Transmission Control Protocol (TCP) Headers

773

(1)

User Datagram Protocol (UDP) Headers

774

(1)

Internet Control Message Protocol (ICMP) Headers

774

(2)

ASCII Table

776

(7)

B. Command-line Reference

783

(4)

Directory Navigation

784

(1)

Text File Manipulation

784

(1)

Archive File Manipulation

785

(1)

Miscellaneous

786

(1)

Index

787

Rent More, Save More! Use code: ECRENTAL

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program