Chained Exploits Advanced Hacking Attacks from Start to Finish

by ; ;
  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2009-02-27
  • Publisher: Addison-Wesley Professional
  • Purchase Benefits
  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $59.99 Save up to $2.40
  • eBook
    Add to Cart


Supplemental Materials

What is included with this book?

  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


The only security book that's 100% focused on today's dangerous 'chained' attacks: how they work, and how to counter them.

Author Biography

Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and Business Week. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council's Instructor of Excellence Award. Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council's Instructor of Excellence Award. Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.

Table of Contents

Introductionp. xvii
Get Your Free Credit Cards Herep. 1
Setting the Stagep. 1
The Approachp. 1
The Chained Exploitp. 2
Enumerating the PDXO Web Sitep. 3
Enumerating the Credit Card Databasep. 5
Stealing Credit Card Information from the Web Sitep. 11
Selling the Credit Card Information on the Underground Marketp. 13
Defacing the PDXO Web Sitep. 15
Chained Exploit Summaryp. 16
Countermeasuresp. 17
Change the Default HTTP Response Headerp. 17
Do Not Have Public Access to Developer Sitesp. 17
Do Not Install SQL Server on the Same Machine as IISp. 17
Sanitize Input on Web Formsp. 18
Do Not Install IIS in the Default Locationp. 18
Make Your Web Site Read-Onlyp. 18
Remove Unnecessary Stored Procedures from Your SQL Databasep. 18
Do Not Use the Default Username and Password for Your Databasep. 18
Countermeasures for Customersp. 19
Conclusionp. 20
Discover What Your Boss Is Looking Atp. 21
Setting the Stagep. 21
The Approachp. 22
For More Informationp. 25
The Chained Exploitp. 28
Phishing Scamp. 29
Installing Executablesp. 32
Setting Up the Phishing Sitep. 38
Sending Mr. Minutia an E-mailp. 38
Finding the Boss's Computerp. 42
Connecting to the Boss's Computerp. 43
WinPcapp. 45
Analyzing the Packet Capturep. 46
Reassembling the Graphicsp. 48
Other Possibilitiesp. 51
Chained Exploit Summaryp. 52
Countermeasuresp. 52
Countermeasures for Phishing Scamsp. 53
Countermeasures for Trojan Horse Applicationsp. 53
Countermeasures for Packet-Capturing Softwarep. 54
Conclusionp. 54
Take Down Your Competitor's Web Sitep. 55
Setting the Stagep. 55
The Approachp. 57
For More Informationp. 59
The Chained Exploitp. 59
The Testp. 60
The One That Workedp. 66
Getting Access to the Pawn Web sitep. 68
Lab-Testing the Hackp. 70
Modifying the Pawn Web Sitep. 80
Other Possibilitiesp. 83
Chained Exploit Summaryp. 84
Countermeasuresp. 85
Countermeasures for Hackers Passively Finding Information about Your Companyp. 85
Countermeasures for DDoS Attacks via ICMPp. 85
Countermeasures for DDoS Attacks via HTTP and Other Protocolsp. 86
Countermeasures for Unauthorized Web Site Modificationp. 86
Countermeasures for Compromise of Internal Employeesp. 87
Conclusionp. 88
Corporate Espionagep. 89
Setting the Stagep. 89
The Approachp. 91
The Chained Exploitp. 92
Reconnaissancep. 92
Getting Physical Accessp. 96
Executing the Hacksp. 101
Bringing Down the Hospitalp. 107
Other Possibilitiesp. 119
Chained Exploit Summaryp. 120
Countermeasuresp. 121
Countermeasures for Physical Security Breaches and Access Systems Compromisep. 121
Countermeasures for Scanning Attacksp. 121
Countermeasures for Social Engineeringp. 122
Countermeasures for Operating System Attacksp. 122
Countermeasures for Data Theftp. 123
Conclusionp. 124
Chained Corporationsp. 125
Setting the Stagep. 125
The Approachp. 126
The Chained Exploitp. 127
Reconnaissancep. 127
Social Engineering Attackp. 135
More and Yet More Reconp. 137
Aggressive Active Reconp. 140
Building the Exploit Infrastructurep. 149
Testing the Exploitp. 156
Executing the Hackp. 166
Constructing the Rootkitp. 167
Game Over-The End Resultp. 172
Other Possibilitiesp. 173
Chained Exploit Summaryp. 173
Countermeasuresp. 174
Countermeasures for Hackers Passively Finding Information about Your Companyp. 174
Countermeasures for Social Engineering Attack on Visual IQp. 175
Countermeasures for Recon on the Visual IQ Softwarep. 175
Countermeasures for Wi-Fi Attack on Quizzi Home Networkp. 175
Countermeasures for the Keylogger Attackp. 176
Conclusionp. 176
Gain Physical Access to Healthcare Recordsp. 177
Setting the Stagep. 177
The Approachp. 179
For More Informationp. 179
The Chained Exploitp. 181
Social Engineering and Piggybackingp. 181
Gaining Physical Accessp. 195
Booting into Windows with Knoppixp. 201
Modifying Personally Identifiable Information or Protected Medical Informationp. 204
Chained Exploit Summaryp. 205
Countermeasuresp. 205
Social Engineering and Piggybackingp. 206
Lock Pickingp. 208
Defeating Biometricsp. 208
Compromising a PCp. 208
Conclusionp. 209
Attracking Social Networking Sitesp. 211
Setting the Stagep. 211
The Approachp. 212
The Chained Exploitp. 213
Creating a Fake MySpace Web Sitep. 213
Creating the Redirection Web Sitep. 217
Creating a MySpace Pagep. 218
Sending a Commentp. 221
Compromising the Accountp. 224
Logging In to the Hacked Accountp. 224
The Resultsp. 227
Chained Exploit Summaryp. 228
Countermeasuresp. 228
Avoid Using Social Networking Sitesp. 229
Use a Private Profilep. 229
Be Careful about Clicking on Linksp. 229
Require Last Name / E-mail Address to Be a Friendp. 230
Do Not Post Too Much Informationp. 230
Be Careful When Entering Your Username/Passwordp. 230
Use a Strong Passwordp. 230
Change Your Password Frequentlyp. 231
Use Anti-Phishing Toolsp. 231
Conclusionp. 231
Wreaking Havoc from the Parking Lotp. 233
Setting the Stagep. 233
The Approachp. 236
For More Informationp. 237
Accessing Networks Through Access Pointsp. 238
The Chained Exploitp. 239
Connecting to an Access Pointp. 239
Performing the Microsoft Kerberos Preauthentication Attackp. 248
Cracking Passwords with RainbowCrackp. 254
Pilfering the Country Club Datap. 256
Chained Exploit Summaryp. 257
Countermeasuresp. 258
Secure Access Pointsp. 258
Configure Active Directory Properlyp. 259
Use an Intrusion Prevention System or Intrusion Detection Systemp. 260
Update Anti-Virus Software Regularlyp. 261
Computer Network Security Checklistp. 261
Conclusionp. 266
Indexp. 267
Table of Contents provided by Ingram. All Rights Reserved.


Introduction IntroductionWhenever we tell people about the contents of this book, we always get the same response: "Isn't that illegal?" Yes, we tell them. Most of what this book covers is completely illegal if you re-create the scenarios and perform them outside of a lab environment. This leads to the question of why we would even want to create a book like this.The answer is quite simple. This book is necessary in the marketplace to educate others about chained exploits. Throughout our careers we have helped secure hundreds of organizations. The biggest weakness we saw was not in engineering a new security solution, but in education. People are just not aware of how attacks really occur. They need to be educated in how the sophisticated attacks happen so that they can know how to effectively protect against them.All the authors of this book have experience in both penetration testing (hacking into organizations with authorization to assess their weakness) as well as teaching security and ethical hacking courses for Training Camp ( http://www.trainingcamp.com ). Many of the chapters in this book come from attacks we have successfully performed in real-world penetration tests. We want to share these so that you know how to stop malicious attacks. We all agree that it is through training that we make the biggest impact, and this book serves as an extension to our passion for security awareness training. What Is a Chained Exploit?There are several excellent books in the market on information security. What has been lacking, however, is a book that covers chained exploits and effective countermeasures. A chained exploit is an attack that involves multiple exploits or attacks. Typically a hacker will use not just one method, but several, to get to his or her target.Take this scenario as an example. You get a call at 2 a.m. from a frantic coworker, saying your Web site has been breached. You jump out of bed, throw on a baseball cap and some clothes, and rush down to your workplace. When you get there, you find your manager and coworkers frenzied about what to do. You look at the Web server and go through the logs. Nothing sticks out at you. You go to the firewall and review its logs. You do not see any suspicious traffic heading for your Web server. What do you do?We hope you said, "Step back, and look at the bigger picture." Look around your infrastructure. You might have dedicated logging machines, load-balancing devices, switches, routers, backup devices, VPN (virtual private network) devices, hubs, database servers, application servers, Web servers, firewalls, encryption devices, storage devices, intruder detection devices, and much more. Within each of these devices and servers runs software. Each piece of software is a possible point of entry.In this scenario the attacker might not have directly attacked the Web server from the outside. He or she might have first compromised a router. From there, the attacker might reconfigure the router to get access to a backup server that manages all backups for your datacenter. Next the attacker might use a buffer overflow exploit against your backup software to get administrator access to the backup server. The attacker might launch an attack to confuse the intrusion detection system so that the real attack goes unnoticed. Then the attacker might

Rewards Program

Write a Review