9780072121278

Hacking Exposed: Network Security Secrets and Solutions

by ; ;
  • ISBN13:

    9780072121278

  • ISBN10:

    0072121270

  • Edition: 1st
  • Format: Paperback
  • Copyright: 1999-10-01
  • Publisher: Osborne McGraw-Hill
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $39.99 Save up to $10.00
  • Buy Used
    $29.99

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

Avoiding the overly dry tone of many of the security books written for professionals, this book delves into some of the most highly publicized attacks available. However, it is not an instructional guide for hackers--network administrators will understand the security threats to their companies and feel confident using the tools provided on the CD-ROM. The CD also contains numerous scanning scripts and an electronic version of "InforWorld Security Sweet 16" and "Top 15 Vulnerabilities."

Table of Contents

About the Authors iv
About the Contributing Author v
About the Technical Reviewers v
Foreword xvii
Acknowledgments xxi
Introduction xxiii
Part I Casing the Establishment
Footprinting---Target Acquisition
3(26)
What Is Footprinting?
5(2)
Why Is Footprinting Necessary?
6(1)
Internet Footprinting
7(21)
Determine the Scope of Your Activities
7(5)
Network Enumeration
12(7)
DNS Interrogation
19(6)
Network Reconnaissance
25(3)
Summary
28(1)
Scanning
29(28)
Network Ping Sweeps
30(7)
Ping Sweeps Countermeasures
34(3)
ICMP Queries
37(1)
ICMP Query Countermeasures
38(1)
Port Scanning
38(13)
Scan Types
39(1)
Identifying TCP and UDP Services Running
40(7)
Port Scanning Breakdown
47(1)
Port Scanning Countermeasures
47(4)
Operating System Detection
51(4)
TCP Fingerprinting
52(3)
Operating System Detection Countermeasures
55(1)
The Whole Enchilada: Automated Discovery Tools
55(1)
Automated Discovery Tools Countermeasures
56(1)
Summary
56(1)
Enumeration
57(32)
Introduction
58(27)
Windows NT
58(14)
Novell Enumeration
72(5)
UNIX Enumeration
77(8)
Summary
85(4)
Part II System Hacking
Hacking Windows 95/98
89(20)
Introduction
90(1)
Win 9x Remote Exploits
90(11)
Direct Connection to Win 9x Shared Resources
92(5)
Win 9x Back Doors
97(3)
Known Server Application Vulnerabilities
100(1)
Win 9x Denial of Service
101(1)
Win 9x Hacking from the Console
101(7)
Bypassing Win 9x Security: Reboot!
102(1)
Stealthier Methods I: Autorun and Ripping the Screen-Saver Password
102(2)
Stealthier Methods II: Revealing the Win 9x Passwords in Memory
104(1)
Stealthier Methods III: Cracking
105(3)
Summary
108(1)
Hacking Windows NT
109(60)
A Brief Review
111(1)
Where We're Headed
111(1)
The Quest for Administrator
111(24)
Guessing Passwords over the Network
113(5)
Countermeasures: Defending Against Password Guessing
118(7)
Remote Exploits: Denial of Service and Buffer Overflows
125(2)
Privilege Escalation
127(8)
Consolidation of Power
135(28)
Cracking the SAM
135(10)
Exploiting Trust
145(5)
Remote Control and Back Doors
150(8)
General Back Doors and Countermeasures
158(5)
Covering Tracks
163(2)
Disabling Auditing
163(1)
Clearing the Event Log
163(1)
Hiding Files
164(1)
Summary
165(4)
Novell NetWare Hacking
169(38)
Attaching but Not Touching
170(2)
On-Site Admin (ftp://ftp.cdrom.com/.1/novell/onsite.zip)
171(1)
snlist (ftp://ftp.it.ru/pub/netware/util/NetWare4.Toos/snlist.exe) and nslist (http://www.nmrc.org/files/snetware/nutl8.zip)
171(1)
Attaching Countermeasure
172(1)
Enumerate Bindery and Trees
172(6)
userinfo (ftp://ftp.cdrom.com/.1/novell/userinfo.zip)
172(1)
userdump (ftp://ftp.cdrom.com/.1/novell/userdump.zip)
173(1)
finger (ftp://ftp.cdrom.com/.1/novell/finger.zip)
173(1)
bindery (http://www.nmrc.org/files/netware/bindery.zip)
174(1)
bindin (ftp://ftp.edv-himmelbauer.co.at/Novell.3x/Testprog/Bindin.exe)
175(1)
nlist (Sys:Public)
175(1)
cx (Sys:Public)
176(1)
On-Site Administrator
177(1)
Enumeration Countermeasure
178(1)
Opening the Unlocked Doors
178(2)
chknull (http://www.nmrc.org/files/netware/chknull.zip)
179(1)
chknull Countermeasure
180(1)
Authenticated Enumeration
180(3)
userlist /a
180(1)
On-Site Administrator
181(1)
NDSsnoop (ftp://ftp.iae.univ-poitiers.fr/pc/netware/UTIL/ndssnoop.exe)
181(2)
Detecting Intruder Lockout
183(1)
Intruder Lockout Detection Countermeasure
184(1)
Gaining Admin
184(3)
Pillaging
185(1)
Pillaging Countermeasure
185(1)
Nwpcrack (http:www.nmrc.org/files/netware/nwpcrack.zip)
186(1)
Nwpcrack Countermeasure
187(1)
Application Vulnerabilities
187(2)
NetWare perl (http://www.insecure.org/sploits/netware.perl.nlm.html)
188(1)
NetWare Perl Countermeasure
188(1)
NetWare FTP (http://www.nmrc.org/faqs/netwar/nw_sec12.html#12-2)
188(1)
NetWare FTP Countermeasure
189(1)
NetWare Web Server (http://www.nmrc.org/faqs/netware/nt_sec12.html@12-1)
189(1)
NetWare Web Server Countermeasure
189(1)
Spoofing Attacks (Pandora)
189(3)
Gameover
190(2)
Pandora Countermeasure
192(1)
Once You Have Admin on a Server
192(2)
rconsole Hacking
192(1)
rconsole (Cleartext Passwords) Countermeasure
193(1)
Owning the NDS Files
194(6)
NetBasic.nlm (SYS:SYSTEM)
194(1)
Dsmaint (http://www.support.novell.com/cgi-bin/search/patlstfind.cgi?2947447)
195(1)
Jcmd (ftp://ftp.cdrom.com/.1/novell/jrb400a.zip or http://www.jrbsoftware.com)
196(1)
Grabbing NDS Countermeasure
197(1)
Cracking the NDS Files
197(3)
Log Doctoring
200(2)
Turning Off Auditing
200(1)
Changing File History
200(1)
Console Logs
201(1)
Log Doctoring Countermeasure
201(1)
Back Doors
202(2)
Back Door Countermeasure
204(1)
Further Resources
204(3)
Kane Security Analyst (http://www.intrusion.com)
204(1)
Web Sites (ftp://ftp.novell.com/pub/updates/nw/nw411/)
205(1)
Usenet Groups
205(2)
UNIX
207(58)
The Quest for Root
208(1)
A Brief Review
208(1)
Vulnerability Mapping
209(1)
Remote Access Versus Local Access
209(1)
Remote Access
210(25)
Brute Force Attacks
211(2)
Data Driven Attacks
213(4)
Input Validation Attacks
217(1)
I Want My Shell
218(4)
Common Types of Remote Attacks
222(13)
Local Access
235(16)
Password Composition Vulnerabilities
235(4)
Local Buffer Overflow
239(1)
Symlink
240(2)
File Descriptor Attacks
242(1)
Race Conditions
243(2)
Core-File Manipulation
245(1)
Shared Libraries
245(1)
System Misconfiguration
246(4)
Shell Attacks
250(1)
After Hacking Root
251(8)
Rootkits
252(1)
Trojans
252(1)
Sniffers
253(3)
Log Cleaning
256(3)
Summary
259(6)
Part III Network Hacking
Dial-Up and VPN Hacking
265(24)
Introduction
266(1)
Phone Number Footprinting
266(4)
Countermeasure: Stop the Leaks
269(1)
Wardialing
270(14)
Hardware
270(1)
Legal Issues
271(1)
Peripheral Costs
271(1)
Software
271(9)
Carrier Exploitation Techniques
280(2)
Dial-Up Security Measures
282(2)
Virtual Private Network (VPN) Hacking
284(3)
Summary
287(2)
Network Devices
289(24)
Discovery
290(8)
Detection
290(5)
SNMP
295(3)
Back Doors
298(10)
Default Accounts
298(3)
Lower the Gates (Vulnerabilities)
301(7)
Shared Versus Switched
308(3)
Detecting the Media You're On
309(1)
Capturing SNMP Information
310(1)
SNMP Sets
311(1)
SNMP Set Countermeasure
311(1)
RIP Spoofing
311(1)
RIP Spoofing Countermeasure
312(1)
Summary
312(1)
Firewalls
313(26)
Firewall Landscape
314(1)
Firewall Identification
315(9)
Direct Scanning: the Noisy Technique
315(1)
Countermeasures
315(2)
Route Tracing
317(1)
Countermeasures
318(1)
Banner Grabbing
318(1)
Countermeasure
319(1)
Advanced Firewall Discovery
320(3)
Port Identification
323(1)
Countermeasures
324(1)
Scanning Through Firewalls
324(3)
Hping
324(2)
Countermeasure
326(1)
Firewalking
326(1)
Countermeasure
327(1)
Packet Filtering
327(3)
Liberal ACLs
327(1)
Countermeasure
328(1)
CheckPoint Trickery
328(1)
Countermeasure
329(1)
ICMP and UDP Tunneling
329(1)
Countermeasure
330(1)
Application Proxy Vulnerabilities
330(7)
Hostname: localhost
330(1)
Countermeasure
331(1)
Unauthenticated External Proxy Access
331(1)
Countermeasure
332(1)
WinGate Vulnerabilities
332(5)
Summary
337(2)
Denial of Service (DoS) Attacks
339(18)
Motivation of DoS Attackers
340(1)
Types of DoS Attacks
341(3)
Bandwidth Consumption
341(1)
Resource Starvation
342(1)
Programming Flaws
342(1)
Routing and DNS Attacks
342(2)
Generic DoS Attacks
344(7)
Smurf
344(2)
SYN Flood
346(4)
DNS Attacks
350(1)
UNIX and Windows NT DoS
351(3)
Remote DoS Attacks
351(2)
Local DoS Attacks
353(1)
Summary
354(3)
Part IV Software Hacking
Remote Control Insecurities
357(16)
Discovering Remote Control Software
358(2)
Connecting
360(1)
Weaknesses
360(3)
Cleartext Usernames and Passwords
361(1)
Obfuscated Passwords
362(1)
Revealed Passwords
362(1)
Uploading Profiles
363(1)
Countermeasures
363(5)
Enable Passwords
364(1)
Enforce Strong Passwords
364(1)
Force Alternate Authentication
365(1)
Password Protect Profile Files and Setup Files
366(1)
Logoff User with Call Completion
366(1)
Encrypt Session Traffic
367(1)
Limit Login Attempts
367(1)
Log Failed Attempts
367(1)
Lockout Failed Users
367(1)
Change the Default Listen Port
368(1)
What Software Package Is the Best in Terms of Security?
368(3)
pcAnywhere
368(1)
ReachOut
368(1)
Remotely Anywhere
368(2)
Remotely Possible/ControlIT
370(1)
Timbuktu
370(1)
Virtual Network Computing (VNC)
370(1)
Citrix
371(1)
Summary
371(2)
Advanced Techniques
373(22)
Session Hijacking
374(3)
Juggernaut
374(1)
Hunt
375(2)
Hijacking Countermeasures
377(1)
Back Doors
377(13)
User Accounts
377(1)
Startup Files
378(1)
Scheduled Jobs
379(1)
Remote Control Back Doors
380(5)
Remote Control Countermeasures
385(4)
Overall Back Door Countermeasures
389(1)
Trojans
390(2)
Whack-A-Mole
390(1)
BoSniffer
391(1)
eLiTeWrap
391(1)
Windows NT FPWNCLNT.DLL
392(1)
Summary
392(3)
Web Hacking
395(72)
Web Pilfering
396(4)
Pages One by One
396(1)
Simplify!
397(3)
Web Pilfering Countermeasure
400(1)
Finding Well-Known Vulnerabilities
400(3)
Automated Scripts, for All Those ``Script Kiddies''
400(2)
Automated Applications
402(1)
Script Inadequacies: Input Validation Attacks
403(11)
IIS 4.0 MDAC RDS Vulnerability
403(8)
Active Server Pages (ASP) Vulnerabilities
411(2)
Cold Fusion Vulnerabilities
413(1)
Buffer Overflows
414(3)
PHP Vulnerability
415(2)
Poor Web Design
417(2)
Misuse of Hidden Tags
417(1)
Server Side Includes (SSIs)
418(1)
Appending to Files
419(1)
Summary
419(4)
Part V Appendixes
A Ports
423(4)
B Windows 2000 Security Issues
427(16)
Footprinting
429(1)
Scanning
430(1)
Enumeration
431(1)
The Obvious Target: Active Directory
431(3)
Null Sessions
434(1)
Penetration
434(1)
NetBIOS File Share Guessing
434(1)
Eavesdropping on Password Hashes
434(1)
Buffer Overflows
435(1)
Denial of Service
435(1)
Privilege Escalation
435(1)
getadmin and sechole
435(1)
Password Cracking
436(1)
Pilfering
436(1)
Exploiting Trust
436(1)
Covering Tracks
437(1)
Disabling Auditing
437(1)
Clearing the Event Log
438(1)
Hiding Files
438(1)
Back Doors
438(1)
Startup Manipulation
439(1)
Remote Control
439(1)
Keystroke Loggers
439(1)
General Countermeasures: New Windows Security Tools
439(1)
Group Policy
439(3)
Summary
442(1)
C Resources and Links
443(10)
Conferences
444(1)
Consultants
444(1)
Dictionaries
445(1)
Encryption
445(1)
Famous Hacks
445(1)
Footprinting
445(1)
Gateway Services
446(1)
General Security Sites
446(1)
Government
447(1)
Hardening
447(1)
Information Warfare
448(1)
IRC Channels
448(1)
Legal
448(1)
Mailing Lists and Newsletters
448(1)
News and Editorials
449(1)
Security Groups
449(1)
Standards Bodies
449(1)
Vendor Contacts
450(1)
Vulnerabilities and Exploits
450(1)
Web and Application Security
451(2)
D Tools
453(8)
One-Stop Tool Shopping
454(1)
Countermeasure Tools
454(1)
Denial of Service
455(1)
Enumeration Tools
455(1)
Footprinting Tools
456(1)
Gaining Access
457(1)
Penetration and Back Door Tools
457(1)
Pilfering
458(1)
Rootkits and Covering Tracks
458(1)
Scanning Tools
458(1)
War Dialing Tools
459(2)
E Top 14 Security Vulnerabilities
461(2)
Top 14 Security Vulnerabilities
462(1)
F About the Companion Web Site
463(4)
Novell
464(1)
Unix
465(1)
Windows NT
465(1)
Wordlists and Dictionaries
466(1)
Wardialing
466(1)
Enumeration Scripts
466(1)
Index 467

Rewards Program

Reviews for Hacking Exposed: Network Security Secrets and Solutions (9780072121278)