Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.\...
Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.Written in a lab manual style, the book begins with the installation of the VMware® Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks.Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.
Preparation 1Installing VMware Workstation 3Configuring Virtual Machines 10Installing a Virtual Windows 2000 Workstation 11Installing VMware Tools for Windows 2000 Virtual Machines 29Installing a Red Hat Version 8 Virtual Machine 35Installing VMware Tools for Red Hat Virtual Machines 55What Is on the CD? 60Restrict Anonymous 60To Restrict Anonymous 60In Windows NT 60For Windows XP, 2003 60For Windows 2000 61What Is the Difference? 61Banner Identification 63Banner Identification 65Banner Identification 67Banner Identification 73Operating System Identification: Detect Operating System of Target: Xprobe2 75Banner Identification 79Banner Identification 84Personal Social Engineering: Social Engineering Techniques: Dumpster Diving/Personnel 86Target Enumeration 87Establish a NULL Session: Establish a NULL Session: NULL Session 89Enumerate Target MAC Address: Enumerate MAC Address and Total NICs: GETMAC 90Enumerate SID from User ID: Enumerate the SID from the Username: USER2SID 91Enumerate User ID from SID: Enumerate the Username from the Known SID: SID2USER 93Enumerate User Information: Enumerate User Information from Target: USERDUMP 96Enumerate User Information: Exploit Data from Target Computer: USERINFO 97Enumerate User Information: Exploit User Information from Target: DUMPSEC 98Host/Domain Enumeration: Enumerate Hosts and Domains of LAN: Net Commands 102Target Connectivity/Route: Detect Target Connectivity: PingG 105Target Connectivity/Route: Connectivity/Routing Test: Pathping 107Operating System Identification: Identify Target Operating System: Nmap/nmapFE 109Operating System Identification: Identify Target Operating System: NmapNT 117IP/Hostname Enumeration: Enumerate IP or Hostname: Nslookup 123IP/Hostname Enumeration: Enumerate IP or Hostname: Nmblookup 124RPC Reporting: Report the RPC of Target: Rpcinfo 125Location/Registrant Identification: Gather Registration Info/Trace Visual Route: Visual Route 126Registrant Identification: Gather IP or Hostname: Sam Spade 128Operating System Identification: Gather OS Runtime and Registered IPs: Netcraft 131Operating System Identification: Scan Open Ports of Target: Sprint 133Default Shares: Disable Default Shares: Windows Operating System 135Host Enumeration: Scan Open Ports of Target: WinFingerprint 139Scanning 145Target Scan/Share Enumeration: Scan Open Ports of Target: Angry IP 147Target Scan/Penetration: Scan Open Ports/Penetration Testing: LANguard 151Target Scan through Firewall: Scan Open Ports of Target: Fscan 153Passive Network Discovery: Passively Identify Target Information on the LAN: Passifist 154Network Discovery: Identify Target Information: LanSpy 158Open Ports/Services: Scan Open Ports/Services of Target: Netcat 161Port Scan/Service Identification: Scan Open Ports of Target: SuperScan 163Port Scanner: Identify Ports Open: Strobe 166Anonymous FTP Locator: Locate Anonymous FTP Servers: FTPScanner 169CGI Vulnerability Scanner: Identify CGI Vulnerabilities: TCS CGI Scanner 171Shared Resources Locator: Identify Open Shared Resources: Hydra 178Locate Wingate Proxy Servers: Locate Wingate Proxy Servers: WGateScan/ADM Gates 187Sniffing Traffic 193Packet Capture - Sniffer: Exploit Data from Network Traffic: Ethereal 195To Install Ethereal on a Red Hat Linux Computer 196To Install Ethereal on Microsoft Windows 206Packet Capture - Sniffer: Exploit Data from Network Traffic: Ngrep 213For Linux 213For Windows 219Packet Capture - Sniffer: Exploit Data from Network Traffic: TcpDump 223Packet Capture - Sniffer: Exploit Data from Network Traffic: WinDump 230Packet Capture - Sniffer: Monitor IP Network Traffic Flow: IPDump2 234For Linux 234For Windows 237Password Capture - Sniffer: Exploit Passwords and Sniff the Network: ZxSniffer 240Exploit Data from Target Computer - Sniffit 249Spoofing 261Spoofing IP Addresses: Send Packets via False IP Address: RafaleX 263Spoofing MAC Addresses: Send Packets via a False MAC Address: SMAC 268Spoofing MAC Addresses: Send Packets: via a False MAC Address: Linux 277Packet Injection/Capture/Trace: Send Packets via a False IP/MAC Address: Packit 284Spoof MAC Address: Altering the MAC Address: VMware Workstation 295Brute Force 299Brute-Force FTP Server: Crack an FTP Password: NETWOX/NETWAG 301Retrieve Password Hashes: Extract Password Hashes: FGDump 309Crack Password Hashes: Crack and Capture Password Hashes: LC5 313Overwrite Administrator Password: Change the Administrator Password: CHNTPW 325Brute-Force Passwords: Brute-Force Passwords for a Hashed File: John the Ripper 337Brute-Force FTP Password: Brute-Force an FTP Password Connection: BruteFTP 346Brute-Force Terminal Server: Brute-Force Terminal Server Passwords: TSGrinder II 354Vulnerability Scanning 357Vulnerability Scanner: Perform Vulnerability Assessment: SAINT 359SNMP Walk: Exploit Data via SNMP Walk: NETWOX/NETWAG 379Brute-Force Community Strings: Exploit the SNMP Community Strings: Solar Winds 386Target Assessment: Assessment of Target Security: Retina 392Target Assessment: Assessment of Target Security: X-Scan 397Vulnerability Scanner: Perform Vulnerability Assessment: SARA 402Web Server Target Assessment: Assessment of Web Server Security: N-Stealth 414Vulnerability Scanner: Exploit Data from Target Computer: Pluto 421Vulnerability Assessment: Perform Vulnerability Assessment: Metasploit 429On Windows 429On Linux 441Web Server Target Assessment: Assessment of Web Server Security: Nikto 451Vulnerability Scanner: Assessment of Target Security: Shadow Scanner 455Internet Vulnerability Scanner: Assessment of Target Security: Cerberus 468WHAX - Auto Exploit Reverse Shell: Automatically Exploit the Target: AutoScan 474Unique Fake Lock Screen XP: Grab the Administrator Password: Fake Lock Screen XP 491Bypassing Microsoft Serial Numbers: Bypassing Serial Number Protection: RockXP/Custom Script 499Vulnerability Exploit: Assessment of Target Security: Web Hack Control Center 507Wireless 511Locate Unsecured Wireless: Locate Unsecured Wireless: NetStumbler/Mini-Stumbler 513Trojan: Unauthorized Access and Control: Back Orifice 519On the Target Computer 519On the Attacker's Computer 528Trojan: Unauthorized Access and Control: NetBus 534On the Target (Server) 534On the Attacker's Computer 540ICMP Tunnel Backdoor: Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky 545On the Target (Server) 545On the Attacker's Machine 548Hiding Tools on the Target: Hiding Files on the Target: CP 553Scenario: Hiding Netcat inside the Calculator Application 553To Verify 555Capturing Switched Network Traffic: Intercept/Exploit Traffic: Ettercap 556Password Capture: Capture Passwords Traversing the Network: Dsniff 573Data Manipulation: Manipulate the Live Data Stream: Achilles 574Covert Reverse Telnet Session: Create a Reverse Telnet Session: Netcat 588Covert Channel - Reverse Shell: Exploit Data from Target Computer: Reverse Shell 596Redirection 603PortMapper: Traffic Redirection: PortMapper 605Executing Applications - Elitewrap: Executing Hidden Applications: Elitewrap 618TCP Relay - Bypass Firewalls: Traffic Redirection: Fpipe 627Remote Execution: Remote Execution on Target: PsExec 633TCP Relay - Bypass Firewalls: Traffic Redirection: NETWOX/NETWAG 638Denial-of-Service (DoS) 643Denial-of-Service - Land Attack: DoS Land Attack: Land Attack 645Denial-of-Service - Smurf Attack: DoS Smurf Attack: Smurf Attack 650Denial-of-Service - SYN Attack: DoS Land Attack: SYN Attack 655Denial-of-Service - UDP Flood: DoS UDP Flood Attack: UDP flood Attack 660Denial-of-Service - Trash2.c: Create Denial-of-Service Traffic: Trash2.c 665References 671Tool Syntax 675Index 725