search for books and compare prices
Tables of Contents for Hack I.T.--Security Through Penetration Testing
Chapter/Section Title
Page #
Page Count
Preface
xv
Introduction
xxi
Hacking Today
1
8
Defining the Hacker
9
10
Hacker Skill Levels
10
3
First-Tier Hackers
10
1
Second-Tier Hackers
11
1
Third-Tier Hackers
11
2
Information Security Consultants
13
1
Hacker Myths
14
1
Information Security Myths
15
4
Penetration for Hire
19
10
Ramifications of Penetration Testing
20
1
Requirements for a Freelance Consultant
21
4
Skill Set
21
1
Knowledge
22
1
Tool Kit
23
1
Hardware
23
1
Record Keeping
24
1
Ethics
24
1
Announced vs. Unannounced Penetration Testing
25
4
Definitions
25
1
Pros and Cons of Both Types of Penetration Testing
26
1
Documented Compromise
27
2
Where the Exposures Lie
29
22
Application Holes
32
1
Berkeley Internet Name Domain (BIND) Implementations
32
1
Common Gateway Interface (CGI)
33
1
Clear Text Services
33
1
Default Accounts
34
1
Domain Name Service (DNS)
34
1
File Permissions
35
1
FTP and telnet
35
1
ICMP
36
1
IMAP and POP
37
1
Modems
37
1
Lack of Monitoring and Intrusion Detection
38
1
Network Architecture
38
2
Network File System (NFS)
40
1
NT Ports 135-139
40
1
NT Null Connection
40
1
Poor Passwords and User IDs
41
2
Remote Administration Services
43
1
Remote Procedure Call (RPC)
43
1
sendmail
44
1
Services Started by Default
44
1
Simple Mail Transport Protocol (SMTP)
45
1
Simple Network Management Protocol (SNMP) Community Strings
45
1
Viruses and Hidden Code
46
1
Web Server Sample Files
47
1
Web Server General Vulnerabilities
48
1
Monitoring Vulnerabilities
48
3
Internet Penetration
51
20
Network Enumeration/Discovery
52
7
Whois Query
52
2
Zone Transfer
54
3
Ping Sweeps
57
1
Traceroute
58
1
Vulnerability Analysis
59
6
OS Identification
60
1
Port Scanning
60
3
Application Enumeration
63
1
Internet Research
63
2
Exploitation
65
6
Case Study: Dual-Homed Hosts
68
3
Dial-In Penetration
71
20
War Dialing
71
1
War Dialing Method
72
3
Dialing
72
1
Login
73
1
Login Screens
74
1
Gathering Numbers
75
2
Precautionary Methods
77
1
War Dialing Tools
78
13
ToneLoc
78
3
THC-Scan
81
4
TeleSweep
85
1
PhoneSweep
86
1
Case Study: War Dialing
87
4
Internal Penetration Testing
91
22
Scenarios
92
1
Network Discovery
93
6
NT Enumeration
99
3
UNIX
102
2
Searching for Exploits
104
1
Sniffing
105
2
Remotely Installing a Hacker Tool Kit
107
1
Vulnerability Scanning
108
5
Case Study: Snoop the User Desktop
109
4
Social Engineering
113
12
The Telephone
114
6
Technical Support
114
2
Disgruntled Customer
116
2
Get Help Logging In
118
1
Additional Methods
119
1
Dumpster Diving
120
1
Desktop Information
121
2
Common Countermeasures
123
2
UNIX Methods
125
32
UNIX Services
127
9
inetd Services
127
6
r Services
133
1
Remote Procedure Call Services
134
2
Buffer Overflow Attacks
136
1
File Permissions
137
3
Applications
140
5
Mail Servers
140
2
Web Servers
142
2
X Windows
144
1
DNS Servers
145
1
Misconfigurations
145
1
UNIX Tools
146
11
Datapipe.c
147
1
QueSO
147
1
Cheops
148
4
nfsshell
152
1
XSCAN
153
1
Case Study: UNIX Penetration
154
3
The Tool Kit
157
8
Hardware
158
1
Software
159
2
Windows NT Workstation
160
1
Linux
160
1
VMware
161
4
Automated Vulnerability Scanners
165
22
Definition
165
1
Testing Use
166
1
Shortfalls
166
2
Network-Based and Host-Based Scanners
168
1
Tools
169
2
Network-Based Scanners
171
10
Network Associates CyberCop Scanner
171
4
ISS Internet Scanner
175
2
Nessus
177
3
Symantec (Formerly Axent Technologies) NetRecon
180
1
Bindview HackerShield (bv-control for Internet Security)
180
1
Host-Based Scanners
181
3
Symantec (Formerly Axent Technologies) Enterprise Security Manager (ESM)
181
3
Pentasafe VigilEnt
184
2
Conclusion
186
1
Discovery Tools
187
42
WS_Ping ProPack
187
11
NetScanTools
198
9
Sam Spade
207
14
Rhino9 Pinger
221
2
VisualRoute
223
3
Nmap
226
2
What's running
228
1
Port Scanners
229
14
Nmap
229
8
7th Sphere Port Scanner
237
1
Strobe
238
1
SuperScan
239
4
Sniffers
243
12
Dsniff
244
2
Linsniff
246
1
Tcpdump
247
1
BUTTSniffer
248
1
SessionWall-3 (Now eTrust Intrusion Detection)
249
2
AntiSniff
251
4
Password Crackers
255
16
L0phtCrack
255
8
pwdump2
263
1
John the Ripper
264
2
Cain
266
1
ShowPass
267
4
Windows NT Tools
271
44
NET USE
271
1
Null Connection
272
1
NET VIEW
273
2
NLTEST
275
1
NBTSTAT
276
1
epdump
277
1
NETDOM
278
1
Getmac
279
1
Local Administrators
280
1
Global (``Domain Admins'')
280
1
Usrstat
281
1
DumpSec
282
4
user2Sid/sid2User
286
1
NetBIOS Auditing Tool (NAT)
287
2
SMBGrind
289
2
SRVCHECK
291
1
SRVINFO
291
1
AuditPol
292
1
REGDMP
293
2
Somarsoft DumpReg
295
2
Remote
297
1
Netcat
298
2
SC
300
1
AT
301
1
FPipe
302
13
Case Study: Weak Passwords
304
6
Case Study: Internal Penetration to Windows
310
5
Web-Testing Tools
315
14
Whisker
316
2
SiteScan
318
1
THC Happy Browser
319
1
wwwhack
320
2
Web Cracker
322
1
Brutus
323
6
Case Study: Compaq Management Agents Vulnerability
325
4
Remote Control
329
18
pcAnywhere
330
5
Virtual Network Computing
335
3
NetBus
338
6
Back Orifice 2000
344
3
Intrusion Detection Systems
347
22
Definition
347
3
IDS Evasion
350
6
Stealth Port Scanning
353
2
Aggressive Techniques
355
1
Pitfalls
356
1
Traits of Effective IDSs
356
6
IDS Selection
362
7
RealSecure
362
1
NetProwler
363
1
Secure Intrusion Detection
363
1
eTrust Intrusion Detection
364
1
Network Flight Recorder
365
1
Dragon
366
1
Snort
366
3
Firewalls
369
14
Definition
369
1
Monitoring
370
2
Configuration
372
1
Change Control
372
1
Firewall Types
373
2
Packet-Filtering Firewalls
373
1
Stateful-Inspection Firewalls
374
1
Proxy-Based Firewalls
375
1
Network Address Translation
375
1
Evasive Techniques
376
3
Firewalls and Virtual Private Networks
379
4
Case Study: Internet Information Server Exploit-MDAC
380
3
Denial-of-Service Attacks
383
36
Resource Exhaustion Attacks
386
4
Papasmurf
386
1
Trash2
387
1
Igmpofdeath.c
388
1
Fawx
388
1
OBSD_fun
389
1
Port Flooding
390
1
Mutilate
390
1
Pepsi5
391
1
SYN Flooding
391
2
Synful
391
1
Synk4
392
1
Naptha
392
1
IP Fragmentation Attacks
393
3
Jolt2
394
1
Teardrop
395
1
Syndrop
395
1
Newtear
396
1
Distributed Denial-of-Service Attacks
396
9
Tribe Flood Network 2000
399
1
Trin00
400
2
Stacheldraht
402
2
Usage
404
1
Application-Based DoS Attacks
405
7
Up Yours
406
2
Wingatecrash
408
1
WinNuke
408
1
BitchSlap
409
1
DOSNuke
410
1
Shutup
410
1
Web Server DoS Attacks
410
2
Concatenated DoS Tools
412
4
CyberCop
412
1
ISS Internet Scanner
413
2
Toast
415
1
Spike.sh5.3
416
1
Summary
416
3
Wrapping It Up
419
14
Countermeasures
420
3
Keeping Current
423
10
Web Sites
423
1
Maling Lists
424
9
Future Trends
433
12
Authentication
433
4
Two- and Three-Factor Authentication
434
1
Biometrics
434
2
Token-Based Authentication
436
1
Directory Services
436
1
Encryption
437
1
Public Key Infrastructure
438
1
Distributed Systems
438
1
Forensics
439
1
Government Regulation
440
1
Hacking Techniques
441
1
Countermeasures
442
1
Cyber-Crime Insurance
442
3
Appendix A CD-ROM Contents
445
6
Appendix B The Twenty Most Critical Internet Security Vulnerabilities-The Experts' Consensus
451
46
Index
497
<