Practical Hacking Techniques and Countermeasures

Table of contents

 Preparation
  1 (62)
 Installing VMware Workstation
  3 (7)
 Configuring Virtual Machines
  10 (50)
 Installing a Virtual Windows 2000 Workstation
  11 (18)
 Installing VMware Tools for Windows 2000 Virtual Machines
  29 (6)
 Installing a Red Hat Version 8 Virtual Machine
  35 (20)
 Installing VMware Tools for Red Hat Virtual Machines
  55 (5)
 What Is on the CD?
  60 (1)
 Restrict Anonymous
  60 (3)
 To Restrict Anonymous
  60 (1)
 In Windows NT
  60 (1)
 For Windows XP, 2003
  60 (1)
 For Windows 2000
  61 (1)
 What Is the Difference?
  61 (2)
 Banner Identification
  63 (24)
 Lab 1: Banner Identification
  65 (2)
 Lab 2: Banner Identification
  67 (6)
 Lab 3: Banner Identification
  73 (2)
 Lab 4: Operating System Identification
  75 (4)
 Detect Operating System of Target: Xprobe2
 
 Lab 5: Banner Identification
  79 (5)
 Lab 6: Banner Identification
  84 (2)
 Lab 7: Personal Social Engineering
  86 (1)
 Social Engineering Techniques: Dumpster Diving/Personnel
 
 Target Enumeration
  87 (58)
 Lab 8: Establish a NULL Session
  89 (1)
 Establish a NULL Session: NULL Session
 
 Lab 9: Enumerate Target MAC Address
  90 (1)
 Enumerate MAC Address and Total NICs: GETMAC
 
 Lab 10: Enumerate SID from User ID
  91 (2)
 Enumerate the SID from the Username: USER2SID
 
 Lab 11: Enumerate User ID from SID
  93 (3)
 Enumerate the User name from the Known SID: SID2USER
 
 Lab 12: Enumerate User Information
  96 (1)
 Enumerate User Information from Target: USERDUMP
 
 Lab 13: Enumerate User Information
  97 (1)
 Exploit Data from Target Computer: USERINFO
 
 Lab 14: Enumerate User Information
  98 (4)
 Exploit User Information from Target: DUMPSEC
 
 Lab 15: Host/Domain Enumeration
  102 (3)
 Enumerate Hosts and Domains of LAN: Net Commands
 
 Lab 16: Target Connectivity? Route
  105 (2)
 Detect Target Connectivity: PingG
 
 Lab 17: Target Connectivity/Route
  107 (2)
 Connectivity/Routing Test: Pathping
 
 Lab 18: Operating System Identification
  109 (8)
 Identify Target Operating System: Nmap/nmapFE
 
 Lab 19: Operating System Identification
  117 (6)
 Identify Target Operating System: NmapNT
 
 Lab 20: IP/Hostname Enumeration
  123 (1)
 Enumerate IP or Hostname: Nslookup
 
 Lab 21: IP/Hostname Enumeration
  124 (1)
 Enumerate IP or Hostname: Nmblookup
 
 Lab 22: RPC Reporting
  125 (1)
 Report the RPC of Target: Rpcinfo
 
 Lab 23: Location/Registrant Identification
  126 (2)
 Gather Registration Info/Trace Visual Route: Visual Route
 
 Lab 24: Registrant Identification
  128 (3)
 Gather IP or Hostname: Sam Spade
 
 Lab 25: Operating System Identification
  131 (2)
 Gather OS Runtime and Registered IPs: Netcraft
 
 Lab 26: Operating System Identification
  133 (2)
 Scan Open Ports of Target: Sprint
 
 Lab 27: Default Shares
  135 (4)
 Disable Default Shares: Windows Operating System
 
 Lab 28: Host Enumeration
  139 (6)
 Scan Open Ports of Target: WinFingerprint
 
 Scanning
  145 (48)
 Lab 29: Target Scan/Share Enumeration
  147 (4)
 Scan Open Ports of Target: Angry IP
 
 Lab 30: Target Scan/Penetration
  151 (2)
 Scan Open Ports/Penetration Testing: LANguard
 
 Lab 31: Target Scan through Firewall
  153 (1)
 Scan Open Ports of Target: Fscan
 
 Lab 32: Passive Network Discovery
  154 (4)
 Passively Identify Target Information on the LAN: Passifist
 
 Lab 33: Network Discovery
  158 (3)
 Identify Target Information: LanSpy
 
 Lab 34: Open Ports/Services
  161 (2)
 Scan Open Ports/Services of Target: Netcat
 
 Lab 35: Port Scan/Service Identification
  163 (3)
 Scan Open Ports of Target: SuperScan
 
 Lab 36: Port Scanner
  166 (3)
 Identify Ports Open: Strobe
 
 Lab 37: Anonymous FTP Locator
  169 (2)
 Locate Anonymous FTP Servers: FTPScanner
 
 Lab 38: CGI Vulnerability Scanner
  171 (7)
 Identify CGI Vulnerabilities: TCS CGI Scanner
 
 Lab 39: Shared Resources Locator
  178 (9)
 Identify Open Shared Resources: Hydra
 
 Lab 40: Locate Wingate Proxy Servers
  187 (6)
 Locate Wingate Proxy Servers: WGateScan/ADM Gates
 
 Sniffing Traffic
  193 (68)
 Lab 41: Packet Capture --- Sniffer
  195 (18)
 Exploit Data from Network Traffic: Ethereal
 
 To Install Ethereal on a Red Hat Linux Computer
  196 (10)
 To Install Ethereal on Microsoft Windows
  206 (7)
 Lab 42: Packet Capture --- Sniffer
  213 (10)
 Exploit Data from Network Traffic: Ngrep
 
 For Linux
  213 (6)
 For Windows
  219 (4)
 Lab 43: Packet Capture --- Sniffer
  223 (7)
 Exploit Data from Network Traffic: TcpDump
 
 Lab 44: Packet Capture --- Sniffer
  230 (4)
 Exploit Data from Network Traffic: WinDump
 
 Lab 45: Packet Capture --- Sniffer
  234 (6)
 Monitor IP Network Traffic Flow: IPDump2
 
 For Linux
  234 (3)
 For Windows
  237 (3)
 Lab 46: Password Capture --- Sniffer
  240 (9)
 Exploit Passwords and Sniff the Network: ZxSniffer
 
 Lab 47: Exploit Data from Target Computer --- Sniffit
  249 (12)
 Spoofing
  261 (38)
 Lab 48: Spoofing IP Addresses
  263 (5)
 Send Packets via False IP Address: RafaleX
 
 Lab 49: Spoofing MAC Addresses
  268 (9)
 Send Packets via a False MAC Address: SMAC
 
 Lab 50: Spoofing MAC Addresses
  277 (7)
 Send Packets via a False MAC Address: Linux
 
 Lab 51: Packet Injection/Capture/Trace
  284 (11)
 Send Packets via a False IP/MAC Address: Packit
 
 Lab 52: Spoof MAC Address
  295 (4)
 Altering the MAC Address: VMware Workstation
 
 Brute Force
  299 (58)
 Lab 53: Brute-Force FTP Server
  301 (8)
 Crack an FTP Password: NETWOX/NETWAG
 
 Lab 54: Retrieve Password Hashes
  309 (4)
 Extract Password Hashes: FGDump
 
 Lab 55: Crack Password Hashes
  313 (12)
 Crack and Capture Password Hashes: LC5
 
 Lab 56: Overwrite Administrator Password
  325 (12)
 Change the Administrator Password: CHNTPW
 
 Lab 57: Brute-Force Passwords
  337 (9)
 Brute-Force Passwords for a Hashed File: John the Ripper
 
 Lab 58: Brute-Force FTP Password
  346 (8)
 Brute-Force an FTP Password Connection: BruteFTP
 
 Lab 59: Brute-Force Terminal Server
  354 (3)
 Brute-Force Terminal Server Passwords: TSGrinder II
 
 Vulnerability Scanning
  357 (154)
 Lab 60: Vulnerability Scanner
  359 (20)
 Perform Vulnerability Assessment: SAINT
 
 Lab 61: SNMP Walk
  379 (7)
 Exploit Data via SNMP Walk: NETWOX/NETWAG
 
 Lab 62: Brute-Force Community Strings
  386 (6)
 Exploit the SNMP Community Strings: Solar Winds
 
 Lab 63: Target Assessment
  392 (5)
 Assessment of Target Security: Retina
 
 Lab 64: Target Assessment
  397 (5)
 Assessment of Target Security: X-Scan
 
 Lab 65: Vulnerability Scanner
  402 (12)
 Perform Vulnerability Assessment: SARA
 
 Lab 66: Web Server Target Assessment
  414 (7)
 Assessment of Web Server Security: N-Stealth
 
 Lab 67: Vulnerability Scanner
  421 (8)
 Exploit Data from Target Computer: Pluto
 
 Lab 68: Vulnerability Assessment
  429 (22)
 Perform Vulnerability Assessment: Metasploit
 
 On Windows
  429 (12)
 On Linux
  441 (10)
 Lab 69: Web Server Target Assessment
  451 (4)
 Assessment of Web Server Security: Nikto
 
 Lab 70: Vulnerability Scanner
  455 (13)
 Assessment of Target Security: Shadow Scanner
 
 Lab 71: Internet Vulnerability Scanner
  468 (6)
 Assessment of Target Security: Cerberus
 
 Lab 72: WHAX --- Auto Exploit Reverse Shell
  474 (17)
 Automatically Exploit the Target: AutoScan
 
 Lab 73: Unique Fake Lock Screen XP
  491 (8)
 Grab the Administrator Password: Fake Lock Screen XP
 
 Lab 74: Bypassing Microsoft Serial Numbers
  499 (8)
 Bypassing Serial Number Protection: RockXP/Custom Script
 
 Lab 75: Vulnerability Exploit
  507 (4)
 Assessment of Target Security: Web Hack Control Center
 
 Wireless
  511 (92)
 Lab 76: Locate Unsecured Wireless
  513 (6)
 Locate Unsecured Wireless: NetStumbler/Mini-Stumbler
 
 Lab 77: Trojan
  519 (15)
 Unauthorized Access and Control: Back Orifice
 
 On the Target Computer
  519 (9)
 On the Attacker's Computer
  528 (6)
 Lab 78: Trojan
  534 (11)
 Unauthorized Access and Control: NetBus
 
 On the Target (Server)
  534 (6)
 On the Attacker's Computer
  540 (5)
 Lab 79: ICMP Tunnel Backdoor
  545 (8)
 Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky
 
 On the Target (Server)
  545 (3)
 On the Attacker's Machine
  548 (5)
 Lab 80: Hiding Tools on the Target
  553 (3)
 Hiding Files on the Target: CP
 
 Scenario: Hiding Netcat inside the Calculator Application
  553 (2)
 To Verify
  555 (1)
 Lab 81: Capturing Switched Network Traffic
  556 (17)
 Intercept/Exploit Traffic: Ettercap
 
 Lab 82: Password Capture
  573 (1)
 Capture Passwords Traversing the Network: Dsniff
 
 Lab 83: Data Manipulation
  574 (14)
 Manipulate the Live Data Stream: Achilles
 
 Lab 84: Covert Reverse Telnet Session
  588 (8)
 Create a Reverse Telnet Session: Netcat
 
 Lab 85: Covert Channel --- Reverse Shell
  596 (7)
 Exploit Data from Target Computer: Reverse Shell
 
 Redirection
  603 (40)
 Lab 86: PortMapper
  605 (13)
 Traffic Redirection: PortMapper
 
 Lab 87: Executing Applications --- Elitewrap
  618 (9)
 Executing Hidden Applications: Elitewrap
 
 Lab 88: TCP Relay --- Bypass Firewalls
  627 (6)
 Traffic Redirection: Fpipe
 
 Lab 89: Remote Execution
  633 (5)
 Remote Execution on Target: PsExec
 
 Lab 90: TCP Relay --- Bypass Firewalls
  638 (5)
 Traffic Redirection: NETWOX/NETWAG
 
 Denial-of-Service (DoS)
  643 (28)
 Lab 91: Denial-of-Service --- Land Attack
  645 (5)
 DoS Land Attack: Land Attack
 
 Lab 92: Denial-of-Service --- Smurf Attack
  650 (5)
 DoS Smurf Attack: Smurf Attack
 
 Lab 93: Denial-of-Service --- SYN Attack
  655 (5)
 DoS Land Attack: SYN Attack
 
 Lab 94: Denial-of-Service --- UDP Flood
  660 (5)
 DoS UDP Flood Attack: UDP Flood Attack
 
 Lab 95: Denial-of-Service --- Trash2.c
  665 (6)
 Create Denial-of-Service Traffic: Trash2.c
 
Appendix A: References  671 (4)
Appendix B: Tool Syntax  675 (50)
Index  725