Ryan Russell, SecurityFocus.com
Stace Cunningham, CLSE, COS/2E, CLSI, COS/2I, CLSA
Foreword by Mudge, Security Advisor tothe White House and Congress
 |
| Hack Proofing:Your Network - Internet Tradecraft |
“Ryan Russell has an important message for
us all: ‘What you don’t know will hurt you….’“
— Kevin Mitnick
“This book provides a bold, unsparing
tour of information security that
never swerves from the practical.”
—Kevin L. Poulsen
Editorial Director
THE ONLY WAY TO STOP A HACKER
IS TO THINK LIKE ONE:
Rain Forest Puppy Elias Levy, Bugtraq Blue Boar, Vuln-dev Dan “Effugas” Kaminsky, Cisco Systems Oliver Friedrichs, SecurityFocus.com Riley “Caesar” Eller, Internet Security Advisors Greg Hoglund, Click To Secure Jeremy Rauch Georgi Guninski
PUBLISHED BY
Syngress Media, Inc.
800 Hingham Street
Rockland, MA 02370
Contents On This Book
Foreword xxiii
Introduction xxvii
Part I: Theory and Ideals
Chapter 1: Politics
Introduction 2
Definitions of the Word Hacker 2
Hacker 2
Cracker 3
Script Kiddie 5
Phreak 6
White Hat/Black Hat 6
Grey Hat 7
Hacktivism 8
The Role of the Hacker 9
Criminal 9
Magician 10
Security Professional 11
Consumer Advocate 12
Civil Rights Activist 13
Cyber Warrior 14
Motivation 15
Recognition 15
Admiration 16
Curiosity 16
Power & Gain 17
Revenge 17
Legal/Moral Issues 19
What’s Illegal 19
Reasonably Safe 21
What’s Right? 22
Exceptions? 23
The Hacker Code 23
Why This Book? 24
Public vs. Private Research 25
Who Is Affected when an Exploit Is Released? 26
Summary 27
FAQs 28
Chapter 2 Laws of Security
Introduction 32
What Are the Laws of Security? 32
Client-side Security Doesn't Work 33
Applying the Law 34
Exceptions 37
Defense 37
You Can't Exchange Encryption Keys without a
Shared Piece of Information 37
Applying the Law 38
Exceptions 40
Defense 41
Viruses and Trojans Cannot Be 100 Percent
Protected Against 41
Applying the Law 42
Exceptions 43
Defense 44
Firewalls Cannot Protect You 100 Percent from Attack 44
Applying the Law 45
Social Engineering 46
Attacking Exposed Servers 46
Attacking the Firewall Directly 47
Client-side Holes 48
Exceptions 48
Defense 49
Secret Cryptographic Algorithms Are Not Secure 49
Applying the Law 50
Exceptions 51
Defense 51
If a Key Isn't Required, You Don't Have Encryption;
You Have Encoding 51
Applying the Law 52
Exceptions 53
Defense 53
Passwords Cannot Be Securely Stored on the Client
Unless There Is Another Password to Protect Them 53
Applying the Law 55
Exceptions 56
Defense 57
In Order for a System to Begin to Be Considered
Secure, It Must Undergo an Independent Security Audit 57
Applying the Law 57
Exceptions 58
Defense 58
Security Through Obscurity Doesn't Work 58
Applying the Law 59
Exceptions 60
Defense 61
People Believe That Something Is More Secure
Simply Because It's New 61
Applying the Law 62
Exceptions 63
Defense 63
What Can Go Wrong Will Go Wrong 64
Applying the Law 64
Exceptions 64
Defense 64
Summary 64
FAQs 65
Chapter 3: Classes of Attack
Introduction 68
What Are the Classes of Attack? 68
Denial-of-Service 68
Information Leakage 79
File Creation, Reading, Modification, Removal 82
Misinformation 82
Special File/Database Access 83
Elevation of Privileges 85
Problems 88
How Do You Test for Vulnerability without
Exercising the Exploit? 89
How to Secure Against These Classes of Attack 90
Denial-of-Service 91
Information Leakage 92
File Creation, Reading, Modification, Removal 94
Misinformation 95
Special File/Database Access 95
Elevation of Privileges 97
Summary 97
FAQs 98
Chapter 4: Methodology
Introduction 102
Types of Problems 102
Black Box 102
Chips 102
Unknown Remote Host 105
Information Leakage 105
Translucent Box 107
Tools 107
System Monitoring Tools 108
Packet Sniffing 112
Debuggers, Decompilers, and Related Tools 113
Crystal Box 117
Problems 117
Cost/Availability of Tools 117
Obtaining/Creating a Duplicate Environment 118
How to Secure Against These Methodologies 118
Limit Information Given Away 119
Summary 119
Additional Resources 120
FAQs 120
Part II: Theory and Ideals
Chapter 5: Diffing
Introduction 122
What Is Diffing? 122
Files 123
Tools 126
File Comparison Tools 126
Hex Editors 128
File System Monitoring Tools 132
Other Tools 136
Problems 140
Checksums/Hashes 140
Compression/Encryption 141
How to Secure Against Diffing 142
Summary 142
FAQs 143
Chapter 6: Cryptography
Introduction 146
An Overview of Cryptography and Some of Its
Algorithms (Crypto 101) 146
History 146
Encryption Key Types 147
Algorithms 149
Symmetric Algorithms 149
Asymmetric Algorithms 151
Problems with Cryptography 153
Secret Storage 154
Universal Secret 157
Entropy and Cryptography 159
Brute Force 163
L0phtCrack 164
Crack 166
John the Ripper 166
Other Ways Brute Force Attacks Are Being Used 167
Distributed.net 167
Deep Crack 169
Real Cryptanalysis 169
Differential Cryptanalysis 170
Side-Channel Attacks 172
Summary 173
Additional Resources 173
FAQs 174
Chapter 7: Unexpected Input
Introduction 178
Why Unexpected Data Is Dangerous 178
Situations Involving Unexpected Data 179
HTTP/HTML 179
Unexpected Data in SQL Queries 181
Disguising the Obvious 185
Finding Vulnerabilities 186
Black-Boxing 186
Use the Source (Luke) 189
Application Authentication 190
Protection: Filtering Bad Data 194
Escaping Characters Is Not Always Enough 194
Perl 194
Cold Fusion/Cold Fusion Markup Language (CFML) 195
ASP 195
PHP 196
Protecting Your SQL Queries 196
Silently Removing vs. Alerting on Bad Data 197
Invalid Input Function 198
Token Substitution 198
Available Safety Features 198
Perl 199
PHP 200
Cold Fusion/Cold Fusion Markup Language 200
ASP 200
MySQL 201
Summary 201
FAQs 202
Chapter 8: Buffer Overflow
Introduction 204
What Is a Buffer Overflow? 204
Smashing the Stack 207
Hello Buffer 207
What Happens When I Overflow a Buffer? 210
Methods to Execute Payload 216
Direct Jump (Guessing Offsets) 216
Blind Return 216
Pop Return 218
Call Register 219
Push Return 220
What Is an Offset? 220
No Operation (NOP) Sled 221
Off-by-One Struct Pointer 221
Dereferencing—Smashing the Heap 222
Corrupting a Function Pointer 222
Trespassing the Heap 223
Designing Payload 225
Coding the Payload 225
Injection Vector 225
Location of Payload 226
The Payload Construction Kit 226
Getting Bearings 237
Finding the DATA Section, Using a Canary 237
Encoding Data 238
XOR Protection 238
Using What You Have—Preloaded Functions 238
Hashing Loader 243
Loading New Libraries and Functions 245
WININET.DLL 246
Confined Set Decoding 247
Nybble-to-Byte Compression 247
Building a Backward Bridge 247
Building a Command Shell 247
“The Shiny Red Button”—Injecting a Device Driver
into Kernel Mode 251
Worms 253
Finding New Buffer Overflow Exploits 253
Summary 257
FAQs 258
Part III: Remote Attacks
Chapter 9: Sniffing
What Is “Sniffing?” 260
How Is Sniffing Useful to an Attacker? 260
How Does It Work? 260
What to Sniff? 261
Authentication Information 261
Telnet (Port 23) 261
FTP (Port 21) 262
POP (Port 110) 262
IMAP (Port 143) 262
NNTP (Port 119) 263
rexec (Port 512) 263
rlogin (Port 513) 264
X11 (Port 6000+) 264
NFS File Handles 264
Windows NT Authentication 265
Other Network Traffic 266
SMTP (Port 25) 266
HTTP (Port 80) 266
Common Implementations 267
Network Associates Sniffer Pro 267
NT Network Monitor 268
TCPDump 269
dsniff 270
Esniff.c 271
Sniffit 271
Advanced Sniffing Techniques 272
Switch Tricks 272
ARP Spoofing 273
ARP Flooding 273
Routing Games 273
Operating System Interfaces 274
Linux 274
BSD 277
libpcap 277
Windows 279
Protection 279
Encryption 279
Secure Shell (SSH) 279
Switching 281
Detection 281
Local Detection 281
Network Detection 282
DNS Lookups 282
Latency 282
Driver Bugs 282
AntiSniff 283
Network Monitor 283
Summary 283
Additional Resources 283
FAQs 284
Introduction 286
What Is Session Hijacking? 286
TCP Session Hijacking 287
TCP Session Hijacking with Packet Blocking 290
Route Table Modification 290
ARP Attacks 292
TCP Session Hijacking Tools 293
Juggernaut 293
Hunt 296
UDP Hijacking 300
Other Hijacking 301
How to Protect Against Session Hijacking 302
Encryption 302
Storm Watchers 302
Summary 303
Additional Resources 304
FAQs 305
Chapter 11: Spoofing: Attacks on Trusted Identity
Introduction 308
What It Means to Spoof 308
Spoofing Is Identity Forgery 308
Spoofing Is an Active Attack against
Identity Checking Procedures 308
Spoofing Is Possible at All Layers of
Communication 309
Spoofing Is Always Intentional 309
Spoofing May Be Blind or Informed,
but Usually Involves Only Partial Credentials 311
Spoofing Is Not the Same Thing as Betrayal 312
Spoofing Is Not Always Malicious 312
Spoofing Is Nothing New 312
Background Theory 313
The Importance of Identity 313
The Evolution of Trust 314
Asymmetric Signatures between Human Beings 314
Establishing Identity within Computer Networks 316
Return to Sender 317
In the Beginning, there was…a Transmission 318
Capability Challenges 320
Ability to Transmit: “Can It Talk to Me?” 320
Ability to Respond: “Can It Respond to Me?” 321
Ability to Encode: “Can It Speak My Language?” 324
Ability to Prove a Shared Secret:
“Does It Share a Secret with Me?” 326
Ability to Prove a Private Keypair:
“Can I Recognize Your Voice?” 328
Ability to Prove an Identity Keypair: “Is Its Identity
Independently Represented in My Keypair?” 329
Configuration Methodologies: Building a
Trusted Capability Index 329
Local Configurations vs. Central Configurations 329
Desktop Spoofs 330
The Plague of Auto-Updating Applications 331
Impacts of Spoofs 332
Subtle Spoofs and Economic Sabotage 332
Subtlety Will Get You Everywhere 333
Selective Failure for Selecting Recovery 333
Attacking SSL through Intermittent Failures 335
Summary 335
FAQs 337
Chapter: 12 Server Holes
Introduction 340
What Are Server Holes? 340
Denial of Service 340
Daemon/Service Vulnerabilities 341
Program Interaction Vulnerabilities 341
Denial of Service 341
Compromising the Server 342
Goals 344
Steps to Reach Our Goal 344
Hazards to Keep in Mind 344
Planning 346
Network/Machine Recon 347
Research/Develop 354
Execute the Attack 356
Cleanup 356
Summary 357
FAQs 358
Chapter 13: Client Holes
Introduction 360
Threat Source 360
Malicious Server 360
Mass vs. Targeted Attack 363
Location of Exploit 364
Drop Point 365
Malicious Peer 366
E-Mailed Threat 368
Easy Targets 368
Session Hijacking and Client Holes 370
How to Secure Against Client Holes 370
Minimize Use 370
Anti-Virus Software 373
Limiting Trust 373
Client Configuration 375
Summary 378
FAQs 380
Chapter 14: Viruses, Trojan Horses, and Worms
Introduction 384
How Do Viruses, Trojans Horses, and Worms Differ? 384
Viruses 384
Worms 385
Macro Virus 385
Trojan Horses 386
Hoaxes 387
Anatomy of a Virus 387
Propagation 388
Payload 389
Other Tricks of the Trade 390
Dealing with Cross-Platform Issues 391
Java 391
Macro Viruses 391
Recompilation 392
Proof that We Need to Worry 392
Morris Worm 392
ADMw0rm 392
Melissa and I Love You 393
Creating Your Own Malware 398
New Delivery Methods 398
Other Thoughts on Creating New Malware 399
How to Secure Against Malicious Software 400
Anti-Virus Software 400
Web Browser Security 402
Anti-Virus Research 403
Summary 403
FAQs 404
Part IV: Reporting
Chapter 15 Reporting Security Problems
Introduction 408
Should You Report Security Problems? 408
Who to Report Security Problems To? 409
Full Disclosure 411
Reporting Security Problems to Vendors 414
Reporting Security Problems to the Public 418
Publishing Exploit Code 420
Problems 421
Repercussions from Vendors 421
Risk to the Public 422
How to Secure Against Problem Reporting 422
Monitoring Lists 422
Vulnerability Databases 422
Patches 423
Response Procedure 423
Summary 425
Index 427
---------------------------------------------------------------------------------------------------------
This is a book about hacking. It’s not a novel about a set of elusive cyberpunks, it’s a do-it-yourself manual. Are we trying to tell you how to break into other people’s systems?
No, we’re trying to help you
make your own systems more secure by breaking into them yourself.
Yes, this has the side effect that you might learn how to break into someone else’s system as well, and therein lies much of the controversy surrounding hacking.
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
●▬▬▬▬❂❂❂▬▬▬▬●
Product details
Price
|
|
|---|---|
File Size
| 3,020 KB |
Pages
|
496 p |
File Type
|
PDF format |
ISBN
| 1-928994-15-6 |
Copyright
| 2000 by Syngress Publishing, Inc |
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
