Writing, Hacking, and Modifying Security Tools
Nitesh Dhanjani . Justin Clarke
Editor
Allison Randal
Tatiana Apandi
Book Details
Price
|
2.00 USD |
---|---|
Pages
| 507 p |
File Size
|
2,839 KB |
File Type
|
PDF format |
Time ©
| 2013-10-23T12:02:31-07:00 |
Copyright
| 2013 O’Reilly Media, Inc. |
Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently
Senior Manager at a large consulting firm where he advises some of the largest corporations around
the world on how to establish enterprise wide information security programs and solutions. Dhanjani
is also responsible for evangelizing brand new technology service lines around emerging
technologies and trends such as cloud computing and virtualization.
Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a
major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise
SDLC, created a process for performing source code security reviews & Threat Modeling, and
managed the Attack & Penetration team.
Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools"
(O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a
contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network
Security". Dhanjani has been invited to talk at various information security events such as the Black
Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.
Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science. Dhanjani's personal blog is located at dhanjani.com.
Justin Clarke is a Director with Gotham Digital Science, based in the United Kingdom. He has many
years of experience in testing the security of networks, web applications, and wireless networks for
large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.
Justin is the co-author of Network Security Tools: Writing, Hacking, and Modifying Security Tools, a
contributing author to Network Security Assessment: Know Your Network, 2nd Edition, and the lead
author of SQL Injection Attacks and Defenses (Syngress) as well as having been invited to speak at a
number of conferences on security topics, including Black Hat, EuSecWest, OSCON and RSA.
Justin is active in developing security tools for penetrating web applications, servers, and wireless
networks and as a compulsive tinkerer he can't leave anything alone without at least trying to see how it works.
Preface
These days, software vulnerabilities are announced to the public before vendors have a chance to
provide a patch to customers. Therefore, it has become important, if not absolutely necessary, for an
organization to routinely assess its network to measure its security posture.
But how does one go about performing a thorough network assessment? Network security books today
typically teach you only how to use the out-of-the-box functionality provided by existing network
security tools, which is often limited. Malicious attackers, however, are sophisticated enough to
understand that the real power of the most popular network security tools does not lie in their out-ofthe-
box functionality, but in the framework that allows you to extend and tweak their functionality.
These sophisticated attackers also know how to quickly write their own tools to break into remote
networks. The aim of this book is to teach you how to tweak existing and powerful open source
assessment tools and how to write your own tools to protect your networks and data from the most
experienced attackers.
Audience
This book is for anyone interested in extending existing open source network assessment tools and in
writing their own assessment tools. Hundreds of other network assessment books are available today,
but they simply teach readers how to use existing tools, while neglecting to teach them how to modify
existing security tools to suit their needs. If you are a network security assessment professional or
hobbyist, and if you have always wanted to learn how to tweak and write your own security tools,
this book is for you.
Assumptions This Book Makes
This book assumes you are familiar with programming languages such as C and Perl. It also assumes
you are familiar with the use of the assessment tools covered in this book: Ettercap, Hydra,
Metasploit, Nessus, Nikto, and Nmap.
Contents
This book is divided into two parts.
Part I covers several commonly used open source security tools
and shows you how to leverage existing well-known
and reliable network security tools to solve
your network security problems. Here’s a summary of what we cover:
Chapter 1, Writing Plug-ins for Nessus
Nessus is the most popular vulnerability scanner available today. It is also open source and free.
This chapter demonstrates not only how to use Nessus, but also how to write plug-ins to enable it
to scan for new vulnerabilities.
Chapter 2, Developing Dissectors and Plug-ins for the Ettercap Network Sniffer
Ettercap is a popular network sniffer that also is free and open source. Its plug-in functionality is
one of the most robust available. In fact, quite a few plug-ins for this sniffer are available that
perform a variety of useful tasks, such as detecting other sniffers on the network and collecting
data such as passwords that are being passed around the network. This chapter explains how to
write plug-ins for this most powerful scanner to look for specific data on the network, as well as
other useful tricks.
Chapter 3, Extending Hydra and Nmap
Many security tools do not use a plug-in architecture, and therefore cannot be trivially extended.
This chapter discusses how to extend the commonly used nonplug-in tool, Hydra, a tool for
performing brute force testing against passwords, to support an additional protocol. It also
discusses how to create binary signatures for Nmap that use a signature database for expansion.
Chapter 4, Writing Plug-ins for the Nikto Vulnerability Scanner
Nikto is a free, open source, and popular web vulnerability scanner that uses the well-known
libwhisker library to operate. This chapter teaches you how to extend Nikto to find new
vulnerabilities that might exist with external web applications and servers, or even within a
company’s custom-built web application.
Chapter 5, Writing Modules for the Metasploit Framework
The Metasploit Framework is a freely available framework for writing and testing network
security exploits. This chapter explores how to develop exploits for the framework, as well as
how to use the framework for more general security purposes.
Chapter 6, Extending Code Analysis to the Webroot
Source code analysis tools exist for languages such as Java. However, such tools for web
applications are lacking. This chapter demonstrates how to implement web application-specific
rules for the review of J2EE applications using the PMD tool.
Part II describes approaches to writing custom Linux kernel modules, web application vulnerability
identification and exploitation tools, packet sniffers, and packet injectors. All of these can be useful
features in network security tools, and in each case an approach or toolset is introduced to guide
readers in integrating these capabilities into their own custom security tools.
Chapter 7, Fun with Linux Kernel Modules
Linux security starts at the kernel level. This chapter discusses how to write Linux kernel modules
and explains to readers what they can achieve at the kernel level, as well as how kernel-level
rootkits achieve some of the things they do.
Chapter 8, Developing Web Assessment Tools and Scripts
Effective tools for hacking web applications must be able to adequately adapt to the custom
applications they can be run against. This chapter discusses how to develop scripts in Perl that
can be used to dynamically detect and identify vulnerabilities within custom web applications.
Chapter 9, Automated Exploit Tools
Tools for exploiting web application issues must leverage access to application databases and
operating systems. This chapter demonstrates techniques for creating tools that show what can be
done with web application vulnerabilities.
Chapter 10, Writing Network Sniffers
Observing network traffic is an important capability of many security tools. The most common
toolset used for network sniffing is libpcap. This chapter discusses how libpcap works, and
demonstrates how you can use it in your own tools where intercepting network traffic is needed.
We also discuss network sniffing in both wired and wireless situations.
Chapter 11, Writing Packet-Injection Tools
Packet injectors are required in scenarios where the ability to generate custom or malformed
network traffic is needed to test network services. Several tools exist to perform such testing. In
this chapter we discuss and demonstrate use of the libnet library and airjack driver for packet
creation. We also discuss packet injection in both wired and wireless situations.
Acknowledgments
Thanks to our contributing authors—Erik Cabetas, Joe Hemler, and Brian Holyfield—without whom
this book would be a lot smaller and a lot less interesting. Also, big thanks go to our O’Reilly team—
Tatiana Diaz, Allison Randal, Nathan Torkington, and Jamie Peppard—for ensuring that this book at
least makes some sense to our readers.
We want to give credit to all who helped in the technical review of the material for this book. Our
main technical reviewers were Akshay Aggarwal, chromatic, Lurene A. Grenier, and SK Chong.
Also, big thanks go to those who reviewed material about their tools: Van Hauser (Hydra), Alberto
Ornaghi (Ettercap), and Tom Copeland (PMD).
Additional thanks go out to HD Moore and Spoonm for Metasploit, and to chris sullo for middle-ofthe-
night IMs to discuss Nikto.
Justin would also like to thank his wife Mara for her patience during the writing of this book.
Nitesh, Justin, Erik, Joe, and Brian would like to thank José Granado for his mentorship and neverending enthusiasm.