Security & Auditing M V a c r F s a As technology has developed, computer hackers have become increasingly a d l sophisticated, mastering the ability to hack into even the most impenetrable systems. d o e n The best way to secure a system is to understand the tools hackers use and know n e how to circumvent them. Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It provides hands-on instruction to a host of D techniques used to hack into a variety of systems. Exposing hacker methodology with concrete examples, Defense against the Black Arts shows you how to outwit e computer predators at their own game. Among the many things you’ll learn: f e • How to get into a Windows operating system without having the username n or password s • The vulnerabilities associated with passwords and how to keep them out of e the hands of hackers • How hackers use the techniques of computer forensic examiners to wreak a havoc on individuals and companies g • Hiding one’s IP address to avoid detection a • To manipulate data to and from a web page or application for nefarious reasons i n • How to find virtually anything on the Internet s • How hackers research the targets they plan to attack t • How network defenders collect traffic across the wire to identify intrusions • To use Metasploit to attack weaknesses in systems that are unpatched or t h have poorly implemented security measures e The book profiles a variety of attack tools and examines how Facebook and other B sites can be used to conduct social networking attacks. It also covers techniques utilized by hackers to attack modern operating systems, such as Windows 7, l a Windows Vista, and Mac OS X. The author explores a number of techniques that hackers can use to exploit physical access, network access, and wireless vectors. c Using screenshots to clarify procedures, this practical manual uses step-by-step k examples and relevant analogies to facilitate understanding, giving you an insider’s view of the secrets of hackers. A r t K11123 s ISBN: 978-1-4398-2119-0 90000 www.crcpress.com 9 781439 821190 www.auerbach-publications.com K11123 cvr mech.indd 1 7/21/11 1:19 PM Defense against the Black Arts How Hackers Do What They Do and How to Protect against It OTHER INFORMATION SECURITY BOOKS FROM AUERBACH Building an Enterprise-Wide Business Intelligent Video Surveillance: Continuity Program Systems and Technology Kelley Okolita Edited by Yunqian Ma and Gang Qian ISBN 978-1-4200-8864-9 ISBN 978-1-4398-1328-7 Critical Infrastructure: Homeland Security Managing an Information Security and and Emergency Preparedness, Privacy Awareness and Training Program, Second Edition Second Edition Robert Radvanovsky and Allan McDougall Rebecca Herold ISBN 978-1-4200-9527-2 ISBN 978-1-4398-1545-8 Data Protection: Governance, Mobile Device Security: A Comprehensive Risk Management, and Compliance Guide to Securing Your Information in David G. Hill a Moving World ISBN 978-1-4398-0692-0 Stephen Fried ISBN 978-1-4398-2016-2 Encyclopedia of Information Assurance Edited by Rebecca Herold and Marcus K. Rogers Secure and Resilient Software Development ISBN 978-1-4200-6620-3 Mark S. Merkow and Lakshmikanth Raghavan ISBN 978-1-4398-2696-6 The Executive MBA in Information Security John J. Trinckes, Jr. Security for Service Oriented ISBN 978-1-4398-1007-1 Architectures Bhavani Thuraisingham FISMA Principles and Best Practices: ISBN 978-1-4200-7331-7 Beyond Compliance Patrick D. Howard Security of Mobile Communications ISBN 978-1-4200-7829-9 Noureddine Boudriga ISBN 978-0-8493-7941-3 HOWTO Secure and Audit Oracle 10g and 11g Security of Self-Organizing Networks: Ron Ben-Natan MANET, WSN, WMN, VANET ISBN 978-1-4200-8412-2 Edited by Al-Sakib Khan Pathan ISBN 978-1-4398-1919-7 Information Security Management: Concepts and Practice Security Patch Management Bel G. Raggad Felicia M. Nicastro ISBN 978-1-4200-7854-1 ISBN 978-1-4398-2499-3 Information Security Policies and Security Risk Assessment Handbook: Procedures: A Practitioner’s Reference, A Complete Guide for Performing Security Second Edition Risk Assessments, Second Edition Thomas R. Peltier Douglas Landoll ISBN 978-0-8493-1958-7 ISBN 978-1-4398-2148-0 Information Security Risk Analysis, Security Strategy: From Requirements Third Edition to Reality Thomas R. Peltier Bill Stackpole and Eric Oksendahl ISBN 978-1-4398-3956-0 ISBN 978-1-4398-2733-8 Information Technology Control and Audit, Vulnerability Management Third Edition Park Foreman Sandra Senft and Frederick Gallegos ISBN 978-1-4398-0150-5 ISBN 978-1-4200-6550-3 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: [email protected] Defense against the Black Arts How Hackers Do What They Do and How to Protect against It Jesse Varsalone Matthew McFadden with Sean Morrissey Michael Schearer (“theprez98”) James “Kelly” Brown Ben “TheX1le” Smith Foreword by Joe McCray CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2012 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20110513 International Standard Book Number-13: 978-1-4398-2122-0 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material repro- duced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copy- right.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identifica- tion and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Foreword............................................................................................................................xiii Authors.................................................................................................................................xv 1 Hacking.Windows.OS...................................................................................................1 Introduction.......................................................................................................................1 Physical.Access....................................................................................................................2 Live.CDs...................................................................................................................3 Just.Burned.My.First.ISO.................................................................................4 Before.You.Start.........................................................................................................6 Utility.Manager..................................................................................................................8 Sticky.Keys........................................................................................................................15 How.to.Log.In.without.Knowing.the.Password.................................................................21 Using.Kon-Boot.to.Get.into.Windows.without.a.Password.....................................24 Bart’s.PE.and.WindowsGate....................................................................................26 Old.School........................................................................................................................29 2000.Server.Family.Domain.Controllers.................................................................30 Defending.against.Physical.Attacks.on.Windows.Machines..............................................31 Partitioning.Your.Drive.for.BitLocker.....................................................................32 Windows.7.....................................................................................................32 Windows.Vista...............................................................................................32 Trusted.Platform.Modules........................................................................................33 Using.BitLocker.with.a.TPM.........................................................................34 Using.BitLocker.without.a.TPM....................................................................34 Windows.7......................................................................................................35 Vista.and.2008...............................................................................................38 BitLocker.Hacks......................................................................................................39 TrueCrypt...............................................................................................................39 Evil.Maid.................................................................................................................43 Summary...........................................................................................................................45 2 Obtaining.Windows.Passwords..................................................................................47 Introduction......................................................................................................................47 Ophcrack..........................................................................................................................48 v vi ◾ Contents Password.Hashes...............................................................................................................50 Nediam.com.mx.......................................................................................................51 John.the.Ripper........................................................................................................51 Rainbow.Tables.......................................................................................................54 Cain.&.Abel......................................................................................................................57 Helix.................................................................................................................................71 Switchblade.......................................................................................................................77 Countermeasures.....................................................................................................86 Summary..........................................................................................................................87 3 Imaging.and.Extraction..............................................................................................89 Introduction.....................................................................................................................89 Computer.Forensic.Tools..................................................................................................90 Imaging.with.FTK.Imager......................................................................................90 Live.View.................................................................................................................93 Deleted.Files.and.Slack.Space..................................................................................99 Forensic.Tool.Kit...................................................................................................100 Imaging.with.Linux.dd...........................................................................................103 Understanding.How.Linux.Recognizes.Devices............................................103 Creating.a.Forensic.Image.............................................................................107 Imaging.over.a.Network................................................................................111 Examining.an.Image..............................................................................................114 Autopsy..................................................................................................................115 Conclusion.......................................................................................................................117 4 Bypassing.Web.Filters...............................................................................................119 Introduction....................................................................................................................119 Information.You.Provide................................................................................................120 Changing.Information....................................................................................................120 Summary.........................................................................................................................131 5 Manipulating.the.Web..............................................................................................133 Introduction....................................................................................................................133 Change.the.Price.with.Tamper.Data................................................................................133 Paros.Proxy......................................................................................................................138 Firebug............................................................................................................................143 SQL.Injection..................................................................................................................144 Cross-Site.Scripting.........................................................................................................146 Countermeasures.............................................................................................................148 Parameterized.Statements.......................................................................................149 Validating.Inputs....................................................................................................149 Escaping.Characters...............................................................................................149 Filtering.Characters.and.Statements.......................................................................149 Encryption..............................................................................................................149 Account.Privileges..................................................................................................149 Errors......................................................................................................................150 Further.Resources.and.References....................................................................................150 Contents ◾ vii 6 Finding.It.All.on.the.Net...........................................................................................151 Introduction....................................................................................................................151 Before.You.Start...............................................................................................................152 Researching.with.Caution................................................................................................155 RapidShare......................................................................................................................157 Advanced.Google.............................................................................................................162 YouTube...........................................................................................................................163 News.Servers....................................................................................................................166 BitTorrent........................................................................................................................167 Other.Options.................................................................................................................167 ShodanHQ.com...............................................................................................................171 7 Research.Time...........................................................................................................179 Overview.........................................................................................................................179 Research,.Time,.and.Planning.........................................................................................180 All.Vectors.Possible..........................................................................................................180 Internal.or.External.Intelligence......................................................................................181 Direct.Contact.versus.Indirect.Contact...........................................................................181 Learning.the.Topology.....................................................................................................182 Learning.the.Structure.....................................................................................................183 Techniques.and.Tools......................................................................................................184 Whois..............................................................................................................................184 Reserved.Addresses..........................................................................................................184 How.to.Defend................................................................................................................186 Domain.Dossier:.Central.Ops.........................................................................................187 Defense.against.Cyber.Squatters......................................................................................189 DNS.Records...................................................................................................................189 Traceroute........................................................................................................................190 Commands.to.Perform.a.Command.Line.Traceroute.............................................192 Traceroute:.Central.Ops.........................................................................................192 Traceroute:.Interpretation.of.DNS...................................................................................193 Disable.Unused.Services..................................................................................................195 Domain.Check:.Central.Ops...........................................................................................195 Email.Dossier:.Central.Ops.............................................................................................195 Site.Report:.Netcraft.com................................................................................................196 Wayback.Machine:.Archive.org.......................................................................................198 How.to.Defend.against.This...................................................................................199 Whois.History:.DomainTools.org....................................................................................199 Zone-h.org......................................................................................................................200 Indirect.Web.Browsing.and.Crawling.............................................................................200 Indirect.Research:.Google.com........................................................................................201 Google.Search.Commands.....................................................................................201 How.to.Defend.against.This..................................................................................202 Indirect.Recon:.Cache,.Google.com...............................................................................202 Indirect.Research:.Google.Hacking.Database.................................................................203 Indirect.Research:.lmgtfy.com........................................................................................203 Indirect.Research:.Duckduckgo.com..............................................................................204 Summary........................................................................................................................204 viii ◾ Contents 8 Capturing.Network.Traffic........................................................................................205 Overview........................................................................................................................205 Network.Placement........................................................................................................206 Collision.Domains..........................................................................................................206 Intrusion.Detection.at.the.Packet.Level..........................................................................207 Monitoring.Limitations..................................................................................................207 Network.Response.Methodology....................................................................................208 Monitoring/Capturing....................................................................................................208 Viewing.Text.Data..........................................................................................................209 Searching.Text.and.Binary..............................................................................................209 Filtering...........................................................................................................................210 Windows.Executable.and.Signatures................................................................................211 Common.File.Signatures.of.Malware...............................................................................211 Snort................................................................................................................................212 Snort.Rules......................................................................................................................212 Making.a.Snort.Rule.......................................................................................................213 Sample.Content.Fields.....................................................................................................213 Analysis...........................................................................................................................213 Capture.Information........................................................................................................213 Capinfos..........................................................................................................................214 Setting.Up.Wireshark......................................................................................................214 Coloring.Rules.................................................................................................................214 Filtering.Data.in.Wireshark.............................................................................................215 Wireshark.Important.Filters............................................................................................215 Wireshark.Operators........................................................................................................216 Wireshark.Filters..............................................................................................................216 Packet.Options................................................................................................................217 Following.the.Stream.......................................................................................................218 Wireshark.Statistics.........................................................................................................218 Network.Extraction.........................................................................................................219 Summary.........................................................................................................................221 9 Research.Time:.Finding.the.Vulnerabilities..............................................................223 Overview........................................................................................................................223 Methodology..................................................................................................................223 Stealth.............................................................................................................................224 Offensive.Security’s.Exploit.Database.............................................................................225 CVEs..............................................................................................................................226 Security.Bulletins..................................................................................................226 Zero.Day.Exploits...........................................................................................................227 Security.Focus................................................................................................................227 Shellcode.........................................................................................................................229 Running.Shellcode................................................................................................229 BackTrack.......................................................................................................................230 BackTrack.Tools....................................................................................................230 BackTrack.Scanning........................................................................................................231 Windows.Emulation.in.BackTrack..................................................................................231 Contents ◾ ix Wine................................................................................................................................231 A.Table.for.Wine.Commands.........................................................................................232 Information.Gathering.and.Vulnerability.Assessment.Using.BackTrack.........................232 Maltego..........................................................................................................................232 Nmap..............................................................................................................................233 Zenmap..................................................................................................................233 Nmap.Scanning.for.Subnet.Ranges.(Identifying.Hosts).........................................235 Nmap.Scanning.for.Subnet.Ranges.(Identifying.Services).....................................236 Nmap.Scanning.for.Subnet.Ranges.(Identifying.Versions)....................................237 Nmap.Scanning.Firewall/IDS.Evasion..................................................................238 Nmap.Scanning.Decoys........................................................................................239 Nmap.Randomization.and.Speed..........................................................................240 PortQry...........................................................................................................................241 Autoscan..........................................................................................................................241 Nessus..............................................................................................................................241 Upgrade.the.Vulnerability/Plug-ins.Database........................................................242 Nessus.Policies.......................................................................................................243 Nessus.Credentials.................................................................................................243 OpenVAS.........................................................................................................................245 Plug-in.Update......................................................................................................246 Netcat.............................................................................................................................248 Port.Scanning.with.Netcat....................................................................................248 Nikto...............................................................................................................................250 Summary.........................................................................................................................251 10 Metasploit..................................................................................................................253 Introduction....................................................................................................................253 Payload.into.EXE............................................................................................................271 WebDAV.DLL.HiJacker.................................................................................................283 Summary........................................................................................................................287 11 Other.Attack.Tools....................................................................................................289 Overview........................................................................................................................289 Sysinternals.....................................................................................................................289 Pslist...............................................................................................................................289 Tasklist/m.......................................................................................................................290 Netstat.–ano...................................................................................................................290 Process.Explorer...............................................................................................................291 Remote.Administration.Tools..........................................................................................291 Poison.Ivy.RAT..............................................................................................................292 Accepting.Poison.Ivy.Connections........................................................................292 Building.Poison.Ivy.Backdoors........................................................................................293 Preparing.Beaconing.Malware.........................................................................................293 Preparing.Install.of.Malware..........................................................................................294 Advanced.Poison.Ivy.Options.........................................................................................295 Generating.a.PE..............................................................................................................296 Commanding.and.Controlling.Victims.with.Poison.Ivy.................................................296
Description: