Оглавление
Kevin Beaver. Hacking For Dummies
Hacking For Dummies® To view this book's Cheat Sheet, simply go to www.dummies.com and search for “Hacking For Dummies Cheat Sheet” in the Search box. Table of Contents
List of Tables
List of Illustrations
Guide
Pages
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
Building the Foundation for Security Testing
Introduction to Vulnerability and Penetration Testing
Straightening Out the Terminology
Hacker
Malicious user
Recognizing How Malicious Attackers Beget Ethical Hackers
SECURITY TESTING CERTIFICATIONS
Vulnerability and penetration testing versus auditing
Policy considerations
Compliance and regulatory concerns
Understanding the Need to Hack Your Own Systems
Understanding the Dangers Your Systems Face
Nontechnical attacks
Network infrastructure attacks
Operating system attacks
Application and other specialized attacks
Following the Security Assessment Principles
Working ethically
Respecting privacy
Not crashing your systems
Using the Vulnerability and Penetration Testing Process
Formulating your plan
Selecting tools
Executing the plan
Evaluating results
Moving on
Cracking the Hacker Mindset
What You’re Up Against
THINKING LIKE THE BAD GUYS
Who Breaks into Computer Systems
Hacker skill levels
Hacker motivations
Why They Do It
HACKING IN THE NAME OF LIBERTY?
Planning and Performing Attacks
HACKING MAGAZINES
Maintaining Anonymity
Developing Your Security Testing Plan
Establishing Your Goals
DO YOU NEED INSURANCE?
Determining Which Systems to Test
ATTACK-TREE ANALYSIS
Creating Testing Standards
Timing your tests
Running specific tests
A CASE STUDY IN SELF-INFLICTED DENIAL OF SERVICE
Conducting blind versus knowledge assessments
Picking your location
Responding to vulnerabilities you find
Making silly assumptions
Selecting Security Assessment Tools
Hacking Methodology
Setting the Stage for Testing
Seeing What Others See
Scanning Systems
Hosts
Open ports
Determining What’s Running on Open Ports
Assessing Vulnerabilities
Penetrating the System
Putting Security Testing in Motion
Information Gathering
Gathering Public Information
Social media
Web search
Web crawling
Websites
Mapping the Network
WHOIS
Privacy policies
Social Engineering
Introducing Social Engineering
Starting Your Social Engineering Tests
Knowing Why Attackers Use Social Engineering
Understanding the Implications
Building trust
Exploiting the relationship
Deceit through words and actions
Deceit through technology
Performing Social Engineering Attacks
Determining a goal
Seeking information
Using the Internet
Dumpster diving
Phone systems
Phishing emails
Social Engineering Countermeasures
Policies
User awareness and training
Physical Security
Identifying Basic Physical Security Vulnerabilities
Pinpointing Physical Vulnerabilities in Your Office
Building infrastructure
Attack points
Countermeasures
Utilities
Attack points
Countermeasures
Office layout and use
Attack points
Countermeasures
Network components and computers
Attack points
Countermeasures
Passwords
Understanding Password Vulnerabilities
Organizational password vulnerabilities
Technical password vulnerabilities
Cracking Passwords
Cracking passwords the old-fashioned way
Social engineering
TECHNIQUES
COUNTERMEASURES
Shoulder surfing
TECHNIQUES
COUNTERMEASURES
Inference
Weak authentication
BYPASSING AUTHENTICATION
COUNTERMEASURES
Cracking passwords with high-tech tools
Password-cracking software
Dictionary attacks
KNOW WHERE YOUR PASSWORDS LIE
Brute-force attacks
Rainbow attacks
Cracking Windows passwords with pwdump3 and John the Ripper
Cracking Unix/Linux passwords with John the Ripper
PASSWORDS BY THE NUMBERS
Cracking password-protected files
Cracking files
Countermeasures
Understanding other ways to crack passwords
Keystroke logging
LOGGING TOOLS
COUNTERMEASURES
Weak password storage
SEARCHING
COUNTERMEASURES
Network analyzer
TESTING
COUNTERMEASURES
Weak BIOS passwords
Weak passwords in limbo
WEAKNESSES
COUNTERMEASURES
General Password Cracking Countermeasures
Storing passwords
Creating password policies
Taking other countermeasures
THE FALLACY OF MULTIFACTOR AUTHENTICATION
Securing Operating Systems
Windows
Linux and Unix
Hacking Network Hosts
Network Infrastructure Systems
Understanding Network Infrastructure Vulnerabilities
Choosing Tools
Scanners and analyzers
Vulnerability assessment
Scanning, Poking, and Prodding the Network
Scanning ports
Ping sweeping
Using port scanning tools
NMAP
NetScanTools Pro
Countermeasures against ping sweeping and port scanning
Scanning SNMP
Vulnerabilities
Countermeasures against SNMP attacks
Grabbing banners
Telnet
Countermeasures against banner-grabbing attacks
Testing firewall rules
Testing
NETCAT
RULEBASE ANALYZERS
Countermeasures against firewall rulebase vulnerabilities
Analyzing network data
Network analyzer programs
Countermeasures against network protocol vulnerabilities
PHYSICAL SECURITY
NETWORK ANALYZER DETECTION
The MAC-daddy attack
ARP spoofing
Using Cain & Abel for ARP poisoning
MAC address spoofing
LINUX-BASED SYSTEMS
WINDOWS
Countermeasures against ARP poisoning and MAC address Spoofing attacks
Testing denial of service attacks
WHAT YOU NEED TO KNOW ABOUT ADVANCED MALWARE
DoS attacks
Testing
DEMONSTRATE EXPLOITS WHEN NEEDED
Countermeasures against DoS attacks
Detecting Common Router, Switch, and Firewall Weaknesses
Finding unsecured interfaces
Uncovering issues with SSL and TLS
Putting Up General Network Defenses
Wireless Networks
Understanding the Implications of Wireless Network Vulnerabilities
Choosing Your Tools
Discovering Wireless Networks
Checking for worldwide recognition
Scanning your local airwaves
Discovering Wireless Network Attacks and Taking Countermeasures
DON’T OVERLOOK BLUETOOTH
Encrypted traffic
Countermeasures against encrypted traffic attacks
Wi-Fi Protected Setup
Countermeasures against the WPS PIN flaw
Rogue wireless devices
Countermeasures against rogue wireless devices
MAC spoofing
Countermeasures against MAC spoofing
Physical security problems
Countermeasures against physical security problems
Vulnerable wireless workstations
Countermeasures against vulnerable wireless workstations
Default configuration settings
Countermeasures against default configuration settings exploits
Mobile Devices
Sizing Up Mobile Vulnerabilities
Cracking Laptop Passwords
Choosing your tools
Applying countermeasures
THE FALLACY OF FULL-DISK ENCRYPTION
Cracking Phones and Tablets
Cracking iOS passwords
Taking countermeasures against password cracking
HACKING THE INTERNET OF THINGS
Hacking Operating Systems
Windows
Introducing Windows Vulnerabilities
Choosing Tools
Free Microsoft tools
All-in-one assessment tools
Task-specific tools
Gathering Information About Your Windows Vulnerabilities
System scanning
Testing
Countermeasures against system scanning
NetBIOS
Hacks
UNAUTHENTICATED ENUMERATION
SHARES
Countermeasures against NetBIOS attacks
Detecting Null Sessions
Mapping
Gleaning information
net view
Configuration and user information
Countermeasures against null-session hacks
Checking Share Permissions
Windows defaults
Windows 2000/NT
Windows XP and later
Testing
Exploiting Missing Patches
Using Metasploit
WINDOWS 11 SECURITY
Countermeasures against missing patch vulnerability exploits
Running Authenticated Scans
Linux and macOS
Understanding Linux Vulnerabilities
Choosing Tools
Gathering Information About Your System Vulnerabilities
System scanning
Countermeasures against system scanning
Finding Unneeded and Unsecured Services
Searches
Vulnerabilities
Tools
Countermeasures against attacks on unneeded services
Disabling unneeded services
INETD.CONF (OR XINETD.CONF)
CHKCONFIG
Access control
Securing the .rhosts and hosts.equiv Files
Hacks using the hosts.equiv and .rhosts files
hosts.equiv
.rhosts
Countermeasures against .rhosts and hosts.equiv file attacks
Disabling commands
Blocking access
Assessing the Security of NFS
NFS hacks
Countermeasures against NFS attacks
Checking File Permissions
File permission hacks
Countermeasures against file permission attacks
Manual testing
Automatic testing
Finding Buffer Overflow Vulnerabilities
Attacks
Countermeasures against buffer overflow attacks
Checking Physical Security
Physical security hacks
Countermeasures against physical security attacks
Performing General Security Tests
Patching
Distribution updates
Multiplatform update managers
Hacking Applications
Communication and Messaging Systems
Introducing Messaging System Vulnerabilities
Recognizing and Countering Email Attacks
Email bombs
Attachments
ATTACKS USING EMAIL ATTACHMENTS
COUNTERMEASURES AGAINST EMAIL ATTACHMENT ATTACKS
Connections
ATTACKS USING FLOODS OF EMAILS
COUNTERMEASURES AGAINST CONNECTION ATTACKS
Automated email security controls
Banners
Gathering information
Countermeasures against banner attacks
SMTP attacks
Account enumeration
ATTACKS USING ACCOUNT ENUMERATION
COUNTERMEASURES AGAINST ACCOUNT ENUMERATION
Relay
AUTOMATIC TESTING
MANUAL TESTING
COUNTERMEASURES AGAINST SMTP RELAY ATTACKS
Email header disclosures
TESTING
COUNTERMEASURES AGAINST HEADER DISCLOSURES
Capturing traffic
Malware
General best practices for minimizing email security risks
Software solutions
Operating guidelines
Understanding VoIP
VoIP vulnerabilities
Scanning for vulnerabilities
Capturing and recording voice traffic
Countermeasures against VoIP vulnerabilities
Web Applications and Mobile Apps
Choosing Your Web Security Testing Tools
Seeking Out Web Vulnerabilities
Directory traversal
MANUAL ANALYSIS REQUIRED!
Crawlers
Google
Countermeasures against directory traversals
Input-filtering attacks
Buffer overflows
URL manipulation
Hidden field manipulation
Code injection and SQL injection
Cross-site scripting
Countermeasures against input attacks
SENSITIVE INFORMATION STORED LOCALLY
Default script attacks
Countermeasures against default script attacks
Unsecured login mechanisms
Countermeasures against unsecured login systems
Performing general security scans for web application vulnerabilities
TESTING MODERN WEB APPLICATIONS
Minimizing Web Security Risks
Practicing security by obscurity
Putting up firewalls
Analyzing source code
Uncovering Mobile App Flaws
Databases and Storage Systems
Diving Into Databases
Choosing tools
Finding databases on the network
Cracking database passwords
Scanning databases for vulnerabilities
Following Best Practices for Minimizing Database Security Risks
Opening Up About Storage Systems
Choosing tools
Finding storage systems on the network
Rooting out sensitive text in network files
Following Best Practices for Minimizing Storage Security Risks
Security Testing Aftermath
Reporting Your Results
Pulling the Results Together
Prioritizing Vulnerabilities
Creating Reports
Plugging Your Security Holes
Turning Your Reports into Action
Patching for Perfection
Patch management
Patch automation
Commercial tools
Free tools
Hardening Your Systems
PAYING THE PIPER
Assessing Your Security Infrastructure
Managing Security Processes
Automating the Security Assessment Process
Monitoring Malicious Use
Outsourcing Security Assessments
THINKING ABOUT HIRING A REFORMED HACKER?
Instilling a Security-Aware Mindset
Keeping Up with Other Security Efforts
The Part of Tens
Ten Tips for Getting Security Buy-In
Cultivate an Ally and a Sponsor
Don’t Be a FUDdy-Duddy
Demonstrate That the Organization Can’t Afford to Be Hacked
Outline the General Benefits of Security Testing
Show How Security Testing Specifically Helps the Organization
Get Involved in the Business
Establish Your Credibility
Speak on Management’s Level
Show Value in Your Efforts
Be Flexible and Adaptable
Ten Reasons Hacking Is the Only Effective Way to Test
The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods
IT Governance and Compliance Are More Than High-Level Audits
Vulnerability and Penetration Testing Complements Audits and Security Evaluations
Customers and Partners Will Ask How Secure Your Systems Are
The Law of Averages Works Against Businesses
Security Assessments Improve Understanding of Business Threats
If a Breach Occurs, You Have Something to Fall Back On
In-Depth Testing Brings Out the Worst in Your Systems
Combined Vulnerability and Penetration Testing Is What You Need
Proper Testing Can Uncover Overlooked Weaknesses
Ten Deadly Mistakes
Not Getting Approval
Assuming That You Can Find All Vulnerabilities
Assuming That You Can Eliminate All Vulnerabilities
Performing Tests Only Once
Thinking That You Know It All
Running Your Tests Without Looking at Things from a Hacker’s Viewpoint
Not Testing the Right Systems
Not Using the Right Tools
Pounding Production Systems at the Wrong Time
Outsourcing Testing and Not Staying Involved
Tools and Resources
Bluetooth
Certifications
Databases
Denial of Service (DoS) Protection
Exploits
Firewall Rulebase Analyzers
General Research and OSINT Tools
Hacker and Security Testing Publications
Internet of Things
Keyloggers
Laws and Regulations
Linux
Live Toolkits
Log Analysis
Messaging
Miscellaneous
Mobile
Networks
Password Cracking
Patch Management
Security Education and Learning Resources
Security Frameworks
Security Reports and Statistics
Social Engineering and Phishing
Source Code Analysis
Storage
User Awareness and Training
Voice over Internet Protocol
Vulnerability Databases
Websites and Applications
Windows
Wireless Networks
Index. A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
About the Author
Dedication
Author’s Acknowledgments
WILEY END USER LICENSE AGREEMENT
