Several commercial vendors and open-source authors volunteered versions of their software to be published with this book. Most of the commercial tools are limited-time trials or have limited functionality. This provides you the opportunity to experiment with the navigation and operation of the tools to decide whether they will work within your network structure.
The root directory of the CD-ROM is broken down into directories by vendor. The Misc directory contains freeware tools. In some instances, vendors have supplied more than one program. Each program is in its own zipped file. The software included on the CD-ROM has been discussed earlier in this book, and each tool has a read-me file containing additional information, including vendor contact information.
VisualRoute 5.0 is located in the Fortel directory on the CD-ROM. This is a limited-time, full-functionality program providing traceroute and HTTP server information. After the time period has ended, the program can be purchased directly from Fortel.
Hunt is a freeware TCP sniffing/hijacking program written by kra. We include on the CD-ROM the uncompiled C program for you to compile. The read-me file gives an excellent explanation of what an ACK storm is and the limitations associated with TCP hijacking and “man in the middle” attacks. This program works on Linux to obtain a list of existing telnet sessions and insert commands or take over the connection.
Dsniff has come to represent a large step forward in sniffing technologies. Its multiple components and versatility are quickly making it a favorite among security professionals. The software is written by Dug Song and located in the Miscdsniff directory. Future versions will be developed to include the ability to sniff SSH and HTTPS user IDs and passwords. Included in the directory is the Dsniff FAQ to provide further information.
Nmap is one of the most frequently used tools in our tool kit. The ability to perform a port scan and identify the running OS is a great benefit when performing a penetration test. Written by Fyodor and located in the MiscNmap directory, this program, we are sure, will become one of your favorites, too.
Bindview's Hackershield is one of the premier vulnerability scanners on the market. This limited-capability version provides information on the use and output of the tool. Bindview has also offered some tools developed by the Razor team. The Razor team was one of the first groups to create software to detect zombie programs used in distributed denial-of-service attacks. The collection of software the team has created will help defend your network from outside attacks.
NetRecon from Symantec is a flexible vulnerability scanner that covers several different operating systems. It is in the Symantec directory on the CD-ROM.
Another option for war dialing is PhoneSweep from Sandstorm Enterprises. This software is easy to set up and use and provides information about the host software of the modems identified.
Whisker by rain forest puppy is an excellent tool for testing Web sites. This software is distributed freely by rain forest puppy on his Web site at www.wiretrip.net. His Web site also contains links to other resources and an archive of his new projects. The software is in the MiscRFP directory.
Remote Data Services (RDS) has a particularly risky vulnerability associated with Microsoft IIS. The vulnerability, not present in up-to-date servers, allows an unauthorized person to obtain local access on the target server. The C code for this exploit was developed by rain forest puppy and is located in the MiscRFP directory.
L0phtCrack, also known as LC3, developed by L0pht Heavy Industries, is one of the premier Windows NT password crackers available today. It has an integrated SMB packet capture routine allowing the user to sniff Windows NT logon challenges/responses. This information can then be used to create the encrypted password hashes. L0phtcrack can then perform both dictionary and brute force password cracking. This tool is located in the MiscL0phtcrack directory.
Netcat is often found as a part of a vulnerability exploit. It can be used to either listen on a specified port for a connection or to connect to a remote system on a specified port. Additionally, it can be used to connect programs such as cmd to the port, creating a back door. Its versatility gives it almost unlimited possibilities. Written by hobbit (the NT version was written by Weld Pond), it can be found in MiscNetcat.
Internet Security Systems (ISS) has created one of the most popular vulnerability scanners on the market today. Its ease of configuration and automatic updates make it easy to use, and the output makes corrections easy to perform. In addition to the Internet Security Scanner, ISS has also developed a database scanner and intranet scanner. The top-selling intrusion detection system, RealSecure, detects and reacts to unauthorized activity. RealSecure and Internet Scanner evaluation programs are located in the ISS directory.
A popular movement on the Internet involves the community producing new and exciting software. One of these software developments is the creation of Nessus: a distributed security scanner. Its open-source design allows developers all over the Internet to create and share new security models, and future plans allow for interaction with Nmap and Snort. Nessus is located in the Nessus directory and should be run from a Linux system.
Some of these programs require compiling. While program documentation may offer more specific instructions, here are general compiling directions. First, within the directory containing the source code for the tool, issue the following command:
./configure
Next, use the make command:
./make
Finally, issue a make install command:
./make install
This series of steps should generally install programs that need compiling. Of course, gcc or cc compilers generally need to be installed on the system in order for these commands to work.