Index
A
Access, maintaining
127
Back Orifice
144
Netbus
134–135
Netcat
128–133
Cryptcat
133–134
practicing
142–143
rootkits
135–141
detecting and defending against
141–142
Hacker Defender
137–141
SubSeven (Sub7)
144
Access Control Lists (ACLs)
56
Active reconnaissance
18, 25
Advanced security concepts
153
AFP
67
“Allintitle:” directive
23
APT (Advanced Package Tool)
4
Attack vectors
66, 108, 121
Authorization
3
B
Back Orifice
144
Backtrack
5, 6, 26–27, 36, 69, 83–84
working with
6–9
Backtrack Linux
3–6, 154
Base64
116
Bdcli100.exe
137
Ben Owned
38, 80, 86, 118, 119
Bind and reverse payloads, difference between
80
Bing
26
Black Hat conference
154
Brute forcing letter combinations
87
Burp Proxy
125
Burp Suite
125
C
CANVAS
71
Carl-Fredrik
134
Chat rooms
152
Circle of life
156
Cisco ASA firewall
20–21
Code injection attacks
116–120
Core Impact
62, 71
Cross-site scripting (XSS)
121–123
Cryptcat
133–134
D
Dakota State University website
22
Dawes, Rogan
111
Defcon
152–153
Defcon
6, 144
Defcon
12, 70
Defcon
13, 21
De-ICE CDs
102
DHCP server
7, 8
DirectXploit
144
Domain Name Systems (DNS) servers
28, 29
extracting information from
32–36
Dsniff
94
E
E-mail address
25, 26, 68, 77
E-mail server, extracting information from
36
“eth0” interface
7–8
Ethereal
95
Ethical hackers
2, 3, 18, 57
and malicious hacker
3
Ettercap
104
Executive summary
147
Exploitation
13, 65
Ettercap
104
Fast-Track Autopwn
97–100
John the Ripper
81–89
macof program
93–97
Medusa
67–70
Metasploit
70–81, 104–105
network traffic, sniffing
92–93
password resetting
89–92
practicing
100–103
RainbowCrack
104
target and desired goal
103–105
Wireshark
104
F
Facebook
25–26
“Fail closed”, concept of
94
“Fail open”, concept of
94
Fast-Track Autopwn
97–100
fdisk tool
84
Fedora Security Spin
14
“filetype:” directive
24
“First Order XSS”
123
FPing
47
FTP
67, 96, 97
G
Gmail
25
Google
21, 22–26
Google cache
23–24
Google-Fu
22, 40
Google Hacking
21
Google Hacking for Penetration Testers
21, 40
Graphical user interface (GUI)
48–49
H
Hacker Defender
137–141
Hacking lab, use and creation of
9–10
Harvester
26–28, 68
accessing
26–27
output
28
Hash
82
HD Moore
70, 71
Hobbit
128
Host command
29, 31–32, 33
output
32
Hotmail
25
hsdef100 file
137
HTTP
67
HTTrack
19–22
accessing
19
Hub
93
hxdef100.exe
137
hxdef100.ini
137, 140
ICMP Echo Request packets
46
I
“ifconfig”
7, 8
IMAP
67
Information gathering
seeReconnaissance
Internet
108
“intitle:” directive
23
“inurl:” directive
23
.iso image
5
J
John the Ripper (JtR)
81–89, 103
K
KATANA
14
K-Start dragon
19, 72, 98, 112
L
Lan Manager (LM)
86
Linux
5, 46, 57
passwords, cracking of
88–89
Linux Backtrack
77
Lodge, David
108
Long, Johnny
Defcon
13, 21
Google Hacking Database (GHDB)
40
“lo” interface
7–8
M
macof program
93–97
Maintaining access
seeAccess, maintaining
Malicious hacker and ethical hackers
3, 28
“Man host” command
32
Martorella, Christian
26
Matriux
14
Medusa
67–70
practicing
103
MetaGooFil
36–37
information gathering with
69
Metasploit
16, 17, 70–81, 94, 97, 102, 146
Metasploitable
102
“Metasploit Unleashed”
102
Microsoft
5, 7, 86, 87
Mobman
144
MS08-067
73–74, 75, 76
MS09-001
74, 75
Msfconsole
72, 73
MS-SQL
67
MySpace
25
MySQL
67, 117
N
Nessus
58–61, 73, 146
screenshot of
59
setting up
60
steps to install
58–59
Netbus
134–135, 144
Netcat
128–133, 139, 142
Cryptcat
133–134
Netcraft
31
NetWare NCP
67
Network interface card (NIC)
92–93
Network traffic, sniffing
92–93
Nmap
48, 73, 131, 146
and null scans
56–57
and SYN scan
51–52
and TCP connect scan
49–51
and UDP scans
52–55
and Xmas scan
55–56
NNTP
67
NS Lookup
34–35
“nslookup” command
34
Null scans, using Nmap to perform
56–57
O
Offensive security
3
Online password crackers
67
Open Source Security Testing Methodology Manual (OSSTMM)
155
Open Web Application Security Project (OWASP) organization
123, 125
OSX passwords, cracking
88
OWASP Top Ten Project
124
P
Paros Proxy
125
Passive reconnaissance
18, 21
Password dictionary
68, 87
Password hashes
82, 83, 86
Password resetting
89–92
“patch.exe”
135
Paterva's Maltego CE
40–41
Payloads
13, 71, 79
reverse
79
PC Anywhere
67
Penetration testing
1, 66, 145
advanced security concepts
152–153
Backtrack, working with
6–9
Backtrack Linux
3–6
books for
154
circle of life
156
definition of
1
getting started
2–3
guidelines
153–155
hacking lab, use and creation of
9–10
phases of
10
four-step model
13–14
report writing
146
detailed report
147–149
executive summary
147
raw output
149–152
Penetration Testing Framework (PTF)
155
PGP server
26
Ping and ping sweeps
46–48
POP3
67
Port numbers, and corresponding services
45
Port scanning
13, 48
null scans and Nmap
56–57
SYN scan and Nmap
51–52
TCP connect scan and Nmap
49–51
three-way handshake
49, 57–58
UDP scans and Nmap
52–55
Xmas scan and Nmap
55–56
Poweroff command
8
Proof of concept (POC) attacks
1, 101, 148
Python script
26, 37
R
RainbowCrack
104
Rapid
7, 71
Reboot command
8
Reconnaissance
10–11, 13, 15
DNS servers
32–36
e-mail server, extracting information from
36
MetaGooFil
36–37
finding attackable targets
39
Google directives
22–26
host command
31–32
Harvester
26–28
HTTrack
19–22
information gathering, advanced topics in
40–41
Google Hacking for Penetration Testers
40
Johnny Long's Google Hacking Database (GHDB)
40
Paterva's Maltego CE
40–41
Search Engine Assessment Tool (SEAT)
40
search engine directives for sites other than Google
40
Netcraft
31
NS Lookup
34–35
practicing
39–40
social engineering
38–39
Whois
28–31
“Referral URL:”
30
Remote access service
67–70
Report writing
146
detailed report
147–149
executive summary
147
raw output
149–152
Reverse payloads
79, 80
REXEC
67
RFC
55
RLOGIN
67
Rootkits
128, 135
detecting and defending against
141–142
Hacker Defender
137–141
practice
143
S
Saint
62
SAM (Security Account Manager) file
83–84, 85
Samdump2
84–85, 86
SAM Juicer tool
81, 83–84
Scanning
43
pings and ping sweeps
46–48
port scanning
48
null scans and Nmap
56–57
SYN scan and Nmap
51–52
TCP connect scan and Nmap
49–51
three-way handshake
49
UDP scans and Nmap
52–55
wrap up
57–58
Xmas scan and Nmap
55–56
practicing
61–62
steps in
43–46
vulnerability scanning
58–61
Search Engine Assessment Tool (SEAT)
40
Search engine directives, for sites other than Google
40
Security Account Manager file
seeSAM (Security Account Manager) file
Security-related curriculum
154, 155
SELECT statement
118
7zip
150
“Site Report”
31
SMTP-AUTH
67
Sniffing
92–93
SNMP
67
Social engineering
38–39
Spidering
111–114
SSH
58, 67
SSHv2
67
Star Wars
2
“Stealth Scan”
51
Stored XSS
123
Structured Query Language (SQL)
117, 118
SubSeven (Sub7)
144
Sullo, Chris
108
Sun Microsystem
5
“Swiss army knife”
seeNetcat
SYN/ACK packet
49
SYN scan
51–52
System32 directory
132–133
T
TCP (Transmission Control Protocol) Connect scan
49–51, 53
Telnet
58, 67
Three-way handshake
49
TrueCrypt
150
Twitter
25–26
U
UDP (User Datagram Protocol)
53
and Nmap
52–55
UseNet
25
V
VirtualBox
5
Virtual PC
5
VMware image
5
VMware Player
5–6
VNC software
67, 76
Vulnerability assessment and penetration testing
1–2
Vulnerability scanner
71
Vulnerability scanning
13, 45, 58–61
W
Web-based exploitation
107
code injection attacks
116–120
cross-site scripting
121–123
interrogating web servers
108–109
spidering
111–114
WebScarab
112, 113, 115–116
Websecurify
110–111
Web Form
67
WebGoat
123–124
Websecurify
110–111
Whois
28–31
Wilhelm, Thomas
102
Windows version
46
Wireshark
94–96, 97, 104
X
Xmas scan and Nmap
55–56
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.106.233