W | Hacking Exposed 5th Edition

Wall of Voodoo site, 312-313

war-dialing, 294-313. See also dial-up hacking

carrier exploitation, 311-313

hardware for, 296-297

legal issues, 297-298

long-distance charges incurred by, 298

PhoneSweep, 308-311

software for, 298-313

THC-Scan, 304-308

ToneLoc, 299-304

war-driving, 408, 411-412, 415-421, 435

WASAT (Web Authentication Security Analysis Tool), 556

watches , Microsoft, 408-409

Watchfire tool, 560-561

Wayback Machine site, 13

web administration, 399

web applications

analyzing, 549-561

attack countermeasures, 522-534

common vulnerabilities, 561-572

finding vulnerable apps, 546-547

hacking, 522, 544-572

IIS and, 173

security scanners , 557-561

SQL injection, 553, 561-564

web crawling, 547-548

Windows family and, 171, 201, 204, 209

Web Authentication Security Analysis Tool (WASAT), 556

web browsers. See also Netscape, Internet Explorer

add-ons, 629-630

ASP and, 538, 542

crashes, 613

Firefox, 614-615

IP Network Browser, 114-115

non-IE vulnerabilities, 618

remote access to companies, 9

sensitive information and, 612, 622-623, 641

WebProxy tool, 553-554

webspy tool, 384

web clients , 564-566

web crawling, 547-548

Web Distributed Authoring and Versioning (WebDAV), 540, 542

web pages

cached, 13-14

company, 9

"crawling" HTML code, 89

cross-site scripting (XSS), 581-582

HTML source code in, 9

webspy tool, 384

web servers. See also servers

Apache. See Apache Web Server

back channels and, 235

buffer overflow attacks, 542-544

canonicalization issues, 520-522

ColdFusion Application Server, 538

egress filtering, 168

enumerating, 88-91

FAT partitions, 171

hacking, 536-544

ISAPI idq.dll buffer overflows, 543

mapping directory structure, 540

OWA, 9, 547

running as "root," 57-58

sample files on, 537-539

scanning, 544-545

vulnerabilities, 536-544

Weblogic, 539

Web Services, 168

web sites

802.1x standard, 457

cached, 13-14

company, 9

disgrunted employees , 14

DumpSec tool, 98-99

encryption, 438

entering malicious data in, 564-566

Form Scalpel tool, 554-555

Hacking Exposed, 99

hidden tag modification, 570-571

HTML source code in pages, 9

ICANN, 19

improper links to, 597-598

IP Network Browser, 115

job, 18

Linux security resources, 291-292

Linux system security resources, 291-292

AS lookups, 359

malicious, 597-598

Microsoft security tools/best practices, 171, 201, 204, 209

MRTG traffic analysis, 547

NAT, 99-101

nbtscan tool, 96

netviewx tool, 94

nmap scans , 134

Novell security information, 127

Offline Explorer Pro, 548

packet capture, 426-427

phishing scams, 598, 623-628

port information, 652

retrieving information about, 547-548

Samba, 133

Secure UNIX Program FAQ, 220

sensitive information and, 612, 622-623, 641

shellcode creation tools, 220

shopping-cart sites, 570-571

Solaris security resources, 291

SPIKE Proxy tool, 553-554

SQL security, 132

SQL Server 2000, 209

testing, 554-555

tracerouting, 359

UNIX security resources, 290-292

viewing offline, 548

viruses, 634-635

Wall of Voodoo, 312-313

WASAT tool, 556

Web Proxy tool, 553-554

worms, 634-635

WWW Security FAQ, 226, 258

XSS attacks, 564-566

web vulnerability scanners, 544-545

WebDAV (Web Distributed Authoring and Versioning), 540, 542

WebInspect tool, 557-560

WebLOAD tool, 503

Weblogic servers, 539

webmitm tool, 385

WebProxy tool, 553-554

WebSleuth tool, 551-553

webspy tool, 384

WEP (Wired Equivalent Privacy), 348, 416, 441-442, 445-446

WEP key, 416, 435, 441, 443, 447-451

WEP-Plus, 447, 449

WEPAttack tool, 451-452

Werth, Volker, 588

WFP (Windows File Protection), 193

wget tool, 9, 547-548

Whalen, Sean, 419

Whisker scanner, 544-547

whitelists , 631

whoami utility, 162, 167

WHOIS client, 31

WHOIS database, 22, 24-31, 39, 295

WHOIS enumeration, 18-32

WHOIS searches, 22, 24-31, 39, 295

WHOIS servers, 24, 28-131

wi (Wavelan) driver, 444

wicontrol command, 444

WiFi-Plus, 413, 461

WifiScanner, 436-437

WiGLE.net database, 424

Wikto tool, 15

wildcards, 86, 248, 581

Williams/Northern Telcom PBX system, 326-327

Win2K Kernel Hidden Process-Module Checker, 645

Win32 Structured Exception Handling (SEH), 208

Window Size attribute, 73-74

Windows 2000 platform. See also Windows platform

password hashes, 176-178

privilege-escalation attacks, 173

SYSKEY and, 177

Windows File Protection, 193

zone transfers, 86

Windows 2000 SP4 systems, 160, 166-167

Windows 2000 Support Tools, 118

Windows File Protection (WFP), 193

Windows file shares, 97-99

Windows Firewall, 148-149, 203, 205, 207, 600

Windows Internet service, 143

Windows Management Instrumentation (WMI), 644-645

Windows Media Player, 617

Windows NT File System. See NTFS

Windows NT kernel, 140

Windows NT platform. See also NT entries

2003 Server. See Windows Server 2003

defined, 79

enumeration, 92-94

registry, 99-101, 106-111, 115

tracert utility, 37-40, 354-356

Windows NT Registry, 99-101, 106-111, 115

Windows platform, 139-210

2000 Server, 59, 156

2003 Server. See Windows Server 2003

Administrator accounts, 144-148, 173-178

applications and, 142, 209

auditing, 154-156, 197

authentication, 173-199

back doors, 176-190

changing default configurations, 611-612

covering tracks, 197

disabling auditing, 197

Encrypting File System (EFS), 205-206

event log, 197-198

executables, 195

filenames, 193

footprinting functions, 35

Group Policy, 200-202, 205, 207, 209-210

hacking, 139-210

hidden files, 198-199, 637-638

interactive logon rights, 174-175

intrusion-detection checklists, 644

intrusion-detection tools, 157

IPSec, 148, 202-203

L0phtcrack (LC) tool, 158-161

logging, 154-156, 172

logon cache dump, 185-186

Mac connections, 137

.NET Framework (.NET FX), 204-205

NetScan tools. See NetScan tools

network architecture, 140

network protocol attacks, 143-165

password cracking, 178-183

password hashes, 158-161, 176-178

patches, 199-200, 208, 210

pilfering, 175-176

port redirection, 190-192

port scanners, 60-66

ports, 195-196

privilege escalation, 173-175, 600

processes, 195

remote control, 176-190

rootkits, 199, 636-640

runas command, 203-204

security and, 140, 199-209

Security Center control panel, 206-207

service packs , 199-200, 208, 210

SMB attacks, 142-157

tracert utility, 467

unauthenticated attacks, 142-173

versions, 140

vs. other platforms, 140

Windows 2000. See Windows 2000 platform

Windows Firewall, 148-149, 203, 205, 207

Windows XP. See Windows XP platform

Windows Preinstallation Environment (WinPE), 645-646

Windows Registry

anonymous setting and, 106-111

authenticated compromise, 193-195

enumeration, 99-101

lockdown , 110

null sessions and, 106-111

rogue values, 193-195

viruses/worms and, 635

Windows Resource Kit (RK), 94

Windows scan, 53

Windows Scheduler service, 174, 176, 195

Windows Server, 59

Windows Server 2000, 59, 156

Windows Server 2003

anonymous settings, 110-111

.NET Framework vulnerabilities, 204-205

port scans and, 59

Registry lockdown, 110

resources, 209

secure configuration for, 154

Security Policy tool, 154

zone transfers and, 86

Windows Server service, 165

Windows Session Manager, 204

Windows System File Protection (SFP), 90

Windows Terminal Server, 118, 187, 204

Windows UDP Port Scanner (WUPS), 63-64

Windows Update (WU), 604

Windows Update Corporate Edition. See Software Update Service

Windows WLAN Sniffer, 410

Windows Workgroups, 93-94

Windows XP platform. See also Windows platform

RestrictAnonymous setting, 110-111

Sasser worm, 164-165

security and, 140, 205

Security Zone changes, 606-610

Windows Firewall, 148-149, 203, 205, 207

Windows XP Service Pack 2 (XP SP2), 206-208, 606

WindowsInfoScan (WindowsIS) tool, 147

WindowsIS (WindowsInfoScan) tool, 147

winfo tool, 106

WinGate proxy firewall, 482-484

WinGate servers, 482-484

WinPE (Windows Preinstallation Environment), 645-646

WINS broadcast packets, 375-376

WINS Client, 106, 149-150

WinScan, 62, 66

WinTrinoo tool, 496

WinVNC, 188-190, 193-195

WINVNC.exe file, 193

Wired Equivalent Privacy. See WEP

wireless access points, 408-409, 435

wireless antennas, 411-414, 461

wireless cards, 409-411, 427-429

Wireless Central, 412, 461

wireless drivers, 410-411

wireless hotspots, 417

wireless Internet service providers (WISPs), 413

wireless LANs. See WLANs

wireless networks, 407-461

access to, 440-442

case study, 348-349

decibel-to- volts -to-watts table, 458-460

defense mechanisms, 437-442

denial of service attacks, 441, 456

enumeration, 425-437

footprinting, 408-425

free, 413

GPS devices, 414-415

LEAP technology, 453-456

MAC addresses, 440-442, 444-446

mapping, 421-425

monitoring tools, 430-437

scanning, 425-437

SSID, 438-439, 443-444

war-driving, 415-421

WEP, 441-442, 445-446

WLANs. See WLANs

wireless sniffers, 409, 426-429

wireless technology, 408, 458-460

WISPs (wireless Internet service providers), 413

WLAN Drivers Patch, 427-428

WLAN-Tools, 449-450

WLAN transceivers, 408

wlan_jack tool, 456

WLANs (wireless LANs). See also wireless networks

countermeasures, 437-442, 450

Linux systems, 427-428

overview, 408-410

WMI (Windows Management Instrumentation), 644-645

world-writable files, 275-276

Worm.Explore.Zip worm, 590

worms, 634-639. See also viruses

address book, 589-591

Apache, 543

back doors, 636-639

Blaster, 162-163, 503

BubbleBoy, 590

buffer overflows and, 514

Code Red, 536, 543

described, 634

ILOVEYOU, 590

LifeChanges, 587

MyDoom, 488, 497, 589

MyDoom.B, 503

Nimda, 536, 589

overview, 634-639

Robert Morris, 219

rootkits, 636-639

Sasser, 164-165

Slammer, 501, 635

Worm.Explore.Zip, 590

Wpoison tool, 563

Wright, Joshua, 445

write net MIB, 390

WS_Ping ProPack tool, 31, 45

wted program, 282

WU (Windows Update), 604

wu- ftpd vulnerability, 235-237, 269

WUPS (Windows UDP Port Scanner), 63-64, 66

wwwcount.cgi program, 544

wzap program, 282-284