OVERVIEW

Previous page
Table of content
Next page

We have divided this chapter into three major sections:

  • Unauthenticated Attacks Starting only with the knowledge of the target system gained in Chapters 2 and 3, this section covers remote network exploits.

  • Authenticated Attacks Assuming that one of the previously detailed exploits succeeds, the attacker will now turn to escalating privilege if necessary, gaining remote control of the victim, extracting passwords and other useful information, installing back doors, and covering tracks.

  • Windows Security Features This last section provides catchall coverage of built-in OS countermeasures and best practices against the many exploits detailed in previous sections.

Before we begin, it is important to reiterate that this chapter will assume that much of the all-important groundwork for attacking a Windows system has been laid: target selection (Chapter 2) and enumeration (Chapter 3). As you saw in Chapter 2, port scans and banner grabbing are the primary means of identifying Windows boxes on the network. Chapter 3 showed in detail how various tools used over the SMB "null session" can yield troves of information about Windows users, groups, and services. We will leverage the copious amount of data gleaned from both these chapters to gain easy entry to Windows systems in this chapter.

What's Not Covered

This chapter will not exhaustively cover the many tools available on the Internet to execute these tasks . We will highlight the most elegant and useful (in our humble opinions ), but the focus will remain on the general principles and methodology of an attack. What better way to prepare your Windows systems for an attempted penetration?

One glaring omission here is application security. Probably the most critical Windows attack methodologies not covered in this chapter are web application hacking techniques. OS-layer protections are often rendered useless by such application-level attacks. This chapter covers the operating system, including the built-in web server in IIS, but does not touch application securitywe leave that to Hacking Exposed: Web Applications (McGraw-Hill/Osborne, 2002; http://www.webhackingexposed.com).

Note 

For those interested in in-depth coverage of the Windows security architecture from the hacker's perspective, new security features, and more detailed discussion of Windows security vulnerabilities and how to fix themincluding the newest IIS, SQL, and TermServ exploitspick up Hacking Exposed: Windows Server 2003 (McGraw-Hill/Osborne, 2003; http://www.winhackingexposed.com).


Previous page
Table of content
Next page
Hacking Exposed
Hacking Exposed 5th Edition
ISBN: B0018SYWW0
EAN: N/A
Year: 2003
Pages: 127
Authors: Stuart McClure, Joel Scambray, George Kurtz
BUY ON AMAZON
Network Security Architectures
C++ GUI Programming with Qt 3
Introduction to 80x86 Assembly Language and Computer Architecture
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy