Sniffers, Session Hijacking, and Denial of Service

Trojans and Backdoors

  • Trojans are programs that pretend to do one thing but when loaded actually perform another more malicious act.

    Table FF.4. Remote Control Programs and Their Default Ports

    Name

    Default Protocol

    Default Port

    Back Orifice

    UDP

    31337

    Back Orifice 2000

    TCP/UDP

    54320/54321

    Beast

    TCP

    6666

    Citrix ICA

    TCP/UDP

    1494

    Donald Dick

    TCP

    23476/23477

    Loki

    ICMP

    NA

    Masters Paradise

    TCP

    40421/40422/40426

    Netmeeting Remote Desktop Control

    TCP/UDP

    49608/49609

    NetBus

    TCP

    12345

    Netcat

    TCP/UDP

    Any

    pcAnywhere

    TCP

    5631/5632/65301

    Reachout

    TCP

    43188

    Remotely Anywhere

    TCP

    2000/2001

    Remote

    TCP/UDP

    135139

    Timbuktu

    TCP/UDP

    407

    VNC

    TCP/UDP

    5800/5801

  • Email attachments are the number one means of malware propagation.
  • A wrapper is a program used to combine two or more executables into a single packaged program.
  • A covert channel is a means of moving information in a manner in which it was not intended.
  • Port redirection works by listening on certain ports and then forwarding the packets to a secondary target. Some of the tools used for port redirection include datapipe, fpipe, and Netcat.

Table FF.5. Common Netcat Switches

Netcat Switch

Purpose

nc -d

Used to detach Netcat from the console

nc -l -p [port]

Used to create a simple listening TCP port, adding u will place it into UDP mode

nc -e [program]

Used to redirect stdin/stdout from a program

nc -w [timeout]

Used to set a timeout before Netcat automatically quits

Program | nc

Used to pipe output of program to Netcat

nc | program

Used to pipe output of Netcat to program

nc -h

Used to display help options

nc -v

Used to put Netcat into verbose mode

nc -g or nc -G

Used to specify source routing flags

nc -t

Used for Telnet negotiation

nc -o [file]

Used to hex dump traffic to file

nc -z

Used for port scanning, no I/O i


Sniffers

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net