P

packet-filtering firewalls, 464, 477-480
packets, 38-39
ACK, 46-47, 52-54, 491-492
analyzing, 426-427
ARP, 369-370
BGP packet injection, 400-403
capturing, 426-427
FIN, 53, 69
forged source addresses, 501
fragments , 490
ICMP, 44, 50-51
OOB, 490
oversized, 490
raw packet transmissions, 473-474
RST, 53, 57
SYN, 52-54, 491-492
TTL, 467-468
UDP, 492-493
Paros Proxy scanner, 549-552
partitions, 171
Passfilt DLL, 152-153
passive detection, 73-75
passive signatures, 73-75
passive stack fingerprinting, 73-75
Passport vulnerability, 585, 620-621
Passprop tool, 153
passwd file, 86
password cracking
brute force attacks, 179, 261-262
cleartext passwords, 178, 185
L0phtcrack tool, 179-183
Windows family, 178-183
password hashes
L0phtcrack (LC) tool, 178-183
UNIX, 262-264, 270
Windows 2000, 176-178
Windows family, 158-161, 176-178
password hint applications, 546
password policies, 104-105
passwords
/etc/passwd file, 236, 245-246, 261-262
administrative contacts and, 144-146
ASCII characters as, 183
BGP, 401
BIOS, 210
brute-force attacks, 179, 261-262
Cisco devices, 389-392
cleartext. See cleartext passwords
cracking. See password cracking
cross-site scripting exploits, 582
default, 145-146, 360
dsniff tool, 383-386
guessing, 104-105, 143-157
guidelines, 151-153, 217-218
high probability combinations, 145-146
hints for, 546
length of, 153
Linux platform, 384
low hanging fruit, 314-315
Microsoft Passport, 620-621
network devices, 360
network eavesdropping and, 158-161
null, 147
online services, 622
Passfilt DLL, 152-153
PHF exploit, 225-226
policies, 151-153
remote access to internal networks, 345-346
shadow password file, 261-262
social engineering and, 30
SSH and, 386
SYSKEY-encrypted, 177, 210
UNIX, 216-218, 261-265
user accounts, 143-157
voicemail, 330-335
patches
Apache attacks, 259
ASP code disclosure, 539
codebrws.asp, 539
DoS attacks and, 502
exprcalc.cfm, 538-539
GDI+/JPEG exploits, 594
GRSecurity, 221
HTML Help control, 600
IIS, 168-169, 537, 540, 542
improper URL canonicalization, 598
JSP code disclosure, 539
LSASS buffer overflows, 163-165
Microsoft Office, 590
PNG exploits, 618
rootkits and, 646
RPC vulnerabilities, 240-241
sendmail, 237
server extensions, 542
SNMP, 405
SSH service, 255-256
Translate: f exploit, 542
trap handling, 405
vs. Windows Update, 604
Windows family, 199-200, 208, 210
Windows XP Service Pack 2, 208
WLAN drivers, 427-428
Patchfinder tool, 644
payloads, 565, 586-587, 635, 637
PayPal, 621-622, 624
PBX systems, 300-302, 325-329
pcAnywhere program, 312
PCMCIA cards, 427
PCMCIA drivers, 410
PCT (Private Communications Transport), 166-168
Peakflow tool, 503
penetration testing, 529-530
Perl scripts, 465, 541
permissions
Active Directory, 121
administrator, 172
NTFS, 171
system utilities, 172
UNIX platform, 273-276
personally identifiable information (PII), 622
Pest Patrol program, 631
PGP (Pretty Good Privacy), 32, 623
Phatbot attacks, 497
Phenoelit toolset, 366, 393
PHF attacks, 225-226
phishing scams, 598, 623-628
phone book script. See PHF
phone closets, 366-367
phone number footprinting, 9, 11, 31-32, 295-296, 303
phone numbers
looking up physical address with, 11
social-engineering attacks, 11
war-dialing attacks. See war-dialing
PhoneSweep tool, 298, 308-311
PHP vulnerabilities, 520, 522, 543
Phrack Magazine, 49
physical security, 10, 646-647
PIDs (process IDs), 195
PII (personally identifiable information), 622
pilfering, 175-176
ping of death, 490
Ping Sweep tool, 45
ping sweeps , 42-50, 94
pingd daemon, 50
pings , ICMP, 42-50, 480
pipes, named, 110, 174
PipeUpAdmin tool, 170-171, 175
plain old telephone service (POTS) line, 324, 336
plaintext, 590, 600, 610, 626-627
PNG exploits, 593, 615-618
Point-to-Point Tunneling Protocol. See PPTP
policies, security, 151-153
pop-up blocker, 607
pop.c tool, 216
port mappers, MSRPC, 161-163
port redirection
fpipe, 191-193
Windows family, 190-192
port scanning, 51-68
active operating system detection, 69-72
blocked ICMP traffic and, 45-46
countermeasures, 66-68
described, 52
firewalls, 465-467, 475-476
ipEye, 63
Mac systems, 136-138
netcat utility, 55-56, 66, 476, 478
NetScanTools, 45
nmap, 56-59, 66, 134, 360
ScanLine tool, 63-65
strobe tool, 54-55
SuperScan tool, 44, 46, 61-62, 66
TCP services, 53-59
techniques for, 52-54
UDP services, 53-59
udp_scan tool, 55
UNIX, 52-59, 66
Windows-based, 60-66
Windows UDP Port Scanner, 63-64
WinScan, 62
portmappers, 91-92, 128-129, 238, 244
ports
Ascend routers, 361
Bay routers, 361
blocking, 362-363, 466
Cisco routers, 360-361, 364-365
Cisco switches, 361
filtered, 470-471
firewalls and, 465-467, 472
hiding, 638
listed, 651-656
listening, 51-52, 361
LPC port requests , 173-174
NetBIOS, 149-150
network devices, 360-363
scanning. See port scanning
source, 475-476
TCP. See TCP ports
traffic sourced on, 191-192
trunk, 381
UDP. See UDP ports
unfiltered , 471
virtual terminal, 364-365
vty, 362
Windows family, 195-196
PortSentry, 67, 362-363
POST request, 554
Postfix, 238
Postgress databases, 563
POTS (plain old telephone service) line, 324, 336
PPTP (Point-to-Point Tunneling Protocol), 159-160, 335-339
PPTP sniffer, 159-160
PREfast tool, 514, 527
Pretty Good Privacy. See PGP
Prexis tool, 527
print sharing, 151
printers, 169-170
printf function, 223-224, 516-517
Prism2 card drivers, 410
Prism2 cards, 410, 420, 430, 436, 441
Prism2 kernel drivers, 430
Prism2dump tool, 430-431
Prismdump utility, 427-428
privacy issues. See also identity theft
credit histories, 11
criminal records, 11
obtaining personal information via Web, 11
online resumes and, 15-18
public databases, 8-18
search engines and, 15-18
social security numbers, 11
Usenet forums and, 15-16
Private Communications Transport (PCT), 166-168
privilege escalation
showModalDialog cross-zone exploit, 595-597
UNIX, 213, 261
Windows family, 173-175, 600
probe requests, 439
probe responses, 439
Process Explorer utility, 195
process IDs (PIDs), 195
Process List, 195
processes, hiding, 638
Procomm Plus software, 316-323
profiling, 353-356
Project Rainbow crack, 181
promiscuous mode, 214-215, 281, 409, 427-429
promiscuous mode attacks, 259-261
Protolog program, 49
Protos Project, 241
proxies
application, 464
HTTP, 553-554
HTTPS, 553-554
SPIKE Proxy tool, 553-554
proxy firewalls, 234-235, 480-484
proxy servers, 465, 481, 556-557
ps script, 282
pscan tool, 128, 131
psexec tool, 174, 187, 193
psexec.exe file, 193
Psionic Logcheck, 67
Psionic PortSentry, 67
public databases, 8-32
public keys, 205-206, 218
public newsgroups, 359
publicly available information, 8-18
pulist tool, 195
pwdump tool, 177-178
pwdump2 tool, 177-178, 184
pwdump3e tool, 178
pwdumpX tool, 177-179
pwscan.pl utility, 217
Pynnonen, Jouko, 84
Python, 553


Hacking Exposed
Hacking Exposed 5th Edition
ISBN: B0018SYWW0
EAN: N/A
Year: 2003
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net