About

McGraw-Hill /Osborne

McGraw-Hill /Osborne
2100 Powell Street, 10th Floor
Emeryville, California 94608
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/ Osborne at the above address.

All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 CUS CUS 019876

Book p/n 0-07-226286-9 and CD p/n 0-07-226288-5 parts of

Acquisitions Editor
Jane Brownlow

Project Editor
Mark Karmendy

Acquisitions Coordinator
Jennifer Housh

Technical Editor
Keith Loyd

Copy Editors
Lisa Theobald
Mark Karmendy

Proofreader
Paul Tyler

Indexer
Claire Splan

Composition
Apollo Publishing Services

Series Design
Dick Schwartz
Peter F. Hancik

This book was published with Corel Ventura Publisher.

Information has been obtained by McGraw-Hill /Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill /Osborne, or others, McGraw-Hill /Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

Flawfinder is included on the CD-ROM courtesy of David A. Wheeler (http://www.dwheeler.com/flawfinder).

GNU Netcat is included on the CD-ROM courtesy of Giovanni Giacobbi (http://netcat. sourceforge .net).

To the readers for taking the time to increase their knowledge, and to my wife Sarah for the time she sacrifices for me to do the same.

Chris

To my Mom and Dad, thanks for teaching me to follow my dreams. To my sister, Renee, for always being there for me. To all of my friends , brothers, and teachers at the University of Texas at Austin for making me what I am and showing me what I can be. Hook'em Horns.

Aaron

To my wife Mireya for her constant support and understanding.

Dave

About the Authors

Mike Shema

Mike Shema is CSO of NT Objectives, where he is working on improving the accuracy and scope of application security testing techniques and tools. He joined NT Objectives from Foundstone, Inc., where he was a principle consultant and trainer. He has performed security tests ranging from network penetrations to firewall and VPN reviews to web application reviews. Mr. Shema is intimately familiar with current security tools, vulnerabilities, and trends. Mr. Shema has also discovered and submitted to Buqtraq several zero-day exploits as a result of his extensive experience with web application testing.

Prior to joining Foundstone, Mr. Shema worked at a product development company where he configured and deployed high-capacity Apache Web and Oracle database servers for numerous Internet clients . Mr. Shema previously worked at Booz Allen Hamilton on information assurance projects and performed several security assessments for government and military sites in addition to developing security training material.

Mr. Shema holds a B.S. in Electrical Engineering and a B.S. in French from Penn State University. Mr. Shema has co- authored Hacking Exposed: Web Applications and authored Hack Notes: Web Security .

Chris Davis, CISSP, CISA, is the co-author of Hacking Exposed: Computer Forensics . Mr. Davis has trained and presented at SMU, BlackHat, ISSA, CISA, ConSecWest, the McCombs School of Business, 3GSM World Congress, and others in areas including advanced computer forensic analysis of various platforms and devices, information systems security, and hardware security design. Mr. Davis has managed worldwide teams in security auditing, architecture, and product design. His contributions include projects for Gartner, Harvard, SANS, CIS, SMU, and the McCombs School of Business. He has enjoyed positions at eForensics, Cisco Systems, Austin Microsoft Technology Center, and currently Texas Instruments. Mr. Davis regularly consults with Affect Computer Forensics and InfoDefense. Mr. Davis was a U.S. Navy Submariner on the USS Nebraska (Go Big Red) and Submarine NR-1. He holds a bachelor's degree in Nuclear Engineering from Thomas Edison and a master of business from the University of Texas at Austin.

Aaron Philipp, CISSP, IAM, is the managing partner of Affect Computer Forensics. He is the co-author of the book Hacking Exposed: Computer Forensics . Prior to Affect, he was the Team Manager in the Forensics and Survivability Research group at the McCombs School of Business, University of Texas at Austin. He holds a patent in the field of web server survivability . He has consulting experience with U.S. and foreign-based companies, governments , and militaries, performing network architecture design, cryptographic consultation, penetration testing, and incident response. He also has performed litigation support and contributed expert witness knowledge in multiple court cases, on levels ranging from civil to federal criminal. In addition, he is a regular speaker at conferences (BlackHat 2002, FBI InfraGard, et al.) on the topics of forensic investigation and toolkits, intrusion detection, and hacker methodologies. Aaron holds a B.S. in Computing Science from the University of Texas at Austin.

David Cowen, CISSP, is a partner at G-C Partners, LLC. He is the co-author of the book Hacking Exposed: Computer Forensics and a frequent speaker on computer forensics and computer security. Prior to founding G-C Partners, Mr. Cowen worked at Fios, Inc., where he supported large litigations through litigation support and expert witness work. As a partner at G-C Partners, Mr. Cowen provides expert witness and expert consulting services as well as litigation support and training. Mr. Cowen holds a B.S. in Computer Science from the University of Texas at Dallas.

About the Technical Editor

Keith Loyd , CISSP, CISA, worked for seven years in the banking industry where he developed technology solutions for stringent legislative business requirements. As part of his role, he was responsible for implementing and testing networking solutions, applications, hardened external- facing platforms, databases, and layered mechanisms for detecting intrusion. Now in the manufacturing industry, Keith primarily deals with vulnerability and quality testing new applications and projects, worldwide incident response, and civil investigations. He has a B.S. in Information Technology from Cappella University and an M.S. in Information Assurance from Norwich University. Keith founded and runs the North Texas Snort Users Group.

Acknowledgments

The authors would like to acknowledge the following people: The Uthgardt crew for providing dice- related support and pizza, Keith Jones and Brad Johnson for providing support, and the readers of the first and second editions for sharing such positive feedback (even about typos). Many thanks to the editorial and production staff, who were patient with changes and deadlines, especially Jane Brownlow , Jennifer Housh and Mark Karmendy .

Chris would like to thank Mike Shema for the opportunity to contribute to this project, Jane Brownlow for putting up with him, Jennifer Housh for being so helpful, his fellow authors, and his wife Sarah for all of her love and support.

Aaron would like to thank his parents and sister, along with those who have helped out along the way: Chris Sweeny , Chris Choler , Jennifer Puno , Neil Iscoe , Bill Catlett , Betsy Merrick , Jennifer Freeman , everyone at the University of Texas at Austin, and finally, his fellow authors.

David would like to thank Mike Shema for the opportunity, Jane Brownlow for not yelling, and his wife Mireya for understanding.