List of Figures

Chapter 3: Emulators

Figure 3-1: VMware startup screen

Figure 3-2: Configuration Editor

Figure 3-3: VMware boot-up screen

Figure 3-4: VMware-installing the OS

Figure 3-5: VMware-off and running

Figure 3-6: Linux running inside VMware

Figure 3-7: Choose packages to install-Category view

Figure 3-8: Choose packages to install-Full view

Figure 3-9: Windows under Cygwin

Chapter 4: Port Scanners

Figure 4-1: Nmap frontend

Figure 4-2: NetScanTools screen

Figure 4-3: NetScanner-find hosts that are alive

Figure 4-4: Port Scanner-find ports that are listening

Figure 4-5: TCP Term-talk with a service

Figure 4-6: NetScanTools Automated information gathering

Figure 4-7: SuperScan startup screen

Figure 4-8: Host and Service Discovery

Figure 4-9: Performing a scan

Figure 4-10: SuperScan report

Figure 4-11: WUPS sample screen

Chapter 6: Windows Enumeration Tools

Figure 6-1: Winfingerprint scan using the 'NT Domain' network type

Figure 6-2: MBSA graphical interface

Chapter 7: Web Hacking Tools

Figure 7-1: Default Stealth scan against a target

Figure 7-2: Scanning a range of IP addresses with Stealth

Figure 7-3: Enabling IDS evasion

Figure 7-4: Configuring a vulnerability check

Figure 7-5: Options for a vulnerability check

Figure 7-6: Adding custom checks to Stealth

Figure 7-7: Basic proxy settings for Achilles

Figure 7-8: WebSleuth in action

Figure 7-9: WebSleuth's new Intercept tab

Figure 7-10: WebSleuth's Spider tab

Figure 7-11: Paros tracks the directory structure of each web site

Figure 7-12: Apply filters to save specific data

Figure 7-13: Enable specific vulnerability scans

Figure 7-14: Trap and modify a URL request

Figure 7-15: Trap the HTTP Headers and Body of a request

Chapter 8: Password Cracking / Brute-Force Tools

Figure 8-1: Increasing password complexity

Chapter 10: Backdoors and Remote Access Tools

Figure 10-1: A victim machine listening

Figure 10-2: Use File/Directory to access files on the victim machine.

Figure 10-3: Sub7 opening screen

Figure 10-4: Managing files, Windows, and processes from the Miscellaneous folder

Figure 10-5: Having fun with the Fun Manager and Extra Fun folders

Figure 10-6: Loki and traffic captured with Ethereal

Figure 10-7: Stcpshell and traffic captured by Ethereal

Chapter 12: Combination System Auditing Tools

Figure 12-1: Nessus Plugins tab

Figure 12-2: Nessus vulnerability check information

Figure 12-3: Disabling dangerous Nessus plug-ins

Figure 12-4: Setting Nessus preferences

Figure 12-5: Nessus Scan Options tab

Figure 12-6: Nessus Target Selection tab

Figure 12-7: Nessus scan status

Figure 12-8: Nessus Report showing output results

Figure 12-9: Stat's interface

Figure 12-10: You can manually edit a configuration from this window.

Figure 12-11: Choose other scan options from the Options dialog box.

Figure 12-12: Selecting targets to scan

Figure 12-13: Results of the scan

Figure 12-14: Vulnerability information

Figure 12-15: STAT Executive Summary report

Figure 12-16: Retina main window

Figure 12-17: Retina scan results

Figure 12-18: The Policy Editor window

Figure 12-19: Viewing the policy by risk level

Figure 12-20: ISS scan results

Figure 12-21: Vulnerabilities found in the scan

Figure 12-22: Check out which services are running on this tab.

Figure 12-23: Accounts tab

Figure 12-24: Selecting a report type

Figure 12-25: Selecting report criteria

Figure 12-26: The Executive Vulnerability Report

Figure 12-27: Tripwire Manager main window

Figure 12-28: Editing policy files

Figure 12-29: Integrity check results

Chapter 13: Firewalls

Figure 13-1: Setting up outgoing filters

Figure 13-2: Setting up port forwards

Figure 13-3: SonicWALL Access List

Figure 13-4: SonicWALL One-to-One NAT

Chapter 14: Network Reconnaissance Tools

Figure 14-1: Traceroute diagram

Chapter 16: Sniffers

Figure 16-1: Ethereal display of a telnet-session dump file created by WinDump

Figure 16-2: Adding expressions to the filter using the Filter Expression dialog box

Figure 16-3: Following a TCP stream

Figure 16-4: Time/sequence number graph

Figure 16-5: Throughput graph

Figure 16-6: The Summary dialog box

Figure 16-7: Ettercap main screen

Figure 16-8: Ettercap list of connections

Chapter 17: Wireless Tools

Figure 17-1: Detecting wireless networks

Figure 17-2: Select a wireless adapter

Figure 17-3: Capture wireless traffic

Figure 17-4: Wellenreiter in action

Figure 17-5: Linux kismet_client

Figure 17-6: Cygwin kismet_client

Figure 17-7: Press i on a highlighted SSID to view information

Figure 17-8: Press i on a highlighted SSID to view information

Chapter 18: War Dialers

Figure 18-1: ToneLoc's configuration utility, tlcfg.exe

Figure 18-2: ToneLoc custom file locations

Figure 18-3: Modem commands

Figure 18-4: Modem options

Figure 18-5: ScanOptions menu options

Figure 18-6: ToneLoc in action

Figure 18-7: A sample ToneMap

Figure 18-8: Configuring THC-Scan

Figure 18-9: Modem configuration options

Figure 18-10: Modem responses

Figure 18-11: Logfiles

Chapter 20: Creating a Bootable Environment and Live Response Tool Kit

Figure 20-1: The System Event Log from Dumpel

Figure 20-2: The Application Event Log from Dumpel

Figure 20-3: The Security Event Log from Dumpel

Chapter 23: Tool Kits to Aid in Forensic Analysis

Figure 23-1: Enter the specific information about your case.

Figure 23-2: The Overview tab

Figure 23-3: Click the Graphics button to see any images from the system.

Figure 23-4: Notice how the user of this computer was apparently reading web sites about creating bombs.

Figure 23-5: The Explore tab

Figure 23-6: The devices loaded for examination

Figure 23-7: Graphic file discovery results

Figure 23-8: Timeline view

Figure 23-9: Search hits

Chapter 25: Generalized Editors and Viewers

Figure 25-1: The output of hexdump for suspiciousfile.bin

Figure 25-2: Frhed's suspiciousfile.bin representation

Figure 25-3: WinHex reading drive C:

Figure 25-4: Quick View's Explorer-like interface

Figure 25-5: Quick View's display pane

Figure 25-6: Quick View can display files in native format.

Figure 25-7: Quick View can display files such as hexdump.

Figure 25-8: The main screen of Midnight Commander

Figure 25-9: Midnight Commander's ability to view files

Figure 25-10: Midnight Commander can view files in hexadecimal mode.