counter hack reloaded

Table of Contents

Preface Reloaded .............................................................................................................................................. 4

Preface from the First Edition ...................................................................................................................... 5

Acknowledgments ........................................................................................................................................ 7

About the Authors ............................................................................................................................................ 8

Chapter 1. Introduction .................................................................................................................................... 9

The Computer World and the Golden Age of Hacking .............................................................................. 10

Why This Book? .......................................................................................................................................... 11

The Threat: Never Underestimate Your Adversary .................................................................................... 14

The OSI Reference Model and Protocol Layering ..................................................................................... 29

How Does TCP/IP Fit In? ........................................................................................................................... 31

Understanding TCP/IP ............................................................................................................................... 34

Transmission Control Protocol (TCP) ........................................................................................................ 35

User Datagram Protocol (UDP) ................................................................................................................. 42

Internet Protocol (IP) and Internet Control Message Protocol (ICMP) ...................................................... 44

ICMP .......................................................................................................................................................... 50

Other Network-Level Issues ....................................................................................................................... 52

Don't Forget About the Data Link and Physical Layers! ............................................................................ 63

Security Solutions for the Internet .............................................................................................................. 71

Accounts and Groups ................................................................................................................................. 96

Linux and UNIX Permissions .................................................................................................................... 99

Linux and UNIX Trust Relationships ........................................................................................................104

Common Linux and UNIX Network Services ..........................................................................................107

Conclusion ................................................................................................................................................. 111

Summary ................................................................................................................................................... 111

Chapter 4. Windows NT/2000/XP/2003 Overview: Pretty Much Everything You Need to Know about

Windows to Follow the Rest of This Book ................................................................................................... 113

Introduction ............................................................................................................................................... 113

A Brief History of Time ............................................................................................................................ 114

Policies ......................................................................................................................................................131

Trust ..........................................................................................................................................................134

Auditing .....................................................................................................................................................135

Object Access Control and Permissions ....................................................................................................137

Network Security.......................................................................................................................................140

Windows 2000 and Beyond: Welcome to the New Millennium ...............................................................143

Conclusion .................................................................................................................................................155

Summary ...................................................................................................................................................156

Chapter 5. Phase 1: Reconnaissance .............................................................................................................159

Low-Technology Reconnaissance: Social Engineering, Caller ID Spoofing, Physical Break-In, and

Summary ...................................................................................................................................................203

Chapter 6. Phase 2: Scanning ........................................................................................................................205

War Driving: Finding Wireless Access Points ...........................................................................................205

War Dialing: Looking for Modems in All the Right Places ......................................................................215

Network Mapping .....................................................................................................................................223

Determining Open Ports Using Port Scanners ..........................................................................................229

Vulnerability-Scanning Tools ....................................................................................................................263

Intrusion Detection System and Intrusion Prevention System Evasion ....................................................274

Conclusion .................................................................................................................................................289

Summary ...................................................................................................................................................290

Exploiting Browser Flaws .........................................................................................................................369

Conclusion .................................................................................................................................................372

Summary ...................................................................................................................................................372

Chapter 8. Phase 3: Gaining Access Using Network Attacks ........................................................................374

Sniffing ......................................................................................................................................................374

IP Address Spoofing ..................................................................................................................................401

Session Hijacking ...................................................................................................................................... 411

Locally Exhausting Resources ..................................................................................................................439

Remotely Stopping Services .....................................................................................................................440

Remotely Exhausting Resources ...............................................................................................................444

Conclusion .................................................................................................................................................462

Summary ...................................................................................................................................................462

Chapter 10. Phase 4: Maintaining Access: Trojans, Backdoors, and Rootkits ... Oh My! ............................464

Trojan Horses ............................................................................................................................................464

Backdoors ..................................................................................................................................................465

When Attackers Collide ................................................................................................................................465

The Devious Duo: Backdoors Melded into Trojan Horses........................................................................469

Even Nastier: User-Mode Rootkits ...........................................................................................................499

Defending Against User-Mode Rootkits ...................................................................................................514

Nastiest: Kernel-Mode Rootkits ................................................................................................................517

Defending Against Kernel-Mode Rootkits ................................................................................................524

Honeypots: The Only Reason You Might Use Kernel-Mode Rootkit Techniques on Your Own System .....524

Conclusion .................................................................................................................................................530

Summary ...................................................................................................................................................530

Chapter 11. Phase 5: Covering Tracks and Hiding ........................................................................................531

Hiding Evidence by Altering Event Logs ..................................................................................................533

Defenses Against Log and Accounting File Attacks .................................................................................539

Conclusion .................................................................................................................................................567

Summary ...................................................................................................................................................567

Chapter 12. Putting It All Together: Anatomy of an Attack ..........................................................................568

Scenario 1: Crouching Wi-Fi, Hidden Dragon ..........................................................................................570

Scenario 2: Death of a Telecommuter .......................................................................................................580

Scenario 3: The Manchurian Contractor ...................................................................................................590

Conclusion .................................................................................................................................................602

Summary ...................................................................................................................................................612

Preface Reloaded

My flight had just landed. It was around midnight. The flight attendant announced that we

could turn on our cell phones. As soon as mine booted up, it started buzzing with a

cyberattacks to maximize their impact on countries that oppose their terrorist agenda.

The reporter wanted me to analyze the technical underpinnings of the manifesto, to

determine whether it was all smoke and mirrors, or a legitimate cause for concern.

I got to my hotel room and snagged a copy of the manifesto from my e-mail. The

document I read startled me. Although not technically deep, it was quite astute. Its author

emphasized that the terrorist group could enhance their stature and influence and cause

more terror to their enemies by undermining their economic well-being through the use of

computer attacks. After this really eerie "motivational" speech introduction, the manifesto

turned toward describing how different categories of attack could be used to achieve

terrorist goals. Although the author didn't include technical details, he did provide a huge

counterfeit cards, and begin selling them on the black market. My lawyer friend wanted

me to look over the details of the heist and explain in nontechnical jargon how the thief

was able to pull this off. I carefully reviewed the case, analyzing the bad guy's moves,

noting sadly that he had used some pretty standard attack techniques to perpetrate this

big-time crime.

Given those cases on back-to-back days, I just reread the preface to the original Counter

Hack book I wrote almost five years ago. Although it described a real-world attack

against an ISP, it still had a fun feeling to it. The biggest worry then was the defacement

of some Web sites and my buddy's boss getting mad, certainly cause for concern, but

not the end of the world. I was struck with how much things have changed in computer

Underscoring the problem, if you place an unpatched computer on the Internet today, it's

average survival time before being completely compromised is less than 20 minutes.

That time frame fluctuates a bit over the months, sometimes dropping to less than 10

and how to thwart them, they'll continue to have their way with our machines, resulting in

some major damage. They know how to attack, and are learning more all the time. We

defenders also must be equally if not better equipped. This new edition of Counter Hack

represents a massive update to the original book; a lot has happened in the last five

years in the evolution of computer attack technology. However, the book retains the

same format and goal: to describe the attacks in a step-by-step manner and to

demonstrate how to defend against each attack using time-tested, real-world techniques.

Oh, and one final note: Although the nature of the threat we face has gown far more

sinister, don't let that get you down in the dumps. A depressed or frightened attitude

might make you frustrated and less agile when dealing with attacks, lowering your

incredibly important to be diligent in the face of these evolving threats; don't get me

wrong. At the same time, we must strive to keep a positive attitude, fighting the good

fight, and making our systems more secure.

Preface from the First Edition

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 AM, New