没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Table of Contents
Preface Reloaded .............................................................................................................................................. 4
Preface from the First Edition ...................................................................................................................... 5
Acknowledgments ........................................................................................................................................ 7
About the Authors ............................................................................................................................................ 8
Chapter 1. Introduction .................................................................................................................................... 9
The Computer World and the Golden Age of Hacking .............................................................................. 10
Why This Book? .......................................................................................................................................... 11
The Threat: Never Underestimate Your Adversary .................................................................................... 14
A Note on Terminology and Iconography .................................................................................................. 19
Caveat: These Tools Could Hurt You ......................................................................................................... 21
Organization of Rest of the Book ............................................................................................................... 24
Summary .................................................................................................................................................... 27
Chapter 2. Networking Overview: Pretty Much Everything You Need to Know About Networking to Follow
the Rest of This Book ..................................................................................................................................... 28
The OSI Reference Model and Protocol Layering ..................................................................................... 29
How Does TCP/IP Fit In? ........................................................................................................................... 31
Understanding TCP/IP ............................................................................................................................... 34
Transmission Control Protocol (TCP) ........................................................................................................ 35
User Datagram Protocol (UDP) ................................................................................................................. 42
Internet Protocol (IP) and Internet Control Message Protocol (ICMP) ...................................................... 44
ICMP .......................................................................................................................................................... 50
Other Network-Level Issues ....................................................................................................................... 52
Don't Forget About the Data Link and Physical Layers! ............................................................................ 63
Security Solutions for the Internet .............................................................................................................. 71
Conclusion .................................................................................................................................................. 80
Summary .................................................................................................................................................... 81
Chapter 3. Linux and UNIX Overview: Pretty Much Everything You Need to Know About Linux and UNIX
to Follow the Rest of This Book .................................................................................................................... 83
Introduction ................................................................................................................................................ 83
Architecture ................................................................................................................................................ 86
Accounts and Groups ................................................................................................................................. 96
Linux and UNIX Permissions .................................................................................................................... 99
Linux and UNIX Trust Relationships ........................................................................................................104
Common Linux and UNIX Network Services ..........................................................................................107
Conclusion ................................................................................................................................................. 111
Summary ................................................................................................................................................... 111
Chapter 4. Windows NT/2000/XP/2003 Overview: Pretty Much Everything You Need to Know about
Windows to Follow the Rest of This Book ................................................................................................... 113
Introduction ............................................................................................................................................... 113
A Brief History of Time ............................................................................................................................ 114
The Underlying Windows Operating System Architecture ....................................................................... 118
How Windows Password Representations Are Derived ............................................................................121
Kernel Mode ..............................................................................................................................................122
From Service Packs and Hotfixes to Windows Update and Beyond .........................................................124
Accounts and Groups ................................................................................................................................125
Privilege Control .......................................................................................................................................129
Policies ......................................................................................................................................................131
Trust ..........................................................................................................................................................134
Auditing .....................................................................................................................................................135
Object Access Control and Permissions ....................................................................................................137
Network Security.......................................................................................................................................140
Windows 2000 and Beyond: Welcome to the New Millennium ...............................................................143
Conclusion .................................................................................................................................................155
Summary ...................................................................................................................................................156
Chapter 5. Phase 1: Reconnaissance .............................................................................................................159
Low-Technology Reconnaissance: Social Engineering, Caller ID Spoofing, Physical Break-In, and
Dumpster Diving .......................................................................................................................................159
Search the Fine Web (STFW) ....................................................................................................................168
Whois Databases: Treasure Chests of Information ...................................................................................182
The Domain Name System........................................................................................................................191
General-Purpose Reconnaissance Tools ....................................................................................................199
Conclusion .................................................................................................................................................203
Summary ...................................................................................................................................................203
Chapter 6. Phase 2: Scanning ........................................................................................................................205
War Driving: Finding Wireless Access Points ...........................................................................................205
War Dialing: Looking for Modems in All the Right Places ......................................................................215
Network Mapping .....................................................................................................................................223
Determining Open Ports Using Port Scanners ..........................................................................................229
Vulnerability-Scanning Tools ....................................................................................................................263
Intrusion Detection System and Intrusion Prevention System Evasion ....................................................274
Conclusion .................................................................................................................................................289
Summary ...................................................................................................................................................290
Chapter 7. Phase 3: Gaining Access Using Application and Operating System Attacks ...............................291
Script Kiddie Exploit Trolling ...................................................................................................................292
Pragmatism for More Sophisticated Attackers ..........................................................................................293
Buffer Overflow Exploits ..........................................................................................................................294
Password Attacks.......................................................................................................................................323
Web Application Attacks ...........................................................................................................................348
Exploiting Browser Flaws .........................................................................................................................369
Conclusion .................................................................................................................................................372
Summary ...................................................................................................................................................372
Chapter 8. Phase 3: Gaining Access Using Network Attacks ........................................................................374
Sniffing ......................................................................................................................................................374
IP Address Spoofing ..................................................................................................................................401
Session Hijacking ...................................................................................................................................... 411
Netcat: A General-Purpose Network Tool .................................................................................................419
Conclusion .................................................................................................................................................435
Summary ...................................................................................................................................................435
Chapter 9. Phase 3: Denial-of-Service Attacks .............................................................................................436
Locally Stopping Services .........................................................................................................................438
Locally Exhausting Resources ..................................................................................................................439
Remotely Stopping Services .....................................................................................................................440
Remotely Exhausting Resources ...............................................................................................................444
Conclusion .................................................................................................................................................462
Summary ...................................................................................................................................................462
Chapter 10. Phase 4: Maintaining Access: Trojans, Backdoors, and Rootkits ... Oh My! ............................464
Trojan Horses ............................................................................................................................................464
Backdoors ..................................................................................................................................................465
When Attackers Collide ................................................................................................................................465
The Devious Duo: Backdoors Melded into Trojan Horses........................................................................469
Nasty: Application-Level Trojan Horse Backdoor Tools ..........................................................................471
Also Nasty: The Rise of the Bots ..............................................................................................................482
Oh, By the Way, Don't Eat That Hot Dog! ....................................................................................................483
Beyond the Red Pill: Virtual Machine Escape ..............................................................................................488
Additional Nastiness: Spyware Everywhere! ............................................................................................491
Defenses Against Application-Level Trojan Horse Backdoors, Bots, and Spyware .................................493
Even Nastier: User-Mode Rootkits ...........................................................................................................499
Defending Against User-Mode Rootkits ...................................................................................................514
Nastiest: Kernel-Mode Rootkits ................................................................................................................517
Defending Against Kernel-Mode Rootkits ................................................................................................524
Honeypots: The Only Reason You Might Use Kernel-Mode Rootkit Techniques on Your Own System .....524
Conclusion .................................................................................................................................................530
Summary ...................................................................................................................................................530
Chapter 11. Phase 5: Covering Tracks and Hiding ........................................................................................531
Hiding Evidence by Altering Event Logs ..................................................................................................533
Defenses Against Log and Accounting File Attacks .................................................................................539
Creating Difficult-to-Find Files and Directories .......................................................................................543
Hiding Evidence on the Network: Covert Channels .................................................................................548
What Is TCP/CP? ..........................................................................................................................................550
On Discovering Problems, Being Ignored, and Then Recasting the Threat ..................................................556
Defenses Against Covert Channels ...........................................................................................................564
Further Fun and Mayhem with Steganography .............................................................................................565
Conclusion .................................................................................................................................................567
Summary ...................................................................................................................................................567
Chapter 12. Putting It All Together: Anatomy of an Attack ..........................................................................568
Scenario 1: Crouching Wi-Fi, Hidden Dragon ..........................................................................................570
Scenario 2: Death of a Telecommuter .......................................................................................................580
Scenario 3: The Manchurian Contractor ...................................................................................................590
Conclusion .................................................................................................................................................602
Summary ...................................................................................................................................................602
Chapter 13. The Future, References, and Conclusions ..................................................................................603
Where Are We Heading? ...........................................................................................................................603
Keeping Up to Speed .................................................................................................................................606
Final Thoughts ... Live Long and Prosper .................................................................................................612
Summary ...................................................................................................................................................612
Preface Reloaded
My flight had just landed. It was around midnight. The flight attendant announced that we
could turn on our cell phones. As soon as mine booted up, it started buzzing with a
frantic call from a newspaper reporter I had recently met. He quickly explained that he
had obtained a copy of a manifesto written by a terrorist who had launched some pretty
horrific attacks killing hundreds of innocent people a few months back. The reporter had
had the text professionally translated so he could get some folks to analyze it. In this
30-page document, this very evil guy was urging his followers to alter their tactics in their
struggle. To augment their physical terrorism, the plan was now to start including
cyberattacks to maximize their impact on countries that oppose their terrorist agenda.
The reporter wanted me to analyze the technical underpinnings of the manifesto, to
determine whether it was all smoke and mirrors, or a legitimate cause for concern.
I got to my hotel room and snagged a copy of the manifesto from my e-mail. The
document I read startled me. Although not technically deep, it was quite astute. Its author
emphasized that the terrorist group could enhance their stature and influence and cause
more terror to their enemies by undermining their economic well-being through the use of
computer attacks. After this really eerie "motivational" speech introduction, the manifesto
turned toward describing how different categories of attack could be used to achieve
terrorist goals. Although the author didn't include technical details, he did provide a huge
number of technical references on computer attacks, pressing his faithful followers to
study hard the technologies of the infidel so they could undermine them.
The following day I received an unrelated call, this time from a lawyer friend of mine. He
explained that a computer attacker had broken into the network of a company and stolen
over a million credit card numbers. Because the attacker had pilfered the entire magnetic
stripe data stored on the company's servers, the bad guy could create very convincing
counterfeit cards, and begin selling them on the black market. My lawyer friend wanted
me to look over the details of the heist and explain in nontechnical jargon how the thief
was able to pull this off. I carefully reviewed the case, analyzing the bad guy's moves,
noting sadly that he had used some pretty standard attack techniques to perpetrate this
big-time crime.
Given those cases on back-to-back days, I just reread the preface to the original Counter
Hack book I wrote almost five years ago. Although it described a real-world attack
against an ISP, it still had a fun feeling to it. The biggest worry then was the defacement
of some Web sites and my buddy's boss getting mad, certainly cause for concern, but
not the end of the world. I was struck with how much things have changed in computer
attacks, and not at all for the better. Five years back, we faced a threat, but it was often
manifested in leisurely attacks by kids looking to have some fun. We did face a hardened
criminal here and there, of course, but there was a certain whimsy to our work. Today,
with organized crime and, yes, even terrorists mastering their computer attack skills,
things have taken a turn for the dark and sinister. Sure, the technology has evolved, but
increasingly so has the nature of our threat.
Underscoring the problem, if you place an unpatched computer on the Internet today, it's
average survival time before being completely compromised is less than 20 minutes.
That time frame fluctuates a bit over the months, sometimes dropping to less than 10
minutes, and occasionally bumping up over 30 minutes when some particularly good
patches are released and quickly deployed. However, even the upper-end number is
disheartening. Given this highly aggressive threat, it's even more important now than
ever for computer professionals (system administrators, network administrators, and
security personnel) and even laymen to have knowledge of how the bad guys attack and
how to defend against each of their moves. If we don't understand the bad guys' tactics
and how to thwart them, they'll continue to have their way with our machines, resulting in
some major damage. They know how to attack, and are learning more all the time. We
defenders also must be equally if not better equipped. This new edition of Counter Hack
represents a massive update to the original book; a lot has happened in the last five
years in the evolution of computer attack technology. However, the book retains the
same format and goal: to describe the attacks in a step-by-step manner and to
demonstrate how to defend against each attack using time-tested, real-world techniques.
Oh, and one final note: Although the nature of the threat we face has gown far more
sinister, don't let that get you down in the dumps. A depressed or frightened attitude
might make you frustrated and less agile when dealing with attacks, lowering your
capabilities. If we are to be effective in defending our systems, we must keep in mind that
this information security work we all do is inherently interesting and even fun. It's
incredibly important to be diligent in the face of these evolving threats; don't get me
wrong. At the same time, we must strive to keep a positive attitude, fighting the good
fight, and making our systems more secure.
Preface from the First Edition
My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 AM, New
Year's Day. Needless to say, I hadn't gotten very much sleep that night.
I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a
security administrator for a medium-sized Internet Service Provider, and he frequently
called me with questions about a variety of security issues.
"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.
剩余612页未读,继续阅读
资源评论
- shan666bbb2015-06-09非常好用!!
- gsm072014-04-03很好的东西,是完整的!!
robinson111
- 粉丝: 10
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功