01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page v 01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page ii Hacking For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 Copyright © 2004 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: permcoordinator@ wiley.com. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. GENERAL DISCLAIMER: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WAR- RANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SER- VICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2004101971 ISBN: 0-7645-5784-X Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RV/QU/QU/IN 01 55784X FM.qxd 3/29/04 4:16 PM Page iii About the Author As founder and principal consultant of Principle Logic, LLC, Kevin Beaver has over 16 years of experience in IT and specializes in information security. Before starting his own information security services business, Kevin served in various information technology and security roles for several Fortune 500 corporations and a variety of consulting, e-commerce, and educational institutions. In addition to ethical hacking, his areas of information security expertise include network and wireless network security, e-mail and instant messaging security, and incident response Kevin is also author of the book The Definitive Guide to Email Management and Security by Realtimepublishers.com and co-author of the book The Practical Guide to HIPAA Privacy and Security Compliance by Auerbach Publications. In addition, he is technical editor of the book Network Security For Dummies by Wiley Publishing, and a contributing author and editor of the book Healthcare Information Systems, 2nd ed. by Auerbach Publications. Kevin is a regular columnist and information security expert advisor for SearchSecurity.com and SearchMobileComputing.com and is a Security Clinic Expert for ITsecurity.com. In addition, his information security work has been published in Information Security Magazine, HIMSS Journal of Healthcare Information Management, Advance for Health Information Executives as well as on SecurityFocus.com. Kevin is an information security instructor for the Southeast Cybercrime Institute and also frequently speaks on information security at various workshops and conferences around the U.S. including TechTarget’s Decisions conferences, CSI, and the Southeast Cybercrime Summit. Kevin is the founder and president of the Technology Association of Georgia’s Information Security Society and serves as an IT advisory board member for several universities and companies around the southeast. Kevin earned his bachelor’s degree in Computer Engineering Technology from Southern Poly- technic State University and his master’s degree in Management of Technology from Georgia Tech. He also holds CISSP, MCSE, Master CNE, and IT Project+ certifications. Kevin can be reached at [email protected]. 01 55784X FM.qxd 3/29/04 4:16 PM Page iv Dedication For Amy, Garrett, Master, and Murphy — through thick and thicker, we did it! I couldn’t have written this book without the tremendous inspiration each of you have given me. You all make the world a better place — thanks for being here for me. Author’s Acknowledgments First, I’d like to thank Melody Layne, my acquisitions editor at Wiley, for contacting me with this book idea, providing me this great opportunity, and for being so patient with me during the acquisitions, writing, and editing processes. Also, thanks to all the other members of the acquisitions team at Wiley who helped me shape my outline and initial chapter. I’d like to thank my project editor, Pat O’Brien, as well as Kim Darosett and the rest of the tireless editorial staff at Wiley for all of your hard work, patience, and great edits! Also, thanks to Terri Varveris for making the initial Dummies contact several years back in the Hungry Minds days and for introducing me to the team — you truly helped get this ball rolling. Major kudos go out to the security legend, Peter T. Davis, my technical editor. Your For Dummies experience and seemingly never-ending technical knowl- edge are a great asset to this book. I really appreciate your time and effort you’ve put forth, and I’m truly honored that you helped me on this project. I’d also like to thank Stuart McClure — the highly-talented security expert and phenomenal author — for writing the foreword. It’s funny how this book turned out and how you still ended up being involved! Just look at what you created instead — you should be proud. To Ira Winkler, Dr. Philippe Oechslin, David Rhoades, Laura Chappell, Matt Caldwell, Thomas Akin, Ed Skoudis, and Caleb Sima — thank you all for doing such a great job with the case studies in this book! They’re a perfect fit and each of you were true professionals and great to work with. I really appreciate your time and effort. 01 55784X FM.qxd 3/29/04 4:16 PM Page v I’d like to extend deep gratitude to Robert Dreyer — my favorite professor at Southern Poly — who piqued my technical interest in computer hardware and software and who taught me way more about computer bits and bytes than I thought I’d ever know. Also, thanks to my friend William Long — one of the smartest people I’ve ever known — for being the best computer and network mentor I could ever have. In addition, I’d like to thank John Cirami for show- ing me how to run that first DOS executable file off of that 5 1/4” floppy way back when and for helping me to get the ball rolling in my computer career. A well-deserved thanks also goes out to all my friends and colleagues — you know who you are — who helped provide feedback and advice about the title change. Finally, I’d like to thank Rik Emmett, Geoff Tate, Neil Peart, and all of their supporting band members for the awesome lyrics and melodies that inspired me to keep pushing forward with this book during the challenging times. 01 55784X FM.qxd 3/29/04 4:16 PM Page vi Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, and Production Media Development Project Coordinator: Maridee Ennis Project Editor: Pat O’Brien Layout and Graphics: Andrea Dahl, Acquisitions Editor: Melody Layne Denny Hager, Lynsey Osborn, Senior Copy Editor: Kim Darosett Heather Ryan, Jacque Schneider Technical Editor: Peter T. Davis Proofreaders: Carl W. Pierce, Brian H. Walls, TECHBOOKS Production Services Editorial Manager: Kevin Kirschner Indexer: TECHBOOKS Production Services Media Development Manager: Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant, www.the5thwave.com Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary C.