Security Power Tools.Pdf

Security Power Tools.Pdf

www.dbebooks.com - Free Books & magazines SECURITY POWER TOOLS ® Other computer security resources from O’Reilly Related titles Security Warrior SSH, The Secure Shell: The Snort Cookbook™ Definitive Guide Practical Unix and Internet TCP/IP Network Security Administration Essential System Network Security Hacks™ Administration Security Books security.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center security and related technologies, including sample chapters and code examples. oreillynet.com is the essential portal for developers interested in open and emerging technologies, including new platforms, pro- gramming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. SECURITY POWER TOOLS ® Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, and Philippe Biondi Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Security Power Tools® by Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, and Philippe Biondi Copyright © 2007 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editors: Mike Loukides and Colleen Gorman Indexer: Lucie Haskins Production Editor: Mary Brady Cover Designer: Mike Kohnke Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Mary Brady Illustrators: Robert Romano and Jessamyn Read Printing History: August 2007:First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Security Power Tools, the image of a rotary hammer, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This book uses RepKover™, a durable and flexible lay-flat binding. ISBN-10: 0-596-00963-1 ISBN-13: 978-0-596-00963-2 [C] Table of Contents Foreword . xiii Credits . xvii Preface . xxi Part I Legal and Ethics 1. Legal and Ethics Issues . 3 1.1 Core Issues 4 1.2 Computer Trespass Laws: No “Hacking” Allowed 7 1.3 Reverse Engineering 13 1.4 Vulnerability Reporting 22 1.5 What to Do from Now On 26 Part II Reconnaissance 2. Network Scanning . 31 2.1 How Scanners Work 31 2.2 Superuser Privileges 33 2.3 Three Network Scanners to Consider 34 2.4 Host Discovery 34 2.5 Port Scanning 37 2.6 Specifying Custom Ports 39 2.7 Specifying Targets to Scan 40 2.8 Different Scan Types 42 v 2.9 Tuning the Scan Speed 45 2.10 Application Fingerprinting 49 2.11 Operating System Detection 49 2.12 Saving Nmap Output 51 2.13 Resuming Nmap Scans 51 2.14 Avoiding Detection 52 2.15 Conclusion 54 3. Vulnerability Scanning . 55 3.1 Nessus 55 3.2 Nikto 72 3.3 WebInspect 76 4. LAN Reconnaissance . 86 4.1 Mapping the LAN 87 4.2 Using ettercap and arpspoof on a Switched Network 88 4.3 Dealing with Static ARP Tables 92 4.4 Getting Information from the LAN 94 4.5 Manipulating Packet Data 98 5. Wireless Reconnaissance . 101 5.1 Get the Right Wardriving Gear 101 5.2 802.11 Network Basics 102 5.3 802.11 Frames 103 5.4 How Wireless Discovery Tools Work 105 5.5 Netstumbler 105 5.6 Kismet at a Glance 107 5.7 Using Kismet 110 5.8 Sorting the Kismet Network List 112 5.9 Using Network Groups with Kismet 112 5.10 Using Kismet to Find Networks by Probe Requests 113 5.11 Kismet GPS Support Using gpsd 113 5.12 Looking Closer at Traffic with Kismet 114 5.13 Capturing Packets and Decrypting Traffic with Kismet 116 5.14 Wireshark at a Glance 117 5.15 Using Wireshark 119 5.16 AirDefense Mobile 122 5.17 AirMagnet Analyzers 126 5.18 Other Wardriving Tools 129 vi Table of Contents 6. Custom Packet Generation . 130 6.1 Why Create Custom Packets? 130 6.2 Hping 132 6.3 Scapy 136 6.4 Packet-Crafting Examples with Scapy 163 6.5 Packet Mangling with Netfilter 183 6.6 References 189 Part III Penetration 7. Metasploit . 193 7.1 Metasploit Interfaces 194 7.2 Updating Metasploit 200 7.3 Choosing an Exploit 200 7.4 Choosing a Payload 202 7.5 Setting Options 206 7.6 Running an Exploit 209 7.7 Managing Sessions and Jobs 212 7.8 The Meterpreter 215 7.9 Security Device Evasion 219 7.10 Sample Evasion Output 220 7.11 Evasion Using NOPs and Encoders 221 7.12 In Conclusion 224 8. Wireless Penetration . 225 8.1 WEP and WPA Encryption 225 8.2 Aircrack 226 8.3 Installing Aircrack-ng 227 8.4 Running Aircrack-ng 229 8.5 Airpwn 231 8.6 Basic Airpwn Usage 231 8.7 Airpwn Configuration Files 235 8.8 Using Airpwn on WEP-Encrypted Networks 236 8.9 Scripting with Airpwn 237 8.10 Karma 238 8.11 Conclusion 241 Table of Contents vii 9. Exploitation Framework Applications . 242 9.1 Task Overview 242 9.2 Core Impact Overview 244 9.3 Network Reconnaissance with Core Impact 246 9.4 Core Impact Exploit Search Engine 247 9.5 Running an Exploit 249 9.6 Running Macros 250 9.7 Bouncing Off an Installed Agent 253 9.8 Enabling an Agent to Survive a Reboot 253 9.9 Mass Scale Exploitation 254 9.10 Writing Modules for Core Impact 255 9.11 The Canvas Exploit Framework 258 9.12 Porting Exploits Within Canvas 260 9.13 Using Canvas from the Command Line 261 9.14 Digging Deeper with Canvas 262 9.15 Advanced Exploitation with MOSDEF 262 9.16 Writing Exploits for Canvas 264 9.17 Exploiting Alternative Tools 267 10. Custom Exploitation . 268 10.1 Understanding Vulnerabilities 269 10.2 Analyzing Shellcode 275 10.3 Testing Shellcode 279 10.4 Creating Shellcode 285 10.5 Disguising Shellcode 302 10.6 Execution Flow Hijacking 306 10.7 References 320 Part IV Control 11. Backdoors . 323 11.1 Choosing a Backdoor 324 11.2 VNC 325 11.3 Creating and Packaging a VNC Backdoor 327 11.4 Connecting to and Removing the VNC Backdoor 332 11.5 Back Orifice 2000 334 11.6 Configuring a BO2k Server 335 11.7 Configuring a BO2k Client 340 viii Table of Contents 11.8 Adding New Servers to the BO2k Workspace 342 11.9 Using the BO2k Backdoor 343 11.10 BO2k Powertools 345 11.11 Encryption for BO2k Communications 355 11.12 Concealing the BO2k Protocol 356 11.13 Removing BO2k 358 11.14 A Few Unix Backdoors 359 12. Rootkits . 363 12.1 Windows Rootkit: Hacker Defender 363 12.2 Linux Rootkit: Adore-ng 366 12.3 Detecting Rootkits Techniques 368 12.4 Windows Rootkit Detectors 371 12.5 Linux Rootkit Detectors 376 12.6 Cleaning an Infected System 380 12.7 The Future of Rootkits 381 Part V Defense 13. Proactive Defense: Firewalls . 385 13.1 Firewall Basics 385 13.2 Network Address Translation 389 13.3 Securing BSD Systems with ipfw/natd 391 13.4 Securing GNU/Linux Systems with netfilter/iptables 401 13.5 Securing Windows Systems with Windows Firewall/Internet Connection Sharing 412 13.6 Verifying Your Coverage 417 14. Host Hardening . 421 14.1 Controlling Services 422 14.2 Turning Off What You Do Not Need 423 14.3 Limiting Access 424 14.4 Limiting Damage 430 14.5 Bastille Linux 436 14.6 SELinux 438 14.7 Password Cracking 444 14.8 Chrooting 448 14.9 Sandboxing with OS Virtualization 449 Table of Contents ix 15. Securing Communications . 455 15.1 The SSH-2 Protocol 456 15.2 SSH Configuration 459 15.3 SSH Authentication 465 15.4 SSH Shortcomings 471 15.5 SSH Troubleshooting 476 15.6 Remote File Access with SSH 480 15.7 SSH Advanced Use 483 15.8 Using SSH Under Windows 489 15.9 File and Email Signing and Encryption 494 15.10 GPG 495 15.11 Create Your GPG Keys 499 15.12 Encryption and Signature with GPG 507 15.13 PGP Versus GPG Compatibility 509 15.14 Encryption and Signature with S/MIME 510 15.15 Stunnel 513 15.16 Disk Encryption 520 15.17 Windows Filesystem Encryption with PGP Disk 521 15.18 Linux Filesystem Encryption with LUKS 522 15.19 Conclusion 524 16.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    858 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us