ANTI-HACKER TOOL KIT. ourth Edition

Transcription

1 ANTI-HACKER TOOL KIT i ' Mm. i m Fm ourth Edition m

2 CONTENTS Acknowledgments Introduction xvii xix The Best of the Basics 1 Managing Source Code and Working with Programming Languages 3 SCM Concepts 4 Git Working with Repositories 10 Working with Subversion 16 Mercurial 19 Subversion 20 Creating a Repository 20 Working with Repositories 21 Working with Revisions 22 Eclipse Integrated Developer Environment 25 Working with Source Control 25 Programming Languages 27 Common Terms 27 Security 28 C++ 29 Java 29 JavaScript 29 Perl 31 Python 32 Ruby im

3 X Anti-Hacker Tool Kit 2 Command-Line Environments 35 Unix Command Line 36 Pipes and Redirection 37 Command Cornucopia 42 BackTrack Linux 43 Configuration 44 Implementation 44 MacPorts 48 Getting Started 49 Installing and Managing Ports 51 Tweaking the Installation 54 Cygwin 55 Download and Installation 55 Implementation 58 The X Window System 65 Choosing a Window Manager 66 A Client/Server Model 66 How Remote X Servers and Clients Communicate 69 Securing X Hosts with Xhost and Xauth 69 Securing X Communications with Secure Shell 72 Other X Components 73 Now You Know 74 Windows PowerShell 75 Verb Your Nouns 76 Scripting and Signing 80 3 Virtual Machines and Emulators 83 Benefits of Virtualization 84 Oracle VirtualBox 87 Installing Guest Additions 89 Remote Access 92 VMware Player 93 Download and Installation 93 Configuration 93 Virtual PC 97 Configuration 97 Parallels 100 Installing Parallels Tools 100 Open Source Alternatives 102 Bochs 102 QEMU 104 KVM 104 Qubes 105 Vice 105 Wine 106 Xen Hypervisor 107

4 Contents Xi 9 Systems 4 Vulnerability Scanning 111 Overview of Vulnerability Scanning 112 Open Port/Service Identification 113 Banner/Version Check 114 Traffic Probe 114 Vulnerability Probe 115 Vulnerability Examples 116 OpenVAS 120 Installation 121 Implementation 125 Working with Vulnerability Standards 138 OpenVAS Summary 140 Metasploit 140 Getting Started 140 Hunting for Vulns 142 Compromising a System 144 More Resources File System Monitoring 159 File System Metadata 160 Windows File Metadata 162 File Integrity 164 AIDE 165 Installation 166 Implementation 166 Samhain 170 Tripwire 170 Implementation 171 Securing Your Files with Tripwire Windows Auditing 181 Evolution of Windows Security 182 Nbtstat 184 Implementation 184 Retrieving a MAC Address 187 Cain & Able 189 Implementation 189 Microsoft Baseline Security Analyzer 191 Using the MBSA Command-Line Interface 192 Implementation 192 PsTools 195 Implementation 196

5 Xfl Anti-Hacker Tool Kit O Networks 7 Netcat 217 Network Communication Basics 218 Netcat Implementation 219 Netcat's 101 Uses 225 Cryptcat 244 Neat 245 Compile for Windows 245 Options 246 Socat 247 Implementation Port Forwarding and Redirection 249 Understanding Port and Services 250 Secure Shell (SSH) 252 Datapipe 253 Implementation 254 FPipe 256 Implementation 256 WinRelay 258 Implementation Network Reconnaissance 269 Nmap 270 Implementation 271 Nmap Scripting Engine (NSE) 295 THC-Amap 296 Implementation 296 System. Tools 302 Whois 302 Host, Dig, and Nslookup 307 Traceroute 10 Network Sniffers and Injectors 315 Sniffers Overview Tcpdump and WinDump 318 Implementation 319 Wireshark 332 Implementation 332 Ettercap 341 Installation 341 Implementation 342 Potential for Disaster

6 Contents Xiti Hping 347 Implementation 347 Wireless Networks 356 Kismet 358 Implementation 358 Expanding Kismet's Capabilities 363 Aircrack-ng 365 Implementation Network Defenses 371 Firewalls and Packet Filters: The Basics 372 What Is a Firewall? 372 Packet Filter vs. Firewall 374 How a Firewall Protects a Network 375 Packet Characteristics to Filter 375 Stateless vs. Stateful Firewalls 377 Network Address Translation (NAT) and Port Forwarding 378 The Basics of Virtual Private Networks 381 Inside the Demilitarized Zones 382 Linux System Firewall 384 OS X System Firewall 385 Windows System Firewall 387 Snort: An Intrusion-Detection System 388 Installation and Implementation 389 Snort Plug-ins 397 So Much More War Dialers 401 ToneLoc 402 Implementation: Creating the tl.cfg File 403 Implementation: Running a Scan 407 Implementation: Navigating the ToneLoc Interface 409.dat File Techniques 409 THC-Scan 414 Implementation: Configuring THC-Scan 414 Implementation: Running THC-Scan 417 Implementation: Navigating THC-Scan 417 Implementation: Manipulating THC-Scan.dat Files 419 WarVOX 420 Inter-Asterisk Exchange 420 Installation 421 Implementation 422 Analysis 424 Beyond the CONNECT String 425

7 /fflpf s Anti-Hacker Tool Kit Applications 13 Binary Analysis 429 The Anatomy of a Computer Program 430 Determining a Binary File Type 433 Identifying Binary Obfuscation 434 Black Box Analysis 435 Creating a Sandboxed System 436 Finding Text Clues 436 Conducting Unix-based Run-time Analysis with lsof 438 Using a Sniffer to Examine Network Traffic 438 Identifying Unix-based System Calls 439 Obtaining Memory 441 Generating Assembly Instructions 442 Analyzing Run-time Binaries with Debuggers 445 Debugging Tools for Windows 445 OllyDbg 447 Interactive Disassembler (IDA) 449 GNU Debugger (GDB) Web Application Hacking 459 Scanning for Web Vulnerabilities 460 Nikto 461 HTTP Utilities 469 Curl 469 OpenSSL : 472 Stunnel 477 Application Inspection 482 Zed Attack Proxy 482 Sqlmap Password Cracking and Brute-Force Tools 497 We're Doomed 499 Alternate Deployment Schemes 501 Password OpSec 502 John the Ripper 503 Implementation 504 LOphtcrack 518 Hashcat 521 Grabbing Windows Password Hashes 522 Pwdump 522 Active Brute-Force Tools 523 THC-Hydra 525

8 Contents XV 9 Forensics 16 Basic Forensics 533 Data Collection 534 Drive Imaging 535 dd for Duplication 536 Forensic Tools 541 The Sleuth Kit 541 Autopsy 541 Security Onion 548 Learning More Privacy Tools 551 Improving Anonymity and Pri vacy Private Browsing Mode 553 Ghostery 554 The Onion Router (Tor) 558 Installation 560 Implementation 561 GnuPG 564 Installation 564 Implementation 565 Verify a Package 570 Disk Encryption 572 Off-the-Record (OTR) Messaging and Pidgin 573 Installation 574 Implementation 574 Index