Index
A
access points, 109
connecting to, 239-248
securing, 258-259
access systems compromises, countermeasures for, 121
Active Directory, configuring, 259-260
ADS (Alternate Data Streams), 110
AFXRootkit 2005, 163
AirSnort, 237
Alternate Data Streams (ADS), 110
analyzing packet captures, 46-48
Angry IP Scanner, 42
anonymous e-mail, sending, 38-42
anti-phishing tools, 231
anti-virus software, 264
Netcat and, 53
updating, 261
ARP poisoning, 26
Ashe, Arthur, 179
attacking Web sites, 66-68
attacks
loud attacks
defined, 22
for viewing switched traffic, 25-28
online attacks, 206
on social networking sites, 211-212
capturing usernames and passwords, 224
countermeasures, 228-231
creating fake Web site, 213-216
creating MySpace page, 218-221
creating redirection Web site, 217-218
Facebook attacks, 227-228
posting from hacked account, 224-227
sending comment to MySpace page, 221-223
steps in, 212-213
Web-based attacks. See Web-based attacks
wireless access breaches, 233-235
access point connections, 239-248
finding database information, 256-257
Kerberos preauthentication attack, 248-254
password cracking, 254-256
reasons for, 238-239
wireless-sniffing tools, list of, 237-238
Auditor security collection, 241
authentication, Kerberos preauthentication attack, 248-254
automated attendants, tampering with medical records, 192
automatic scanning for viruses, 264
B
Backtrack, 142
backups, importance of, 263
Base64 decoder, 230
binding Trojans with executables, 32-37
biometrics, defeating, 199-201
counter measures to, 208
black hole filtering, 86
Blogger.com, redirection from, 217-218
booting into Windows with Knoppix, 201-204
bringing down an organization, corporate espionage, 107-110, 112-119
BulkFriendAdder, 219
C
cached information, retrieving, 230
CacheDump, 254-255
Cain & Abel, 249-253
CAPTCHA, 219
capturing usernames and passwords, 215, 224
CCV (credit card verification), 12
chained corporation exploits, 125-126
countermeasures, 174-176
executing hacks on, 166-167
exploit infrastructures, building DNS servers, 149-155
reconnaissance, 127-149
results of exploit, 172
rootkits, constructing, 167-172
social engineering attacks, 135-137
summary of exploit, 173-174
testing exploits, 156-164
changing passwords, 231
Cisco Security Agent (Cisco), 122
clicking links, cautions about, 229
comments, sending to MySpace page, 221-223
companies, chained corporations. See chained corporation exploits
competitive intelligence gathering. See corporate espionage
competitors, taking down Web sites, 55-57
approach to, 57-58
attacking, 66-68
gaining access to the site, 68-70
modifying the site, 80-83
test attacks, 60-66
testing the hack, 70-79
compromise of internal employees, countermeasures, 87
compromising PCs, 208-209
computer network security checklist, 261-265
configuring Active Directory, 259-260
connecting
to IP addresses, 43-45
to wireless access points, 239-248
copying Web sites for phishing scams, 29-32
key generation, 146
workspace setup, 144
Core Impact!, 144
bringing down an organization, 107-119
countermeasures
for data theft, 123
for operating system attacks, 123
for physical security breaches and access systems compromise, 121
for scanning attacks, 122
for social engineering, 122
executing hacks, 101-107
passive reconnaissance, 91
physical access, 96-101
reconnaissance, 92-96
summary of chained exploit, 120
corporate IT personnel, tampering with medical records, 188
Active Directory configuration, 259-260
anti-virus software updates, 261
chained corporations exploits, 174-176
compromising PCs, 208-209
computer network security checklist, 261-265
credit card exploits, 17-18
access to developer sites, 17
changing the default HTTP response headers, 17
for customers, 19
read-only websites, 18
removing stored procedures, 18
SQL Server, 17
web forms, 18
for data theft, 123
for DDoS attacks, via HTTP, 86
defeating biometrics, 208
for keylogger attacks, 176
lock picking, 208
for operating system attacks, 123
for packet capturing, 54
for phishing scams, 53
for physical security breaches and access systems compromises, 121
protecting against social engineering and piggybacking, 206, 208
for scanning attacks, 122
for social engineering, 122
for social networking site attacks, 228-231
for Trojans, 53
for wireless access breaches, 258-259, 265
IDS (intrusion detection system), 261
IPS (intrusion prevention system), 260
unauthorized Web site modification, 86-87
Web attacks
compromise of interal employees, 87
DDoS attacks via ICMP, 85
protecting company information, 85
to Wi-Fi attacks, 175
cracking passwords, RainbowCrack, 254-256
credit card databases, enumerating, 5-11
credit card exploits
countermeasures, 17-18
accessing developer sites, 17
changing default HTTP response headers, 17
for customers, 19
read-only Web sites, 18
removing stored procedures, 18
SQL Server, 17
web forms, 18
defacing company Web sites, 15-16
enumerating
company Web sites, 3-5
credit card databases, 5-11
selling credit card information on the underground market, 13-15
stealing credit card information from company Web sites, 11-12
credit card insurance, 19
credit card verification (CCV), 12
criminal medical identity theft, 180
cross-site request forgery (CSRF) attack, 227
Cryptcat, 53
CSA (Cisco Security Agent), 122
CSRF (cross-site request forgery) attack, 227
Cult of the Dead Cow, GoolagScan, 4
customers, countermeasures for credit card exploits, 19
cylinder locks, 197
D
data theft, countermeasures for, 123
database information, finding, 256-257
databases
credit card databases, enumerating, 5-11
MySQL databases, creating, 216
DDoS attacks
via HTTP, countermeasures, 86
via ICMP, countermeasures, 85
defacing Web sites, 15-16
defeating biometrics, 199-201
counter measures, 208
disaster recovery plans, 265
discovering IP addresses, 42-43
DNS, chained corporation attacks, 149
DNS configurations, accessing, 150
DNS servers, exploiting chained corporations, 149-155
downloading of software, online attacks, 206
dumpster diving, 207
E
e-mail, sending anonymous e-maill, 38-42
e-mail addresses, tampering with medical records, 189-190
e-mail attacks, 206
electronic medical records (EMR), 177
EliteC0ders, 53
EMR (electronic medical records), 177
encryption for wireless networks, 265
encryption flaws in WEP, 246
End User License Agreement (EULA), 207
entry points, tampering with medical records, 191
enumerating
company Web sites, credit card exploits, 3-5
credit card databases, 5-11
enumeration, 2
ESSID, obtaining, 241
ESSID-JACK, 241
EULA (End User License Agreement), 207
executables, installing, 32-37
executing hacks
against chained corporations, 166-167
corporate espionage, 101-102, 104-107
exploit infrastructures, building for exploits on chained corporations (DNS servers), 149-155
exploits, testing, 156-164
F
Facebook attacks, 227-228
countermeasures, 228-231
fact collecting, tampering with medical records, 185-187
fake MySpace Web site, creating, 213-216
Fearless Keylogger, 162
file headers in hexadecimal output, 51
financial medical identity theft, 180
finding database information, 256-257
fingerprint scanners, 200
Firefox 2.0, 231
firewalls, 261
four-way handshake (wireless access), 241-245
friends
adding to MySpace page, 219-221
requirements for, 230
G
gaining physical access, tampering with medical records, 195
booting into Windows with Knoppix, 201-204
defeating biometrics, 199-201
lock picking, 195-199
genpmk utility, 247
GoolagScan (Cult of the Dead Cow), 4
government benefit fraud, 180
reassembling, 48-51
removing request headers from, 49
gratuitous ARP messages, 26
H
hacked accounts, posting from, 224-227
Hacker Defender, 163
hacks, executing
agasint chained corporations, 166-167
in corporate espionage, 101-107
hashes, 136
Health Insurance Portability and Accountability Act (HIPPA), 108, 178
Help Desk, attacks, 207
hexadecimal output, file headers in, 51
HFS (Hierarchical File System), 110
hiding keyloggers, 169
Hierarchical File System (HFS), 110
HIPAA (Health Insurance Portability and Accountability Act), 108, 178
host-based intrusion detection software, 54
hours of operation, tampering with medical records, 187
HTTP (Hyper Text Transfer Protocol), 3
DDoS attacks via, countermeasures, 86
HTTP response, 3-4
HTTP response headers, changing default, 17
Hynes, Bill, 132
Hyper Text Transfer Protocol (HTTP), 3
I
ICMP, DDoS attacks via (countermeasures for), 85
identity theft, medical identity theft, 180
Identity Theft Resource Center (ITRC), 180
IDS (intrusion detection system), 261-262
installing
executables, 32-37
WinPcap, 45-46
instant messaging, attacks, 207
insurance, credit card insurance, 19
Internet connections, types of, 261
Internet presence, tampering with medical records, 184-185
intrusion detection system (IDS), 261-262
intrusion prevention system (IPS), 260-262
IP addresses
connecting to, 43-45
discovering, 42-43
IPS (intrusion prevention system), 260-262
IPS alerts, 54
iStumbler, 238
ITRC (Identity Theft Resource Center), 180
J-K
Jonas Software, 257
JPEG graphics. See graphics
Karlsson, Patrik, 237
Kerberos preauthentication attack, 248-254
Kershaw, Mike, 237
Kewitz, Steffen, 237
key generation, Core Impact, 146
keyloggers, 161-162
countermeasures for attacks, 176
hiding, 169
wrapping inside program files, 170
KisMAC, 237
Kismet, 237
Knoppix, booting into Windows, 201-202, 204
L
Lamo, Adrian, 264
Lauer, Michael, 237
legal issues, phishing site setup, 38
links, cautions about clicking, 229
lock picking, 195-199
counter measures, 208
logging user access logs, 263
defined, 22
for viewing switched traffic, 25-28
M
MAC flooding, 27-28
MAC spoofing, 26-27
MacStumbler, 237
mail.com, 38
marketing companies, tampering with medical records, 189
medical identity theft, 180
medical records, tampering with. See tampering with medical records
Microsoft vista, 147
Mitnick, Kevin, 181
modifying competitor Web sites, 80-83
Moser, Max, 237
msplinks.com, 229
Muench, Martin J., 237
MySpace attacks, 211-212
countermeasures, 228-231
steps in, 212-213
capturing usernames and passwords, 224
creating fake Web site, 213-216
creating MySpace page, 218-221
creating redirection Web site, 217-218
posting from hacked account, 224-227
sending comment to MySpace page, 221-223
MySpace page
creating, 218-221
sending comment to, 221-223
MySQL databases, creating, 216
N
names, tampering with medical records, 184
nbtscan, 249
Netcat, 29
anti-virus software and, 53
Netcraft Toolbar, 231
Netgear, 148
NetStumbler, 238
network security, checklist for, 261-265
Newman, Daniel P., 25
NewsRover, 13
Nmap, 103
noisy attacks, 22. See also loud attacks
O
offsite backups, 263
on-site backups, 263
online attacks, 206
operating system attacks, countermeasures for, 123
operating system security patches, 263
operating systems, tampering with medical records, 189
organizational charts, tampering with medical records, 191
OSQL
enumerating credit card databases, 7
parameters, 8
P
packet capturing, 43-45
analyzing packet captures, 46-48
countermeasures for, 54
installing WinPcap, 45-46
passive reconnaissance, corporate espionage, 91
password cracking, RainbowCrack, 254-256
passwords, 183
banking Web sites, 19
changing, 231
Netgear, 148
strong passwords, 230
system for, 262
patching operating systems, 263
PCMCIA (Personal Computer Memory Card International Association), 109
PCs, compromising, 208-209
Penetration Testing and Network Defense (Whitaker and Newman), 25
Personal Computer Memory Card International Association (PCMCIA), 109
phishing attacks, 206
phishing scams
anti-phishing tools, 231
countermeasures for, 53
defined, 24
setup for, 29-32
site setup for, 38
Photobucket, 222
phreaking, 13
physical access, corporate espionage, 96-101
physical security breaches, countermeasures for, 121
pick guns, 197
picking locks, 195-199
piggybacking
counter measures, 206-208
tampering with medical records, 181-182
automated attendants, 192
corporate IT personnel, 188
e-mail addresses and format, 189-190
entry points, 191
example of info that can be gathered, 192-195
fact collecting, 185-187
hours of operation, 187
Internet presence, 184-185
marketing companies, 189
names, 184
operating systems, 189
organizational charts, 191
outside vendors, 189
physical location of records room, 192
security/access control, 191
types of medical procedures, 187
types of software, 189
vacation schedules, 190
Web sites, 189
political causes, hacking for, 212
port scanning, 43
port security, 54
posting from hacked accounts, 224-227
private profiles on social networking sites, 229
private registrations, 214
program files, wrapping keyloggers in, 170
PromiScan, 54
promiscuous mode, 54
protecting
against piggybacking and social engineering, 206-208
company information, 85
protection. See countermeasures
PSK (Preshared Key), obtaining, 247
Q-R
Quizzi, 137
radio frequency identification (RFID), 93
RainbowCrack, 254-256
RAT (remote access Trojan), 137
read-only Web sites, countermeasures to credit card exploits, 18
reassembling graphics, 48-51
receptionists, 207
reconnaissance
chained corporations, 127-149
corporate espionage, 92-96
passive reconnaissance, 91
reconnaissance stage, 183
records room, tampering with medical records, 192
redirection Web site, creating, 217-218
remote access Trojan (RAT), 137
Remote Desktop connections, 106
request headers, removing from graphics, 49
requirements for friends (social networking), 230
rexploit command, 161
RF card scanners, 96
RFID (radio frequency identification), 93
rogue access points, 109
rootkits, 163
constructing, 167-172
S
scanning attacks, countermeasures for, 122
secondary attacks, 2
securing wireless access points, 258-259
security, tampering with medical records, 191
selling credit card information on the underground market, 13-15
sending
anonymous e-mail, 38-42
comments to MySpace page, 221-223
serialization, 216
sessions, 166
show exploits, 156
show run, 129
Snax, 237
Sniffers, 237. See also wireless-sniffing tools
social engineering
tampering with medical records, 181-182
automated attendants, 192
corporate IT personnel, 188
e-mail addresses and format, 189-190
entry points, 191
example of info that can be gathered, 192-195
fact collecting, 185-187
hours of operation, 187
Internet presence, 184-185
marketing companies, 189
names, 184
operating systems, 189
organizational charts, 191
outside vendors, 189
physical location of records room, 192
security/access control, 191
types of medical procedures, 187
types of software, 189
vacation schedules, 190
Web sites, 189
social engineering attacks on chained corporations, 135-137
social networking site attacks, 211-212
countermeasures, 228-231
Facebook attacks, 227-228
steps in, 212-213
capturing usernames and passwords, 224
creating fake Web site, 213-216
creating MySpace page, 218-221
creating redirection Web site, 217-218
posting from hacked account, 224-227
sending comment to MySpace page, 221-223
software, tampering with medical records, 189
Spamminimic, 13
SpiderFoot, 134
spoofed e-mail, sending, 38-42
spyware, 207
SQL (Structured Query Language), 5
enumerating credit card databases, 6-11
SQL Server, countermeasures for credit card exploits, 17
stealing credit card information from Web sites, 11-12
stored procedures, removing to protect against credit card exploits, 18
strong passwords, 230
Structured Query Language. See SQL
switched traffic, viewing, 21-25
analyzing packet captures, 46-48
connecting to IP addresses, 43-45
discovering IP addresses, 42-43
installing executables, 32-37
installing WinPcap, 45-46
loud attacks for, 25-28
phishing scam, 29-32
phishing site setup, 38
reassembling graphics, 48-51
sending anonymous e-mail, 38-42
switches, operational overview, 23-24
Sysinternals, 44
T
tampering with medical records
approach to, 179
gaining physical access, 195
booting into Windows with Knoppix, 201-204
defeating biometrics, 199-201
lock picking, 195-199
modifying personally identifiable information or protected medicatl information, 204-205
reconnaissance stage, 183
social engineering and piggybacking, 181-182
automated attendants, 192
corporate IT personnel, 188
e-mail addresses and format, 189-190
entry points, 191
example of info can be gathered, 192-195
fact collecting, 185-187
hours of operation, 187
Internet presence, 184-185
marketing companies, 189
names, 184
operating systems, 189
organizational charts, 191
outside vendors, 189
physical location of records room, 192
security/acess control, 191
types of medical procedures, 187
types of software, 189
vacation schedules, 190
Web sites, 189
telephones, 207
telephony hacking, 13
test attacks, taking down Web sites, 60-66
testing
computer network security, 262
disaster recovery plans, 265
exploits, against chained corporations, 156-164
TFTP servers, 44
traffic monitoring, 21-25
loud attacks for, 25-28
analyzing packet captures, 46-48
connecting to IP addresses, 43-45
discovering IP addresses, 42-43
installing executables, 32-37
installing WinPcap, 45-46
phishing scam, 29-32
phishing site setup, 38
reassembling graphics, 48-51
sending anonymous e-mail, 38-42
Trojans
binding with executables, 32-37
countermeasures for, 53
types of medical procedures, tampering with medical records, 187
U
unauthorized Web site modification, countermeasures, 86-87
underground markets, selling credit card information, 13-15
updating
anti-virus software, 261
virus definition files, 264
URLScan, 17
user access logs, 263
usernames, capturing, 215, 224
V
vacation schedules, tampering with medical records, 190
vendors, tampering with medical records, 189
viewing private profiles on social networking sites, 229
viewing switched traffic, 21-25
loud attacks for, 25-28
analyzing packet captures, 46-48
connecting to IP addresses, 43-45
discovering IP addresses, 42-43
installing executables, 32-37
installing WinPcap, 45-46
phishing scam, 29-32
phishing site setup, 38
reassembling graphics, 48-51
sending anonymous e-mail, 38-42
virus definition files, updating, 264
viruses, constructing, 115-117
Visual IQ, 131-132
VMware, 142
void11, 241
W
WaveStumbler, 237
Web attacks, countermeasures
compromise of internal employees, 87
DDoS attacks via ICMP, 85
protecting company information, 85
unauthorized Web site modification, 86-87
web forms, countermeasures for credit card exploits, 18
Web sites
copying for phishing scams, 29-32
defacing for credit card exploits, 15-16
enumerating company Web sites, credit card exploits, 3-5
phishing site setup, 38
stealing credit card information from, 11-12
taking down competitor sites, 55-57
approach to, 57-58
attacking, 66-68
gaining access to the site, 68-70
modifying the site, 80-83
test attack, 60-66
testing the hack, 70-79
tampering with medical records, 189
Web-based attacks, 59
attacking, 66-68
gaining access to the site, 68-70
modifying the site, 80-83
test attacks, 60-66
testing the hack, 70-79
encryption flaws in, 246
Whitaker, Andrew, 25
Wi-Fi attacks, countermeasures, 175
Windows Packet Capture library, installing, 45-46
Windows Scripting Host Virus Creation dialog, 115
Windows Scripting Host Worm Constructor dialog, 115
WinDump, 44-45
WinHex, 48
WinPcap, installing, 45-46
wireless access breaches, 233-235
reasons for, 238-239
access point connections, 239-248
finding database information, 256-257
Kerberos preauthentication attack, 248-254
password cracking, 254-256
wireless-sniffing tools, list of, 237-238
wireless access points, securing, 258-259
wireless LANs, number of, 238
wireless-sniffing tools, list of, 237-238
Wireshark, 47
workspace setup, Core Impact, 144
worms, 117
WPA, cracking, 245-247
WPA2, 265
wrapping keyloggers inside program files, 170
Wright, Joshua, 236
Wynette, Tammy, 179
X-Z
YAB (Yet Another Binder), 32
YouTube, 221