Penetration Tester's Open Source Toolkit, Vol. 2

Chris Hurley

Penetration Tester's Open Source Toolkit

Volume 2

Aaron W. Bayles Technical Editor and Contributor
Keith Butler
Adair John Collins
Haroon Meer
Eoin Miller
Gareth Murray Phillips
Michael J. Schearer
Jesse Varsalone
Thomas Wilhelm
Mark Wolfgang
e-books shop
Penetration Tester's Open Source Toolkit, Vol. 2

Technical Editor andContributing Author

Aaron W. Bayles is an INFOSEC Principal in Houston, Texas. He has provided services
to clients with penetration testing, vulnerability assessment, risk assessments, and security
design/architecture for enterprise networks. He has over 12 years experience with
INFOSEC, with specifi c experience with wireless security, penetration testing, and
incident response. Aaron’s background includes work as a senior security engineer
with SAIC in Virginia and Texas. He is also the lead author of the Syngress book,
InfoSec Career Hacking, Sell your Skillz, Not Your Soul, as well as a contributing author
of the First Edition of Penetration Tester’s Open Source Toolkit.
Aaron has provided INFOSEC support and penetration testing for multiple agencies
in the U.S. Department of the Treasury, such as the Financial Management Service and
Securities and Exchange Commission, and the Department of Homeland Security, such
as U. S. Customs and Border Protection. He holds a Bachelor’s of Science degree in
Computer Science with post-graduate work in Embedded Linux Programming from
Sam Houston State University and is also a CISSP.
I would like to thank my family foremost, my mother and father, Lynda and Billy
Bayles, for supporting me and putting up with my many quirks. My wife Jennifer and
daughter Savannah are a never-ending source of comfort and joy that lift me up
whenever I need it, even if I don’t know it. The people who have helped me learn my
craft have been numerous, and I don’t have time to list them all. All of you from SHSU
Computer Services and Computer Science, Falcon Technologies, SAIC, the DC Metro
bunch, and Sentigy know who you are and how much you have helped me; you have
my most sincere thanks. I would also like to thank Johnny Long for providing assistance
during the writing and editing of this edition.

Contributing Authors

Keith Butler is a Senior Information Security Consultant in the
Washington D.C. area. Keith has extensive experience conducting
penetration tests and vulnerability assessments of enterprise networks,
wireless deployments, and transactional web applications for many diverse
commercial organizations as well as numerous civil and defense agencies
within the federal government.
Keith’s experiences also include managing roles during which time
he was responsible for building, mentoring, and managing a team of
junior-level security consultants, as well as for the operation of two
penetration testing laboratories located across the country.
Keith holds a bachelor of science in economics and is working
towards a master’s in computer science.
I would like to thank my wife Judy for her never-ending support
and for putting up with my ITsomnia. Thanks also to all of my family
and friends for your love and support. And to all of my colleagues who
have unselfi shly shared their knowledge, research, and tools with me and
the rest of the community.

Adair John Collins is a Principle Security Consultant in the
Washington D.C. Metro Area. Adair has over twelve years of experience
in the fi eld of information technology. He is a multiplatform tester with
expertise performing network, host, wireless, and web application
vulnerability assessments and penetration tests for commercial and
government clients. He has led and performed tests within a broad range
of environments, including Supervisory Control and Data Acquisition
(SCADA) and government classifi ed (SCI, Top Secret, and Secret)
networks. Adair has developed several highly successful penetration
testing methodologies and toolkits. He has identifi ed several previously
undiscovered critical vulnerabilities in a wide variety of commercial
products and applications. In addition, Adair has been a frequent speaker
at several security conferences.

Haroon Meer is the Technical Director of SensePost. He joined
SensePost in 2001 and has not slept since his early childhood. He has
played in most aspects of IT Security from development to deployment
and currently gets most of his kicks from reverse engineering, application
assessments, and similar forms of pain. Haroon has spoken and trained at
Black Hat, Defcon, Microsoft Tech-Ed, and other conferences. He loves
“Deels,” building new things, breaking new things, reading, deep
fi nd-outering, and making up new words. He dislikes sleep, pointless
red-tape, dishonest people, and watching cricket.
Eoin Miller has 8 years of experience in the information technology
industry. His security experience is rooted in his strong Windows and
UNIX system administration background. In recent years, his career
has been primarily focused upon performing product vulnerability
assessments for the Intelligence Community. Through the course of
his assessments, he has identifi ed hundreds of previously undiscovered
critical vulnerabilities in a wide variety of products and applications.
Eoin has reviewed many complex systems including highly customized
Windows and Linux based embedded operating systems. Eoin’s fi ndings
have led to the removal of systems that were deployed in war zones and
installed on sensitive government networks.

Gareth Murray Phillips is a senior security consultant with SensePost.
Gareth has been with SensePost for over fi ve years and is currently a
Senior Analyst on their leading special operations security assessment
team where he operates as an expert penetration tester and carries out
various research and development projects. He is also a member of
SensePost’s core training team and represents the company at a variety of
international security conferences.

Michael J. Schearer is an active-duty Naval Flight Offi cer and
Electronic Countermeasures Offi cer with the U.S. Navy. He fl ew combat
missions during Operations Enduring Freedom, Southern Watch, and
Iraqi Freedom. He later took his electronic warfare specialty to Iraq,
where he embedded on the ground with Army units to lead the counter-
IED fi ght. He currently serves as an instructor of Naval Science at the
Pennsylvania State University Naval Reserve Offi cer Training Corps
Unit, University Park, PA.
Michael is an active member of the Church of WiFi and has spoken
at Shmoocon, DEFCON, and Penn State’s Security Day, as well as other
forums. His work has been cited in Forbes, InfoWorld and Wired.
Michael is an alumnus of Bloomsburg University where he studied
Political Science and Georgetown University where he obtained his
degree in National Security Studies. While at Penn State, he is actively
involved in IT issues. He is a licensed amateur radio operator, moderator
of the Church of WiFi and Remote-Exploit Forums, and a regular on
the DEFCON and NetStumbler forums.

Jesse Varsalone (A+, Linux+, Net+, iNet+, Security+, Server+, CTT+,
CIW Professional, CWNA, CWSP, MCT, MCSA, MSCE 2000/2003,
MCSA/MCSE Security, MCSD, MCDBA, MCSD, CNA, CCNA,
MCDST, Oracle 8i/9i DBA, Certifi ed Ethical Hacker) is a computer
forensic senior professional at CSC. For four years, he served as the
director of the MCSE and Network Security Program at the Computer
Career Institute at Johns Hopkins University. For the 2006 academic
year, he served as an assistant professor of computer information systems
at Villa Julie College in Baltimore, Maryland. He taught courses in
networking, Active Directory, Exchange, Cisco, and forensics.
Jesse holds a bachelor’s degree from George Mason University and a
master’s degree from the University of South Florida. He runs several
Web sites, including mcsecoach.com, which is dedicated to helping
people obtain their MCSE certifi cation. He currently lives in Columbia,
Maryland, with his wife, Kim, and son, Mason.

Thomas Wilhelm has been in the IT industry since 1992, while
serving in the U.S. Army as a Signals Intelligence Analyst. After attending
both the Russian language course at the Defense Language Institute in
Monterey, CA, and the Air Force Cryptanalyst course in Texas, Thomas’
superiors – in their infi nite wisdom – assigned Thomas to provide
administrative support to their various computer and network systems on
various operating platforms, rather than focus on his skills as a SigInt
analyst and code breaker. However, this made Thomas a happy man, since
he was a computer geek at heart.

Mark Wolfgang (CISSP, RHCE) is a founding partner of the IT
services company SimIS, Inc, (http://www.simistech.com) where he
manages the Information Security business line. Along with managing
the company and business line, Mark leads teams of highly skilled
engineers performing penetration testing, vulnerability assessments,
Certifi cation and Accreditation, and other InfoSec related activities for
various clients nationwide. Prior to founding SimIS, Mark worked for
over 4 years as a contractor for the U.S. Department of Energy, leading
and performing penetration testing and vulnerability assessments at DOE
facilities nationwide. He has published several articles and whitepapers
and has twice spoken at the U.S. Department of Energy Computer
Security Conference. Mark remains very active in the U.S. Department
of Energy Information Security community, which drives his former
employer crazy, which he fi nds thoroughly amusing.
Prior to his job as a contractor for the U.S. DOE, he worked as a
Senior Information Security Consultant for several companies in the
Washington, DC area, performing penetration testing and vulnerability
assessments for a wide variety of organizations in numerous industries.
He spent eight years as an Operations Specialist in the U.S. Navy, of
which, four years, two months, and nine days were spent aboard the USS
DeWert, a guided missile frigate. After an honorable discharge from
the Navy, Mark designed and taught the RedHat Certifi ed Engineer
(RHCE) curriculum for Red Hat, the industry leader in Linux and open
source technology.
He holds a Bachelor of Science in Computer Information Systems
from Saint Leo University and is a member of the Delta Epsilon Sigma
National Scholastic Honor Society.


Table of Contents

Chapter 1 Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
A Methodology for Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Intelligence Gathering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Verifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Core Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Intelligence Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Search Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
WHOIS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
RWHOIS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Domain Name Registries and Registrars . . . . . . . . . . . . . . . . . . . . . . . . .35
Web Site Copiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Social Networking Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Verifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Virtual Hosting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
IP Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
The Regional Internet Registries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Intelligence Gathering Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Linux/UNIX Command-Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Open Source Windows Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Footprinting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Linux/UNIX Console Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Open Source Windows Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Verifi cation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Linux/UNIX Console Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Case Study: The Tools in Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Intelligence Gathering, Footprinting, and Verifi cation of an
Internet-Connected Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Verifi cation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Chapter 2 Enumeration and Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Why Do This?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Notes and Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Active versus Passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Moving On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Core Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
How Scanning Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Port Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Going behind the Scenes with Enumeration . . . . . . . . . . . . . . . . . . . . . . . .107
Service Identifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
RPC Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Fingerprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Being Loud, Quiet, and All That Lies Between . . . . . . . . . . . . . . . . . . . . . .109
Timing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Bandwidth Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Unusual Packet Formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Nmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Netenum: Ping Sweep. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Unicornscan: Port Scan and Fuzzing . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Scanrand: Port Scan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Nmap: Banner Grabbing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Netcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
P0f: Passive OS Fingerprinting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Xprobe2: OS Fingerprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Httprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Ike-scan: VPN Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Amap: Application Version Detection . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Windows Enumeration: Smbgetserverinfo/smbdumpusers/smbclient . . . .131
Nbtscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Smb-nat: Windows/Samba SMB Session Brute Force . . . . . . . . . . . . . . .134
Case Studies: The Tools in Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
External . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Internal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Stealthy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Noisy (IDS) Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Chapter 3 Hacking Database Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Core Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Database Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Default Users and New Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Roles and Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Technical Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Case Studies: Using Open Source and Closed Source Tools . . . . . . . . . . . . . . . .164
Microsoft SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Discovering Microsoft SQL Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Identifying Vulnerable Microsoft SQL Server Services . . . . . . . . . . . . . . .168
Attacking Microsoft SQL Server Authentication . . . . . . . . . . . . . . . . . . .174
Microsoft SQL Server Password Creation Guidelines . . . . . . . . . . . . . . .175
Microsoft SQL Default Usernames and Passwords . . . . . . . . . . . . . . . . .175
Creating Username and Dictionary Files . . . . . . . . . . . . . . . . . . . . . . . .177
SQL Auditing Tools (SQLAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Obtaining and Cracking Microsoft SQL Server Password Hashes . . . . . .179
Analyzing the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Obtaining Access to the Host Operating System. . . . . . . . . . . . . . . . . . .186
SQLAT: SQLExec (Sqlquery), TFTP, and fgdump.exe . . . . . . . . . . . . . . .189
Oracle Database Management System. . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Identifying and Enumerating Oracle Database with Nmap . . . . . . . . . . .193
Penetration Testing Oracle Services with BackTrack . . . . . . . . . . . . . . . .200
Cracking Oracle Database Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
Privilege Escalation in Oracle from TNS Listener, No Password . . . . . . .214
SQL Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
Shell Usage and History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
Arguments Viewable by All Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
History and Trace Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Chapter 4 Web Server and Web Application Testing . . . . . . . . . . . . . . . . 221
Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Web Server Vulnerabilities: A Short History. . . . . . . . . . . . . . . . . . . . . . . . .222
Web Applications: The New Challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Chapter Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Web Server Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
CGI and Default Pages Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Web Application Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Core Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Web Server Exploit Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
What Are We Talking About?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
CGI and Default Page Exploitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Web Application Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Information Gathering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
File System and Directory Traversal Attacks . . . . . . . . . . . . . . . . . . . . . .235
Command Execution Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Database Query Injection Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Cross-site Scripting Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
Impersonation Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
Parameter Passing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Intelligence Gathering Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Scanning Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274
Exploitation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Metasploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
SQL Injection Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Case Studies: The Tools in Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Web Server Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
CGI and Default Page Exploitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Web Application Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Chapter 5 Wireless Penetration Testing Using BackTrack 2 . . . . . . . . . . . 323
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Understanding WLAN Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Evolution of WLAN Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326
Core Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
WLAN Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
Choosing the Right Antenna. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330
WLAN Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
No Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
Wired Equivalent Privacy (WEP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Wi-Fi Protected Access (WPA/WPA2) . . . . . . . . . . . . . . . . . . . . . . . . .332
Extensible Authentication Protocol (EAP) . . . . . . . . . . . . . . . . . . . . . . .332
Virtual Private Network (VPN). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
WLAN Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
Attacks against WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
Attacks against WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Attacks against LEAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Attacks against VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336
Information Gathering Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336
Google (Internet Search Engines) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
WiGLE.net (Work Smarter, Not Harder) . . . . . . . . . . . . . . . . . . . . . . . .337
Usenet Newsgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Scanning Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
Kismet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
Footprinting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342
Enumeration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Vulnerability Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344
Exploitation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346
MAC Address Spoofi ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Deauthentication with Aireplay-ng . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Cracking WEP with the Aircrack-ng Suite . . . . . . . . . . . . . . . . . . . . . . .349
Cracking WPA with CoWPAtty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359
Bluetooth Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362
Bluetooth Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363
Exploiting Bluetooth Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . .364
The Future of Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Case Study: Cracking WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Case Study: Cracking WPA-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368
Case Study: Exploiting Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Chapter 6 Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Core Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
Footprinting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
Nmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378
ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
ike-scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380
Scanning Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Nmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
ASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Cisco Torch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387
Enumeration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Finger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Vulnerability Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390
Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390
Exploitation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
onesixtyone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
Hydra. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
TFTP Brute Force . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
Cisco Global Exploiter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395
Internet Routing Protocol Attack
Suite (IRPAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397
Ettercap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Case Study: The Tools in Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400
Obtaining a Router Confi guration by Brute Force . . . . . . . . . . . . . . . . . . .401
Where to Go from Here? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408
Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409
Common and Default Vendor Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . .412
Modifi cation of cge.pl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413
Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414
Chapter 7 Customizing BackTrack 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Module Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Locating Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416
Converting Modules from Different Formats . . . . . . . . . . . . . . . . . . . . . . .418
Creating a Module from Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419
Adding Modules to Your BackTrack Live CD or HD Installation. . . . . . . . .419
Hard Drive Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421
Basic Hard Drive Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421
Dual Boot Installation (Windows XP and BackTrack) . . . . . . . . . . . . . . . . .423
Other Confi gurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426
USB Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
USB Thumb Drive Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426
The Easiest Way to Install BackTrack to a
USB Thumb Drive Using Windows . . . . . . . . . . . . . . . . . . . . . . . . .427
Alternative Directions to Install BackTrack on a
USB Thumb Drive Using Windows . . . . . . . . . . . . . . . . . . . . . . . . .429
Installing BackTrack on a USB Thumb Drive Using Linux. . . . . . . . . . .433
Saving a USB Confi guration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Directions to Save Your Changes on Your BackTrack USB Thumb Drive . . . . .434
Directions to Save Your New Changes (and Keep Your Old Ones)
on Your BackTrack USB Thumb Drive . . . . . . . . . . . . . . . . . . . . . . .435
Directions to Write a Script to Save Your New Changes (and Keep
Your Old Ones) on Your BackTrack USB Thumb Drive . . . . . . . . . .435
External USB Hard Drive Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Installing Additional Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Updating Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Installing aircrack-ptw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445
Installing Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446
Installing Metasploit Framework 3.0 GUI. . . . . . . . . . . . . . . . . . . . . . . . . .449
Installing VMWare Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450
Installing Java for Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .451
Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .451
Quick Reference to Other Customizations. . . . . . . . . . . . . . . . . . . . . . . . .452
Remote-Exploit Forums and BackTrack Wiki. . . . . . . . . . . . . . . . . . . . . . .452
Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453
Chapter 8 Forensic Discovery and Analysis Using Backtrack . . . . . . . . . . 455
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Digital Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Acquiring Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458
Linux dd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460
Linux dcfl dd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
dd_rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473
Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .474
Autopsy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475
mboxgrep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .478
memfetch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480
Memfetch Find . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483
pasco. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485
Rootkit Hunter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487
The Sleuth Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489
The Sleuth Kit Continued: Allin1 for
The Sleuth Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494
Vinetto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .498
File Carving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500
Foremost. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503
Magicrescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504
Case Studies: Digital Forensics with the Backtrack Distribution. . . . . . . . . . . . .507
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518
Chapter 9 Building Penetration Test Labs. . . . . . . . . . . . . . . . . . . . . . . . . . 519
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
Setting Up a Penetration Test Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
Safety First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
Isolating the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521
Concealing the Network Confi guration. . . . . . . . . . . . . . . . . . . . . . . . .522
Securing Install Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523
Transferring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525
Labeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526
Destruction and Sanitization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526
Reports of Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527
Final Word on Safety. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529
Types of Pen-Test Labs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529
The Virtual Pen-Test Lab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529
The Internal Pen-Test Lab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530
The External Pen-Test Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531
The Project-Specifi c Pen-Test Lab. . . . . . . . . . . . . . . . . . . . . . . . . . . . .532
The Ad Hoc Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532
Selecting the Right Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533
Focus on the “Most Common” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533
Use What Your Clients Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534
Dual-Use Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534
Selecting the Right Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535
Commercial Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .536
Running Your Lab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Managing the Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537
Team “Champion” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537
Project Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537
Training and Cross-Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .538
Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539
Selecting a Pen-Test Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540
OSSTMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540
NIST SP 800-42. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541
ISSAF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .542
Targets in the Penetration Test Lab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Foundstone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543
De-ICE.net. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .544
What Is a LiveCD? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .544
Advantages of Pen-test LiveCDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545
Disadvantages of Pen-test LiveCDs . . . . . . . . . . . . . . . . . . . . . . . . . . . .545
Building a LiveCD Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546
Diffi culty Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546
Real-World Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547
Creating a Background Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548
Adding Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548
Final Comments on LiveCDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549
Using a LiveCD in a Penetration Test Lab. . . . . . . . . . . . . . . . . . . . . . . . . .549
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549
Network Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550
Other Scenario Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553
Old Operating System Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . .553
Vulnerable Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554
Capture the Flag Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554
What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555
Forensics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555
Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559


Screenshot

e-books shop

Purchase Now !
Just with Paypal



Product details
 Price
 2.00 USD
 Pages
 588 p
 File Size
 27,705 KB
 File Type
 PDF format
 ISBN 13
 978-1-59749-213-3 
 Copyright
 2007 by Elsevier, Inc
  ●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●

═════ ═════

Loading...
DMCA.com Protection Status