Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2000 PhD Physics Certified Ethical Hacker Security+, Network+, a bunch of MCPs Working on my CCNA Big fan of Defcon, OWASP, 2600, HAKIN9, etc.
Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch
1: Footprinting 2: Scanning 3: Enumeration 4: Hacking Windows 5: Unix/Linux 6: Remote Connectivity and VoIP Hacking 7: Network Devices 8: Wireless Hacking 9: Hacking Hardware 10: Hacking Code 11: Web Hacking 12: Hacking the Internet User
Proj 2: HTTP Headers Proj 3: Hacking into a Kiosk Proj 4: Hacking into Kiosk2 Proj 5: Port Knocking Proj 6: SideJacking Gmail Proj 7: Password Recovery on Vista Proj 8: Firewalk Proj 9: Web Application Hacking: Hacme Travel Proj 10: Web Application Hacking: Hacme Bank Proj 11: Buffer Overflows with Damn Vulnerable Linux Proj 12: Nikto and Cross-Site Scripting (XSS)
Proj 14: USB PocketKnife Proj 15: Stealing Cookies with Persistent XSS Proj 16: VoIP Proj 17: Fuzzing X-Lite with VoIPER Proj 18: SIPVicious scanning 3CX and Asterix PBX Servers Proj 19: Capturing RAM Contents with Helix Proj X1: SideJacking Gmail on a Switched Network Proj X2: Automatic Pwn with Metasploit Proj X3: SSLstrip Proj X4: Cracking Cisco Passwords
samsclass.info
Click
CNIT 124
Everything
Chapter 1
Footprinting
Google Hacking
Find sensitive data about a company from Google Completely stealthyyou never send a single packet to the target (if you view the cache) To find passwords:
intitle:"Index of" passwd passwd.bak
Be The Bot
Footprinting
Gathering target information "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
Sun Tzu on the Art of War
Remote Access
(travelling employees)
Internet Presence
Intranet
Internet
Domain name Network blocks Specific IP addresses of systems reachable via the Internet TCP and UDP services running on each system identified System architecture (for example, Sparc vs. x 86) Access control mechanisms and related access control lists (ACLs) Intrusion-detection systems (IDSs) System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames
Intranet
Networking protocols in use (for example, IP, IPX, DecNET, and so on) Internal domain names Network blocks Specific IP addresses of systems reachable via the intranet TCP and UDP services running on each system identified System architecture (for example, SPARC vs. x 86) Access control mechanisms and related ACLs Intrusion-detection systems System enumeration (user and group names, system banners, routing tables, and SNMP information)
Remote access
Analog/digital telephone numbers Remote system type Authentication mechanisms VPNs and related protocols (IPSec and PPTP)
Extranet
Connection origination and destination Type of connection Access control mechanism
Internet Footprinting
Step 1: Determine the Scope of Your Activities Step 2: Get Proper Authorization Step 3: Publicly Available Information Step 4: WHOIS & DNS Enumeration Step 5: DNS Interrogation Step 6: Network Reconnaissance
Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
Resumes
iClicker Questions
A. B. C. D. E.
Altered monitor resolution Unusual Web browser Altered User-Agent The CNN server has been hacked Ad-blocking software
1 of 3
If we surf to http://whois.iana.org, we can search for the authoritative registry for all of .com
.com is managed by Verisign
Three steps:
Authoritative Registry for top-level domain Domain Registrar Finds the Registrant
They are not perfect. Sometimes you need to do the three-step process manually.
Tracert
NeoTrace
NeoTrace combines Tracert and Whois to make a visual map (link Ch 1z2)
iClicker Questions
Which technique gives you a complete list of hosts at a company with their IP addresses and names?
A. B. C. D. E.
Which technique gives you the name of the administrator who controls the DNS registration for a company?
A. B. C. D. E. IANA query Google search NSLOOKUP Zone Transfer Traceroute
2 of 3
Which technique shows the path your packets take to reach a companys server?
A. B. C. D. E. IANA query Google search NSLOOKUP Zone Transfer Traceroute
3 of 3