Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
Breaking Into Computer Networks From the Internet

Breaking Into Computer Networks From the Internet

Ratings: (0)|Views: 525|Likes:
Published by api-3745308

More info:

Published by: api-3745308 on Oct 18, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

Breaking into computer
networks from the Internet.
roelof@sensepost.com

2000/12/31 First run
2001/07/01 Updated a bit
2001/09/20 Added Trojans

\u00a9 2000,2001 Roelof Temmingh & SensePost (Pty) Ltd
\ue000
-\ue0001\ue000-\ue000\ue000\ue000\ue000\ue000Breaking\ue000into\ue000computer\ue000networks\ue000from\ue000the\ue000Internet\ue000[Roelof\ue000Temmingh\ue000&\ue000SensePost]\ue000

Chapter 0: What is this document about anyway?......................................................... 4
Chapter 1: Setting the stage. .......................................................................................... 5
Permanent connection (leased line, cable, fiber)....................................................... 6
Dial-up....................................................................................................................... 6
Mobile (GSM) dial-up............................................................................................... 6
How to........................................................................................................................ 7
Using the 'net............................................................................................................. 8
Other techniques........................................................................................................ 9
Chapter 2: Mapping your target................................................................................... 10
Websites, MX records\u2026DNS!................................................................................ 10
RIPE, ARIN, APNIC and friends............................................................................ 13
Routed or not?.......................................................................................................... 16
Traceroute & world domination............................................................................... 16
Reverse DNS entries................................................................................................ 17
Summary.................................................................................................................. 18
Chapter 3: Alive & kicking ?....................................................................................... 24
Unrouted nets, NAT................................................................................................. 24
Ping - ICMP............................................................................................................. 25
Ping -TCP (no service, wrappers, filters)................................................................. 26
Method1 (against stateful inspection FWs)......................................................... 26
Method2 (against stateless Firewalls).................................................................. 29
Summary.................................................................................................................. 30
Before we go on....................................................................................................... 30
Chapter 4 : Loading the weapons................................................................................. 30
General scanners vs. custom tools........................................................................... 31
The hacker's view on it (quick kill example)........................................................... 31
Hacker's view (no kill at all).................................................................................... 34
Chapter 5: Fire!............................................................................................................ 36
Telnet (23 TCP)....................................................................................................... 36
HTTP (80 TCP)........................................................................................................ 38
HTTPS (SSL2) (443 TCP)....................................................................................... 40
HTTPS (SSL3) (443 TCP)....................................................................................... 41
HTTP + Basic authentication................................................................................... 43
Data mining.............................................................................................................. 44
Web based authentication. ....................................................................................... 45
Tricks................................................................................................................... 47
ELZA & Brutus.................................................................................................... 48
IDS & webservers.................................................................................................... 48
Pudding.................................................................................................................... 49
Now what?............................................................................................................... 50
What to execute?.................................................................................................. 53
SMTP (25 TCP)....................................................................................................... 54
FTP (21 TCP + reverse)........................................................................................... 55
DNS (53 TCP,UDP)................................................................................................. 57
Finger (79 TCP)....................................................................................................... 59
NTP (123 UDP)....................................................................................................... 61
RPC & portmapper (111 TCP + other UDP)........................................................... 61
TFTP (69 UDP)........................................................................................................ 63
SSH (22 TCP).......................................................................................................... 64

\ue000
-\ue0002\ue000-\ue000\ue000\ue000\ue000\ue000Breaking\ue000into\ue000computer\ue000networks\ue000from\ue000the\ue000Internet\ue000[Roelof\ue000Temmingh\ue000&\ue000SensePost]\ue000

POP3 (110 TCP)...................................................................................................... 64
SNMP (161 UDP).................................................................................................... 65
Proxies (80,1080,3128,8080 TCP)........................................................................... 66
X11 (6000 TCP)....................................................................................................... 67
R-services (rshell, rlogin) (513,514 TCP)................................................................ 68
NetBIOS/SMB (139 TCP)....................................................................................... 68
Chapter 6 : Now what?................................................................................................ 70
Windows.................................................................................................................. 70
Only port 139 open - administrator rights............................................................ 71
Port 21 open......................................................................................................... 71
Port 80 open and can execute............................................................................... 71
Port 80 and port 139 open. ................................................................................... 74
What to execute?.................................................................................................. 74
Unix.......................................................................................................................... 76
What to execute?.................................................................................................. 76
Things that do not fit in anywhere - misc. ............................................................... 76
Network level attack - Source port 20,53............................................................ 77
HTTP-redirects.................................................................................................... 77
Other Topics................................................................................................................. 78
Trojans (added 2001/09).......................................................................................... 78

\ue000
-\ue0003\ue000-\ue000\ue000\ue000\ue000\ue000Breaking\ue000into\ue000computer\ue000networks\ue000from\ue000the\ue000Internet\ue000[Roelof\ue000Temmingh\ue000&\ue000SensePost]\ue000

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->