Professional Documents
Culture Documents
Reconnaissance
Scanning
Gaining access
Maintaining access
Covering the tracks
Phase I
Reconnaissance
Low Technology
Reconnaissance
Social engineering
Physical
break in /
Piggybacking
Dumpster Diving
Computer Based Reconnaissance
Information Gathered on line through the use of tools such as Sam
Spade.
Tools available to the hacker in this program include but are not limited
to:
Ping
Traceroute
Finger Client
Multiple Whois databases
DNS lookup
DNZ Zone transfer
IP block registration
View web site source code
Crawl a web site
Notepad for taking system notes
What the Hacker Hopes to
Gain at This Stage of Attack:
Domain name
Contacts at the target organization
DNS server IP addresses
Other target system addresses
A glimpse of technologies in use
User names and passwords (or their format)
Basic Defenses at This Stage
On site Hacking
Stolen user IDs and Passwords
Running Brute force attacks
Trojan horses
Cracking password files
Access Methods Continued
Access!!!
TrojanHorses
Backdoors
Basic Defenses against Trojans and Backdoors
LADS
Reverse WWW Shell
Security Focus:
http://www.securityfocus.com
Search Security:
http://www.searchsecurity.com
Acquisition of Software Resources
Sam Spade:
http://www.samspade.org
THC-Scan:
http://www.pimmel.com/thcfiles.php
3
Cheops-ng
http://cheops-ng.sourceforge.net
Nmap
http://www.insecure.org/nmap
Acquisition of Software
Resources
NESSUS:
http://www.nessus.org
SecureStack: http://www.securewave.com/products/securestack/secure_stack.html
ITS4:
http://www.cigital.com/its4
John the Ripper:
http://www.Openwall.com/john
Acquisition of Software
Resources
L0phtCrack:
http://www.atstake.com/research/lc3
Sniffit:
http://reptile.rug.ac.be/~coder/sniffit/sniffit.ht
ml
Secure Shell (Open Source):
http://www.openssh.com
Netcat:
http://www.atstake.com/research/tools/index.ht
ml
Acquisition of Software
Resources
AIDE (Advanced Intrusion Detection
Environment):
http://www.cs.tut.fi/~rammer/aide.html
LADS (Locate Alternate Data Streams):
http://www.heysoft.de/index.htm
Reverse WWW Shell:
http://www.megasecurity.org/Sources/rwwwshell
-1_6_perl.txt