Security Power Tools

Foreword; Credits; About the Author; Preface; Audience; Assumptions This Book Makes; Contents of This Book; Conventions Used in This Book; Using Code Examples; We'd Like to Hear from You; Safari® Books Online; Acknowledgments; Legal and Ethics; Chapter 1: Legal and Ethics Issues; 1.1 Core Issues; 1.2 Computer Trespass Laws: No "Hacking" Allowed; 1.3 Reverse Engineering; 1.4 Vulnerability Reporting; 1.5 What to Do from Now On; Reconnaissance; Chapter 2: Network Scanning; 2.1 How Scanners Work; 2.2 Superuser Privileges; 2.3 Three Network Scanners to Consider; 2.4 Host Discovery; 2.5 Port Scanning; 2.6 Specifying Custom Ports; 2.7 Specifying Targets to Scan; 2.8 Different Scan Types; 2.9 Tuning the Scan Speed; 2.10 Application Fingerprinting; 2.11 Operating System Detection; 2.12 Saving Nmap Output; 2.13 Resuming Nmap Scans; 2.14 Avoiding Detection; 2.15 Conclusion; Chapter 3: Vulnerability Scanning; 3.1 Nessus; 3.2 Nikto; 3.3 WebInspect; Chapter 4: LAN Reconnaissance; 4.1 Mapping the LAN; 4.2 Using ettercap and arpspoof on a Switched Network; 4.3 Dealing with Static ARP Tables; 4.4 Getting Information from the LAN; 4.5 Manipulating Packet Data; Chapter 5: Wireless Reconnaissance; 5.1 Get the Right Wardriving Gear; 5.2 802.11 Network Basics; 5.3 802.11 Frames; 5.4 How Wireless Discovery Tools Work; 5.5 Netstumbler; 5.6 Kismet at a Glance; 5.7 Using Kismet; 5.8 Sorting the Kismet Network List; 5.9 Using Network Groups with Kismet; 5.10 Using Kismet to Find Networks by Probe Requests; 5.11 Kismet GPS Support Using gpsd; 5.12 Looking Closer at Traffic with Kismet; 5.13 Capturing Packets and Decrypting Traffic with Kismet; 5.14 Wireshark at a Glance; 5.15 Using Wireshark; 5.16 AirDefense Mobile I was a founding employee of AirDefense, Inc. I wrote a considerable portion of AirDefense Mobile's core engine, and while I no longer work for AirDefense, Inc., I remain a shareholder.; 5.17 AirMagnet Analyzers; 5.18 Other Wardriving Tools; Chapter 6: Custom Packet Generation; 6.1 Why Create Custom Packets?; 6.2 Scapy; 6.3 Packet-Crafting Examples with Scapy; 6.4 Packet Mangling with Netfilter; 6.5 References; Penetration; Chapter 7: Metasploit; 7.1 Metasploit Interfaces; 7.2 Updating Metasploit; 7.3 Choosing an Exploit; 7.4 Choosing a Payload; 7.5 Setting Options; 7.6 Running an Exploit; 7.7 Managing Sessions and Jobs; 7.8 The Meterpreter; 7.9 Security Device Evasion; 7.10 Sample Evasion Output; 7.11 Evasion Using NOPs and Encoders; 7.12 In Conclusion; Chapter 8: Wireless Penetration; 8.1 WEP and WPA Encryption; 8.2 Aircrack; 8.3 Installing Aircrack-ng; 8.4 Running Aircrack-ng; 8.5 Airpwn; 8.6 Basic Airpwn Usage; 8.7 Airpwn Configuration Files; 8.8 Using Airpwn on WEP-Encrypted Networks; 8.9 Scripting with Airpwn; 8.10 Karma; 8.11 Conclusion; Chapter 9: Exploitation Framework Applications; 9.1 Task Overview; 9.2 Core Impact Overview; 9.3 Network Reconnaissance with Core Impact; 9.4 Core Impact Exploit Search Engine; 9.5 Running an Exploit; 9.6 Running Macros; 9.7 Bouncing Off an Installed Agent; 9.8 Enabling an Agent to Survive a Reboot; 9.9 Mass Scale Exploitation; 9.10 Writing Modules for Core Impact; 9.11 The Canvas Exploit Framework; 9.12 Porting Exploits Within Canvas; 9.13 Using Canvas from the Command Line; 9.14 Digging Deeper with Canvas; 9.15 Advanced Exploitation with MOSDEF; 9.16 Writing Exploits for Canvas; 9.17 Exploiting Alternative Tools; Chapter 10: Custom Exploitation; 10.1 Understanding Vulnerabilities; 10.2 Analyzing Shellcode; 10.3 Testing Shellcode; 10.4 Creating Shellcode; 10.5 Disguising Shellcode; 10.6 Execution Flow Hijacking; 10.7 References; Control; Chapter 11: Backdoors; 11.1 Choosing a Backdoor; 11.2 VNC; 11.3 Creating and Packaging a VNC Backdoor; 11.4 Connecting to and Removing the VNC Backdoor; 11.5 Back Orifice 2000; 11.6 Configuring a BO2k Server; 11.7 Configuring a BO2k Client; 11.8 Adding New Servers to the BO2k Workspace; 11.9 Using the BO2k Backdoor; 11.10 BO2k Powertools; 11.11 Encryption for BO2k Communications; 11.12 Concealing the BO2k Protocol; 11.13 Removing BO2k; 11.14 A Few Unix Backdoors; Chapter 12: Rootkits; 12.1 Windows Rootkit: Hacker Defender; 12.2 Linux Rootkit: Adore-ng; 12.3 Detecting Rootkits Techniques; 12.4 Windows Rootkit Detectors; 12.5 Linux Rootkit Detectors; 12.6 Cleaning an Infected System; 12.7 The Future of Rootkits; Defense; Chapter 13: Proactive Defense: Firewalls; 13.1 Firewall Basics; 13.2 Network Address Translation; 13.3 Securing BSD Systems with ipfw/natd; 13.4 Securing GNU/Linux Systems with netfilter/iptables; 13.5 Securing Windows Systems with Windows Firewall/Internet Connection Sharing; 13.6 Verifying Your Coverage; Chapter 14: Host Hardening; 14.1 Controlling Services; 14.2 Turning Off What You Do Not Need; 14.3 Limiting Access; 14.4 Limiting Damage; 14.5 Bastille Linux; 14.6 SELinux; 14.7 Password Cracking; 14.8 Chrooting; 14.9 Sandboxing with OS Virtualization; Chapter 15: Securing Communications; 15.1 The SSH-2 Protocol; 15.2 SSH Configuration; 15.3 SSH Authentication; 15.4 SSH Shortcomings; 15.5 SSH Troubleshooting; 15.6 Remote File Access with SSH; 15.7 SSH Advanced Use; 15.8 Using SSH Under Windows; 15.9 File and Email Signing and Encryption; 15.10 GPG; 15.11 Create Your GPG Keys; 15.12 Encryption and Signature with GPG; 15.13 PGP Versus GPG Compatibility; 15.14 Encryption and Signature with S/MIME; 15.15 Stunnel; 15.16 Disk Encryption; 15.17 Windows Filesystem Encryption with PGP Disk; 15.18 Linux Filesystem Encryption with LUKS; 15.19 Conclusion; Chapter 16: Email Security and Anti-Spam; 16.1 Norton Antivirus; 16.2 The ClamAV Project; 16.3 ClamWin; 16.4 Freshclam; 16.5 Clamscan; 16.6 clamd and clamdscan; 16.7 ClamAV Virus Signatures; 16.8 Procmail; 16.9 Basic Procmail Rules; 16.10 Advanced Procmail Rules; 16.11 ClamAV with Procmail; 16.12 Unsolicited Email; 16.13 Spam Filtering with Bayesian Filters; 16.14 SpamAssassin; 16.15 SpamAssassin Rules; 16.16 Plug-ins for SpamAssassin; 16.17 SpamAssassin with Procmail; 16.18 Anti-Phishing Tools; 16.19 Conclusion; Chapter 17: Device Security Testing; 17.1 Replay Traffic with Tcpreplay; 17.2 Traffic IQ Pro; 17.3 ISIC Suite; 17.4 Protos; Monitoring; Chapter 18: Network Capture; 18.1 tcpdump; 18.2 Ethereal/Wireshark; 18.3 pcap Utilities: tcpflow and Netdude; 18.4 Python/Scapy Script Fixes Checksums; 18.5 Conclusion; Chapter 19: Network Monitoring; 19.1 Snort; 19.2 Implementing Snort; 19.3 Honeypot Monitoring; 19.4 Gluing the Stuff Together; Chapter 20: Host Monitoring; 20.1 Using File Integrity Checkers; 20.2 File Integrity Hashing; 20.3 The Do-It-Yourself Way with rpmverify; 20.4 Comparing File Integrity Checkers; 20.5 Prepping the Environment for Samhain and Tripwire; 20.6 Database Initialization with Samhain and Tripwire; 20.7 Securing the Baseline Storage with Samhain and Tripwire; 20.8 Running Filesystem Checks with Samhain and Tripwire; 20.9 Managing File Changes and Updating Storage Database with Samhain and Tripwire; 20.10 Recognizing Malicious Activity with Samhain and Tripwire; 20.11 Log Monitoring with Logwatch; 20.12 Improving Logwatch's Filters; 20.13 Host Monitoring in Large Environments with Prelude-IDS; 20.14 Conclusion; Discovery; Chapter 21: Forensics; 21.1 Netstat; 21.2 The Forensic ToolKit; 21.3 Sysinternals; Chapter 22: Application Fuzzing; 22.1 Which Fuzzer to Use; 22.2 Different Types of Fuzzers for Different Tasks; 22.3 Writing a Fuzzer with Spike; 22.4 The Spike API; 22.5 File-Fuzzing Apps; 22.6 Fuzzing Web Applications; 22.7 Configuring WebProxy; 22.8 Automatic Fuzzing with WebInspect; 22.9 Next-Generation Fuzzing; 22.10 Fuzzing or Not Fuzzing; Chapter 23: Binary Reverse Engineering; 23.1 Interactive Disassembler; 23.2 Sysinternals; 23.3 OllyDbg; 23.4 Other Tools; Colophon;