Ad End 1 February 2024
Ad Ends 13 January 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
adv exp at 23 August 2024
casino
swipe store
Carding.pw carding forum
BidenCash Shop
Kfc CLub

PRACTICAL HACKING TECHNIQUES AND COUNTERMEASURES

Dark_Code_x

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,618
Reaction score
715
Points
212
Awards
2
  • Somebody Likes you
  • First post
Preface
The entire purpose of Practical Hacking Techniques and Countermeasures
is to give readers the opportunity to actually put their hands on the tools and
techniques commonly used by today’s hackers and to actually learn how they
work. Up to this point, most security-related books have dealt mainly with
the theory and lecture of tools and techniques, but I wanted to provide more.
With the use of virtual computers the reader can concentrate on the tools
instead of the question of legality.
As a former college department chair I saw firsthand how students
responded to hands-on security versus lecture only. By providing my students
with a series of labs structured around security, hacking techniques, and
countermeasures the students gained an invaluable insight as to how to secure
today’s computers and associated networks. This is evident by these students
being placed at the Pentagon, in our armed forces, as government contractors,
and even independent security consultants. I truly believe that when a security
professional understands the actual techniques, he or she can provide a better
service to the public.
Fifteen years ago the standard for security was “security by obscurity,” in
other words, “You don’t know I have a network therefore I’m safe.” With the
advent of the Internet this quickly changed. However, even today there are
those who when questioned about their security practices respond with “Hey,
we’re not a bank” or “I don’t have anything worth stealing.” These people are
only delaying the inevitable reality that eventually someone of ill-repute will
find their computers or even their networks and take full advantage of them
if they haven’t already.
Practical Hacking Techniques and Countermeasures is designed as a lab
manual. I want every reader to be able to duplicate each lab in this book,

vi Preface
which is why I insisted that the inclusion of the CD containing the exact same
versions of the tools be used to create this book. This is the first book in a
series of books designed to educate security professionals or anyone with an
interest in how hacking techniques are conducted, and what countermeasures
are available. Hundreds of screenshots are included, which duplicate each
lab and are easy to follow.
It was also important for me to create Practical Hacking Techniques and
Countermeasures from the ground-up perspective. As you progress through
the book the techniques and tools become progressively more advanced and
follow the standard methodology of how an attacker would approach your
own network or computer. I also designed Practical Hacking Techniques and
Countermeasures to use the exact same tools used by today’s hacker. This is
by no means a conclusive list because tools are added or become obsolete
all the time, however, I have provided an excellent foundation for every reader
to practice his or her security skills and the reality is most tools used by hackers
are either open source (free), custom written (programmer), stolen (warez),
or a combination of all three. The accompanying CD provides 95 percent free
tools and demo or trial versions of commercially available security software.
I have also developed a Web site for Practical Hacking Techniques and
Countermeasures to support my readers, as well as inform them of upcoming
books, special offers, my schedule of security seminar locations, HackSym, and
a members section that provides tools, advanced portions of the next book in
production, forums to assist in any lab questions, a live chat area where I will
schedule and make appearances, and much more. The Web site is located at
http://www.virtuallyhacking.com.
I sincerely hope you enjoy reading Practical Hacking Techniques and Countermeasures as much as I enjoyed writing it. Beginners will find it intriguing
while veteran security professionals will find it to be an excellent reference tool.
There is something for everyone.

Enjoy Practical Hacking Techniques and Countermeasures

Contents
1 Preparation ............................................................................................1
Installing VMware Workstation............................................................................ 3
Configuring Virtual Machines............................................................................ 10
Installing a Virtual Windows 2000 Workstation ....................................... 11
Installing VMware Tools for Windows 2000 Virtual Machines................. 29
Installing a Red Hat Version 8 Virtual Machine ....................................... 35
Installing VMware Tools for Red Hat Virtual Machines............................ 55
What Is on the CD?........................................................................................... 60
Restrict Anonymous........................................................................................... 60
To Restrict Anonymous ............................................................................ 60
In Windows NT ............................................................................... 60
For Windows XP, 2003..................................................................... 60
For Windows 2000 .......................................................................... 61
What Is the Difference? ........................................................................... 61
2 Banner Identification..........................................................................63
Lab 1: Banner Identification .............................................................................. 65
Lab 2: Banner Identification .............................................................................. 67
Lab 3: Banner Identification .............................................................................. 73
Lab 4: Operating System Identification............................................................. 75
Detect Operating System of Target: Xprobe2
Lab 5: Banner Identification .............................................................................. 79
Lab 6: Banner Identification .............................................................................. 84
Lab 7: Personal Social Engineering ................................................................... 86
Social Engineering Techniques: Dumpster Diving/Personnel

Target Enumeration ............................................................................87
Lab 8: Establish a NULL Session........................................................................ 89
Establish a NULL Session: NULL Session
Lab 9: Enumerate Target MAC Address.............................................................. 90
Enumerate MAC Address and Total NICs: GETMAC
Lab 10: Enumerate SID from User ID ............................................................... 91
Enumerate the SID from the Username: USER2SID
Lab 11: Enumerate User ID from SID ............................................................... 93
Enumerate the Username from the Known SID: SID2USER
Lab 12: Enumerate User Information ................................................................ 96
Enumerate User Information from Target: USERDUMP
Lab 13: Enumerate User Information ................................................................ 97
Exploit Data from Target Computer: USERINFO
Lab 14: Enumerate User Information ................................................................ 98
Exploit User Information from Target: DUMPSEC
Lab 15: Host/Domain Enumeration................................................................. 102
Enumerate Hosts and Domains of LAN: Net Commands
Lab 16: Target Connectivity/Route .................................................................. 105
Detect Target Connectivity: PingG
Lab 17: Target Connectivity/Route .................................................................. 107
Connectivity/Routing Test: Pathping
Lab 18: Operating System Identification......................................................... 109
Identify Target Operating System: Nmap/nmapFE
Lab 19: Operating System Identification......................................................... 117
Identify Target Operating System: NmapNT
Lab 20: IP/Hostname Enumeration ................................................................. 123
Enumerate IP or Hostname: Nslookup
Lab 21: IP/Hostname Enumeration ................................................................. 124
Enumerate IP or Hostname: Nmblookup
Lab 22: RPC Reporting .................................................................................... 125
Report the RPC of Target: Rpcinfo
Lab 23: Location/Registrant Identification ...................................................... 126
Gather Registration Info/Trace Visual Route: Visual Route
Lab 24: Registrant Identification ..................................................................... 128
Gather IP or Hostname: Sam Spade
Lab 25: Operating System Identification......................................................... 131
Gather OS Runtime and Registered IPs: Netcraft
Lab 26: Operating System Identification......................................................... 133
Scan Open Ports of Target: Sprint
Lab 27: Default Shares..................................................................................... 135
Disable Default Shares: Windows Operating System
Lab 28: Host Enumeration............................................................................... 139
Scan Open Ports of Target: WinFingerprint
4 Scanning.............................................................................................145
Lab 29: Target Scan/Share Enumeration .......................................................... 147
Scan Open Ports of Target: Angry IP
AU7057_C000.fm Page viii Monday, September 25, 2006 12:16 PM
Contents ix
Lab 30: Target Scan/Penetration ...................................................................... 151
Scan Open Ports/Penetration Testing: LANguard
Lab 31: Target Scan through Firewall.............................................................. 153
Scan Open Ports of Target: Fscan
Lab 32: Passive Network Discovery ................................................................ 154
Passively Identify Target Information on the LAN: Passifist
Lab 33: Network Discovery............................................................................. 158
Identify Target Information: LanSpy
Lab 34: Open Ports/Services ........................................................................... 161
Scan Open Ports/Services of Target: Netcat
Lab 35: Port Scan/Service Identification ......................................................... 163
Scan Open Ports of Target: SuperScan
Lab 36: Port Scanner ....................................................................................... 166
Identify Ports Open: Strobe
Lab 37: Anonymous FTP Locator..................................................................... 169
Locate Anonymous FTP Servers: FTPScanner
Lab 38: CGI Vulnerability Scanner................................................................... 171
Identify CGI Vulnerabilities: TCS CGI Scanner
Lab 39: Shared Resources Locator .................................................................. 178
Identify Open Shared Resources: Hydra
Lab 40: Locate Wingate Proxy Servers............................................................ 187
Locate Wingate Proxy Servers: WGateScan/ADM Gates
5 Sniffing Traffic ..................................................................................193
Lab 41: Packet Capture — Sniffer................................................................... 195
Exploit Data from Network Traffic: Ethereal
To Install Ethereal on a Red Hat Linux Computer....................... 196
To Install Ethereal on Microsoft Windows.................................... 206
Lab 42: Packet Capture — Sniffer................................................................... 213
Exploit Data from Network Traffic: Ngrep
For Linux ....................................................................................... 213
For Windows ................................................................................. 219
Lab 43: Packet Capture — Sniffer................................................................... 223
Exploit Data from Network Traffic: TcpDump
Lab 44: Packet Capture — Sniffer................................................................... 230
Exploit Data from Network Traffic: WinDump
Lab 45: Packet Capture — Sniffer................................................................... 234
Monitor IP Network Traffic Flow: IPDump2
For Linux ....................................................................................... 234
For Windows ................................................................................ 237
Lab 46: Password Capture — Sniffer .............................................................. 240
Exploit Passwords and Sniff the Network: ZxSniffer
Lab 47: Exploit Data from Target Computer — Sniffit ................................... 249
6 Spoofing .............................................................................................261
Lab 48: Spoofing IP Addresses......................................................................... 263
Send Packets via False IP Address: RafaleX
Lab 49: Spoofing MAC Addresses .................................................................... 268
Send Packets via a False MAC Address: SMAC
AU7057_C000.fm Page ix Monday, September 25, 2006 12:16 PM
x Contents
Lab 50: Spoofing MAC Addresses .................................................................... 277
Send Packets via a False MAC Address: Linux
Lab 51: Packet Injection/Capture/Trace.......................................................... 284
Send Packets via a False IP/MAC Address: Packit
Lab 52: Spoof MAC Address ............................................................................ 295
Altering the MAC Address: VMware Workstation
7 Brute Force ........................................................................................299
Lab 53: Brute-Force FTP Server....................................................................... 301
Crack an FTP Password: NETWOX/NETWAG
Lab 54: Retrieve Password Hashes .................................................................. 309
Extract Password Hashes: FGDump
Lab 55: Crack Password Hashes ...................................................................... 313
Crack and Capture Password Hashes: LC5
Lab 56: Overwrite Administrator Password..................................................... 325
Change the Administrator Password: CHNTPW
Lab 57: Brute-Force Passwords........................................................................ 337
Brute-Force Passwords for a Hashed File: John the Ripper
Lab 58: Brute-Force FTP Password.................................................................. 346
Brute-Force an FTP Password Connection: BruteFTP
Lab 59: Brute-Force Terminal Server ............................................................... 354
Brute-Force Terminal Server Passwords: TSGrinder II
8 Vulnerability Scanning .....................................................................357
Lab 60: Vulnerability Scanner .......................................................................... 359
Perform Vulnerability Assessment: SAINT
Lab 61: SNMP Walk.......................................................................................... 379
Exploit Data via SNMP Walk: NETWOX/NETWAG
Lab 62: Brute-Force Community Strings ......................................................... 386
Exploit the SNMP Community Strings: Solar Winds
Lab 63: Target Assessment ............................................................................... 392
Assessment of Target Security: Retina
Lab 64: Target Assessment ............................................................................... 397
Assessment of Target Security: X-Scan
Lab 65: Vulnerability Scanner .......................................................................... 402
Perform Vulnerability Assessment: SARA
Lab 66: Web Server Target Assessment............................................................ 414
Assessment of Web Server Security: N-Stealth
Lab 67: Vulnerability Scanner .......................................................................... 421
Exploit Data from Target Computer: Pluto
Lab 68: Vulnerability Assessment..................................................................... 429
Perform Vulnerability Assessment: Metasploit
On Windows.................................................................................. 429
On Linux ....................................................................................... 441
Lab 69: Web Server Target Assessment............................................................ 451
Assessment of Web Server Security: Nikto
Lab 70: Vulnerability Scanner .......................................................................... 455
Assessment of Target Security: Shadow Scanner
AU7057_C000.fm Page x Monday, September 25, 2006 12:16 PM
Contents xi
Lab 71: Internet Vulnerability Scanner............................................................ 468
Assessment of Target Security: Cerberus
Lab 72: WHAX — Auto Exploit Reverse Shell ................................................ 474
Automatically Exploit the Target: AutoScan
Lab 73: Unique Fake Lock Screen XP ............................................................. 491
Grab the Administrator Password: Fake Lock Screen XP
Lab 74: Bypassing Microsoft Serial Numbers.................................................. 499
Bypassing Serial Number Protection: RockXP/Custom Script
Lab 75: Vulnerability Exploit ........................................................................... 507
Assessment of Target Security: Web Hack Control Center
9 Wireless ..............................................................................................511
Lab 76: Locate Unsecured Wireless................................................................. 513
Locate Unsecured Wireless: NetStumbler/Mini-Stumbler
Lab 77: Trojan .................................................................................................. 519
Unauthorized Access and Control: Back Orifice
On the Target Computer ............................................................... 519
On the Attacker’s Computer ......................................................... 528
Lab 78: Trojan .................................................................................................. 534
Unauthorized Access and Control: NetBus
On the Target (Server)................................................................... 534
On the Attacker’s Computer ......................................................... 540
Lab 79: ICMP Tunnel Backdoor....................................................................... 545
Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky
On the Target (Server)................................................................... 545
On the Attacker’s Machine............................................................ 548
Lab 80: Hiding Tools on the Target.................................................................. 553
Hiding Files on the Target: CP
Scenario: Hiding Netcat inside the Calculator Application .......... 553
To Verify ........................................................................................ 555
Lab 81: Capturing Switched Network Traffic.................................................. 556
Intercept/Exploit Traffic: Ettercap
Lab 82: Password Capture ............................................................................... 573
Capture Passwords Traversing the Network: Dsniff
Lab 83: Data Manipulation .............................................................................. 574
Manipulate the Live Data Stream: Achilles
Lab 84: Covert Reverse Telnet Session............................................................ 588
Create a Reverse Telnet Session: Netcat
Lab 85: Covert Channel — Reverse Shell....................................................... 596
Exploit Data from Target Computer: Reverse Shell
10 Redirection.........................................................................................603
Lab 86: PortMapper ......................................................................................... 605
Traffic Redirection: PortMapper
Lab 87: Executing Applications — Elitewrap.................................................. 618
Executing Hidden Applications: Elitewrap
Lab 88: TCP Relay — Bypass Firewalls............................................................ 627
Traffic Redirection: Fpipe
AU7057_C000.fm Page xi Monday, September 25, 2006 12:16 PM
xii Contents
Lab 89: Remote Execution .............................................................................. 633
Remote Execution on Target: PsExec
Lab 90: TCP Relay — Bypass Firewalls............................................................ 638
Traffic Redirection: NETWOX/NETWAG
11 Denial-of-Service (DoS).....................................................................643
Lab 91: Denial-of-Service — Land Attack ........................................................ 645
DoS Land Attack: Land Attack
Lab 92: Denial-of-Service — Smurf Attack ...................................................... 650
DoS Smurf Attack: Smurf Attack
Lab 93: Denial-of-Service — SYN Attack......................................................... 655
DoS Land Attack: SYN Attack
Lab 94: Denial-of-Service — UDP Flood ......................................................... 660
DoS UDP Flood Attack: UDP Flood Attack
Lab 95: Denial-of-Service — Trash2.c.............................................................. 665
Create Denial-of-Service Traffic: Trash2.c
Appendix A: References ...........................................................................671
Appendix B: Tool Syntax..........................................................................675
Index...........................................................................................................725
 
Ad End 1 February 2024
Top