Stealing The Network: How to Own the Box
By Syngress
3.5/5
()
About this ebook
Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions
Read more from Syngress
Configuring Cisco Voice Over IP Rating: 4 out of 5 stars4/5Designing A Wireless Network Rating: 5 out of 5 stars5/5Rick Gallahers MPLS Training Guide: Building Multi Protocol Label Switching Networks Rating: 4 out of 5 stars4/5IP Addressing and Subnetting INC IPV6: Including IPv6 Rating: 0 out of 5 stars0 ratingsThe Best Damn Firewall Book Period Rating: 5 out of 5 stars5/5Building a Cisco Wireless Lan Rating: 5 out of 5 stars5/5Hack Proofing Your Identity In The Information Age Rating: 4 out of 5 stars4/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsDBAs Guide to Databases Under Linux Rating: 0 out of 5 stars0 ratingsManaging Cisco Network Security Rating: 3 out of 5 stars3/5Bluetooth Application Developer's Guide Rating: 4 out of 5 stars4/5ASP.Net Web Developer's Guide Rating: 0 out of 5 stars0 ratingsBuilding DMZs For Enterprise Networks Rating: 4 out of 5 stars4/5Administering Cisco QoS in IP Networks: Including CallManager 3.0, QoS, and uOne Rating: 0 out of 5 stars0 ratingsCheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 5 out of 5 stars5/5Scene of the Cybercrime: Computer Forensics Handbook Rating: 4 out of 5 stars4/5The Best Damn Cisco Internetworking Book Period Rating: 5 out of 5 stars5/5Cisco Security Professional's Guide to Secure Intrusion Detection Systems Rating: 0 out of 5 stars0 ratingsCisco Security Specialists Guide to PIX Firewall Rating: 5 out of 5 stars5/5Special Ops: Host and Network Security for Microsoft Unix and Oracle Rating: 4 out of 5 stars4/5Security Assessment: Case Studies for Implementing the NSA IAM Rating: 3 out of 5 stars3/5Firewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratingsConfiguring Symantec AntiVirus Enterprise Edition Rating: 0 out of 5 stars0 ratingsRuby Developers Guide Rating: 3 out of 5 stars3/5Security + Study Guide and DVD Training System Rating: 4 out of 5 stars4/5Snort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Hack Proofing XML Rating: 0 out of 5 stars0 ratings
Related to Stealing The Network
Related ebooks
Stealing the Network: How to Own an Identity: How to Own an Identity Rating: 4 out of 5 stars4/5Wireshark & Ethereal Network Protocol Analyzer Toolkit Rating: 0 out of 5 stars0 ratingsKali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsXSS Attacks: Cross Site Scripting Exploits and Defense Rating: 3 out of 5 stars3/5Penetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Firewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratingsHack the Stack: Using Snort and Ethereal to Master The 8 Layers of An Insecure Network Rating: 0 out of 5 stars0 ratingsMobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5Web Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Hack Proofing Linux: A Guide to Open Source Security Rating: 5 out of 5 stars5/5Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research Rating: 0 out of 5 stars0 ratingsKismet Hacking Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Practical VoIP Security Rating: 0 out of 5 stars0 ratingsBuilding DMZs For Enterprise Networks Rating: 4 out of 5 stars4/5WarDriving: Drive, Detect, Defend: A Guide to Wireless Security Rating: 3 out of 5 stars3/5How to Cheat at Configuring Open Source Security Tools Rating: 0 out of 5 stars0 ratingsHack Proofing Your Network Rating: 0 out of 5 stars0 ratingsMicrosoft Log Parser Toolkit: A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool Rating: 5 out of 5 stars5/5Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity Rating: 3 out of 5 stars3/5Intrusion Prevention and Active Response: Deploying Network and Host IPS Rating: 3 out of 5 stars3/5Dissecting the Hack: The F0rb1dd3n Network, Revised Edition Rating: 5 out of 5 stars5/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Managed Code Rootkits: Hooking into Runtime Environments Rating: 5 out of 5 stars5/5InfoSec Career Hacking: Sell Your Skillz, Not Your Soul Rating: 3 out of 5 stars3/5Nmap Essentials Rating: 4 out of 5 stars4/5Botnets: The Killer Web Applications Rating: 5 out of 5 stars5/5Penetration Testing Bootcamp Rating: 5 out of 5 stars5/5Buffer Overflow Attacks: Detect, Exploit, Prevent Rating: 4 out of 5 stars4/5
Security For You
Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5
Reviews for Stealing The Network
18 ratings0 reviews
Book preview
Stealing The Network - Syngress
Questions
Hide and Sneak
by Ido Dubrawsky
If you want to hack into someone else’s network, the week between Christmas and New Year’s Day is the best time. I love that time of year. No one is around, and most places are running on a skeleton crew at best. If you’re good, and you do it right, you won’t be noticed even by the automated systems. And that was a perfect time of year to hit these guys with their nice e-commerce site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some computer hardware from them, and they took forever to ship it to me. On top of that, when the stuff finally arrived, it was damaged. I called their support line and asked for a return or an exchange, but they said that they wouldn’t take the card back because it was a closeout. Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen. They said, policy is policy,
and didn’t you read the fine print?
Well, if they’re going to take that position.… Look, they were okay guys on the whole. They just needed a bit of a lesson. That’s all.
So, there I was, the day after Christmas, with nothing to do. The family gathering was over. I decided to see just how good their site was. Just a little peek at what’s under the hood. There’s nothing wrong with that. I’ve hacked a few Web sites here and there—no defacements, but just looking around. Most of what I hit in the past were some universities and county government sites. I had done some more interesting sites recently, but these guys would be very interesting. In fact, they proved to be a nice challenge for a boring afternoon.
Now, one of my rules is to never storm the castle through the drawbridge. Their Web farm for their e-commerce stuff (and probably their databases) was colocated at some data center. I could tell because when I did traceroutes to their Web farm, I got a totally different route than when I did some traceroutes to other hosts I had discovered off their main Web site. So, it looked like they kept their e-commerce stuff separated from their corporate network, which sounds reasonable to me. That made it easy for me to decide how I would approach their network. I would look at the corporate network, rather than their data center, since I figured they probably had tighter security on their data center.
Tools
First off, my platform of choice should be pretty obvious. It’s Linux. Almost every tool that I have and use runs under Linux. On top of that, my collection of exploits runs really well under Linux. Now, OpenBSD is okay, and I’m something of a Solaris fan as well, but when I work, I work off a Linux platform. I don’t care whether it’s Red Hat, Mandrake, or Debian. That’s not important. What’s important is that you can tune the operating system to your needs. That’s the key. You need to be able to be sure that the underlying operating system is reliable. On a related note, my homegrown tools are a mixture of Bourne shell, Expect, and Python scripts. There’s a small amount of Perl in there as well, but most of the scripts are written in Python. Code reuse is important if you want to be successful at this