Hacknotes Linux And Unix Security Portable Reference Obsolete

HackNotes Linux and Unix Security Portable Reference gives you step-by-step details of intrusion tactics, tools, and actual techniques being used by hackers and criminals today to break into computer networks. This book will teach you how to protect and harden Linux and Unix hosts against the most troublesome security issues. Learn to use the latest hacking tools, including Airsnort, Dsniff, Ettercap, Ethereal, Kismet, Netcat, and Nmap. Protect the most popular network services, including FTP, SSH, Telnet, SMTP, HTTP, HTTPS, R-services, NFS, SAMBA, POP, IMAP, MySQL, X, and VNC. Recognize both Backdoor and Rootkit tools and tactics used by sophisticated intruders. Defend against software vulnerabilities such as race conditions, improper input validation, and misconfigurations. Use the unique and easy-to-access Reference Center in the middle of the book to quickly locate useful commands, online security resources, and more! Team DDU HackNotes : Linux and Unix Security Portable Reference 1 Cover 1 CONTENTS 8 Acknowledgments 14 Introduction 20 Reference Center 24 Common Commands 25 Common Ports 30 IP Addressing 32 Dotted Decimal Notation 32 Classes 32 Subnet Masks 34 CIDR (Classless Inter-Domain Routing) 35 Loopback 35 Private Addresses 35 Protocol Headers 35 Online Resources 38 Hacking Tools 38 Web Resources 41 Mailing Lists 42 Conferences and Events 42 Useful Netcat Commands 43 ASCII Table 45 HTTP Codes 51 Important Files 53 Part I Hacking Techniques and Defenses 56 ■ 1 Footprinting 58 Search Engines 59 Domain Registrars 63 Regional Internet Registries 67 DNS Reverse-Lookups 69 Mail Exchange 70 Zone Transfers 71 Traceroute 73 Summary 74 ■ 2 Scanning and Identification 76 Pinging 78 Ping Sweeping 78 TCP Pinging 79 Port Scanning 80 TCP Connect 80 TCP SYN/Half-Open 81 FIN 82 Reverse Ident 83 XMAS 83 NULL 84 RPC 84 IP Protocol 85 ACK 85 Window 86 UDP 86 Fingerprinting 87 Summary 89 ■ 3 Enumeration 90 Enumerate Remote Services 91 FTP (File Transfer Protocol): 21 (TCP) 92 SSH (Secure Shell): 22 (TCP) 93 Telnet: 23 (TCP) 93 SMTP (Simple Mail Transfer Protocol):25 (TCP) 94 DNS (Domain Name System):53 (TCP/UDP) 96 Finger: 79 (TCP) 97 HTTP (Hypertext Transfer Protocol): 80 (TCP) 98 POP3 (Post Office Protocol 3): 110 (TCP) 100 Portmapper: 111 (TCP) 100 NNTP (Network News Transfer Protocol): 119 (TCP) 102 Samba: 137 to 139 (TCP and UDP) 103 IMAP2/IMAP4 (Internet Message Access Protocol 2/4): 143 (TCP) 104 SNMP (Simple Network Management Protocol): 161, 162 (UDP) 105 HTTPS (Secure Hypertext Transfer Protocol): 443 (TCP) 106 NNTPS (Secure Network News Transfer Protocol): 563 (TCP) 107 IMAPS (Secure Internet Message Access Protocol): 993 (TCP) 107 POP3S (Secure Post Office Protocol 3): 995 (TCP) 108 MySQL: 3306 (TCP) 108 Automated Banner-Grabbing 109 Summary 111 ■ 4 Remote Hacking 112 Remote Services 113 Intrusion Tactics 113 Remote Service Vulnerabilities 117 Application Vulnerabilities 158 Nessus 159 Obtaining a Shell 160 Port Redirection 163 Cracking /etc/shadow 164 Summary 165 ■ 5 Privilege Escalation 166 Exploiting Local Trust 167 Group Memberships and Incorrect File Permissions 167 "." in PATH 169 Software Vulnerabilities 170 Kernel Flaws 170 Local Buffer Overflows 171 Improper Input Validation 171 Symbolic Links 172 Core Dumps 172 Misconfigurations 173 Summary 173 ■ 6 Hiding 174 Clean Logs 175 Shell History 175 Cleaning /var 176 Backdoors 177 Setuid and Setgid Shells Owned by root 178 Changing a Local Account's uid to 0 178 .rhosts 179 SSH's authorized_keys 180 Trojans 181 Rootkits 181 Summary 183 Part II Host Hardening 184 ■ 7 Default Settings and Services 186 Set Password Policies 187 Remove or Disable Unnecessary Accounts 187 Remove "." from the PATH Variable 187 Check the Contents of /etc/hosts.equiv 188 Check for .rhosts Files 188 Disable Stack Execution 188 Use TCP Wrappers 188 Harden inetd and xinetd Configurations 189 Disable Unnecessary Services 189 Disable inetd or xinetd If No Services Are Enabled 190 Ensure Logging Is Turned On 190 Harden Remote Services 190 WU-FTPD 190 SSH 191 Sendmail 191 BIND (DNS) 193 Apache (HTTP and HTTPS) 194 Samba 195 NFS 196 Summary 196 ■ 8 User and File-System Privileges 198 File Permissions: A Quick Tutorial 199 World-Readable Files 200 World-Writable Files 201 Files Owned by bin and sys 201 The umask Value 201 Important Files 202 Files in /dev 204 Disk Partitions 204 setuid and setgid Files 205 Implement the wheel Group 205 Sudo 206 Summary 206 ■ 9 Logging and Patching 208 Logging 209 Log Files 209 Log Rotation 211 Free Space in /var 212 Patching 212 Summary 213 Part III Special Topics 214 ■ 10 Nessus Attack Scripting Language (NASL) 216 Running NASL Scripts from the Command Line 217 Writing Nessus Plug-ins Using NASL 217 Example Vulnerability 217 The Plug-in 218 Running the Plug-in 221 Summary 222 ■ 11 Wireless Hacking 224 Introduction to WEP 225 Antennas 226 Popular Tools 227 Airsnort 227 Kismet 228 Fata-Jack 228 Securing Wireless Networks 229 Summary 230 ■ 12 Hacking with the Sharp Zaurus PDA 232 Kismet 233 Wellenreiter II 234 Nmap 234 Qpenmapfe 234 Bing 235 OpenSSH 235 Hping2 236 VNC Server 237 Keypebble VNC Viewer 238 Smbmount 238 Tcpdump 238 Wget 239 ZEthereal 239 zNessus 239 MTR 240 Dig 240 Perl 241 Online Resources for the Zaurus 241 Summary 241 ■ Index 242 Team DDU 1 Team DDU......Page 1 CONTENTS......Page 8 Acknowledgments......Page 14 Introduction......Page 20 Reference Center......Page 24 Common Commands......Page 25 Common Ports......Page 30 Classes......Page 32 Subnet Masks......Page 34 Protocol Headers......Page 35 Hacking Tools......Page 38 Web Resources......Page 41 Conferences and Events......Page 42 Useful Netcat Commands......Page 43 ASCII Table......Page 45 HTTP Codes......Page 51 Important Files......Page 53 Part I Hacking Techniques and Defenses......Page 56 ■ 1 Footprinting......Page 58 Search Engines......Page 59 Domain Registrars......Page 63 Regional Internet Registries......Page 67 DNS Reverse-Lookups......Page 69 Mail Exchange......Page 70 Zone Transfers......Page 71 Traceroute......Page 73 Summary......Page 74 ■ 2 Scanning and Identification......Page 76 Ping Sweeping......Page 78 TCP Pinging......Page 79 TCP Connect......Page 80 TCP SYN/Half-Open......Page 81 FIN......Page 82 XMAS......Page 83 RPC......Page 84 ACK......Page 85 UDP......Page 86 Fingerprinting......Page 87 Summary......Page 89 ■ 3 Enumeration......Page 90 Enumerate Remote Services......Page 91 FTP (File Transfer Protocol): 21 (TCP)......Page 92 Telnet: 23 (TCP)......Page 93 SMTP (Simple Mail Transfer Protocol):25 (TCP)......Page 94 DNS (Domain Name System):53 (TCP/UDP)......Page 96 Finger: 79 (TCP)......Page 97 HTTP (Hypertext Transfer Protocol): 80 (TCP)......Page 98 Portmapper: 111 (TCP)......Page 100 NNTP (Network News Transfer Protocol): 119 (TCP)......Page 102 Samba: 137 to 139 (TCP and UDP)......Page 103 IMAP2/IMAP4 (Internet Message Access Protocol 2/4): 143 (TCP)......Page 104 SNMP (Simple Network Management Protocol): 161, 162 (UDP)......Page 105 HTTPS (Secure Hypertext Transfer Protocol): 443 (TCP)......Page 106 IMAPS (Secure Internet Message Access Protocol): 993 (TCP)......Page 107 MySQL: 3306 (TCP)......Page 108 Automated Banner-Grabbing......Page 109 Summary......Page 111 ■ 4 Remote Hacking......Page 112 Intrusion Tactics......Page 113 Remote Service Vulnerabilities......Page 117 Application Vulnerabilities......Page 158 Nessus......Page 159 Obtaining a Shell......Page 160 Port Redirection......Page 163 Cracking /etc/shadow......Page 164 Summary......Page 165 ■ 5 Privilege Escalation......Page 166 Group Memberships and Incorrect File Permissions......Page 167 "." in PATH......Page 169 Kernel Flaws......Page 170 Improper Input Validation......Page 171 Core Dumps......Page 172 Summary......Page 173 ■ 6 Hiding......Page 174 Shell History......Page 175 Cleaning /var......Page 176 Backdoors......Page 177 Changing a Local Account's uid to 0......Page 178 .rhosts......Page 179 SSH's authorized_keys......Page 180 Rootkits......Page 181 Summary......Page 183 Part II Host Hardening......Page 184 ■ 7 Default Settings and Services......Page 186 Remove "." from the PATH Variable......Page 187 Use TCP Wrappers......Page 188 Disable Unnecessary Services......Page 189 WU-FTPD......Page 190 Sendmail......Page 191 BIND (DNS)......Page 193 Apache (HTTP and HTTPS)......Page 194 Samba......Page 195 Summary......Page 196 ■ 8 User and File-System Privileges......Page 198 File Permissions: A Quick Tutorial......Page 199 World-Readable Files......Page 200 The umask Value......Page 201 Important Files......Page 202 Disk Partitions......Page 204 Implement the wheel Group......Page 205 Summary......Page 206 ■ 9 Logging and Patching......Page 208 Log Files......Page 209 Log Rotation......Page 211 Patching......Page 212 Summary......Page 213 Part III Special Topics......Page 214 ■ 10 Nessus Attack Scripting Language (NASL)......Page 216 Example Vulnerability......Page 217 The Plug-in......Page 218 Running the Plug-in......Page 221 Summary......Page 222 ■ 11 Wireless Hacking......Page 224 Introduction to WEP......Page 225 Antennas......Page 226 Airsnort......Page 227 Fata-Jack......Page 228 Securing Wireless Networks......Page 229 Summary......Page 230 ■ 12 Hacking with the Sharp Zaurus PDA......Page 232 Kismet......Page 233 Qpenmapfe......Page 234 OpenSSH......Page 235 Hping2......Page 236 VNC Server......Page 237 Tcpdump......Page 238 zNessus......Page 239 Dig......Page 240 Summary......Page 241 ■ Index......Page 242 In order to protect systems running the Unix or Linux operating systems, says communications security consultant Dhanjani, managers need to understand the thought processes, techniques, and tactics of hackers. He discusses hacker techniques and defenses, host hardening, and special topics including wireless hacking. Annotation (c) Book News, Inc., Portland, OR (booknews.com) Safeguard your systems from all types of hackers, hijackers, and predators with help from this insightful resource. Get thorough, just-the-facts coverage of Linux, UNIX and Solaris, and learn about advanced hacking techniques including buffer overflows, password theory, port re-direction, and more. Why to Buy HackNotes(TM) are the Cliffs Notes of Network Security. These handy, pocket-sized references provide IT professionals with the most critical security information they need at their fingertips - without having to lug around a heavy book or sift through lots of expository text Helps you to safeguard your systems from all types of hackers, hijackers, and predators. It provides you just-the-facts coverage of Linux, UNIX and Solaris, and helps you learn about advanced hacking techniques, including buffer overflows, password theory, port re-direction, and more.