13 Index
List of Tables
1 Chapter 9TABLE 9-1 Commonly Hacked Ports
2 Chapter 17TABLE 17-1 Prioritizing Vulnerabilities
List of Illustrations
1 Chapter 4FIGURE 4-1: Netcraft’s web server version utility.
2 Chapter 6FIGURE 6-1: Using LUCY to start an email phishing campaign.FIGURE 6-2: Sample email phishing template options in LUCY.
3 Chapter 8FIGURE 8-1: Brute-force password-cracking options in Proactive Password Auditor...FIGURE 8-2: Output from pwdump3.FIGURE 8-3: Cracked password file hashes with John the Ripper.FIGURE 8-4: Using Cain & Abel to capture passwords going across the network.
4 Chapter 9FIGURE 9-1: Performing a ping sweep of an entire class C network with Nmap.FIGURE 9-2: In-depth port-scanning options in NMapWin.FIGURE 9-3: NetScanTools Pro OS Fingerprinting tool.FIGURE 9-4: General SNMP information gathered by Getif.FIGURE 9-5: Management interface user IDs gleaned via Getif’s SNMP browsing fun...FIGURE 9-6: Information gathered about an email server via Telnet.FIGURE 9-7: Connecting a network analyzer outside the firewall. FIGURE 9-8: Omnipeek can help uncover someone running an illicit system, such a...FIGURE 9-9: CommView’s interface for viewing network statisticsFIGURE 9-10: NetResident can track Internet use and ensure that security polici...FIGURE 9-11: Selecting your victim hosts for ARP poisoning in Cain & AbelFIGURE 9-12: ARP poisoning results in Cain & Abel
5 Chapter 10FIGURE 10-1: Finding the MAC address of an AP by using arp.FIGURE 10-2: Searching for your wireless APs by using the WiGLE database.FIGURE 10-3: NetStumbler displays detailed data on APs.FIGURE 10-4: A LanGuard scan of a live AP.FIGURE 10-5: Using airodump to capture WEP initialization vectors.FIGURE 10-6: Using aircrack to crack WEP.FIGURE 10-7: Using ElcomSoft Wireless Security Auditor to crack WPA PSKs.FIGURE 10-8: Using Omnipeek to view encrypted wireless traffic.FIGURE 10-9: ElcomSoft Wireless Security Auditor’s numerous password cracking o...FIGURE 10-10: The Reaver Pro startup window.FIGURE 10-11: Using Reaver Pro to determine that Wi-Fi Protected Setup is enabl...FIGURE 10-12: NetStumbler showing potentially unauthorized APs.FIGURE 10-13: You can configure Omnipeek to detect APs that don’t broadcast the...FIGURE 10-14: CommView for WiFi showing several unauthorized ad-hoc clients.FIGURE 10-15: Finding an accessible AP via NetStumbler.FIGURE 10-16: Looking for the MAC address of a wireless client on the network b...FIGURE 10-17: SMAC showing a spoofed MAC address.
6 Chapter 11FIGURE 11-1: ElcomSoft System Recovery is great for cracking and resetting Wind...FIGURE 11-2: Loading password hashes from a remote SAM database in ophcrack.FIGURE 11-3: Usernames and hashes extracted via ophcrack.FIGURE 11-4: Loading the required hash tables in ophcrack.FIGURE 11-5: iOS Forensic Toolkit’s main page.FIGURE 11-6: Select the appropriate iOS device from the list.FIGURE 11-7: iOS Forensic Toolkit Ramdisk loading successfully.FIGURE 11-8: Cracking a four-digit PIN on an iPhone.
7 Chapter 12FIGURE 12-1: Port-scanning a Windows 11 system with NetScanTools Pro.FIGURE 12-2: Gathering SMB versions with NetScanTools SMB Scanner.FIGURE 12-3: Using Nmap to determine the Windows version.FIGURE 12-4: Using nbtstat to gather information on a Windows 11 system.FIGURE 12-5: Using LanGuard to scan your network for Windows shares.FIGURE 12-6: Mapping a null session to a vulnerable Windows system.FIGURE 12-7: net view displays drive shares on a remote Windows host.FIGURE 12-8: Default local security-policy settings in Windows 7 that restrict ...FIGURE 12-9: SoftPerfect Network Scanner’s Share Finder profile seeks out Windo...FIGURE 12-10: Exploitable vulnerability found by Nexpose.FIGURE 12-11: The main Metasploit console.FIGURE 12-12: Metasploit options to obtain a remote command prompt on the targe...FIGURE 12-13: Remote command prompt on target system obtained by exploiting a m...FIGURE 12-14: Metasploit Pro’s graphical interface provides broad security test...FIGURE 12-15: Starting the exploit process in Metasploit Pro is as simple as im...FIGURE 12-16: Testing login credentials before running an authenticated scan wi...
8 Chapter 13FIGURE 13-1: Port scanning a Linux host with NetScanTools Pro.FIGURE 13-2: Using Nexpose to discover vulnerabilities in macOS.FIGURE 13-3: Using the Test Credentials feature as part of the Nexpose scan con...FIGURE 13-4: Using Nmap to determine the OS kernel version of a Linux server.FIGURE 13-5: Using NetScanTools Pro to determine that Slackware Linux is likely...FIGURE 13-6: Using Nmap to check application versions.FIGURE 13-7: Viewing the PIDs for running daemons by using ps -aux.FIGURE 13-8: The rexec file showing the disable option.FIGURE 13-9: /etc/inittab showing the line that allows a Ctrl+Alt+Delete shutdo...FIGURE 13-10: Running the Tiger security-auditing tool.FIGURE 13-11: Partial output of the Tiger tool.
9 Chapter 14FIGURE 14-1: Limiting the number of resources that handle inbound messages.FIGURE 14-2: An SMTP banner showing server-version information.FIGURE 14-3: An SMTP banner that disguises the version information.FIGURE 14-4: smtpscan gathers version info even when the SMTP banner is disguis...FIGURE 14-5: Using VRFY to verify that an email address exists.FIGURE 14-6: Using EXPN to verify that a mailing list exists.FIGURE 14-7: Using EmailVerify to verify an email address.FIGURE 14-8: Using smtp-user-enum to glean email addresses.FIGURE 14-9: Using NetScanTools Pro SMTP Server Tests to check for an open emai...FIGURE 14-10: Critical information revealed in email headers.FIGURE 14-11: Using the EICAR test string to test antimalware software.FIGURE 14-12: A WebInspect scan of a VoIP network adapter showing several weakn...FIGURE 14-13: Using Cain & Abel to capture, record, and play back VoIP conversa...FIGURE 14-14: Connecting to a VoIP phone’s web interface using the default pass...
10 Chapter 15FIGURE 15-1: Using HTTrack to crawl a website.FIGURE 15-2: Using Firefox Web Developer to reset form-field lengths.FIGURE 15-3: Using WebInspect to find and manipulate hidden fields.FIGURE 15-4: Netsparker discovered SQL injection vulnerabilities.FIGURE 15-5: Script code reflected to the browser.FIGURE 15-6: Using Acunetix Web Vulnerability Scanner to find cross-site script...FIGURE 15-7: The URL returns an error when an invalid user ID is entered.FIGURE 15-8: The URL returns a different error when an invalid password is ente...FIGURE 15-9: The Brutus tool tests for weak web logins.FIGURE 15-10: A network camera’s login credentials embedded directly in its HTM...
11 Chapter 16FIGURE 16-1: SQLPing3 can find SQL Server systems and check for missing sa acco...FIGURE 16-2: Using Cain & Abel to crack Oracle password hashes.FIGURE 16-3: Using SoftPerfect Network Scanner to search for network shares.FIGURE 16-4: Using FileLocator Pro to search for sensitive text on unprotected ...
Guide
1 Cover
2 Title