The fundamentals of Hacking - Jen Johnson , Miria Grunick

1. The Fundamentals of Hacking: An 03r!3vv Jen Johnson Miria Grunick

18. Phase 2: Scanning The premise of scanning is to probe as many ports as possible, keeping track of open and useful ports that would be receptive to hacking. Scanners send multiple packets over a communication medium then listen and record each response. The following are techniques for inspecting ports and protocols.

23. Tracerouting

25. Screenshot of Cheops

31. WWW HTTP 80/tcp www-http Domain Name Server 53/udp domain Telnet 23/tcp telnet SSH Remote Login Protocol 22/tcp ssh File Transfer (control) 21/tcp ftp File Transfer (default) 20/udp ftp-data Echo 7/tcp echo

32. Non Standard Ports X Window System 6000-6063/tcp X11 Yahoo! Messenger 5010 yahoo RaDIUS authentication protocol 1812/udp Radius Microsoft Windows Internet Name Service 1512/tcp wins

51. FTP Bounce

55. How To Use FTP Bounce Attacks

66. Scan Types Supported by Nmap

67. Sends a TCP FIN to each port. Reset indicates port is closed. -sF TCP FIN Only sends the initial SYN and awaits the SYN-ACK response. -sS TCP SYN Completes the 3-way handshake with each scanned port. -sT TCP Connect Summary of Characteristics Command-Line Option Type of Scan

68. Similar to ACK, but focuses on TCP Window size to determine if ports are open or closed. -sW Window Sends packet with the ACK code bit set to each target port. -sA TCP ACK Sends packets with no code bits set. Reset indicates port is closed. -sN Null Sends packet with the FIN, URG and PUSH code bits set. Reset indicates port is closed. -sX TCP Xmas Tree

69. Scans RPC services using all discovered to open TCP/UDP ports on the target to send RPC Null commands. -sR RPC Scanning Sends ICMP echo request packets to every machine on target network. -sP Ping Sends a UDP packet to target ports to determine if a UDP service is listening. -sU UDP Scanning Bounces a TCP scan off of an FTP server, obscuring the originator of the scan. -b FTP Bounce

73. Vulnerability Scanner

76. Operating System Fingerprinting with Nmap

83. Random Clipart

84. Pre-Phase 3 Understanding Filters, Firewalls and the IDS

87. Enhanced Version Stateful Filter

90. Proxy Firewall

92. Enhanced Version Application Proxy Gateway

94. Application Gateways look at data on the application layer of the protocol stack and serve as proxies for outside users. Thus, outside users never really have a direct connection to anything beyond the proxy gateway.

97. Intrusion Detection System

106. IDS Setup Locations

109. Phase 3 Penetration

128. Spoofing ARP Messages

130. Spoofing DNS

132. Sniffing HTTPS

139. Undermining UNIX r- Commands

156. Phase 4: Maintaining Access

160. Trojan Horse Backdoor Tools Back Orifice

161. Back Orifice Remote Administration System which allows an intruder to control a computer across a TCP/IP connection using a simple console or GUI application. Gives its user more control of the target computer than the person at the actual keyboard has.

169. Traditional Root Kits

182. Phase 5 Covering Tracks and Hiding