The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (42 page)

ping sweeps, 202�203 Robert

port scanning, 199�201 accessing the help desk, 171�173

remote control of a PC, 208�211 background, 166, 168�169

researching the target, 196�197 backticked variable injection flaw, 167�168

reverse DNS lookup, 197�198 backup dangers, 177�179

success, 215 discovering server names, 170�171

trapped in a DMZ, 202�207 e-mail addresses, retrieving, 178 programs. See software hacking video post production software, 169�177 protective measures. See countermeasures Outlook.pst file, retrieving, 178 proxy servers passwords, cracking, 175, 178�179, 180

finding, 99 passwords, observations on, 179�180

misconfigured, countermeasures, 112 porn spam, 167�168

misconfigured, exploiting, 94, 99 rainbow tables attack, 180 Index 269

retrieving mailing lists, 167�168 Excite@Home hack, 95

setup.pl exploit, 167�168 fear, 237

SQL injection attack, 173�177 fooling the guards, 223�224

uploading to protected directories, 172 forcing the target into a role, 234 Robin Hood hacker. See Lamo, Adrian heuristic information processing, 234�235 role, and social engineering, 232�233 impersonating an employee, 226�229 role-based accounts, 62�63 Las Vegas security audits, 222�232 roulette hack, 3 liking, 236�237 routers, identifying, 198�199 momentum of compliance, 235

penetration testing, 121, 132�133 Sagarin, Brad, 232, 233 phone number sniffing, countermeasures, 110 scanning for vulnerabilities, CGI (common gateway phony badges, 130�131, 137, 229�230

interface), 43 politeness norm, 136 Secret Internet Protocol Router Network psychology of color, 225�226

(SIPRNET), 28�29, 30�32 reactance, 237�238 securing personal laptops, countermeasures, 217 schmoozing casino staffers, 222�223 security company intrusion shoulder surfing, 126�127

3COM device configuration, determining, 200�202 social psychology of persuasion, 232

accessing the company system, 211�215 stealing hotel services, 72�73

barging the IIS server, 213 systematic information processing, 234�235

countermeasures, 216�218 tailgating, 121, 132�133, 136

hackers' background, 195�196 training guidelines, 238�240

identifying a router, 198�199 training programs, 240�242

mapping the network, 197�198, 202�207 trappings of role, 232�233

passwords, cracking, 200, 210, 214 in your own family, 242�244

ping sweeps, 202�203 social psychology of social engineering

port scanning, 199�201 altercasting, 234

remote control of a PC, 208�211 attribution, 236

researching the target, 196�197 cold reading, 236

reverse DNS lookup, 197�198 credibility, 233

success, 215 desire to help, 235�236

trapped in a DMZ, 202�207 distracting the target, 234�235 security measures. See countermeasures fear, 237 security through obscurity, 94 forcing the target into a role, 234 sensitive files, protecting, 191 heuristic information processing, 234�235 September 11, aftermath of, 34�35 liking, 236�237 server names, discovering, 170�171 momentum of compliance, 235 server software, identifying, 155�157 persuasion, 232 setup.pl, vulnerabilities, 167�168 reactance, 237�238 setup.pl exploit, 167�168 systematic information processing, 234�235 shoulder surfing, 126�127 trappings of role, 232�233 SIPRNET (Secret Internet Protocol Router Network), soft drink machine hack, 250

28�29, 30�32 software. See also firmware slot machine hack. See casino hack dumping Registry information, 161 sniffers examining network connections, 161

Boeing hack, 28 IDA Pro, 173

Chinese university hack, 26 Interactive Disassembler, 173

e-mail, 122 inventory and auditing, 65�66

hiding, 43 l0phtCrack, 116, 128�129

Lockheed Martin hack, 43 LsaDump2, 161

passwords, 43 netstat command, 161

phone numbers, 110 network intrusions, 161�163

SIPRNET hack, 31 Nmap, 199�201 snooping. See sniffers password cracking social engineering John the Ripper, 142

altercasting, 234 l0phtCrack, 116, 128�129

attribution, 236 l0phtCrack III, 180

Chinese university hack, 25�27 PkCrack, 165�166

cold readings, 222�223, 236 PwDump2, 180

countermeasures, 110, 238 PC Anywhere, 208�211

credibility, 233 PkCrack, 165�166

desire to help, 235�236 port scanning, 199�201

direction of approach, 223�224 proxy server lookup, 99

distracting the target, 234�235 ProxyHunter, 99

dumpster diving, 70�71, 118, 120�121 PwDump2, 180

ethics of, 135 RAT (Remote Access Trojan), 96 270 Index

software (continued) downloading source code, 164�165

remote control of a PC, 208�211 dumping Registry information, 161

reverse engineering C code to assembler, 173 examining Internet Explorer history, 162

sniffers hacking target applications, 161�163

Boeing hack, 28 hacking the target, 159�160

Chinese university hack, 26 identifying the target, 158�159

hiding, 43 known plaintext attack, 165�166

Lockheed Martin hack, 43 password cracking, 157�159, 165�166

passwords, 43 port scans, 155�157

SIPRNET hack, 31 retrieving licensing keys, 161�162

tracert command, 162�163, 198�199 tracing network packets, 162�163

tracing network packets, 162�163

Trojans, U.S. District Court hack, 73�74 unauthorized hardware, 64�65

Whois queries, 110 uploading to Spy Lantern Keylogger, 144, 148 protected directories, 172 SQL injection attack, 173�177 Warez sites, 183 SQL servers, protecting, 190�191 U.S. District Court hack, 71�72, 73�74, 87�88 stateful inspection firewalls, 186 strategies for attacks. See specific strategies vending machine hack, 250 Swiss bank hack, 147�148 video post production software, hacking, 169�177 systematic information processing, 234�235 Visual SourceSafe, vulnerabilities, 179 system-management tasks, cracker countermeasures, voicemail snooping, 122

187�188 VPN services, 192

vulnerabilities. See also exploits tailgating, 121, 132�133, 136 Apache server software, 119 Takedown, 24 backticked variable injection flaw, 167�168 target-rich environments, 63 BIND (Berkeley Internet Name Domain), 43 telephone hacking. See phone hacking; phreaking Citrix Metaframe shadowing feature, 144, 145 terrorist intrusions DNS (Domain Name Servers), 43

aftermath, 39�40 electronic attack on the U. S., 41�42

aftermath of 9/11, 34�35 encryption, 12�13

Chinese university hack, 25�27 Microsoft FrontPage, 172

countermeasures, 44�46 PHF hole, 120

DEM hack, 27 PHF (phone book) script, 43�44

Indian Airlines hijacking, 29�30 scanning for, CGI (common gateway interface), 43

insight, 42�44 setup.pl, 167�168

Lockheed Martin hack, 27�28, 42�44 Solaris operating system, 119

SIPRNET hack, 28�29, 30�32 Visual SourceSafe, 179

threat assessment, 41�42

White House break-in, 35�39, 43�44 wearable computer, 13�16 Texas Hold 'Em hack, 254�255 White House break-in, 35�39, 43�44 Texas prison hack. See also prison time Whois queries, 110

countermeasures, 62�66 Whurley, 222�230

federal prisons, 49�51 Windows, hardening, 192�193

getting caught, 56�59

hacker's background, 59�60 Zatko, Pieter (Mudge)

hacker's life after prison, 60�62 the attack, 118�119

insight, 62 background, 116

life in prison, 49�51 dumpster diving, 118, 120�121

online in safety, 53�56 e-mail sniffing, 122

trading food for computer gear, 51�52 final report, 123�124 third-party applications, cracker countermeasures, 190 fortuitous blackout, 121�122 threat assessment, terrorist intrusions, 41�42 get-out-of-jail-free card, 118 3COM device configuration, determining, 200�202 ground rules, 117�119 tools and utilities. See software meeting the client, 117 tracert command, 162�163, 198�199 NDAs (nondisclosure agreements), 118�119 trapdoors. See Trojans tailgating, 121 trappings of role, 232�233 voicemail snooping, 122 Trojans, 73�74, 150 zero-day exploits, 45 two-year hack zone transfer, 111

busted, 163�164 Zyklon (Burns, Eric), 35�40, 43�44

close call, 160�161