Stealing The Network: How to Own the Box
By Syngress
3.5/5
()
About this ebook
Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions
Read more from Syngress
Configuring Cisco Voice Over IP Rating: 4 out of 5 stars4/5ASP.Net Web Developer's Guide Rating: 0 out of 5 stars0 ratingsIP Addressing and Subnetting INC IPV6: Including IPv6 Rating: 0 out of 5 stars0 ratingsDesigning A Wireless Network Rating: 5 out of 5 stars5/5Managing Cisco Network Security Rating: 3 out of 5 stars3/5Security + Study Guide and DVD Training System Rating: 4 out of 5 stars4/5Hack Proofing Your Identity In The Information Age Rating: 4 out of 5 stars4/5Bluetooth Application Developer's Guide Rating: 4 out of 5 stars4/5Rick Gallahers MPLS Training Guide: Building Multi Protocol Label Switching Networks Rating: 4 out of 5 stars4/5Building a Cisco Wireless Lan Rating: 5 out of 5 stars5/5Building DMZs For Enterprise Networks Rating: 4 out of 5 stars4/5DBAs Guide to Databases Under Linux Rating: 0 out of 5 stars0 ratingsCheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 5 out of 5 stars5/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsAdministering Cisco QoS in IP Networks: Including CallManager 3.0, QoS, and uOne Rating: 0 out of 5 stars0 ratingsCisco Security Professional's Guide to Secure Intrusion Detection Systems Rating: 0 out of 5 stars0 ratingsFirewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratingsRuby Developers Guide Rating: 3 out of 5 stars3/5Developing Web Services with Java APIs for XML Using WSDP Rating: 0 out of 5 stars0 ratingsConfiguring Symantec AntiVirus Enterprise Edition Rating: 0 out of 5 stars0 ratingsScene of the Cybercrime: Computer Forensics Handbook Rating: 4 out of 5 stars4/5Special Ops: Host and Network Security for Microsoft Unix and Oracle Rating: 4 out of 5 stars4/5The Best Damn Cisco Internetworking Book Period Rating: 0 out of 5 stars0 ratingsSecurity Assessment: Case Studies for Implementing the NSA IAM Rating: 3 out of 5 stars3/5Windows 2000 Configuration Wizards Rating: 0 out of 5 stars0 ratingsDesigning SQL Server 2000 Databases Rating: 0 out of 5 stars0 ratings
Related to Stealing The Network
Related ebooks
Stealing the Network: How to Own an Identity: How to Own an Identity Rating: 4 out of 5 stars4/5Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsWireshark & Ethereal Network Protocol Analyzer Toolkit Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection and Prevention Toolkit Rating: 5 out of 5 stars5/5Hack the Stack: Using Snort and Ethereal to Master The 8 Layers of An Insecure Network Rating: 0 out of 5 stars0 ratingsPenetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Hardware Hacking: Have Fun while Voiding your Warranty Rating: 4 out of 5 stars4/5Snort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5XSS Attacks: Cross Site Scripting Exploits and Defense Rating: 3 out of 5 stars3/5Mobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5Web Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Security Log Management: Identifying Patterns in the Chaos Rating: 3 out of 5 stars3/5WarDriving: Drive, Detect, Defend: A Guide to Wireless Security Rating: 3 out of 5 stars3/5Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research Rating: 0 out of 5 stars0 ratingsSecurity+ Study Guide Rating: 0 out of 5 stars0 ratingsMicrosoft Log Parser Toolkit: A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool Rating: 5 out of 5 stars5/5Syngress Force Emerging Threat Analysis: From Mischief to Malicious Rating: 0 out of 5 stars0 ratingsHack Proofing Your Network Rating: 0 out of 5 stars0 ratingsHow to Cheat at Configuring Open Source Security Tools Rating: 0 out of 5 stars0 ratingsIntrusion Prevention and Active Response: Deploying Network and Host IPS Rating: 3 out of 5 stars3/5Perfect Password: Selection, Protection, Authentication Rating: 4 out of 5 stars4/5Kismet Hacking Rating: 0 out of 5 stars0 ratingsCisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity Rating: 3 out of 5 stars3/5Joe Grand's Best of Hardware, Wireless, and Game Console Hacking Rating: 5 out of 5 stars5/5OS X for Hackers at Heart Rating: 0 out of 5 stars0 ratingsBuilding an Intelligence-Led Security Program Rating: 5 out of 5 stars5/5Ethereal Packet Sniffing Rating: 0 out of 5 stars0 ratingsReverse Engineering Code with IDA Pro Rating: 5 out of 5 stars5/5Linksys WRT54G Ultimate Hacking Rating: 0 out of 5 stars0 ratingsFirewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Codes and Ciphers Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5
Reviews for Stealing The Network
18 ratings0 reviews
Book preview
Stealing The Network - Syngress
Questions
Hide and Sneak
by Ido Dubrawsky
If you want to hack into someone else’s network, the week between Christmas and New Year’s Day is the best time. I love that time of year. No one is around, and most places are running on a skeleton crew at best. If you’re good, and you do it right, you won’t be noticed even by the automated systems. And that was a perfect time of year to hit these guys with their nice e-commerce site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some computer hardware from them, and they took forever to ship it to me. On top of that, when the stuff finally arrived, it was damaged. I called their support line and asked for a return or an exchange, but they said that they wouldn’t take the card back because it was a closeout. Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen. They said, policy is policy,
and didn’t you read the fine print?
Well, if they’re going to take that position.… Look, they were okay guys on the whole. They just needed a bit of a lesson. That’s all.
So, there I was, the day after Christmas, with nothing to do. The family gathering was over. I decided to see just how good their site was. Just a little peek at what’s under the hood. There’s nothing wrong with that. I’ve hacked a few Web sites here and there—no defacements, but just looking around. Most of what I hit in the past were some universities and county government sites. I had done some more interesting sites recently, but these guys would be very interesting. In fact, they proved to be a nice challenge for a boring afternoon.
Now, one of my rules is to never storm the castle through the drawbridge. Their Web farm for their e-commerce stuff (and probably their databases) was colocated at some data center. I could tell because when I did traceroutes to their Web farm, I got a totally different route than when I did some traceroutes to other hosts I had discovered off their main Web site. So, it looked like they kept their e-commerce stuff separated from their corporate network, which sounds reasonable to me. That made it easy for me to decide how I would approach their network. I would look at the corporate network, rather than their data center, since I figured they probably had tighter security on their data center.
Tools
First off, my platform of choice should be pretty obvious. It’s Linux. Almost every tool that I have and use runs under Linux. On top of that, my collection of exploits runs really well under Linux. Now, OpenBSD is okay, and I’m something of a Solaris fan as well, but when I work, I work off a Linux platform. I don’t care whether it’s Red Hat, Mandrake, or Debian. That’s not important. What’s important is that you can tune the operating system to your needs. That’s the key. You need to be able to be sure that the underlying operating system is reliable. On a related note, my homegrown tools are a mixture of Bourne shell, Expect, and Python scripts. There’s a small amount of Perl in there as well, but most of the scripts are written in Python. Code reuse is important if you want to be successful at this