Stealing The Network: How to Own the Box
By Syngress
3.5/5
()
About this ebook
- Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
- A highly provocative expose of advanced security exploits
- Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
- Gives readers a "first ever" look inside some of the most notorious network intrusions
Read more from Syngress
Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Designing A Wireless Network Rating: 5 out of 5 stars5/5Rick Gallahers MPLS Training Guide: Building Multi Protocol Label Switching Networks Rating: 4 out of 5 stars4/5Configuring Cisco Voice Over IP Rating: 4 out of 5 stars4/5Managing Cisco Network Security Rating: 3 out of 5 stars3/5IP Addressing and Subnetting INC IPV6: Including IPv6 Rating: 0 out of 5 stars0 ratingsBuilding DMZs For Enterprise Networks Rating: 4 out of 5 stars4/5ASP.Net Web Developer's Guide Rating: 0 out of 5 stars0 ratingsSSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsBuilding a Cisco Wireless Lan Rating: 5 out of 5 stars5/5Bluetooth Application Developer's Guide Rating: 4 out of 5 stars4/5Security Assessment: Case Studies for Implementing the NSA IAM Rating: 3 out of 5 stars3/5Hack Proofing Your Identity In The Information Age Rating: 4 out of 5 stars4/5DBAs Guide to Databases Under Linux Rating: 0 out of 5 stars0 ratingsDeveloping Web Services with Java APIs for XML Using WSDP Rating: 0 out of 5 stars0 ratingsAdministering Cisco QoS in IP Networks: Including CallManager 3.0, QoS, and uOne Rating: 0 out of 5 stars0 ratingsConfiguring Symantec AntiVirus Enterprise Edition Rating: 0 out of 5 stars0 ratingsCisco Security Professional's Guide to Secure Intrusion Detection Systems Rating: 0 out of 5 stars0 ratingsFirewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratingsRuby Developers Guide Rating: 3 out of 5 stars3/5Special Ops: Host and Network Security for Microsoft Unix and Oracle Rating: 4 out of 5 stars4/5Scene of the Cybercrime: Computer Forensics Handbook Rating: 4 out of 5 stars4/5Security + Study Guide and DVD Training System Rating: 4 out of 5 stars4/5The Best Damn Cisco Internetworking Book Period Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Designing SQL Server 2000 Databases Rating: 0 out of 5 stars0 ratingsHack Proofing XML Rating: 0 out of 5 stars0 ratings
Related to Stealing The Network
Networking For You
The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5Networking For Dummies Rating: 5 out of 5 stars5/5Quantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsNetworking All-in-One For Dummies Rating: 5 out of 5 stars5/5Hacking Android Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsComputer Networking: An introductory guide for complete beginners: Computer Networking, #1 Rating: 5 out of 5 stars5/5Cisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsUnlock Any Roku Device: Watch Shows, TV, & Download Apps Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5How To Stay Private Online Protecting Your Online Privacy and Shielding Your Online Presence from Snoopers Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Programming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5Artificial Intelligence for Fashion: How AI is Revolutionizing the Fashion Industry Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsSharePoint For Dummies Rating: 0 out of 5 stars0 ratingsNetworking Fundamentals: Develop the networking skills required to pass the Microsoft MTA Networking Fundamentals Exam 98-366 Rating: 0 out of 5 stars0 ratingsCisco Networking All-in-One For Dummies Rating: 4 out of 5 stars4/5Comptia Network+ Primer Rating: 0 out of 5 stars0 ratingsA Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5
Reviews for Stealing The Network
19 ratings1 review
- Rating: 3 out of 5 stars3/5If you permit me to read it, I'll tell you what I think...
Book preview
Stealing The Network - Syngress
Questions
Hide and Sneak
by Ido Dubrawsky
If you want to hack into someone else’s network, the week between Christmas and New Year’s Day is the best time. I love that time of year. No one is around, and most places are running on a skeleton crew at best. If you’re good, and you do it right, you won’t be noticed even by the automated systems. And that was a perfect time of year to hit these guys with their nice e-commerce site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some computer hardware from them, and they took forever to ship it to me. On top of that, when the stuff finally arrived, it was damaged. I called their support line and asked for a return or an exchange, but they said that they wouldn’t take the card back because it was a closeout. Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen. They said, policy is policy,
and didn’t you read the fine print?
Well, if they’re going to take that position.… Look, they were okay guys on the whole. They just needed a bit of a lesson. That’s all.
So, there I was, the day after Christmas, with nothing to do. The family gathering was over. I decided to see just how good their site was. Just a little peek at what’s under the hood. There’s nothing wrong with that. I’ve hacked a few Web sites here and there—no defacements, but just looking around. Most of what I hit in the past were some universities and county government sites. I had done some more interesting sites recently, but these guys would be very interesting. In fact, they proved to be a nice challenge for a boring afternoon.
Now, one of my rules is to never storm the castle through the drawbridge. Their Web farm for their e-commerce stuff (and probably their databases) was colocated at some data center. I could tell because when I did traceroutes to their Web farm, I got a totally different route than when I did some traceroutes to other hosts I had discovered off their main Web site. So, it looked like they kept their e-commerce stuff separated from their corporate network, which sounds reasonable to me. That made it easy for me to decide how I would approach their network. I would look at the corporate network, rather than their data center, since I figured they probably had tighter security on their data center.
Tools
First off, my platform of choice should be pretty obvious. It’s Linux. Almost every tool that I have and use runs under Linux. On top of that, my collection of exploits runs really well under Linux. Now, OpenBSD is okay, and I’m something of a Solaris fan as well, but when I work, I work off a Linux platform. I don’t care whether it’s Red Hat, Mandrake, or Debian. That’s not important. What’s important is that you can tune the operating system to your needs. That’s the key. You need to be able to be sure that the underlying operating system is reliable. On a related note, my homegrown tools are a mixture of Bourne shell, Expect, and Python scripts. There’s a small amount of Perl in there as well, but most of the scripts are written in Python. Code reuse is important if you want to be successful at this