The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (42 page)
Authors: Kevin D. Mitnick,William L. Simon
Tags: #Computer Hackers, #Computer Security, #Computers, #General, #Security
ping sweeps, 202�203 Robert
port scanning, 199�201 accessing the help desk, 171�173
remote control of a PC, 208�211 background, 166, 168�169
researching the target, 196�197 backticked variable injection flaw, 167�168
reverse DNS lookup, 197�198 backup dangers, 177�179
success, 215 discovering server names, 170�171
trapped in a DMZ, 202�207 e-mail addresses, retrieving, 178 programs. See software hacking video post production software, 169�177 protective measures. See countermeasures Outlook.pst file, retrieving, 178 proxy servers passwords, cracking, 175, 178�179, 180
finding, 99 passwords, observations on, 179�180
misconfigured, countermeasures, 112 porn spam, 167�168
misconfigured, exploiting, 94, 99 rainbow tables attack, 180 Index 269
retrieving mailing lists, 167�168 Excite@Home hack, 95
setup.pl exploit, 167�168 fear, 237
SQL injection attack, 173�177 fooling the guards, 223�224
uploading to protected directories, 172 forcing the target into a role, 234 Robin Hood hacker. See Lamo, Adrian heuristic information processing, 234�235 role, and social engineering, 232�233 impersonating an employee, 226�229 role-based accounts, 62�63 Las Vegas security audits, 222�232 roulette hack, 3 liking, 236�237 routers, identifying, 198�199 momentum of compliance, 235
penetration testing, 121, 132�133 Sagarin, Brad, 232, 233 phone number sniffing, countermeasures, 110 scanning for vulnerabilities, CGI (common gateway phony badges, 130�131, 137, 229�230
interface), 43 politeness norm, 136 Secret Internet Protocol Router Network psychology of color, 225�226
(SIPRNET), 28�29, 30�32 reactance, 237�238 securing personal laptops, countermeasures, 217 schmoozing casino staffers, 222�223 security company intrusion shoulder surfing, 126�127
3COM device configuration, determining, 200�202 social psychology of persuasion, 232
accessing the company system, 211�215 stealing hotel services, 72�73
barging the IIS server, 213 systematic information processing, 234�235
countermeasures, 216�218 tailgating, 121, 132�133, 136
hackers' background, 195�196 training guidelines, 238�240
identifying a router, 198�199 training programs, 240�242
mapping the network, 197�198, 202�207 trappings of role, 232�233
passwords, cracking, 200, 210, 214 in your own family, 242�244
ping sweeps, 202�203 social psychology of social engineering
port scanning, 199�201 altercasting, 234
remote control of a PC, 208�211 attribution, 236
researching the target, 196�197 cold reading, 236
reverse DNS lookup, 197�198 credibility, 233
success, 215 desire to help, 235�236
trapped in a DMZ, 202�207 distracting the target, 234�235 security measures. See countermeasures fear, 237 security through obscurity, 94 forcing the target into a role, 234 sensitive files, protecting, 191 heuristic information processing, 234�235 September 11, aftermath of, 34�35 liking, 236�237 server names, discovering, 170�171 momentum of compliance, 235 server software, identifying, 155�157 persuasion, 232 setup.pl, vulnerabilities, 167�168 reactance, 237�238 setup.pl exploit, 167�168 systematic information processing, 234�235 shoulder surfing, 126�127 trappings of role, 232�233 SIPRNET (Secret Internet Protocol Router Network), soft drink machine hack, 250
28�29, 30�32 software. See also firmware slot machine hack. See casino hack dumping Registry information, 161 sniffers examining network connections, 161
Boeing hack, 28 IDA Pro, 173
Chinese university hack, 26 Interactive Disassembler, 173
e-mail, 122 inventory and auditing, 65�66
hiding, 43 l0phtCrack, 116, 128�129
Lockheed Martin hack, 43 LsaDump2, 161
passwords, 43 netstat command, 161
phone numbers, 110 network intrusions, 161�163
SIPRNET hack, 31 Nmap, 199�201 snooping. See sniffers password cracking social engineering John the Ripper, 142
altercasting, 234 l0phtCrack, 116, 128�129
attribution, 236 l0phtCrack III, 180
Chinese university hack, 25�27 PkCrack, 165�166
cold readings, 222�223, 236 PwDump2, 180
countermeasures, 110, 238 PC Anywhere, 208�211
credibility, 233 PkCrack, 165�166
desire to help, 235�236 port scanning, 199�201
direction of approach, 223�224 proxy server lookup, 99
distracting the target, 234�235 ProxyHunter, 99
dumpster diving, 70�71, 118, 120�121 PwDump2, 180
ethics of, 135 RAT (Remote Access Trojan), 96 270 Index
software (continued) downloading source code, 164�165
remote control of a PC, 208�211 dumping Registry information, 161
reverse engineering C code to assembler, 173 examining Internet Explorer history, 162
sniffers hacking target applications, 161�163
Boeing hack, 28 hacking the target, 159�160
Chinese university hack, 26 identifying the target, 158�159
hiding, 43 known plaintext attack, 165�166
Lockheed Martin hack, 43 password cracking, 157�159, 165�166
passwords, 43 port scans, 155�157
SIPRNET hack, 31 retrieving licensing keys, 161�162
tracert command, 162�163, 198�199 tracing network packets, 162�163
tracing network packets, 162�163
Trojans, U.S. District Court hack, 73�74 unauthorized hardware, 64�65
Whois queries, 110 uploading to Spy Lantern Keylogger, 144, 148 protected directories, 172 SQL injection attack, 173�177 Warez sites, 183 SQL servers, protecting, 190�191 U.S. District Court hack, 71�72, 73�74, 87�88 stateful inspection firewalls, 186 strategies for attacks. See specific strategies vending machine hack, 250 Swiss bank hack, 147�148 video post production software, hacking, 169�177 systematic information processing, 234�235 Visual SourceSafe, vulnerabilities, 179 system-management tasks, cracker countermeasures, voicemail snooping, 122
187�188 VPN services, 192
vulnerabilities. See also exploits tailgating, 121, 132�133, 136 Apache server software, 119 Takedown, 24 backticked variable injection flaw, 167�168 target-rich environments, 63 BIND (Berkeley Internet Name Domain), 43 telephone hacking. See phone hacking; phreaking Citrix Metaframe shadowing feature, 144, 145 terrorist intrusions DNS (Domain Name Servers), 43
aftermath, 39�40 electronic attack on the U. S., 41�42
aftermath of 9/11, 34�35 encryption, 12�13
Chinese university hack, 25�27 Microsoft FrontPage, 172
countermeasures, 44�46 PHF hole, 120
DEM hack, 27 PHF (phone book) script, 43�44
Indian Airlines hijacking, 29�30 scanning for, CGI (common gateway interface), 43
insight, 42�44 setup.pl, 167�168
Lockheed Martin hack, 27�28, 42�44 Solaris operating system, 119
SIPRNET hack, 28�29, 30�32 Visual SourceSafe, 179
threat assessment, 41�42
White House break-in, 35�39, 43�44 wearable computer, 13�16 Texas Hold 'Em hack, 254�255 White House break-in, 35�39, 43�44 Texas prison hack. See also prison time Whois queries, 110
countermeasures, 62�66 Whurley, 222�230
federal prisons, 49�51 Windows, hardening, 192�193
getting caught, 56�59
hacker's background, 59�60 Zatko, Pieter (Mudge)
hacker's life after prison, 60�62 the attack, 118�119
insight, 62 background, 116
life in prison, 49�51 dumpster diving, 118, 120�121
online in safety, 53�56 e-mail sniffing, 122
trading food for computer gear, 51�52 final report, 123�124 third-party applications, cracker countermeasures, 190 fortuitous blackout, 121�122 threat assessment, terrorist intrusions, 41�42 get-out-of-jail-free card, 118 3COM device configuration, determining, 200�202 ground rules, 117�119 tools and utilities. See software meeting the client, 117 tracert command, 162�163, 198�199 NDAs (nondisclosure agreements), 118�119 trapdoors. See Trojans tailgating, 121 trappings of role, 232�233 voicemail snooping, 122 Trojans, 73�74, 150 zero-day exploits, 45 two-year hack zone transfer, 111
busted, 163�164 Zyklon (Burns, Eric), 35�40, 43�44
close call, 160�161