Chained Exploits: Advanced Hacking Attacks from Start to Finish

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $25.00
Usually ships in 1-2 business days
(Save 54%)
Other sellers (Paperback)
  • All (7) from $25.00   
  • New (3) from $34.82   
  • Used (4) from $25.00   


The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them

Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.

Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.

Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:

  • Constructing convincing new phishing attacks
  • Discovering which sites other Web users are visiting
  • Wreaking havoc on IT security via wireless networks
  • Disrupting competitors’ Web sites
  • Performing–and preventing–corporate espionage
  • Destroying secure files
  • Gaining access to private healthcare records
  • Attacking the viewers of social networking pages
  • Creating entirely new exploits
  • and more

Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.

Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.

Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.

Cover photograph © Corbis /

Jupiter Images

$49.99 US

$59.99 CANADA

Read More Show Less

Product Details

  • ISBN-13: 9780321498816
  • Publisher: Addison-Wesley
  • Publication date: 3/13/2009
  • Pages: 279
  • Sales rank: 1,027,149
  • Product dimensions: 6.90 (w) x 9.20 (h) x 0.90 (d)

Meet the Author

Andrew Whitaker (M.Sc., CISSP, CEI, LPT, ECSA, CHFI, CEH, CCSP, CCNP, CCVP, CCDP, CCNA, CCDA, CCENT, MCSE, MCTS, CNE, A+, Network+, Convergence+, Security+, CTP, EMCPA) is a recognized expert, trainer, and author in the field of penetration testing and security countermeasures. He works as the Director of Enterprise InfoSec and Networking and as a senior ethical hacking instructor for Training Camp. Over the past several years his courses have trained thousands of security professionals throughout the world. His security courses have also caught the attention of the Wall Street Journal, BusinessWeek, San Francisco Gate, and others.

Keatron Evans is a senior penetration tester and principal of Blink Digital Security based in Chicago, Illinois. He has more than 11 years experience doing penetration tests, vulnerability assessments, and forensics. Keatron regularly consults with and sometimes trains several government entities and corporations in the areas of network penetration, SCADA security, and other related national infrastructure security topics. He holds several information security certifications including CISSP, CSSA, CEH, CHFI, LPT, CCSP, MCSE:Security, MCT, Security+, and others.When not doing penetration tests, you can find Keatron teaching ethical hacking and forensics classes for Training Camp and a few other security training organizations.

Jack Voth has been working in the information technology field for 24 years. He holds numerous industry certifications including CISSP, MCSE, LPT, CEH, CHFI, ECSA, CTP, Security+, ACA, MCT, CEI, and CCNA. He specializes in penetration testing, vulnerability assessment, perimeter security, and voice/data networking architecture. In addition to being a co-owner and senior engineer of The Client Server, Inc., Jack has been instructing for more than six years on subject matter including Microsoft, Telecommunications Industry Association (TIA), EC-Council, ISC/2, and CompTIA.

Read More Show Less

Table of Contents

Introduction xvii

Chapter 1 Get Your Free Credit Cards Here 1

Setting the Stage 1

The Approach 1

The Chained Exploit 2

Enumerating the PDXO Web Site 3

Enumerating the Credit Card Database 5

Stealing Credit Card Information from the Web Site 11

Selling the Credit Card Information on the Underground Market 13

Defacing the PDXO Web Site 15

Chained Exploit Summary 16

Countermeasures 17

Change the Default HTTP Response Header 17

Do Not Have Public Access to Developer Sites 17

Do Not Install SQL Server on the Same Machine as IIS 17

Sanitize Input on Web Forms 18

Do Not Install IIS in the Default Location 18

Make Your Web Site Read-Only 18

Remove Unnecessary Stored Procedures from Your SQL Database 18

Do Not Use the Default Username and Password for Your Database 18

Countermeasures for Customers 19

Conclusion 20

Chapter 2 Discover What Your Boss Is Looking At 21

Setting the Stage 21

The Approach 22

For More Information 25

The Chained Exploit 28

Phishing Scam 29

Installing Executables 32

Setting Up the Phishing Site 38

Sending Mr. Minutia an E-mail 38

Finding the Boss’s Computer 42

Connecting to the Boss’s Computer 43

WinPcap 45

Analyzing the Packet Capture 46

Reassembling the Graphics 48

Other Possibilities 51

Chained Exploit Summary 52

Countermeasures 52

Countermeasures for Phishing Scams 53

Countermeasures for Trojan Horse Applications 53

Countermeasures for Packet-Capturing Software 54

Conclusion 54

Chapter 3 Take Down Your Competitor’s Web Site 55

Setting the Stage 55

The Approach 57

For More Information 59

The Chained Exploit 59

Attack #1: The Test 60

Attack #2: The One That Worked 66

Getting Access to the Pawn Web site 68

Lab-Testing the Hack 70

Modifying the Pawn Web Site 80

Other Possibilities 83

Chained Exploit Summary 84

Countermeasures 85

Countermeasures for Hackers Passively Finding Information about Your Company 85

Countermeasures for DDoS Attacks via ICMP 85

Countermeasures for DDoS Attacks via HTTP and Other Protocols 86

Countermeasures for Unauthorized Web Site Modification 86

Countermeasures for Compromise of Internal Employees 87

Conclusion 88

Chapter 4 Corporate Espionage 89

Setting the Stage 89

The Approach 91

The Chained Exploit 92

Reconnaissance 92

Getting Physical Access 96

Executing the Hacks 101

Bringing Down the Hospital 107

Other Possibilities 119

Chained Exploit Summary 120

Countermeasures 121

Countermeasures for Physical Security Breaches and Access Systems
Compromise 121

Countermeasures for Scanning Attacks 121

Countermeasures for Social Engineering 122

Countermeasures for Operating System Attacks 122

Countermeasures for Data Theft 123

Conclusion 124

Chapter 5 Chained Corporations 125

Setting the Stage 125

The Approach 126

The Chained Exploit 127

Reconnaissance 127

Social Engineering Attack 135

More and Yet More Recon 137

Aggressive Active Recon 140

Building the Exploit Infrastructure 149

Testing the Exploit 156

Executing the Hack 166

Constructing the Rootkit 167

Game Over–The End Result 172

Other Possibilities 173

Chained Exploit Summary 173

Countermeasures 174

Countermeasures for Hackers Passively Finding Information about Your Company 174

Countermeasures for Social Engineering Attack on Visual IQ 175

Countermeasures for Recon on the Visual IQ Software 175

Countermeasures for Wi-Fi Attack on Quizzi Home Network 175

Countermeasures for the Keylogger Attack 176

Conclusion 176

Chapter 6 Gain Physical Access to Healthcare Records 177

Setting the Stage 177

The Approach 179

For More Information 179

The Chained Exploit 181

Social Engineering and Piggybacking 181

Gaining Physical Access 195

Booting into Windows with Knoppix 201

Modifying Personally Identifiable Information or Protected Medical
Information 204

Chained Exploit Summary 205

Countermeasures 205

Social Engineering and Piggybacking 206

Lock Picking 208

Defeating Biometrics 208

Compromising a PC 208

Conclusion 209

Chapter 7 Attacking Social Networking Sites 211

Setting the Stage 211

The Approach 212

The Chained Exploit 213

Creating a Fake MySpace Web Site 213

Creating the Redirection Web Site 217

Creating a MySpace Page 218

Sending a Comment 221

Compromising the Account 224

Logging In to the Hacked Account 224

The Results 227

Chained Exploit Summary 228

Countermeasures 228

Avoid Using Social Networking Sites 229

Use a Private Profile 229

Be Careful about Clicking on Links 229

Require Last Name / E-mail Address to Be a Friend 230

Do Not Post Too Much Information 230

Be Careful When Entering Your Username/Password 230

Use a Strong Password 230

Change Your Password Frequently 231

Use Anti-Phishing Tools 231

Conclusion 231

Chapter 8 Wreaking Havoc from the Parking Lot 233

Setting the Stage 233

The Approach 236

For More Information 237

Accessing Networks Through Access Points 238

The Chained Exploit 239

Connecting to an Access Point 239

Performing the Microsoft Kerberos Preauthentication Attack 248

Cracking Passwords with RainbowCrack 254

Pilfering the Country Club Data 256

Chained Exploit Summary 257

Countermeasures 258

Secure Access Points 258

Configure Active Directory Properly 259

Use an Intrusion Prevention System or Intrusion Detection System 260

Update Anti-Virus Software Regularly 261

Computer Network Security Checklist 261

Conclusion 266

TOC, 2/9/09, 9780321498816

Read More Show Less



Whenever we tell people about the contents of this book, we always get the same response: “Isn’t that illegal?” Yes, we tell them. Most of what this book covers is completely illegal if you re-create the scenarios and perform them outside of a lab environment. This leads to the question of why we would even want to create a book like this.

The answer is quite simple. This book is necessary in the marketplace to educate others about chained exploits. Throughout our careers we have helped secure hundreds of organizations. The biggest weakness we saw was not in engineering a new security solution, but in education. People are just not aware of how attacks really occur. They need to be educated in how the sophisticated attacks happen so that they can know how to effectively protect against them.

All the authors of this book have experience in both penetration testing (hacking into organizations with authorization to assess their weakness) as well as teaching security and ethical hacking courses for Training Camp ( Many of the chapters in this book come from attacks we have successfully performed in real-world penetration tests. We want to share these so that you know how to stop malicious attacks. We all agree that it is through training that we make the biggest impact, and this book serves as an extension to our passion for security awareness training.

What Is a Chained Exploit?

There are several excellent books in the market on information security. What has been lacking, however, is a book that covers chained exploits and effective countermeasures. A chained exploit is an attack that involves multiple exploits or attacks. Typically a hacker will use not just one method, but several, to get to his or her target.

Take this scenario as an example. You get a call at 2 a.m. from a frantic coworker, saying your Web site has been breached. You jump out of bed, throw on a baseball cap and some clothes, and rush down to your workplace. When you get there, you find your manager and coworkers frenzied about what to do. You look at the Web server and go through the logs. Nothing sticks out at you. You go to the firewall and review its logs. You do not see any suspicious traffic heading for your Web server. What do you do?

We hope you said, “Step back, and look at the bigger picture.” Look around your infrastructure. You might have dedicated logging machines, load-balancing devices, switches, routers, backup devices, VPN (virtual private network) devices, hubs, database servers, application servers, Web servers, firewalls, encryption devices, storage devices, intruder detection devices, and much more. Within each of these devices and servers runs software. Each piece of software is a possible point of entry.

In this scenario the attacker might not have directly attacked the Web server from the outside. He or she might have first compromised a router. From there, the attacker might reconfigure the router to get access to a backup server that manages all backups for your datacenter. Next the attacker might use a buffer overflow exploit against your backup software to get administrator access to the backup server. The attacker might launch an attack to confuse the intrusion detection system so that the real attack goes unnoticed. Then the attacker might launch an attack from the backup server to a server that stores all your log files. The attacker might erase all log files to cover his or her tracks, and then launch an attack from that server to your Web server. We think you get the point: Attacks are seldom simple. They often involve many separate attacks chained together to form one large attack. Your job as a security professional is to be constantly aware of the big picture, and to consider everything when someone attacks your system.

A skilled hacker acts much like the ants on the cover of this book. If you notice on the cover, the ants are in a line, each separate, but part of a chain. Each ant also takes something for its own use, like a hacker stealing information. Ants also tend to do most of their work without anyone seeing them, just as skilled hackers do their work without observation. Use this book as your pesticide; learn where the hackers are hiding so that you can eliminate them and stop them from gaining access to your organization.

Format of the Book

This book makes use of a fictional character named Phoenix. You do not need to read the chapters in any particular order, so if you want to jump into a topic of interest right away, go for it. Each chapter begins with a “Setting the Stage” section where we explain the scenario that is the basis behind Phoenix’s motivation for attack. You’ll learn how common greed or the desire for revenge can lead to sophisticated attacks with serious consequences.

Each chapter continues with a section titled “The Chained Exploit,” which is a detailed, step-by-step approach used by our fictitious character to launch his attack. As you read through this section, you will learn that an attack is more than just using one software tool to gain access to a computer. Sometimes attacks originate from within an organization, whereas other times attacks begin from outside the organization. You will even learn about compromising physical security and social engineering as means to achieving Phoenix’s goal.

Each chapter concludes with a “Countermeasures” section filled with information that you can use to prevent the chained exploit discussed in the chapter. You should compare this information with your own security policies and procedures to determine whether your organization can or should deploy these countermeasures.

Note - Many of the organizations and Web sites mentioned in the scenario portions of this book are fictitious and are for illustrative purposes only. For example, in Chapter 2, “Discover What Your Boss Is Looking At,” the site Phoenix copies for his phishing site does not really exist, although many like it do.

Additional Resources

There were many things we wanted to include in this book but could not due to time restraints. You can find more information about chained exploits by visiting That Web site contains additional information about chained exploits and any errata for this book.


The attacks in this book are illegal if performed outside a lab environment. All the examples in this book are from the authors’ experience performing authorized penetration tests against organizations. Then the authors re-created the examples in a lab environment to ensure accuracy. At no point should you attempt to re-create any of these attacks described in this book. Should you want to use the techniques to assess the security of your organization, be sure to first obtain written authorization from key stakeholders and appropriate managers before you perform any tests.

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 – 4 of 2 Customer Reviews
  • Anonymous

    Posted January 10, 2010

    No text was provided for this review.

  • Anonymous

    Posted December 26, 2010

    No text was provided for this review.

  • Anonymous

    Posted January 9, 2011

    No text was provided for this review.

  • Anonymous

    Posted December 26, 2009

    No text was provided for this review.

Sort by: Showing 1 – 4 of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)