- Shopping Bag ( 0 items )
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.
Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:
Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.
Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.
Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
Cover photograph © Corbis /
Chapter 1 Get Your Free Credit Cards Here 1
Setting the Stage 1
The Approach 1
The Chained Exploit 2
Enumerating the PDXO Web Site 3
Enumerating the Credit Card Database 5
Stealing Credit Card Information from the Web Site 11
Selling the Credit Card Information on the Underground Market 13
Defacing the PDXO Web Site 15
Chained Exploit Summary 16
Change the Default HTTP Response Header 17
Do Not Have Public Access to Developer Sites 17
Do Not Install SQL Server on the Same Machine as IIS 17
Sanitize Input on Web Forms 18
Do Not Install IIS in the Default Location 18
Make Your Web Site Read-Only 18
Remove Unnecessary Stored Procedures from Your SQL Database 18
Do Not Use the Default Username and Password for Your Database 18
Countermeasures for Customers 19
Chapter 2 Discover What Your Boss Is Looking At 21
Setting the Stage 21
The Approach 22
For More Information 25
The Chained Exploit 28
Phishing Scam 29
Installing Executables 32
Setting Up the Phishing Site 38
Sending Mr. Minutia an E-mail 38
Finding the Boss’s Computer 42
Connecting to the Boss’s Computer 43
Analyzing the Packet Capture 46
Reassembling the Graphics 48
Other Possibilities 51
Chained Exploit Summary 52
Countermeasures for Phishing Scams 53
Countermeasures for Trojan Horse Applications 53
Countermeasures for Packet-Capturing Software 54
Chapter 3 Take Down Your Competitor’s Web Site 55
Setting the Stage 55
The Approach 57
For More Information 59
The Chained Exploit 59
Attack #1: The Test 60
Attack #2: The One That Worked 66
Getting Access to the Pawn Web site 68
Lab-Testing the Hack 70
Modifying the Pawn Web Site 80
Other Possibilities 83
Chained Exploit Summary 84
Countermeasures for Hackers Passively Finding Information about Your Company 85
Countermeasures for DDoS Attacks via ICMP 85
Countermeasures for DDoS Attacks via HTTP and Other Protocols 86
Countermeasures for Unauthorized Web Site Modification 86
Countermeasures for Compromise of Internal Employees 87
Chapter 4 Corporate Espionage 89
Setting the Stage 89
The Approach 91
The Chained Exploit 92
Getting Physical Access 96
Executing the Hacks 101
Bringing Down the Hospital 107
Other Possibilities 119
Chained Exploit Summary 120
Countermeasures for Physical Security Breaches and Access Systems
Countermeasures for Scanning Attacks 121
Countermeasures for Social Engineering 122
Countermeasures for Operating System Attacks 122
Countermeasures for Data Theft 123
Chapter 5 Chained Corporations 125
Setting the Stage 125
The Approach 126
The Chained Exploit 127
Social Engineering Attack 135
More and Yet More Recon 137
Aggressive Active Recon 140
Building the Exploit Infrastructure 149
Testing the Exploit 156
Executing the Hack 166
Constructing the Rootkit 167
Game Over–The End Result 172
Other Possibilities 173
Chained Exploit Summary 173
Countermeasures for Hackers Passively Finding Information about Your Company 174
Countermeasures for Social Engineering Attack on Visual IQ 175
Countermeasures for Recon on the Visual IQ Software 175
Countermeasures for Wi-Fi Attack on Quizzi Home Network 175
Countermeasures for the Keylogger Attack 176
Chapter 6 Gain Physical Access to Healthcare Records 177
Setting the Stage 177
The Approach 179
For More Information 179
The Chained Exploit 181
Social Engineering and Piggybacking 181
Gaining Physical Access 195
Booting into Windows with Knoppix 201
Modifying Personally Identifiable Information or Protected Medical
Chained Exploit Summary 205
Social Engineering and Piggybacking 206
Lock Picking 208
Defeating Biometrics 208
Compromising a PC 208
Chapter 7 Attacking Social Networking Sites 211
Setting the Stage 211
The Approach 212
The Chained Exploit 213
Creating a Fake MySpace Web Site 213
Creating the Redirection Web Site 217
Creating a MySpace Page 218
Sending a Comment 221
Compromising the Account 224
Logging In to the Hacked Account 224
The Results 227
Chained Exploit Summary 228
Avoid Using Social Networking Sites 229
Use a Private Profile 229
Be Careful about Clicking on Links 229
Require Last Name / E-mail Address to Be a Friend 230
Do Not Post Too Much Information 230
Be Careful When Entering Your Username/Password 230
Use a Strong Password 230
Change Your Password Frequently 231
Use Anti-Phishing Tools 231
Chapter 8 Wreaking Havoc from the Parking Lot 233
Setting the Stage 233
The Approach 236
For More Information 237
Accessing Networks Through Access Points 238
The Chained Exploit 239
Connecting to an Access Point 239
Performing the Microsoft Kerberos Preauthentication Attack 248
Cracking Passwords with RainbowCrack 254
Pilfering the Country Club Data 256
Chained Exploit Summary 257
Secure Access Points 258
Configure Active Directory Properly 259
Use an Intrusion Prevention System or Intrusion Detection System 260
Update Anti-Virus Software Regularly 261
Computer Network Security Checklist 261
TOC, 2/9/09, 9780321498816
Whenever we tell people about the contents of this book, we always get the same response: “Isn’t that illegal?” Yes, we tell them. Most of what this book covers is completely illegal if you re-create the scenarios and perform them outside of a lab environment. This leads to the question of why we would even want to create a book like this.
The answer is quite simple. This book is necessary in the marketplace to educate others about chained exploits. Throughout our careers we have helped secure hundreds of organizations. The biggest weakness we saw was not in engineering a new security solution, but in education. People are just not aware of how attacks really occur. They need to be educated in how the sophisticated attacks happen so that they can know how to effectively protect against them.
All the authors of this book have experience in both penetration testing (hacking into organizations with authorization to assess their weakness) as well as teaching security and ethical hacking courses for Training Camp (http://www.trainingcamp.com). Many of the chapters in this book come from attacks we have successfully performed in real-world penetration tests. We want to share these so that you know how to stop malicious attacks. We all agree that it is through training that we make the biggest impact, and this book serves as an extension to our passion for security awareness training.
There are several excellent books in the market on information security. What has been lacking, however, is a book that covers chained exploits and effective countermeasures. A chained exploit is an attack that involves multiple exploits or attacks. Typically a hacker will use not just one method, but several, to get to his or her target.
Take this scenario as an example. You get a call at 2 a.m. from a frantic coworker, saying your Web site has been breached. You jump out of bed, throw on a baseball cap and some clothes, and rush down to your workplace. When you get there, you find your manager and coworkers frenzied about what to do. You look at the Web server and go through the logs. Nothing sticks out at you. You go to the firewall and review its logs. You do not see any suspicious traffic heading for your Web server. What do you do?
We hope you said, “Step back, and look at the bigger picture.” Look around your infrastructure. You might have dedicated logging machines, load-balancing devices, switches, routers, backup devices, VPN (virtual private network) devices, hubs, database servers, application servers, Web servers, firewalls, encryption devices, storage devices, intruder detection devices, and much more. Within each of these devices and servers runs software. Each piece of software is a possible point of entry.
In this scenario the attacker might not have directly attacked the Web server from the outside. He or she might have first compromised a router. From there, the attacker might reconfigure the router to get access to a backup server that manages all backups for your datacenter. Next the attacker might use a buffer overflow exploit against your backup software to get administrator access to the backup server. The attacker might launch an attack to confuse the intrusion detection system so that the real attack goes unnoticed. Then the attacker might launch an attack from the backup server to a server that stores all your log files. The attacker might erase all log files to cover his or her tracks, and then launch an attack from that server to your Web server. We think you get the point: Attacks are seldom simple. They often involve many separate attacks chained together to form one large attack. Your job as a security professional is to be constantly aware of the big picture, and to consider everything when someone attacks your system.
A skilled hacker acts much like the ants on the cover of this book. If you notice on the cover, the ants are in a line, each separate, but part of a chain. Each ant also takes something for its own use, like a hacker stealing information. Ants also tend to do most of their work without anyone seeing them, just as skilled hackers do their work without observation. Use this book as your pesticide; learn where the hackers are hiding so that you can eliminate them and stop them from gaining access to your organization.
This book makes use of a fictional character named Phoenix. You do not need to read the chapters in any particular order, so if you want to jump into a topic of interest right away, go for it. Each chapter begins with a “Setting the Stage” section where we explain the scenario that is the basis behind Phoenix’s motivation for attack. You’ll learn how common greed or the desire for revenge can lead to sophisticated attacks with serious consequences.
Each chapter continues with a section titled “The Chained Exploit,” which is a detailed, step-by-step approach used by our fictitious character to launch his attack. As you read through this section, you will learn that an attack is more than just using one software tool to gain access to a computer. Sometimes attacks originate from within an organization, whereas other times attacks begin from outside the organization. You will even learn about compromising physical security and social engineering as means to achieving Phoenix’s goal.
Each chapter concludes with a “Countermeasures” section filled with information that you can use to prevent the chained exploit discussed in the chapter. You should compare this information with your own security policies and procedures to determine whether your organization can or should deploy these countermeasures.
Note - Many of the organizations and Web sites mentioned in the scenario portions of this book are fictitious and are for illustrative purposes only. For example, in Chapter 2, “Discover What Your Boss Is Looking At,” the http://www.certificationpractice.com site Phoenix copies for his phishing site does not really exist, although many like it do.
There were many things we wanted to include in this book but could not due to time restraints. You can find more information about chained exploits by visiting http://www.chainedexploits.com. That Web site contains additional information about chained exploits and any errata for this book.
The attacks in this book are illegal if performed outside a lab environment. All the examples in this book are from the authors’ experience performing authorized penetration tests against organizations. Then the authors re-created the examples in a lab environment to ensure accuracy. At no point should you attempt to re-create any of these attacks described in this book. Should you want to use the techniques to assess the security of your organization, be sure to first obtain written authorization from key stakeholders and appropriate managers before you perform any tests.
© Copyright Pearson Education. All rights reserved.
Posted January 10, 2010
No text was provided for this review.
Posted December 26, 2010
No text was provided for this review.
Posted January 9, 2011
No text was provided for this review.
Posted December 26, 2009
No text was provided for this review.