Hacking For Dummies®, 7th Edition (Kevin Beaver) (Z-Library)

📄 File Format: PDF

💾 File Size: 20.1 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

(This page has no text content)

📄 Page 3

Hacking 7th Edition by Kevin Beaver, CISSP

📄 Page 4

Hacking For Dummies®, 7th Edition Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com Copyright © 2022 by John Wiley & Sons, Inc., Hoboken, New Jersey Media and software compilation copyright © 2022 by John Wiley & Sons, Inc. All rights reserved. Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/ permissions. Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHORS HAVE USED THEIR BEST EFFORTS IN PREPARING THIS WORK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES, WRITTEN SALES MATERIALS OR PROMOTIONAL STATEMENTS FOR THIS WORK. THE FACT THAT AN ORGANIZATION, WEBSITE, OR PRODUCT IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE PUBLISHER AND AUTHORS ENDORSE THE INFORMATION OR SERVICES THE ORGANIZATION, WEBSITE, OR PRODUCT MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A SPECIALIST WHERE APPROPRIATE. FURTHER, READERS SHOULD BE AWARE THAT WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. NEITHER THE PUBLISHER NOR AUTHORS SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2022933150 ISBN 978-1-119-87219-1 (pbk); ISBN 978-1-119-87220-7 (ebk); ISBN 978-1-119-87221-4 (ebk)

📄 Page 5

Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Part 1: Building the Foundation for Security Testing . . . . . . . . 5 CHAPTER 1: Introduction to Vulnerability and Penetration Testing . . . . . . . . . . . . . . . . 7 CHAPTER 2: Cracking the Hacker Mindset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 CHAPTER 3: Developing Your Security Testing Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 CHAPTER 4: Hacking Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Part 2: Putting Security Testing in Motion . . . . . . . . . . . . . . . . . . . 59 CHAPTER 5: Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 CHAPTER 6: Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 CHAPTER 7: Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 8: Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Part 3: Hacking Network Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 CHAPTER 9: Network Infrastructure Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 CHAPTER 10: Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 CHAPTER 11: Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Part 4: Hacking Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 205 CHAPTER 12: Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 CHAPTER 13: Linux and macOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Part 5: Hacking Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 CHAPTER 14: Communication and Messaging Systems . . . . . . . . . . . . . . . . . . . . . . . . . 259 CHAPTER 15: Web Applications and Mobile Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 CHAPTER 16: Databases and Storage Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Part 6: Security Testing Aftermath . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 CHAPTER 17: Reporting Your Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 CHAPTER 18: Plugging Your Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 CHAPTER 19: Managing Security Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

📄 Page 6

Part 7: The Part of Tens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 CHAPTER 20: Ten Tips for Getting Security Buy-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 CHAPTER 21: Ten Reasons Hacking Is the Only Effective Way to Test . . . . . . . . . . . . . 353 CHAPTER 22: Ten Deadly Mistakes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Appendix: Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

📄 Page 7

Table of Contents v Table of Contents INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Foolish Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Icons Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Beyond the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 PART 1: BUILDING THE FOUNDATION FOR SECURITY TESTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 CHAPTER 1: Introduction to Vulnerability and Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Straightening Out the Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Malicious user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Recognizing How Malicious Attackers Beget Ethical Hackers . . . . . . . .10 Vulnerability and penetration testing versus auditing . . . . . . . . . . .11 Policy considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Compliance and regulatory concerns . . . . . . . . . . . . . . . . . . . . . . . . .12 Understanding the Need to Hack Your Own Systems . . . . . . . . . . . . . .12 Understanding the Dangers Your Systems Face . . . . . . . . . . . . . . . . . . .14 Nontechnical attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Network infrastructure attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Operating system attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Application and other specialized attacks . . . . . . . . . . . . . . . . . . . . .15 Following the Security Assessment Principles . . . . . . . . . . . . . . . . . . . . .16 Working ethically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Respecting privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Not crashing your systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Using the Vulnerability and Penetration Testing Process . . . . . . . . . . .18 Formulating your plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Selecting tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Executing the plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Evaluating results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Moving on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

📄 Page 8

vi Hacking For Dummies CHAPTER 2: Cracking the Hacker Mindset . . . . . . . . . . . . . . . . . . . . . . . . . 25 What You’re Up Against . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Who Breaks into Computer Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Hacker skill levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Hacker motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Why They Do It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Planning and Performing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Maintaining Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 CHAPTER 3: Developing Your Security Testing Plan . . . . . . . . . . . . . . 37 Establishing Your Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Determining Which Systems to Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Creating Testing Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Timing your tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Running specific tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Conducting blind versus knowledge assessments . . . . . . . . . . . . . .45 Picking your location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Responding to vulnerabilities you find . . . . . . . . . . . . . . . . . . . . . . . .47 Making silly assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47 Selecting Security Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 CHAPTER 4: Hacking Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Setting the Stage for Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Seeing What Others See . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Scanning Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Open ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Determining What’s Running on Open Ports . . . . . . . . . . . . . . . . . . . . .54 Assessing Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Penetrating the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58 PART 2: PUTTING SECURITY TESTING IN MOTION . . . . . . . . . 59 CHAPTER 5: Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Gathering Public Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Social media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Web search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Web crawling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 Mapping the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 WHOIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 Privacy policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

📄 Page 9

Table of Contents vii CHAPTER 6: Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Introducing Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69 Starting Your Social Engineering Tests . . . . . . . . . . . . . . . . . . . . . . . . . . .71 Knowing Why Attackers Use Social Engineering . . . . . . . . . . . . . . . . . . .71 Understanding the Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72 Building trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73 Exploiting the relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74 Performing Social Engineering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . .77 Determining a goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Seeking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Social Engineering Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . .82 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82 User awareness and training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 CHAPTER 7: Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Identifying Basic Physical Security Vulnerabilities . . . . . . . . . . . . . . . . .88 Pinpointing Physical Vulnerabilities in Your Office . . . . . . . . . . . . . . . . .89 Building infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 Office layout and use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 Network components and computers . . . . . . . . . . . . . . . . . . . . . . . .95 CHAPTER 8: Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Understanding Password Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . .100 Organizational password vulnerabilities . . . . . . . . . . . . . . . . . . . . .101 Technical password vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . .101 Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 Cracking passwords the old-fashioned way . . . . . . . . . . . . . . . . . .103 Cracking passwords with high-tech tools . . . . . . . . . . . . . . . . . . . . .106 Cracking password-protected files . . . . . . . . . . . . . . . . . . . . . . . . . .115 Understanding other ways to crack passwords . . . . . . . . . . . . . . .116 General Password Cracking Countermeasures . . . . . . . . . . . . . . . . . .121 Storing passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Creating password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Taking other countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124 Securing Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 Linux and Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 PART 3: HACKING NETWORK HOSTS . . . . . . . . . . . . . . . . . . . . . . . . 129 CHAPTER 9: Network Infrastructure Systems . . . . . . . . . . . . . . . . . . . . 131 Understanding Network Infrastructure Vulnerabilities . . . . . . . . . . . .132 Choosing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

📄 Page 10

viii Hacking For Dummies Scanners and analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 Vulnerability assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 Scanning, Poking, and Prodding the Network . . . . . . . . . . . . . . . . . . . .135 Scanning ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Scanning SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141 Grabbing banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Testing firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144 Analyzing network data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 The MAC-daddy attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Testing denial of service attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . .157 Detecting Common Router, Switch, and Firewall Weaknesses . . . . . .161 Finding unsecured interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Uncovering issues with SSL and TLS . . . . . . . . . . . . . . . . . . . . . . . . .162 Putting Up General Network Defenses . . . . . . . . . . . . . . . . . . . . . . . . .162 CHAPTER 10: Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Understanding the Implications of Wireless Network Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166 Choosing Your Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166 Discovering Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168 Checking for worldwide recognition . . . . . . . . . . . . . . . . . . . . . . . . .168 Scanning your local airwaves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169 Discovering Wireless Network Attacks and Taking Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 Encrypted traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Countermeasures against encrypted traffic attacks . . . . . . . . . . .177 Wi-Fi Protected Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179 Countermeasures against the WPS PIN flaw . . . . . . . . . . . . . . . . . .181 Rogue wireless devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181 Countermeasures against rogue wireless devices . . . . . . . . . . . . .185 MAC spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 Countermeasures against MAC spoofing . . . . . . . . . . . . . . . . . . . .189 Physical security problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Countermeasures against physical security problems . . . . . . . . .190 Vulnerable wireless workstations . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Countermeasures against vulnerable wireless workstations . . . .191 Default configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191 Countermeasures against default configuration settings exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191 CHAPTER 11: Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Sizing Up Mobile Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Cracking Laptop Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194 Choosing your tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194 Applying countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

📄 Page 11

Table of Contents ix Cracking Phones and Tablets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 Cracking iOS passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 Taking countermeasures against password cracking . . . . . . . . . .203 PART 4: HACKING OPERATING SYSTEMS . . . . . . . . . . . . . . . . . . . 205 CHAPTER 12: Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Introducing Windows Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Choosing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209 Free Microsoft tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209 All-in-one assessment tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210 Task-specific tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210 Gathering Information About Your Windows Vulnerabilities . . . . . . .211 System scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211 NetBIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Detecting Null Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Gleaning information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 Countermeasures against null-session hacks . . . . . . . . . . . . . . . . .221 Checking Share Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 Windows defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223 Exploiting Missing Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224 Using Metasploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225 Countermeasures against missing patch vulnerability exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231 Running Authenticated Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231 CHAPTER 13: Linux and macOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Understanding Linux Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .234 Choosing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235 Gathering Information About Your System Vulnerabilities . . . . . . . . .235 System scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235 Countermeasures against system scanning . . . . . . . . . . . . . . . . . .238 Finding Unneeded and Unsecured Services . . . . . . . . . . . . . . . . . . . . .240 Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Countermeasures against attacks on unneeded services . . . . . . .242 Securing the .rhosts and hosts .equiv Files . . . . . . . . . . . . . . . . . . . . . .244 Hacks using the hosts.equiv and .rhosts files . . . . . . . . . . . . . . . . .244 Countermeasures against .rhosts and hosts.equiv file attacks . . . 245 Assessing the Security of NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 NFS hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Countermeasures against NFS attacks . . . . . . . . . . . . . . . . . . . . . . .248 Checking File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248 File permission hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248 Countermeasures against file permission attacks . . . . . . . . . . . . .248

📄 Page 12

x Hacking For Dummies Finding Buffer Overflow Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . .250 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250 Countermeasures against buffer overflow attacks . . . . . . . . . . . .250 Checking Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Physical security hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Countermeasures against physical security attacks . . . . . . . . . . .251 Performing General Security Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Patching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253 Distribution updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Multiplatform update managers . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 PART 5: HACKING APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 CHAPTER 14: Communication and Messaging Systems . . . . . . . . . . 259 Introducing Messaging System Vulnerabilities . . . . . . . . . . . . . . . . . . .259 Recognizing and Countering Email Attacks . . . . . . . . . . . . . . . . . . . . . .260 Email bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261 Banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264 SMTP attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266 General best practices for minimizing email security risks . . . . . .275 Understanding VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276 VoIP vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277 Countermeasures against VoIP vulnerabilities . . . . . . . . . . . . . . . .282 CHAPTER 15: Web Applications and Mobile Apps . . . . . . . . . . . . . . . . . 283 Choosing Your Web Security Testing Tools . . . . . . . . . . . . . . . . . . . . . .284 Seeking Out Web Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285 Directory traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285 Countermeasures against directory traversals . . . . . . . . . . . . . . . .289 Input-filtering attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290 Countermeasures against input attacks . . . . . . . . . . . . . . . . . . . . .297 Default script attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299 Countermeasures against default script attacks . . . . . . . . . . . . . .299 Unsecured login mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Countermeasures against unsecured login systems . . . . . . . . . . .303 Performing general security scans for web application vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304 Minimizing Web Security Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305 Practicing security by obscurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305 Putting up firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306 Analyzing source code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306 Uncovering Mobile App Flaws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307

📄 Page 13

Table of Contents xi CHAPTER 16: Databases and Storage Systems . . . . . . . . . . . . . . . . . . . . . 309 Diving Into Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309 Choosing tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310 Finding databases on the network . . . . . . . . . . . . . . . . . . . . . . . . . .310 Cracking database passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311 Scanning databases for vulnerabilities . . . . . . . . . . . . . . . . . . . . . . .312 Following Best Practices for Minimizing Database Security Risks . . .313 Opening Up About Storage Systems . . . . . . . . . . . . . . . . . . . . . . . . . . .314 Choosing tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 Finding storage systems on the network . . . . . . . . . . . . . . . . . . . . .315 Rooting out sensitive text in network files . . . . . . . . . . . . . . . . . . . .316 Following Best Practices for Minimizing Storage Security Risks . . . . .319 PART 6: SECURITY TESTING AFTERMATH . . . . . . . . . . . . . . . . . . . 321 CHAPTER 17: Reporting Your Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Pulling the Results Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323 Prioritizing Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327 CHAPTER 18: Plugging Your Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . 329 Turning Your Reports into Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329 Patching for Perfection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330 Patch management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331 Patch automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331 Hardening Your Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332 Assessing Your Security Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . .334 CHAPTER 19: Managing Security Processes . . . . . . . . . . . . . . . . . . . . . . . . . 337 Automating the Security Assessment Process . . . . . . . . . . . . . . . . . . .337 Monitoring Malicious Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338 Outsourcing Security Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340 Instilling a Security-Aware Mindset . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342 Keeping Up with Other Security Efforts . . . . . . . . . . . . . . . . . . . . . . . . .343 PART 7: THE PART OF TENS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 CHAPTER 20: Ten Tips for Getting Security Buy-In . . . . . . . . . . . . . . . . . 347 Cultivate an Ally and a Sponsor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347 Don’t Be a FUDdy-Duddy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348 Demonstrate That the Organization Can’t Afford to Be Hacked . . . .348 Outline the General Benefits of Security Testing . . . . . . . . . . . . . . . . .349 Show How Security Testing Specifically Helps the Organization . . . .350 Get Involved in the Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350 Establish Your Credibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

📄 Page 14

xii Hacking For Dummies Speak on Management’s Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351 Show Value in Your Efforts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352 Be Flexible and Adaptable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352 CHAPTER 21: Ten Reasons Hacking Is the Only Effective Way to Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353 IT Governance and Compliance Are More Than High-Level Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 Vulnerability and Penetration Testing Complements Audits and Security Evaluations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 Customers and Partners Will Ask How Secure Your Systems Are . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354 The Law of Averages Works Against Businesses . . . . . . . . . . . . . . . . .355 Security Assessments Improve Understanding of Business Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355 If a Breach Occurs, You Have Something to Fall Back On . . . . . . . . . .355 In-Depth Testing Brings Out the Worst in Your Systems . . . . . . . . . . .356 Combined Vulnerability and Penetration Testing Is What You Need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356 Proper Testing Can Uncover Overlooked Weaknesses . . . . . . . . . . . .356 CHAPTER 22: Ten Deadly Mistakes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Not Getting Approval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .357 Assuming That You Can Find All Vulnerabilities . . . . . . . . . . . . . . . . . .358 Assuming That You Can Eliminate All Vulnerabilities . . . . . . . . . . . . . .358 Performing Tests Only Once . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359 Thinking That You Know It All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359 Running Your Tests Without Looking at Things from a Hacker’s Viewpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359 Not Testing the Right Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360 Not Using the Right Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360 Pounding Production Systems at the Wrong Time . . . . . . . . . . . . . . . .360 Outsourcing Testing and Not Staying Involved . . . . . . . . . . . . . . . . . . .361 APPENDIX: TOOLS AND RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . 363 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

📄 Page 15

Introduction 1 Introduction Welcome to Hacking For Dummies, 7th Edition. This book outlines — in plain English — computer hacking tricks and techniques that you can use to assess the security of your information systems, find the vulner- abilities that matter, and fix the weaknesses before criminal hackers and mali- cious insiders take advantage of them. This hacking is the professional, aboveboard, and legal type of security testing — which I refer to as vulnerability and penetration testing or ethical hacking throughout the book. Computer and network security is a complex subject and an ever-moving target. You must stay on top of it to ensure that your information is protected from the bad guys and their exploits, including the growing challenges associated with ransomware. The techniques and tools outlined in this book can help. You could implement all the security technologies and other best practices possi- ble, and your network environment might be secure  — as far as you know. But unless and until you understand how malicious attackers think, apply that knowl- edge, and use the right tools to assess your systems from their point of view, it’s practically impossible to have a true sense of how secure your systems and infor- mation really are. Ethical hacking (or, more simply, security assessments), which encompasses for- mal and methodical vulnerability and penetration testing, is necessary to find security flaws and to validate that your information systems are truly secure on an ongoing basis. Given the COVID-19 situation, ensuring security is especially critical today. With so many people working from home and outside the traditional enterprise net- work security controls, hacking and related breaches are off the charts. It’s clear that businesses are having to adapt to new ways of working. IT and security pro- fessionals are also grappling with the associated emerging technologies, and that’s only further complicating security. It’s a tricky place to be and not an envi- able position. Still, it represents an opportunity for learning and improving, so it’s not all bad.

📄 Page 16

2 Hacking For Dummies This book will help you successfully navigate the craziness of the world as it relates to IT and security. I’ll also help you implement a proper vulnerability and penetration testing program, perform the right security checks, and put the nec- essary countermeasures in place to keep external hackers and malicious users in check. About This Book Hacking For Dummies is a reference guide for hacking your systems to improve security and minimize business risks. The security testing techniques are based on written and unwritten rules of computer system vulnerability and penetration testing and information security best practices. This book covers everything from establishing your testing plan to assessing your systems to plugging the holes and managing an ongoing security testing program. Realistically, for most networks, operating systems, and applications, thousands of possible vulnerabilities exist. I don’t cover them all, but I do cover the big ones on various platforms and systems that I believe contribute to most security prob- lems in business today. I cover basic Pareto principle (80/20 rule) stuff, with the goal of helping you find the 20 percent of the issues that create 80 percent of your security risks. Whether you need to assess security vulnerabilities on a small home-office network, a medium-size corporate network, or across a large enter- prise, Hacking For Dummies provides the information you need. This book includes the following features: » Various technical and nontechnical tests and their detailed methodologies » Specific countermeasures to protect against hacking and breaches Before you start testing your systems, familiarize yourself with the information in Part 1 so that you’re prepared for the tasks at hand. The adage “If you fail to plan, you plan to fail” rings true for the security assessment process. You must have a solid game plan in place if you’re going to be successful. Foolish Assumptions Disclaimer: This book is intended solely for information technology (IT) and infor- mation security professionals to test the security of their (or their clients’) sys- tems in an authorized fashion. If you choose to use the information in this book to

📄 Page 17

Introduction 3 hack or break into computer systems maliciously and without authorization, you’re on your own. Neither I (the author) nor anyone else associated with this book shall be liable or responsible for any unethical or criminal choices that you might make and execute using the methodologies and tools that I describe. Okay, now that that’s out of the way, let’s get to the good stuff! This book is for you if you’re a network administrator, IT or information security manager, secu- rity consultant, security auditor, compliance manager, or otherwise interested in finding out more about evaluating computer systems, software, and IT operations for security flaws and, of course, making long-term improvements. I also make a few assumptions about you, the aspiring information technology (IT) or security professional: » You’re familiar with basic computer, network, and information security concepts and terms. » You have access to a computer and a network on which to use these tech- niques and tools. » You have the go-ahead from your employer or your client to perform the hacking techniques described in this book. Icons Used in This Book Throughout this book, you’ll see the following icons in the margins. This icon points out information that’s worth committing to memory. This icon points out information that could have a negative effect on your vulner- ability and penetration testing efforts — so please read it! This icon refers to advice that can highlight or clarify an important point. This icon points out technical information that’s interesting but not vital to your understanding of the topic being discussed.

📄 Page 18

4 Hacking For Dummies Beyond the Book First off, be sure to check out the Cheat Sheet associated with this book. You can access the Cheat Sheet by visiting dummies.com and searching for Hacking For Dummies. The Cheat Sheet is a great way to get you pointed in the right direction or get you back on track with your security testing program if needed. Also, be sure to check out my website www.principlelogic.com, especially the Resources page. Where to Go from Here The more you know about how external hackers and rogue insiders work and how your systems should be tested, the better you’re able to secure your computer and network systems. This book provides the foundation you need to develop and maintain a successful security assessment and vulnerability management pro- gram to minimize business risks. Depending on your computer and network configurations, you may be able to skip certain chapters. For example, if you aren’t running Linux or wireless networks, you can skip those chapters. Just be careful. You may think you’re not running certain systems, but they could very well be on your network, somewhere, waiting to be exploited. Keep in mind that the high-level concepts of security testing won’t change as often as the specific vulnerabilities you protect against. Vulnerability and pene- tration testing will always remain both an art and a science in a field that’s ever- changing. You must keep up with the latest hardware and software technologies, along with the various vulnerabilities that come about day after day and month after month. The good news is the vulnerabilities are often very predictable and, therefore, easy to discover and resolve. You won’t find a single best way to hack your systems, so tweak this information to your heart’s content. And happy hacking!

📄 Page 19

1Building the Foundation for Security Testing

📄 Page 20

IN THIS PART . . . Discover the basics of vulnerability and penetration testing. Get a look inside a hacker’s head to understand why and how they do what they do. Develop a security testing plan. Understand the methodology for finding the most (and best) vulnerabilities.