Breaking into computer networks from the Internet. Hacking Guide v3.1
Редакция от 20.09.2001. На английском языке.
Chapter 0: What is this document about anyway?
Chapter 1: Setting the stage
Permanent connection (leased line, cable, fiber)
Dial-up
Mobile (GSM) dial-up
How to
Using the 'net
Other techniques
Chapter 2: Mapping your target
Websites, MX records…DNS!
RIPE, ARIN, APNIC and friends
Routed or not?
Traceroute & world domination
Reverse DNS entries
Summary
Chapter 3: Alive & kicking ?
Unrouted nets, NAT
Ping - ICMP
Ping -TCP (no service, wrappers, filters)
Method1 (against stateful inspection FWs)
Method2 (against stateless Firewalls)
Summary
Before we go on
Chapter 4 : Loading the weapons
General scanners vs. custom tools
The hacker's view on it (quick kill example)
Hacker's view (no kill at all)
Chapter 5: Fire!
Telnet (23 TCP)
HTTP (80 TCP)
HTTPS (SSL2) (443 TCP)
HTTPS (SSL3) (443 TCP)
HTTP + Basic authentication
Data mining
Web based authentication
Tricks
ELZA & Brutus
IDS & webservers
Pudding
Now what?
What to execute?
SMTP (25 TCP)
FTP (21 TCP + reverse)
DNS (53 TCP,UDP)
Finger (79 TCP)
NTP (123 UDP)
RPC & portmapper (111 TCP + other UDP)
TFTP (69 UDP)
SSH (22 TCP)
POP3 (110 TCP)
SNMP (161 UDP)
Proxies (80,1080,3128,8080 TCP)
X11 (6000 TCP)
R-services (rshell, rlogin) (513,514 TCP)
NetBIOS/SMB (139 TCP)
Chapter 6 : Now what?
Windows
Only port 139 open - administrator rights
Port 21 open
Port 80 open and can execute
Port 80 and port 139 open
What to execute?
Unix
What to execute?
Things that do not fit in anywhere - misc
Network level attack - Source port 20,53
HTTP-redirects
Other Topics
Trojans (added 2001/09)