.
Чтение книги онлайн.

Читать онлайн книгу - страница 4

Название:

Автор:

Издательство:

Жанр:

Серия:

isbn:

isbn:

СКАЧАТЬ Patch Management Security Education and Learning Resources Security Frameworks Security Reports and Statistics Social Engineering and Phishing Source Code Analysis Storage User Awareness and Training Voice over Internet Protocol Vulnerability Databases Websites and Applications Windows Wireless Networks

      13  Index

      14  About the Author

      15  Advertisement Page

      16  Connect with Dummies

      17  End User License Agreement

      List of Tables

      1 Chapter 9TABLE 9-1 Commonly Hacked Ports

      2 Chapter 17TABLE 17-1 Prioritizing Vulnerabilities

      List of Illustrations

      1 Chapter 4FIGURE 4-1: Netcraft’s web server version utility.

      2 Chapter 6FIGURE 6-1: Using LUCY to start an email phishing campaign.FIGURE 6-2: Sample email phishing template options in LUCY.

      3 Chapter 8FIGURE 8-1: Brute-force password-cracking options in Proactive Password Auditor...FIGURE 8-2: Output from pwdump3.FIGURE 8-3: Cracked password file hashes with John the Ripper.FIGURE 8-4: Using Cain & Abel to capture passwords going across the network.

      4 Chapter 9FIGURE 9-1: Performing a ping sweep of an entire class C network with Nmap.FIGURE 9-2: In-depth port-scanning options in NMapWin.FIGURE 9-3: NetScanTools Pro OS Fingerprinting tool.FIGURE 9-4: General SNMP information gathered by Getif.FIGURE 9-5: Management interface user IDs gleaned via Getif’s SNMP browsing fun...FIGURE 9-6: Information gathered about an email server via Telnet.FIGURE 9-7: Connecting a network analyzer outside the firewall. FIGURE 9-8: Omnipeek can help uncover someone running an illicit system, such a...FIGURE 9-9: CommView’s interface for viewing network statisticsFIGURE 9-10: NetResident can track Internet use and ensure that security polici...FIGURE 9-11: Selecting your victim hosts for ARP poisoning in Cain & AbelFIGURE 9-12: ARP poisoning results in Cain & Abel

      5 Chapter 10FIGURE 10-1: Finding the MAC address of an AP by using arp.FIGURE 10-2: Searching for your wireless APs by using the WiGLE database.FIGURE 10-3: NetStumbler displays detailed data on APs.FIGURE 10-4: A LanGuard scan of a live AP.FIGURE 10-5: Using airodump to capture WEP initialization vectors.FIGURE 10-6: Using aircrack to crack WEP.FIGURE 10-7: Using ElcomSoft Wireless Security Auditor to crack WPA PSKs.FIGURE 10-8: Using Omnipeek to view encrypted wireless traffic.FIGURE 10-9: ElcomSoft Wireless Security Auditor’s numerous password cracking o...FIGURE 10-10: The Reaver Pro startup window.FIGURE 10-11: Using Reaver Pro to determine that Wi-Fi Protected Setup is enabl...FIGURE 10-12: NetStumbler showing potentially unauthorized APs.FIGURE 10-13: You can configure Omnipeek to detect APs that don’t broadcast the...FIGURE 10-14: CommView for WiFi showing several unauthorized ad-hoc clients.FIGURE 10-15: Finding an accessible AP via NetStumbler.FIGURE 10-16: Looking for the MAC address of a wireless client on the network b...FIGURE 10-17: SMAC showing a spoofed MAC address.

      6 Chapter 11FIGURE 11-1: ElcomSoft System Recovery is great for cracking and resetting Wind...FIGURE 11-2: Loading password hashes from a remote SAM database in ophcrack.FIGURE 11-3: Usernames and hashes extracted via ophcrack.FIGURE 11-4: Loading the required hash tables in ophcrack.FIGURE 11-5: iOS Forensic Toolkit’s main page.FIGURE 11-6: Select the appropriate iOS device from the list.FIGURE 11-7: iOS Forensic Toolkit Ramdisk loading successfully.FIGURE 11-8: Cracking a four-digit PIN on an iPhone.

      7 Chapter 12FIGURE 12-1: Port-scanning a Windows 11 system with NetScanTools Pro.FIGURE 12-2: Gathering SMB versions with NetScanTools SMB Scanner.FIGURE 12-3: Using Nmap to determine the Windows version.FIGURE 12-4: Using nbtstat to gather information on a Windows 11 system.FIGURE 12-5: Using LanGuard to scan your network for Windows shares.FIGURE 12-6: Mapping a null session to a vulnerable Windows system.FIGURE 12-7: net view displays drive shares on a remote Windows host.FIGURE 12-8: Default local security-policy settings in Windows 7 that restrict ...FIGURE 12-9: SoftPerfect Network Scanner’s Share Finder profile seeks out Windo...FIGURE 12-10: Exploitable vulnerability found by Nexpose.FIGURE 12-11: The main Metasploit console.FIGURE 12-12: Metasploit options to obtain a remote command prompt on the targe...FIGURE 12-13: Remote command prompt on target system obtained by exploiting a m...FIGURE 12-14: Metasploit Pro’s graphical interface provides broad security test...FIGURE 12-15: Starting the exploit process in Metasploit Pro is as simple as im...FIGURE 12-16: Testing login credentials before running an authenticated scan wi...

      8 Chapter 13FIGURE 13-1: Port scanning a Linux host with NetScanTools Pro.FIGURE 13-2: Using Nexpose to discover vulnerabilities in macOS.FIGURE 13-3: Using the Test Credentials feature as part of the Nexpose scan con...FIGURE 13-4: Using Nmap to determine the OS kernel version of a Linux server.FIGURE 13-5: Using NetScanTools Pro to determine that Slackware Linux is likely...FIGURE 13-6: Using Nmap to check application versions.FIGURE 13-7: Viewing the PIDs for running daemons by using ps -aux.FIGURE 13-8: The rexec file showing the disable option.FIGURE 13-9: /etc/inittab showing the line that allows a Ctrl+Alt+Delete shutdo...FIGURE 13-10: Running the Tiger security-auditing tool.FIGURE 13-11: Partial output of the Tiger tool.

      9 Chapter 14FIGURE 14-1: Limiting the number of resources that handle inbound messages.FIGURE 14-2: An SMTP banner showing server-version information.FIGURE 14-3: An SMTP banner that disguises the version information.FIGURE 14-4: smtpscan gathers version info even when the SMTP banner is disguis...FIGURE 14-5: Using VRFY to verify that an email address exists.FIGURE 14-6: Using EXPN to verify that a mailing list exists.FIGURE 14-7: Using EmailVerify to verify an email address.FIGURE 14-8: Using smtp-user-enum to glean email addresses.FIGURE 14-9: Using NetScanTools Pro SMTP Server Tests to check for an open emai...FIGURE 14-10: Critical information revealed in email headers.FIGURE 14-11: Using the EICAR test string to test antimalware software.FIGURE 14-12: A WebInspect scan of a VoIP network adapter showing several weakn...FIGURE 14-13: Using Cain & Abel to capture, record, and play back VoIP conversa...FIGURE 14-14: Connecting to a VoIP phone’s web interface using the default pass...

      10 Chapter 15FIGURE 15-1: Using HTTrack to crawl a website.FIGURE 15-2: Using Firefox Web Developer to reset form-field lengths.FIGURE 15-3: Using WebInspect to find and manipulate hidden fields.FIGURE 15-4: Netsparker discovered SQL injection vulnerabilities.FIGURE 15-5: Script code reflected to the browser.FIGURE 15-6: Using Acunetix Web Vulnerability Scanner to find СКАЧАТЬ