Stealing The Network: How to Own the Box
By Syngress
3.5/5
()
About this ebook
- Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
- A highly provocative expose of advanced security exploits
- Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
- Gives readers a "first ever" look inside some of the most notorious network intrusions
Read more from Syngress
IP Addressing and Subnetting INC IPV6: Including IPv6 Rating: 0 out of 5 stars0 ratingsDesigning A Wireless Network Rating: 5 out of 5 stars5/5The Best Damn Firewall Book Period Rating: 5 out of 5 stars5/5ASP.Net Web Developer's Guide Rating: 0 out of 5 stars0 ratingsRick Gallahers MPLS Training Guide: Building Multi Protocol Label Switching Networks Rating: 4 out of 5 stars4/5Building a Cisco Wireless Lan Rating: 5 out of 5 stars5/5Managing Cisco Network Security Rating: 3 out of 5 stars3/5Security + Study Guide and DVD Training System Rating: 4 out of 5 stars4/5Configuring Cisco Voice Over IP Rating: 4 out of 5 stars4/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Hack Proofing Your Identity In The Information Age Rating: 4 out of 5 stars4/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsDBAs Guide to Databases Under Linux Rating: 0 out of 5 stars0 ratingsBluetooth Application Developer's Guide Rating: 4 out of 5 stars4/5Administering Cisco QoS in IP Networks: Including CallManager 3.0, QoS, and uOne Rating: 0 out of 5 stars0 ratingsBuilding DMZs For Enterprise Networks Rating: 4 out of 5 stars4/5Cisco Security Specialists Guide to PIX Firewall Rating: 5 out of 5 stars5/5Firewall Policies and VPN Configurations Rating: 0 out of 5 stars0 ratingsSpecial Ops: Host and Network Security for Microsoft Unix and Oracle Rating: 4 out of 5 stars4/5Cisco Security Professional's Guide to Secure Intrusion Detection Systems Rating: 0 out of 5 stars0 ratingsHack Proofing XML Rating: 0 out of 5 stars0 ratingsConfiguring Symantec AntiVirus Enterprise Edition Rating: 0 out of 5 stars0 ratingsScene of the Cybercrime: Computer Forensics Handbook Rating: 4 out of 5 stars4/5Ruby Developers Guide Rating: 3 out of 5 stars3/5Security Assessment: Case Studies for Implementing the NSA IAM Rating: 3 out of 5 stars3/5The Best Damn Cisco Internetworking Book Period Rating: 0 out of 5 stars0 ratingsDesigning SQL Server 2000 Databases Rating: 0 out of 5 stars0 ratings
Related to Stealing The Network
Networking For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsA Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsHome Networking Do-It-Yourself For Dummies Rating: 4 out of 5 stars4/5Cisco Networking All-in-One For Dummies Rating: 4 out of 5 stars4/5Networking For Dummies Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsNetworking All-in-One For Dummies Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsProgramming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5SharePoint For Dummies Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Raspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5Microsoft Azure For Dummies Rating: 0 out of 5 stars0 ratingsConfiguring and Troubleshooting Windows XP Professional Rating: 0 out of 5 stars0 ratingsApplied Network Security Monitoring: Collection, Detection, and Analysis Rating: 3 out of 5 stars3/5Cisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5Emergency Preparedness and Off-Grid Communication Rating: 0 out of 5 stars0 ratingsActive Directory with PowerShell Rating: 4 out of 5 stars4/5
Reviews for Stealing The Network
19 ratings1 review
- Rating: 3 out of 5 stars3/5If you permit me to read it, I'll tell you what I think...
Book preview
Stealing The Network - Syngress
Questions
Hide and Sneak
by Ido Dubrawsky
If you want to hack into someone else’s network, the week between Christmas and New Year’s Day is the best time. I love that time of year. No one is around, and most places are running on a skeleton crew at best. If you’re good, and you do it right, you won’t be noticed even by the automated systems. And that was a perfect time of year to hit these guys with their nice e-commerce site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some computer hardware from them, and they took forever to ship it to me. On top of that, when the stuff finally arrived, it was damaged. I called their support line and asked for a return or an exchange, but they said that they wouldn’t take the card back because it was a closeout. Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen. They said, policy is policy,
and didn’t you read the fine print?
Well, if they’re going to take that position.… Look, they were okay guys on the whole. They just needed a bit of a lesson. That’s all.
So, there I was, the day after Christmas, with nothing to do. The family gathering was over. I decided to see just how good their site was. Just a little peek at what’s under the hood. There’s nothing wrong with that. I’ve hacked a few Web sites here and there—no defacements, but just looking around. Most of what I hit in the past were some universities and county government sites. I had done some more interesting sites recently, but these guys would be very interesting. In fact, they proved to be a nice challenge for a boring afternoon.
Now, one of my rules is to never storm the castle through the drawbridge. Their Web farm for their e-commerce stuff (and probably their databases) was colocated at some data center. I could tell because when I did traceroutes to their Web farm, I got a totally different route than when I did some traceroutes to other hosts I had discovered off their main Web site. So, it looked like they kept their e-commerce stuff separated from their corporate network, which sounds reasonable to me. That made it easy for me to decide how I would approach their network. I would look at the corporate network, rather than their data center, since I figured they probably had tighter security on their data center.
Tools
First off, my platform of choice should be pretty obvious. It’s Linux. Almost every tool that I have and use runs under Linux. On top of that, my collection of exploits runs really well under Linux. Now, OpenBSD is okay, and I’m something of a Solaris fan as well, but when I work, I work off a Linux platform. I don’t care whether it’s Red Hat, Mandrake, or Debian. That’s not important. What’s important is that you can tune the operating system to your needs. That’s the key. You need to be able to be sure that the underlying operating system is reliable. On a related note, my homegrown tools are a mixture of Bourne shell, Expect, and Python scripts. There’s a small amount of Perl in there as well, but most of the scripts are written in Python. Code reuse is important if you want to be successful at this