Hacking Secrets Exposed - A Beginner's Guide - January 1 2015

PDQQHU ZKHUH RQH FRQFHSW IRUPV WKH IRXQGDWLRQ IRU WKH RWKHU 7KLV PD\ QRW EH WUXH
IRU
HYHU\FKDSWHUEXWLQPDQ\FDVHVWKHFRQFHSWVGLVFXVVHGLQWKHHDUOLHUSDUWRIWKHERRNPD\
VHHP WR IRUP WKH NH\ HOHPHQWV LQ XQGHUVWDQGLQJ WKH VXEVHTXHQW FRQFHSWV 7KHUHIRUH ,
UHFRPPHQGUHDGLQJWKLVERRNLQDQRUGHUO\PDQQHUDQGQRWVNLSWKHFRQFHSWVRUFKDSWHUV
LQEHWZHHQ
7KURXJKRXW WKLV ERRN \RX ZLOO EH SUHVHQWHG ZLWK PDQ\ LOOXVWUDWLYH H[DPSOHV DQDORJLHV
DQG H\HFDWFKLQJ GLDJUDPV WKDW ZLOO QRW RQO\ PDNH WKH ZKROH XQGHUVWDQGLQJ SURFHVV
HDVLHUEXWDOVRPDNHVWKHOHDUQLQJSURFHVVDIXQ,KRSH\RXOLNHWKLVERRNDQGHQMR\WKH
FRQFHSWVSUHVHQWHGLQLW
Chapter 1 - Introduction
, EHW PRVW RI \RX DUH UHDOO\ H[FLWHG WR JHW VWDUWHG %XW EHIRUH ZH DFWXDOO\ PRYH RQ WR
OHDUQLQJKRZWRKDFNOHWXVEHJLQWRXQGHUVWDQGZKDWKDFNLQJUHDOO\PHDQV
WHAT IS HACKING?
,Q WKH ILHOG RI FRPSXWHU VHFXULW\ KDFNLQJ VLPSO\ UHIHUV WR WKH DFW RI H[SORLWLQJ WKH
ZHDNQHVVWKDWH[LVWVLQDFRPSXWHUV\VWHPRUDFRPSXWHUQHWZRUN
,QRWKHUZRUNVDKDFNHULVVRPHRQHZKRKDVGHYHORSHGDGHHSHULQWHUHVWLQXQGHUVWDQGLQJ
KRZWKHFRPSXWHUV\VWHPRUWKHVRIWZDUHSURJUDPZRUNVVRWKDWKHFDQWDNHFRQWURORIWKH
FRPSXWHUE\H[SORLWLQJDQ\RIWKHH[LVWLQJYXOQHUDELOLWLHVLQLW
HACKER CLASSIFICATION
%DVHGRQWKHDWWLWXGHDQGVNLOOOHYHOWKH\SRVVHVVKDFNHUVDUHFODVVLILHGLQWRWKHIROORZLQJ
W\SHV

White Hat Hacker$white hatKDFNHUDOVRNQRZQDVethical hackerLVVRPHRQH
ZKR XVHV KLV VNLOOV RQO\ IRU GHIHQVLYH SXUSRVHV VXFK DV SHQHWUDWLRQ WHVWLQJ 7KHVH
W\SHRIKDFNHUVDUHRIWHQKLUHGE\PDQ\RUJDQL]DWLRQVLQRUGHUWRHQVXUHWKHVHFXULW\
RIWKHLULQIRUPDWLRQV\VWHPV
Black Hat Hacker $ black hat KDFNHU DOVR NQRZQ DV cracker LV VRPHRQH ZKR
DOZD\VXVHVKLVVNLOOVIRURIIHQVLYHSXUSRVHV7KHLQWHQWLRQRIEODFNKDWKDFNHUVLVWR
JDLQPRQH\RUWDNHSHUVRQDOUHYHQJHE\FDXVLQJGDPDJHWRLQIRUPDWLRQV\VWHPV
Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

DQGblack hatFDWHJRU\7KLVW\SHRIKDFNHUPD\XVHKLVVNLOOVERWKIRUGHIHQVLYHDQG
RIIHQVLYHSXUSRVHV
Script Kiddie$script kiddieLVDZDQQDEHKDFNHU7KHVHDUHWKHRQHVZKRODFNWKH
NQRZOHGJH RI KRZ D FRPSXWHU V\VWHP UHDOO\ ZRUNV EXW XVH UHDG\PDGH SURJUDPV
WRROVDQGVFULSWVWREUHDNLQWRFRPSXWHUV

PDQQHU ZKHUH RQH FRQFHSW IRUPV WKH IRXQGDWLRQ IRU WKH RWKHU 7KLV PD\ QRW EH WUXH IRU
HYHU\FKDSWHUEXWLQPDQ\FDVHVWKHFRQFHSWVGLVFXVVHGLQWKHHDUOLHUSDUWRIWKHERRNPD\
VHHP WR IRUP WKH NH\ HOHPHQWV LQ XQGHUVWDQGLQJ WKH VXEVHTXHQW FRQFHSWV 7KHUHIRUH ,
UHFRPPHQGUHDGLQJWKLVERRNLQDQRUGHUO\PDQQHUDQGQRWVNLSWKHFRQFHSWVRUFKDSWHUV
LQEHWZHHQ
7KURXJKRXW WKLV ERRN \RX ZLOO EH SUHVHQWHG ZLWK PDQ\ LOOXVWUDWLYH H[DPSOHV DQDORJLHV
DQG H\HFDWFKLQJ GLDJUDPV WKDW ZLOO QRW RQO\ PDNH WKH ZKROH XQGHUVWDQGLQJ SURFHVV
HDVLHUEXWDOVRPDNHVWKHOHDUQLQJSURFHVVDIXQ,KRSH\RXOLNHWKLVERRNDQGHQMR\WKH
FRQFHSWVSUHVHQWHGLQLW
Chapter 1 - Introduction
, EHW PRVW RI \RX DUH UHDOO\ H[FLWHG WR JHW VWDUWHG %XW EHIRUH ZH DFWXDOO\ PRYH RQ WR
OHDUQLQJKRZWRKDFNOHWXVEHJLQWRXQGHUVWDQGZKDWKDFNLQJUHDOO\PHDQV
WHAT IS HACKING?
,Q WKH ILHOG RI FRPSXWHU VHFXULW\ KDFNLQJ VLPSO\ UHIHUV WR WKH DFW RI H[SORLWLQJ WKH
ZHDNQHVVWKDWH[LVWVLQDFRPSXWHUV\VWHPRUDFRPSXWHUQHWZRUN
,QRWKHUZRUNVDKDFNHULVVRPHRQHZKRKDVGHYHORSHGDGHHSHULQWHUHVWLQXQGHUVWDQGLQJ
KRZWKHFRPSXWHUV\VWHPRUWKHVRIWZDUHSURJUDPZRUNVVRWKDWKHFDQWDNHFRQWURORIWKH
FRPSXWHUE\H[SORLWLQJDQ\RIWKHH[LVWLQJYXOQHUDELOLWLHVLQLW
HACKER CLASSIFICATION
%DVHGRQWKHDWWLWXGHDQGVNLOOOHYHOWKH\SRVVHVVKDFNHUVDUHFODVVLILHGLQWRWKHIROORZLQJ
W\SHV

White Hat Hacker$white hatKDFNHUDOVRNQRZQDVethical hackerLVVRPHRQH
ZKR XVHV KLV VNLOOV RQO\ IRU GHIHQVLYH SXUSRVHV VXFK DV SHQHWUDWLRQ WHVWLQJ 7KHVH
W\SHRIKDFNHUVDUHRIWHQKLUHGE\PDQ\RUJDQL]DWLRQVLQRUGHUWRHQVXUHWKHVHFXULW\
RIWKHLULQIRUPDWLRQV\VWHPV
Black Hat Hacker $ black hat KDFNHU DOVR NQRZQ DV cracker LV VRPHRQH ZKR
DOZD\VXVHVKLVVNLOOVIRURIIHQVLYHSXUSRVHV7KHLQWHQWLRQRIEODFNKDWKDFNHUVLVWR
JDLQPRQH\RUWDNHSHUVRQDOUHYHQJHE\FDXVLQJGDPDJHWRLQIRUPDWLRQV\VWHPV
Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

DQGblack hatFDWHJRU\7KLVW\SHRIKDFNHUPD\XVHKLVVNLOOVERWKIRUGHIHQVLYHDQG
RIIHQVLYHSXUSRVHV
Script Kiddie$script kiddieLVDZDQQDEHKDFNHU7KHVHDUHWKHRQHVZKRODFNWKH
NQRZOHGJH RI KRZ D FRPSXWHU V\VWHP UHDOO\ ZRUNV EXW XVH UHDG\PDGH SURJUDPV
WRROVDQGVFULSWVWREUHDNLQWRFRPSXWHUV

ESSENTIAL TERMINOLOGIES
%HIRUH SURFHHGLQJ IXUWKHU WKH IROORZLQJ DUH VRPH RI WKH HVVHQWLDO WHUPLQRORJLHV LQ WKH
ILHOGRIKDFNLQJWKDWRQHVKRXOGEHDZDUHRI

Vulnerability: $vulnerabilityLVDQH[LVWLQJZHDNQHVVWKDWFDQDOORZWKHDWWDFNHUWR
FRPSURPLVHWKHVHFXULW\RIWKHV\VWHP

Exploit:$QexploitLVDGHILQHGZD\SLHFHRIVRIWZDUHVHWRIFRPPDQGVHWFWKDW

WDNHVDGYDQWDJHRIDQH[LVWLQJYXOQHUDELOLW\WREUHDFKWKHVHFXULW\RIDQ,7V\VWHP

Threat: $ threat LV D SRVVLEOH GDQJHU WKDW FDQ H[SORLW DQ H[LVWLQJ YXOQHUDELOLW\ WR
FDXVHSRVVLEOHKDUP

Attack: $Q attack LV DQ\ DFWLRQ WKDW YLRODWHV WKH VHFXULW\ RI WKH V\VWHP ,Q RWKHU
ZRUGVLWLVDQDVVDXOWRQWKHV\VWHPVHFXULW\WKDWLVGHULYHGIURPDQH[LVWLQJWKUHDW

HACKING FAQS
+HUHLVDVPDOOOLVWRIVRPHRIWKHfrequently asked questionsDERXWKDFNLQJ
How long does it take to become a hacker?

+DFNLQJLVQRWVRPHWKLQJWKDWFDQEHPDVWHUHGRYHUQLJKW,WUHDOO\WDNHVTXLWHVRPHWLPH
WRXQGHUVWDQGDQGLPSOHPHQWWKHVNLOOVWKDWDFWXDOO\SXW\RXLQWKHKDFNHUVVKRHV
6R IRU DQ\RQH ZKR LV ZDQWLQJ WR EHFRPH D KDFNHU DOO LW WDNHV LV VRPH FUHDWLYLW\
ZLOOLQJQHVVWROHDUQDQGSHUVHYHUDQFH
What skills do I need to become a hacker?

IQ RUGHU WR EHFRPH D KDFNHU LW LV HVVHQWLDO WR KDYH D EDVLF XQGHUVWDQGLQJ RI KRZ D
FRPSXWHUV\VWHPZRUNV)RUH[DPSOH\RXPD\VWDUWRIIZLWKEDVLFVRIRSHUDWLQJV\VWHP
FRPSXWHUQHWZRUNVDQGVRPHSURJUDPPLQJ
$WWKLVSRLQWLQWLPH\RXQHHGQRWZRUU\PXFKDERXWWKLVTXHVWLRQDVWKLVERRNZLOOWDNH
\RXWKURXJKDOOWKRVHQHFHVVDU\FRQFHSWVWRHVWDEOLVKWKHVNLOOVWKDW\RXQHHGWRSRVVHVVDV
DKDFNHU
What is the best way to learn hacking?

$VVDLGHDUOLHUWKHEHVWZD\WROHDUQKDFNLQJLVWRVWDUWRIIZLWKWKHEDVLFV2QFH\RXKDYH
HVWDEOLVKHGWKHEDVLFVNLOOV\RXFDQWDNHLWHYHQIXUWKHUE\JRLQJWKURXJKWKHERRNVWKDW
GLVFXVVLQGLYLGXDOWRSLFVLQDPXFKGHWDLOHGIDVKLRQ'RQRWIRUJHWWKHSRZHURI,QWHUQHW
ZKHQLWFRPHVWRDFTXLULQJDQGH[SDQGLQJ\RXUNQRZOHGJH
Chapter 2 - Essential Concepts

1RZOHWXVEHJLQWRXQGHUVWDQGVRPHRIWKHEDVLFFRQFHSWVWKDWDUHHVVHQWLDOLQOD\LQJWKH
JURXQGZRUN IRU RXU MRXUQH\ RI OHDUQLQJ KRZ WR KDFN %HIRUH DFWXDOO\ MXPSLQJ LQWR WKH
KDQGVRQDSSURDFKLWLVKLJKO\QHFHVVDU\IRURQHWRKDYHDWKRURXJKXQGHUVWDQGLQJRIWKH
EDVLFVRIFRPSXWHUQHWZRUNDQGWKHLUZRUNLQJPRGHO,QWKLVFKDSWHU\RXZLOOILQGDEULHI
GHVFULSWLRQ RI YDULRXV FRQFHSWV DQG WHUPLQRORJLHV UHODWHG WR FRPSXWHU QHWZRUNV
HQFU\SWLRQDQGVHFXULW\
COMPUTER NETWORK
$ computer network LV D JURXS RI WZR RU PRUH FRPSXWHUV OLQNHG WRJHWKHU VR WKDW
FRPPXQLFDWLRQ EHWZHHQ LQGLYLGXDO FRPSXWHUV LV PDGH SRVVLEOH 6RPH RI WKH FRPPRQ
W\SHVRIFRPSXWHUQHWZRUNLQFOXGH
Local Area Network (LAN)

7KLV LV D W\SH RI FRPSXWHU QHWZRUN ZKHUH LQWHUFRQQHFWHG FRPSXWHUV DUH VLWXDWHG YHU\
FORVHWRHDFKRWKHUVD\IRUH[DPSOHLQVLGHWKHVDPHEXLOGLQJ
Wide Area Network (WAN)

7KLV LV D W\SH RI FRPSXWHU QHWZRUN ZKHUH LQWHUFRQQHFWHG FRPSXWHUV DUH VHSDUDWHG E\ D
ODUJHGLVWDQFHDIHZNPWRIHZKXQGUHGVRINPDQGDUHFRQQHFWHGXVLQJWHOHSKRQHOLQHV
RUUDGLRZDYHV
Internet
7KHInternetLVWKHODUJHVWQHWZRUNZKLFKLQWHUFRQQHFWVYDULRXV/$1VDQG:$1V,WLVD
JOREDO V\VWHP RI YDULRXV LQWHUFRQQHFWHG FRPSXWHU QHWZRUNV EHORQJLQJ WR JRYHUQPHQW RU
SULYDWHRUJDQL]DWLRQV
NETWORK HOST
$network host RUVLPSO\UHIHUUHGWRDVDKRVWFDQEHDQ\FRPSXWHURUQHWZRUNGHYLFH
FRQQHFWHG WR WKH FRPSXWHU QHWZRUN 7KLV FRPSXWHU FDQ EH D WHUPLQDO RU D ZHE VHUYHU
RIIHULQJVHUYLFHVWRLWVFOLHQWV
NETWORK PROTOCOL
$network protocolRUMXVWUHIHUUHGWRDVSURWRFROLVDVHWRIUXOHVDQGFRQYHQWLRQVWKDW
DUH QHFHVVDU\ IRU WKH FRPPXQLFDWLRQ EHWZHHQ WZR QHWZRUN GHYLFHV )RU H[DPSOH WZR
FRPSXWHUVRQDQHWZRUNFDQFRPPXQLFDWHRQO\LIWKH\DJUHHWRIROORZWKHSURWRFROV
7KHIROORZLQJDUHVRPHRIWKHPRVWZLGHO\UHIHUUHGQHWZRUNSURWRFROV
Internet Protocol (IP Address)

$QInternet ProtocolDGGUHVVIPDGGUHVVLVDXQLTXHQXPEHUDVVLJQHGWRHDFKFRPSXWHU
RUGHYLFHVXFKDVSULQWHUVRWKDWHDFKRIWKHPFDQEHXQLTXHO\LGHQWLILHGRQWKHQHWZRUN
Types of IP Address:

Private IP Address:$private IP addressLVWKHRQHWKDWLVDVVLJQHGWRDFRPSXWHURQWKH

/RFDO$UHD1HWZRUN/$1$W\SLFDOH[DPSOHRISULYDWH,3DGGUHVVZRXOGEHVRPHWKLQJ
OLNH
192.168.0.2

Public IP Address: $ public IP address LV WKH RQH WKDW LV DVVLJQHG WR D FRPSXWHU
FRQQHFWHGWRWKH,QWHUQHW$QH[DPSOHSXEOLF,3DGGUHVVZRXOGEHVRPHWKLQJOLNH
59.93.115.125
,Q PRVW FDVHV D FRPSXWHU JHWV FRQQHFWHG WR WKH ,63 QHWZRUN XVLQJ D SULYDWH ,3 2QFH D
FRPSXWHU LV RQ WKH ,63 QHWZRUN LW ZLOO EH DVVLJQHG D SXEOLF ,3 DGGUHVV XVLQJ ZKLFK WKH
FRPPXQLFDWLRQZLWKWKH,QWHUQHWLVPDGHSRVVLEOH

How to Find the IP Address of a Computer?

)LQGLQJ\RXUSXEOLF,3LVH[WUHPHO\VLPSOH-XVWW\SHZKDWLVP\,3RQ*RRJOHWRVHH
\RXUSXEOLF,3DGGUHVVGLVSOD\HGLQVHDUFKUHVXOWV
Figure 2. 1
,QRUGHUWRILQG\RXUSULYDWH,3MXVWRSHQWKHFRPPDQGSURPSWZLQGRZW\SHcmdLQWKH
5XQER[DQGHQWHUWKHIROORZLQJFRPPDQG
ipconfig/all

Figure 2. 2
7KLV ZLOO GLVSOD\ D ORQJ OLVW RI GHWDLOV DERXW \RXU FRPSXWHUV QHWZRUN GHYLFHV DQG WKHLU
FRQILJXUDWLRQ7RVHH\RXUSULYDWH,3DGGUHVVMXVWVFUROOGRZQWRILQGVRPHWKLQJDV,3Y
$GGUHVVZKLFKLVQRWKLQJEXW\RXUSULYDWH,3
Figure 2. 3
Hyper Text Transfer Protocol (HTTP)

7KH Hyper Text Transfer Protocol SURYLGHV D VWDQGDUG IRU FRPPXQLFDWLRQ EHWZHHQ ZHE
EURZVHUV DQG WKH VHUYHU ,W LV RQH RI WKH PRVW ZLGHO\ XVHG SURWRFRO RQ WKH ,QWHUQHW IRU
UHTXHVWLQJGRFXPHQWVVXFKDVZHESDJHVDQGLPDJHV
Example:http://www.example.com

File Transfer Protocol (FTP)

7KH File Transfer Protocol SURYLGHV D VWDQGDUG IRU WUDQVIHUULQJ ILOHV EHWZHHQ WZR
FRPSXWHUV RQ WKH QHWZRUN )73 LV PRVW ZLGHO\ XVHG LQ FDUU\LQJ RXW XSORDGGRZQORDG
RSHUDWLRQVEHWZHHQDVHUYHUDQGDZRUNVWDWLRQ
Example:ftp://www.example.com
Simple Main Transfer Protocol (SMTP)

7KH Simple Mail Transfer Protocol SURYLGHV D VWDQGDUG IRU VHQGLQJ HPDLOV IURP RQH
VHUYHU WR DQRWKHU 0RVW HPDLO V\VWHPV WKDW VHQG PDLO RYHU WKH ,QWHUQHW XVH 6073 WR
H[FKDQJHPHVVDJHVEHWZHHQWKHVHUYHU
Telnet
TelnetLVDQHWZRUNSURWRFROWKDWDOORZV\RXWRFRQQHFWWRUHPRWHKRVWVRQWKH,QWHUQHWRU
RQ D ORFDO QHWZRUN ,W UHTXLUHV D WHOQHW FOLHQW VRIWZDUH WR LPSOHPHQW WKH SURWRFRO XVLQJ
ZKLFKWKHFRQQHFWLRQLVHVWDEOLVKHGZLWKWKHUHPRWHFRPSXWHU
,Q PRVW FDVHV WHOQHW UHTXLUHV \RX WR KDYH D username DQG D password WR HVWDEOLVK
FRQQHFWLRQ ZLWK WKH UHPRWH KRVW 2FFDVLRQDOO\ VRPH KRVWV DOVR DOORZ XVHUV WR PDNH
FRQQHFWLRQDVDguestRUpublic
$IWHUWKHFRQQHFWLRQLVPDGHRQHFDQXVHWH[WEDVHGFRPPDQGVWRFRPPXQLFDWHZLWKWKH
UHPRWHKRVW7KHV\QWD[IRUXVLQJWKHWHOQHWFRPPDQGLVDVIROORZV
telnet <hostname or IP> port
Example:telnet 127.0.0.1 25
SSH (Secure Shell)

SSH LV D SURWRFRO VLPLODU WR WHOQHW ZKLFK DOVR IDFLOLWDWHV FRQQHFWLRQ WR UHPRWH KRVWV IRU
FRPPXQLFDWLRQ+RZHYHU66+KDVDQXSSHUKDQGRYHUWHOQHWLQWHUPVRIVHFXULW\7HOQHW
ZDVSULPDULO\GHVLJQHGWRRSHUDWHZLWKLQWKHORFDOQHWZRUNDQGKHQFHGRHVQRWWDNHFDUHRI
VHFXULW\ 2Q WKH RWKHU KDQG 66+ PDQDJHV WR RIIHU WRWDO VHFXULW\ ZKLOH FRQQHFWLQJ WR
UHPRWHKRVWVRQDUHPRWHQHWZRUNRU,QWHUQHW
$NLQWRWHOQHW66+DOVRXVHVDFOLHQWVRIWZDUHDQGUHTXLUHVDusernameDQGpasswordWR
HVWDEOLVKFRQQHFWLRQZLWKWKHUHPRWHKRVW
NETWORK PORT
$ FRPSXWHU PD\ EH UXQQLQJ VHYHUDO VHUYLFHV RQ LW OLNH +773 ZHE VHUYHU 6073 )73
DQGVRRQ(DFKRIWKHVHVHUYLFHVDUHXQLTXHO\LGHQWLILHGE\DQXPEHUFDOOHGnetwork port
RUVLPSO\UHIHUUHGWRDVport,IDFRPSXWHUZDQWVWRDYDLODVSHFLILFVHUYLFHIURPDQRWKHU
FRPSXWHU LW KDV WR HVWDEOLVK D FRQQHFWLRQ WR LW RQ WKH H[DFW SRUW QXPEHU ZKHUH WKH
LQWHQGHGVHUYLFHLVUXQQLQJ
)RUH[DPSOHLIDWHUPLQDOLVWRUHTXHVWDZHEGRFXPHQWIURPDUHPRWHVHUYHUXVLQJ+773
LWKDVWRILUVWHVWDEOLVKDFRQQHFWLRQZLWKWKHUHPRWHVHUYHURQSRUW+773VHUYLFHUXQV
RQSRUWEHIRUHSODFLQJWKHUHTXHVW
,QVLPSOHZRUGVSRUWQXPEHUVFDQEHFRPSDUHGWRGRRUQXPEHUVZKHUHHDFKGRRUJUDQWV
DFFHVV WR D VSHFLILF VHUYLFH RQ D FRPSXWHU 7KH IROORZLQJ WDEOH VKRZV D OLVW RI SRSXODU
VHUYLFHVDQGWKHLUGHIDXOWSRUWQXPEHUV
Name of Service/Protocol Port Number

HTTP
80
FTP
21
SMTP
25
TELNET
23
SSH
22
Table 2. 1
NETWORK PACKET
$network packetGDWDSDFNHWGDWDJUDPRUVLPSO\FDOOHGDVSDFNHWLVDEDVLFXQLWRIGDWD
VHQWIURPRQHKRVWWRDQRWKHURYHUDQHWZRUN:KHQGDWDVXFKDVDPDLOPHVVDJHRUD
ILOHKDVWREHWUDQVPLWWHGEHWZHHQWZRKRVWVLWLVIUDJPHQWHGLQWRVPDOOVWUXFWXUHVFDOOHG
SDFNHWVDQGDUHUHDVVHPEOHGDWWKHGHVWLQDWLRQWRPDNHWKHRULJLQDOGDWDFKXQN
(DFKSDFNHWFRQVLVWVRIWKHIUDJPHQWHGGDWDDORQJZLWKWKHQHFHVVDU\LQIRUPDWLRQWKDWZLOO
KHOSLWJHWWRLWVGHVWLQDWLRQVXFKDVWKHsenders IPDGGUHVVLQWHQGHGreceivers IPDGGUHVV
target portQXPEHUWKHtotal number of packetsWKHRULJLQDOGDWDFKXQNKDVEHHQEURNHQ
LQWRDQGWKHsequence numberRIWKHSDUWLFXODUSDFNHW
DOMAIN NAME SYSTEM (DNS)

$Domain Name SystemRUDomain Name Service'16LVDQHWZRUNSURWRFROZKRVHMRE
LV WR PDS GRPDLQ QDPHV VXFK DV JRKDFNLQJFRP WR LWV FRUUHVSRQGLQJ ,3 DGGUHVV OLNH

6LQFH,QWHUQHWLVWKHPRWKHURIPLOOLRQVRIFRPSXWHUVHDFKKDYLQJDXQLTXH,3DGGUHVVLW
EHFRPHV LPSRVVLEOH IRU SHRSOH WR UHPHPEHU WKH ,3 DGGUHVV RI HDFK DQG HYHU\ FRPSXWHU
WKH\ ZDQW WR DFFHVV 6R LQ RUGHU WR PDNH WKLV SURFHVV VLPSOHU WKH FRQFHSW RI GRPDLQ
QDPHVZDVLQWURGXFHG$VDUHVXOWXVHUVFDQHDVLO\DFFHVVDQ\ZHEVLWHMXVWE\W\SLQJWKHLU
GRPDLQQDPHVLQWKHEURZVHUVDGGUHVVEDVVXFKDVJRRJOHFRPRU\DKRRFRPZLWKRXW
KDYLQJWRUHPHPEHUWKHLUDFWXDO,3DGGUHVVHV
+RZHYHUVLQFHWKHQHWZRUNSURWRFROXQGHUVWDQGVRQO\WKH,3DGGUHVVDQGQRWWKHGRPDLQ
QDPHVLWLVQHFHVVDU\WRWUDQVODWHWKHGRPDLQQDPHEDFNWRLWVFRUUHVSRQGLQJ,3DGGUHVV
EHIRUH HVWDEOLVKLQJ D FRQQHFWLRQ ZLWK WKH WDUJHW VHUYHU 7KLV LV ZKHUH '16 FRPHV LQ
KDQG\
<RXU ,QWHUQHW 6HUYLFH 3URYLGHU KDV D '16 VHUYHU ZKLFK PDLQWDLQV D KXJH UHFRUG RI
H[LVWLQJGRPDLQQDPHVDQGWKHLUFRUUHVSRQGLQJ,3DGGUHVVHV(DFKWLPH\RXW\SHWKH85/
VXFKDVKWWSZZZJRRJOHFRPRQ\RXUEURZVHUVDGGUHVVEDU\RXUFRPSXWHUZLOOXVH
WKH '16 VHUYHU IURP WKH ,63 DQG WUDQVODWHV WKH GRPDLQ QDPH JRRJOHFRP WR LWV
FRUUHVSRQGLQJ,3DGGUHVVWRPDNHDFRQQHFWLRQZLWKWKH*RRJOHVVHUYHU$OOWKLVSURFHVV
ZLOOKDSSHQLQDVSOLWVHFRQGEHKLQGWKHVFHQHVDQGKHQFHJRHVXQQRWLFHG
How DNS Works?

/HWXVXQGHUVWDQGWKHZRUNLQJRIDomain Name SystemXVLQJWKHIROORZLQJH[DPSOH
:KHQHYHU \RX W\SH D 85/ VXFK DV KWWSZZZJRKDFNLQJFRP RQ \RXU EURZVHUV
DGGUHVV EDU \RXU FRPSXWHU ZLOO VHQG D UHTXHVW WR WKH local name server WKH ,63 '16
VHUYHUWRUHVROYHWKHGRPDLQQDPHWRLWVFRUUHVSRQGLQJ,3DGGUHVV7KLVUHTXHVWLVRIWHQ
UHIHUUHGWRDVDDNS query
7KHORFDOQDPHVHUYHUZLOOUHFHLYHWKHTXHU\WRILQGRXWZKHWKHULWFRQWDLQVWKHPDWFKLQJ
QDPHDQG,3DGGUHVVLQLWVGDWDEDVH,IIRXQGWKHFRUUHVSRQGLQJ,3DGGUHVVUHVSRQVHLV
UHWXUQHG,IQRWWKHTXHU\LVDXWRPDWLFDOO\SDVVHGRQWRDQRWKHU'16VHUYHUWKDWLVLQWKH
QH[W KLJKHU OHYHO RI '16 KLHUDUFK\ 7KLV SURFHVV FRQWLQXHV XQWLO WKH TXHU\ UHDFKHV WKH
'16 VHUYHU WKDW FRQWDLQV WKH PDWFKLQJ QDPH DQG ,3 DGGUHVV 7KH ,3 DGGUHVV UHVSRQVH
WKHQIORZVEDFNWKHFKDLQLQWKHUHYHUVHRUGHUWR\RXUFRPSXWHU7KHIROORZLQJILJXUH
LOOXVWUDWHVWKHDERYHSURFHVV
Figure 2. 4
FIREWALL
)LUHZDOOV DUH EDVLFDOO\ D EDUULHU EHWZHHQ \RXU FRPSXWHU RU D QHWZRUN DQG WKH ,QWHUQHW
RXWVLGHZRUOG$ILUHZDOOFDQEHVLPSO\FRPSDUHGWRDVHFXULW\JXDUGZKRVWDQGVDWWKH
HQWUDQFHRI\RXUKRXVHDQGILOWHUVWKHYLVLWRUVFRPLQJWR\RXUSODFH+HPD\DOORZVRPH
YLVLWRUV WR HQWHU ZKLOH GHQ\ RWKHUV ZKRP KH VXVSHFWV RI EHLQJ LQWUXGHUV 6LPLODUO\ D
ILUHZDOO LV D VRIWZDUH SURJUDP RU D KDUGZDUH GHYLFH WKDW ILOWHUV WKH LQIRUPDWLRQ
SDFNHWVFRPLQJWKURXJKWKH,QWHUQHWWR\RXUSHUVRQDOFRPSXWHURUDFRPSXWHUQHWZRUN
How Firewall Works?

)LUHZDOOVPD\GHFLGHWRDOORZRUEORFNQHWZRUNWUDIILFEHWZHHQGHYLFHVEDVHGRQWKHUXOHV
WKDWDUHSUHFRQILJXUHGRUVHWE\WKHILUHZDOODGPLQLVWUDWRU0RVWSHUVRQDOILUHZDOOVVXFKDV
:LQGRZVILUHZDOORSHUDWHRQDVHWRISUHFRQILJXUHGUXOHVZKLFKDUHPRVWVXLWDEOHXQGHU
QRUPDO FLUFXPVWDQFHV VR WKDW WKH XVHU QHHG QRW ZRUU\ PXFK DERXW FRQILJXULQJ WKH
ILUHZDOO7KHRSHUDWLRQRIILUHZDOOLVLOOXVWUDWHGLQWKHEHORZILJXUH
Figure 2. 5
3HUVRQDOILUHZDOOVDUHHDV\WRLQVWDOODQGXVHDQGKHQFHSUHIHUUHGE\HQGXVHUVWRVHFXUH
WKHLUSHUVRQDOFRPSXWHUV+RZHYHULQRUGHUWRPHHWFXVWRPL]HGQHHGVODUJHQHWZRUNVDQG
FRPSDQLHVSUHIHUWKRVHILUHZDOOVWKDWKDYHSOHQW\RIRSWLRQVWRFRQILJXUH
)RU H[DPSOH D FRPSDQ\ PD\ VHW XS GLIIHUHQW ILUHZDOO UXOHV IRU )73 VHUYHUV WHOQHW
VHUYHUV DQG ZHE VHUYHUV ,Q DGGLWLRQ WKH FRPSDQ\ FDQ HYHQ FRQWURO KRZ WKH HPSOR\HHV
FRQQHFWWRWKH,QWHUQHWE\EORFNLQJDFFHVVWRFHUWDLQZHEVLWHVDQGUHVWULFWLQJWKHWUDQVIHURI
ILOHV WR RWKHU QHWZRUNV 7KXV LQ DGGLWLRQ WR VHFXULW\ D ILUHZDOO FDQ JLYH WKH FRPSDQ\ D
WUHPHQGRXVFRQWURORYHUKRZSHRSOHXVHWKHLUQHWZRUN
)LUHZDOOVXVHRQHRUPRUHRIWKHIROORZLQJPHWKRGVWRFRQWUROWKHLQFRPLQJDQGRXWJRLQJ
WUDIILFLQDQHWZRUN

Packet Filtering:,QWKLVPHWKRGSDFNHWVVPDOOFKXQNVRIGDWDDUHDQDO\]HGDJDLQVW
DVHWRIfilters3DFNHWILOWHUVKDVDVHWRIUXOHVWKDWFRPHZLWKDFFHSWDQGGHQ\DFWLRQV
ZKLFK DUH SUHFRQILJXUHG RU FDQ EH FRQILJXUHG PDQXDOO\ E\ WKH ILUHZDOO
DGPLQLVWUDWRU,IWKHSDFNHWPDQDJHVWRPDNHLWWKURXJKWKHVHILOWHUVWKHQLWLVDOORZHG
WRUHDFKWKHGHVWLQDWLRQRWKHUZLVHLWLVGLVFDUGHG
Stateful Inspection:7KLVLVDQHZHUPHWKRGWKDWGRHVQWDQDO\]HWKHFRQWHQWVRIWKH
SDFNHWV ,QVWHDG LW FRPSDUHV FHUWDLQ NH\ DVSHFWV RI HDFK SDFNHW WR D GDWDEDVH RI
WUXVWHG VRXUFH %RWK LQFRPLQJ DQG RXWJRLQJ SDFNHWV DUH FRPSDUHG DJDLQVW WKLV
GDWDEDVH DQG LI WKH FRPSDULVRQ \LHOGV D UHDVRQDEOH PDWFK WKHQ WKH SDFNHWV DUH
DOORZHGWRWUDYHOIXUWKHU2WKHUZLVHWKH\DUHGLVFDUGHG

Firewall Configuration:
)LUHZDOOVFDQEHFRQILJXUHGE\DGGLQJRQHRUPRUHILOWHUVEDVHGRQVHYHUDOFRQGLWLRQVDV
PHQWLRQHGEHORZ

IP addresses:,QDQ\FDVHLIDQ,3DGGUHVVRXWVLGHWKHQHWZRUNLVVDLGWREH
XQIDYRXUDEOHWKHQLWLVSRVVLEOHWRVHWILOWHUWREORFNDOOWKHWUDIILFWRDQGIURP
WKDW,3DGGUHVV)RUH[DPSOHLIDFHUWDLQ,3DGGUHVVLVIRXQGWREHPDNLQJWRR
PDQ\ FRQQHFWLRQV WR D VHUYHU WKH DGPLQLVWUDWRU PD\ GHFLGH WR EORFN
WUDIILFIURPWKLV,3XVLQJWKHILUHZDOO

Domain names:6LQFHLWLVGLIILFXOWWRUHPHPEHUWKH,3DGGUHVVHVLWLVDQ
HDVLHU DQG VPDUWHU ZD\ WR FRQILJXUH WKH ILUHZDOOV E\ DGGLQJ ILOWHUV EDVHG RQ
GRPDLQQDPHV%\VHWWLQJXSDGRPDLQILOWHUDFRPSDQ\PD\GHFLGHWREORFNDOO
DFFHVV WR FHUWDLQ GRPDLQ QDPHV RU PD\ SURYLGH DFFHVV RQO\ WR D OLVW RI
VHOHFWHGGRPDLQQDPHV

Ports/Protocols: ,IWKHVHUYLFHVUXQQLQJRQDJLYHQSRUWLVLQWHQGHGIRUWKH
SXEOLFRUQHWZRUNXVHUVWKH\DUHXVXDOO\NHSWRSHQ2WKHUZLVHWKH\DUHEORFNHG
XVLQJ WKH ILUHZDOO VR DV WR SUHYHQW LQWUXGHUV IURP XVLQJ WKH RSHQ SRUWV IRU
PDNLQJXQDXWKRUL]HGFRQQHFWLRQV
Specific words or phrases:$ILUHZDOOFDQEHFRQILJXUHGWRILOWHURQHRUPRUH
VSHFLILF ZRUGV RU SKUDVHV VR WKDW ERWK WKH LQFRPLQJ DQG RXWJRLQJ SDFNHWV DUH
VFDQQHGIRUWKHZRUGVLQWKHILOWHU
)RU H[DPSOH \RX PD\ VHW XS D ILUHZDOO UXOH WR ILOWHU DQ\ SDFNHW WKDW
FRQWDLQVDQRIIHQVLYHWHUPRUDSKUDVHWKDW\RXPD\GHFLGHWREORFNIURP
HQWHULQJRUOHDYLQJ\RXUQHWZRUN
Hardware vs. Software Firewall:

+DUGZDUHILUHZDOOVSURYLGHKLJKHUOHYHORIVHFXULW\DQGKHQFHSUHIHUUHGIRUVHUYHUVZKHUH
VHFXULW\ KDV WKH WRS PRVW SULRULW\ 7KH VRIWZDUH ILUHZDOOV RQ WKH RWKHU KDQG DUH OHVV
H[SHQVLYHDQGKHQFHSUHIHUUHGLQKRPHFRPSXWHUVDQGODSWRSV
+DUGZDUH ILUHZDOOV XVXDOO\ FRPH DV DQ LQEXLOW XQLW RI D URXWHU DQG SURYLGH PD[LPXP
VHFXULW\DVLWILOWHUVHDFKSDFNHWDWWKHKDUGZDUHOHYHOLWVHOIHYHQEHIRUHLWPDQDJHVWRHQWHU
\RXUFRPSXWHU$JRRGH[DPSOHLVWKH/LQNV\V&DEOH'6/URXWHU
PROXY SERVER
,QDFRPSXWHUQHWZRUNDproxy serverLVDQ\FRPSXWHUV\VWHPRIIHULQJDVHUYLFHWKDWDFWV
DVDQLQWHUPHGLDU\EHWZHHQWKHWZRFRPPXQLFDWLQJSDUWLHVWKHFOLHQWDQGWKHVHUYHU
,QWKHSUHVHQFHRIDSUR[\VHUYHUWKHUHLVQRGLUHFWFRPPXQLFDWLRQEHWZHHQWKHFOLHQWDQG
WKHVHUYHU,QVWHDGWKHFOLHQWFRQQHFWVWRWKHSUR[\VHUYHUDQGVHQGVUHTXHVWVIRUUHVRXUFHV
VXFKDVDGRFXPHQWZHESDJHRUDILOHWKDWUHVLGHVRQDUHPRWHVHUYHU7KHSUR[\VHUYHU
KDQGOHV WKLV UHTXHVW E\ IHWFKLQJ WKH UHTXLUHG UHVRXUFHV IURP WKH UHPRWH VHUYHU DQG
IRUZDUGLQJWKHVDPHWRWKHFOLHQW
How Proxy Server Works?

$QLOOXVWUDWLRQRIKRZDSUR[\VHUYHUZRUNVLVVKRZQLQWKH)LJXUH
$VVKRZQLQWKHEHORZH[DPSOHZKHQHYHUWKHFOLHQWFRQQHFWVWRDZHESUR[\VHUYHUDQG
PDNHV D UHTXHVW IRU WKH UHVRXUFHV LQ WKLV FDVH 6DPSOHKWPO WKDW UHVLGH RQ D UHPRWH
VHUYHULQWKLVFDVH[\]FRPWKHSUR[\VHUYHUIRUZDUGVWKLVUHTXHVWWRWKHWDUJHWVHUYHURQ
EHKDOIRIWKHFOLHQWVRDVWRIHWFKWKHUHTXHVWHGUHVRXUFHDQGGHOLYHULWEDFNWRWKHFOLHQW
$QH[DPSOHRIFOLHQWFDQEHDXVHURSHUDWHGFRPSXWHUWKDWLVFRQQHFWHGWRWKH,QWHUQHW
Figure 2. 6
$SUR[\VHUYHULVPRVWZLGHO\XVHGWRFRQFHDOWKH,3DGGUHVVRUWKHRULJLQRIWKH,QWHUQHW
XVHUVGXULQJWKHLUDFWLYLW\6LQFHLWWKHSUR[\VHUYHUZKLFKKDQGOHVWKHUHTXHVWVEHWZHHQ
WKHFOLHQWDQGWKHWDUJHWRQO\WKH,3DGGUHVVRIWKHSUR[\VHUYHULVH[SRVHGWRWKHRXWVLGH
ZRUOG DQG QRW WKH DFWXDO RQH 7KHUHIRUH PRVW KDFNHUV XVH D SUR[\ VHUYHU GXULQJ WKH
DWWDFNVRQWKHLUWDUJHWVRWKDWLWZRXOGEHKDUGWRWUDFHEDFNWRWKHP
Chapter 3 - Introduction to Linux

/LQX[ LV D 81,;OLNH RSHUDWLQJ V\VWHP ZKLFK LV RSHQVRXUFH DQG IUHHO\ DYDLODEOH IRU
GRZQORDG&RPSDUHGWR:LQGRZVRSHUDWLQJV\VWHP/LQX[LVPRUHVHFXUHVWDEOHUHOLDEOH
PXOWLXVHUFDSDEOHDQGFRPSDWLEOHZLWKERWKVHUYHUDQGGHVNWRSXVDJH7KLVPDNHVLWRQH
RIWKHPRVWSRSXODURSHUDWLQJV\VWHPQH[WWR:LQGRZV
WHY LINUX?
$V DQ HWKLFDO KDFNHU LW LV PRVW HVVHQWLDO WR KDYH D VRXQG XQGHUVWDQGLQJ RI WKH /LQX[
SODWIRUPLWVXVDJHDQGFRPPDQGV/LQX[LVZLGHO\UHFRJQL]HGDVWKHKDFNHUVRSHUDWLQJ
V\VWHPDQGLI\RXDUHZRQGHULQJZK\WKHUHDVRQVDUHEHORZ

6LQFHLWLVDIUHHZDUHKLJKO\VHFXUHDQGVWDEOHRSHUDWLQJV\VWHPPLOOLRQVRIVHUYHUV
RQWKH,QWHUQHWUXQVRQ/LQX[
8QOLNH:LQGRZV26ZKLFKLVEXLOWRQJUDSKLFDOXVHULQWHUIDFH*8,/LQX[LVEXLOW

RQFRPPDQGXVHULQWHUIDFH&8,DQGWKXVRIIHUVJUHDWHUFRQWURODQGFXVWRPL]DWLRQ
RSWLRQVIRUKDFNHUV
6RPHRIWKHEHVWKDFNLQJVFULSWVDQGSURJUDPVDUHGHVLJQHGRQO\IRU/LQX[
WINDOWS VS. LINUX

,WLVQRGRXEWWKDW:LQGRZVLVWKHPRVWSRSXODUGHVNWRSRSHUDWLQJV\VWHPNQRZQIRULWV
XVHUIUP
XVHUIULHQGOLQHVVDQGJUDS@IRULWV
VHUIUP
DQGqVWDQGVIRUquit7KLVVKRXOGVDYHFKDQJHVWR\RXUILOHFORVHWKHYLHGLWRUDQGWDNH
\RXEDFNWRWKH#SURPSW,I\RXDUHWRTXLWZLWKRXWVDYLQJFKDQJHVMXVWW\SH:q!LQVWHDGRI
ZTDQGKLWEnter
Figure 3. 7
Listing Files and Directories

7R GLVSOD\ WKH OLVW RI ILOHV DQG GLUHFWRULHV WKH FRPPDQG XVHG LV ls ls LV WKH /LQX[
HTXLYDOHQW RI DIR FRPPDQG LQ :LQGRZV 7R OLVW WKH ILOHV DQG GLUHFWRULHV MXVW W\SH WKH
IROORZLQJFRPPDQGDQGKLWEnter
# ls

Deleting Files and Directories

,Q /LQX[ UP FRPPDQG LV XVHG WR GHOHWH ILOHV DQG GLUHFWRULHV 7R GHOHWH D ILOH XVH WKH
FRPPDQGDVVKRZQEHORZ
# rm VDPSOHILOH
:KHQ \RX KLW Enter \RX DUH DVNHG IRU GHOHWH FRQILUPDWLRQ -XVW W\SH y DQG KLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHILOHVDPSOHILOH
7RGHOHWHDGLUHFWRU\DQGDOOLWVFRQWHQWVXVHWKHIROORZLQJFRPPDQG
# rm -r VDPSOHGLU
:KHQ\RXKLWEnter\RXDUHDVNHGIRUDGHOHWHFRQILUPDWLRQ-XVWW\SHyDQGKLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHGLUHFWRU\VDPSOHGLUDQGDOOWKHFRQWHQWV
LQVLGHLW
Logging Out
2QFH \RX DUH GRQH ZLWK \RXU ZRUN \RX FDQ FORVH WKH WHUPLQDO ZLQGRZ XVLQJ WKH exit
FRPPDQGDVIROORZV
# exit
Connecting to a Remote Host

6R IDU ZH KDYH GLVFXVVHG ZD\V WR H[HFXWH FRPPDQGV RQ \RXU RZQ /LQX[ FRPSXWHU
+RZHYHU VLQFH /LQX[ LV D PXOWLXVHU RSHUDWLQJ V\VWHP LW LV SRVVLEOH IRU WKH XVHUV WR
FRQQHFW WR D FRPSXWHU UXQQLQJ /LQX[ HYHQ LI WKH\ DUH PLOHV DZD\ IURP LWV SK\VLFDO
ORFDWLRQ,QWKLVVHFWLRQZHZLOOGLVFXVVVRPHRIWKHZD\VWKURXJKZKLFK\RXFDQFRQQHFW
WRDUHPRWHFRPSXWHUDQGH[HFXWHFRPPDQGVRQLW
SSHSecure ShellLVWKHPRVWSRSXODUDQGWKHHDVLHVWZD\WRDFFRPSOLVKWKLVWDVN7KLV
LVDSURWRFROWKDWDOORZVDFOLHQWWRFRQQHFWWRDUHPRWHKRVWDQGFDUU\RXWRSHUDWLRQVRQLW
SSH on Linux
,I\RXDUHRQD/LQX[FRPSXWHUFRQQHFWLQJWRDQRWKHU/LQX[FRPSXWHULVYHU\HDV\-XVW
RSHQWKHTerminalZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
Command Syntax:ssh XVHUQDPH#KRVW
+HUHusernamePHDQVXVHUQDPHRI\RXUDFFRXQWRQWKHUHPRWHFRPSXWHUDQGhostFDQEH
Ddomain nameVXFKDV[\]FRPRUWKHIP addressRIWKHUHPRWHFRPSXWHU7KHIROORZLQJ
H[DPSOHVPDNHLWPRUHFOHDU
# ssh MRKQ#[\]FRP
# ssh MRKQ#
# ssh URRW#[\]FRP
# ssh URRW#
,IWKHXVHUH[LVWVRQWKHWDUJHWPDFKLQHWKHFRQQHFWLRQZLOOEHHVWDEOLVKHGDQG\RXZLOOEH
DVNHG WR HQWHU WKH password 2QFH \RX HQWHU WKH SDVVZRUG DQG KLW Enter SDVVZRUG
HQWHUHGZLOOEHLQYLVLEOHGXHWRVHFXULW\UHDVRQV\RXZLOOEHJUDQWHGDFFHVVWRWKHWDUJHW
/LQX[ PDFKLQH ZKHUH \RX DUH IUHH WR H[HFXWH DQ\ FRPPDQG RQ LW DV GLVFXVVHG LQ WKH
SUHYLRXVVHFWLRQ
SSH on Windows
<RXFDQFRQQHFWWRDUHPRWH/LQX[PDFKLQHHYHQLI\RXDUHXVLQJD:LQGRZVFRPSXWHU
7KLVFDQEHGRQHXVLQJDVPDOOIUHHZDUHSURJUDPFDOOHGPuTTYZKLFKLVDQ66+FOLHQW
DQGDWHUPLQDOHPXODWRUIRU:LQGRZV<RXFDQGRZQORDGLWIURPWKHOLQNEHORZ
Download PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
$IWHUWKHGRZQORDGGRXEOHFOLFNRQWKHDSSOLFDWLRQputty.exeHQWHUWKHhostnameRU IP
DGGUHVV RI WKH WDUJHW PDFKLQH VHOHFW WKH SSH RSWLRQ DQG FOLFN RQ WKH EXWWRQ 2SHQ DV
VKRZQLQWKHEHORZVQDSVKRW
$ directory structure LV WKH ZD\ LQ ZKLFK WKH ILOH V\VWHP DQG LWV ILOHV RI DQ RSHUDWLQJ
V\VWHPDUHGLVSOD\HGWRWKHXVHU3HRSOHZKRDUHQHZWRWKH/LQX[RSHUDWLQJV\VWHPDQG
WKHVWUXFWXUHRILWVFile SystemRIWHQILQGLWWURXEOHVRPHDQGPHVVHGXSLQGHDOLQJZLWK
WKHILOHVDQGWKHLUORFDWLRQ6ROHWXVEHJLQWRH[SORUHVRPHRIWKHEDVLFLQIRUPDWLRQDERXW
WKH/LQX[)LOH6\VWHP
$Q\VWDQGDUG/LQX[GLVWULEXWLRQKDVWKHIROORZLQJGLUHFWRU\VWUXFWXUHDVVKRZQEHORZ
Figure 3. 2
%HORZLVDEULHIGHVFULSWLRQRIWKHSXUSRVHDQGFRQWHQWVRIHDFKGLUHFWRU\
/ - ROOT Directory
(YHU\VLQJOHILOHDQGWKHGLUHFWRU\RIWKH/LQX[ILOHV\VWHPVWDUWVIURPWKHroot directory
2QO\URRWXVHUKDVWKHZULWHSULYLOHJHWRWKLVGLUHFWRU\
/bin - Binaries
&RQWDLQV H[HFXWDEOH ELQDU\ ILOHV UHTXLUHG IRU ERRWLQJ DQG UHSDLULQJ RI WKH V\VWHP $OVR
FRQWDLQVILOHDQGFRPPDQGVUHTXLUHGWRUXQLQVLQJOHXVHUPRGHVXFKDVlspinggrepHWF

/lib - System Libraries

&RQWDLQVV\VWHPOLEUDULHVDQGNHUQHOPRGXOHVUHTXLUHGIRUWKHERRWLQJRIWKHV\VWHP
/dev - Device Files

&RQWDLQVGHYLFHUHODWHGILOHVIRUDOOWKHKDUGZDUHGHYLFHVRIWKHV\VWHP
/etc - Configuration Files
&RQWDLQV FRQILJXUDWLRQ ILOHV UHTXLUHG E\ DOO SURJUDPV ,W DOVR FRQWDLQV start-up DQG
shutdownVKHOOVFULSWVXVHGWRstartRUstopLQGLYLGXDOSURJUDPV
/home - Home Directories

7KLV IRUPV WKH KRPH GLUHFWRU\ RI LQGLYLGXDO XVHUV WR VWRUH WKHLU SHUVRQDO LQIRUPDWLRQ
(YHU\WLPHDQHZXVHULVDGGHGDQHZGLUHFWRU\LVFUHDWHGLQWKHQDPHRIWKHXVHUXQGHU
KRPH
/user - User Programs

7KLV GLUHFWRU\ LV XVHG WR VWRUH H[HFXWDEOH binaries documentation source-code ILOHV
DQGlibrariesIRUVHFRQGOHYHOSURJUDPV
/tmp - Temporary Files

&RQWDLQVWHPSRUDU\ILOHVIRUV\VWHPDQGXVHUV
/var - Variable Files

&RQWDLQV ILOHV ZKRVH VL]H LV H[SHFWHG WR JURZ ([DPSOHV RI VXFK ILOHV LQFOXGH log files,
print queueslock filesDQGtemp files

Linux Commands
$OO FRPPDQGV LQ /LQX[ DUH W\SHG LQ ORZHUFDVH DQG DUH FDVH VHQVLWLYH (DFK /LQX[
FRPPDQG KDV WR EH W\SHG DQG H[HFXWHG LQ D ZLQGRZ FDOOHG terminal emulator RU
VLPSO\ UHIHUUHG WR DV D terminal ,W LV D SURJUDP VLPLODU WR WKH command prompt RI
0LFURVRIW:LQGRZVZKHUHDXVHUFDQUXQWKHFRPPDQGVDQGJHWWKHUHVXOWVGLVSOD\HG$
WHUPLQDO VLPSO\ WDNHV WKH XVHU FRPPDQGV SDVVHV LW RQ WR WKH VKHOO IRU H[HFXWLRQ DQG
GLVSOD\VWKHUHVXOWVEDFNWRWKHXVHU
7R UXQ FRPPDQGV LQ WKH WHUPLQDO \RX ZLOO KDYH WR ILUVW ORDG WKH /LQX[ IURP WKH /LYH
'9'WKDW\RXKDYHFUHDWHG7RGRWKLVMXVWLQVHUWWKH.DOL/LQX['9'LQWRWKHGULYHERRW
IURPLWDQGVHOHFWWKH/LYHRSWLRQ2QFHWKHERRWLQJLVFRPSOHWHG\RXVKRXOGVHH\RXU
GHVNWRSORDGHGRQ\RXUVFUHHQ
7RVWDUWWKHWHUPLQDOZLQGRZMXVWFOLFNright-click RQ WKH GHVNWRS DQG VHOHFW WKH RSWLRQ
Open in Terminal DVVKRZQLQWKHEHORZVQDSVKRW
Figure 3. 3
2QFHWKHterminal windowLVORDGHG\RXVKRXOGEHDEOHWRVWDUWW\SLQJWKHFRPPDQGV$
VQDSVKRWRIWKHterminal windowLVVKRZQEHORZ
Figure 3. 4

Creating Files
7KHUH DUH WZR FRPPDQGV IRU FUHDWLQJ ILOHV touch DQG cat +HUH LV KRZ WKH\ DUH WR EH
XVHG
# touch VDPSOH
7KLV FUHDWHV DQ HPSW\ ILOH FDOOHG VDPSOH ,I \RX ZDQW WR FUHDWH PXOWLSOH HPSW\ ILOHV
TXLFNO\LWFDQEHGRQHDVIROORZV
# touch VDPSOHVDPSOHVDPSOHVDPSOHVDPSOH
,QRUGHUWRVWRUHDIHZOLQHVRIGDWDRQWRWKHILOHMXVWW\SHWKHIROORZLQJFRPPDQG
#cat ! VDPSOH
:KHQ\RXSUHVVWKHEnterNH\\RXZLOOILQGWKHFXUVRUSRVLWLRQHGLQWKHQH[WOLQHZDLWLQJ
IRU \RX WR W\SH WKH FRQWHQW WKDW \RX ZDQW WR VWRUH LQ WKH ILOH VDPSOH -XVW W\SH LQ WKH
IROORZLQJOLQH
This is a sample file containing some sample text.
2QFH \RX DUH GRQH SUHVV Ctrl+D 7KLV ZLOO VDYH WKH FRQWHQWV RQWR WKH ILOH DQG
DXWRPDWLFDOO\ WDNH \RX EDFN WR WKH # SURPSW 1RZ WR GLVSOD\ WKH FRQWHQWV RI WKH ILOH
VDPSOHMXVWW\SHWKHFRPPDQGDVIROORZV
# cat VDPSOH
7KLVVKRXOGGLVSOD\WKHFRQWHQWVRIWKHILOHDVVKRZQLQWKHVQDSVKRWEHORZ
Figure 3. 5

Editing Files
7RHGLWDJLYHQILOHRQHKDVWRXVHWKHYLFRPPDQG,QRUGHUWRHGLWDJLYHQILOHVDPSOH
WKHFRPPDQGLVDVIROORZV
# vi VDPSOH
:KHQ\RXW\SHWKHDERYHFRPPDQGDQGKLWEnter\RXVKRXOGVHHWKHFRQWHQWVRIWKHILOH
VDPSOHGLVSOD\HGLQWKHYLHGLWRUZLQGRZDVVKRZQLQWKH)LJXUH
Figure 3. 6
,QRUGHUWRVWDUW\RXUHGLWSURFHVV\RXQHHGWRHQWHUWKHINSERTPRGHE\SUHVVLQJWKHNH\
i 1RZ \RXU FXUVRU VKRXOG PRYH IUHHO\ LQVLGH WKH HGLWRU ZLQGRZ DOORZLQJ \RX WR PDNH
QHFHVVDU\FKDQJHVWRWKHFRQWHQW2QFH\RXDUHGRQHZLWKWKHHGLWLQJSUHVVWKHEscNH\
1RZW\SH:wqDVVKRZQLQWKHEHORZVQDSVKRWDQGKLWEnter7KHwVWDQGVIRUwritesave
DQGqVWDQGVIRUquit7KLVVKRXOGVDYHFKDQJHVWR\RXUILOHFORVHWKHYLHGLWRUDQGWDNH
\RXEDFNWRWKH#SURPSW,I\RXDUHWRTXLWZLWKRXWVDYLQJFKDQJHVMXVWW\SH:q!LQVWHDGRI
ZTDQGKLWEnter
Figure 3. 7
Listing Files and Directories

7R GLVSOD\ WKH OLVW RI ILOHV DQG GLUHFWRULHV WKH FRPPDQG XVHG LV ls ls LV WKH /LQX[
HTXLYDOHQW RI DIR FRPPDQG LQ :LQGRZV 7R OLVW WKH ILOHV DQG GLUHFWRULHV MXVW W\SH WKH
IROORZLQJFRPPDQGDQGKLWEnter
# ls

Deleting Files and Directories

,Q /LQX[ UP FRPPDQG LV XVHG WR GHOHWH ILOHV DQG GLUHFWRULHV 7R GHOHWH D ILOH XVH WKH
FRPPDQGDVVKRZQEHORZ
# rm VDPSOHILOH
:KHQ \RX KLW Enter \RX DUH DVNHG IRU GHOHWH FRQILUPDWLRQ -XVW W\SH y DQG KLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHILOHVDPSOHILOH
7RGHOHWHDGLUHFWRU\DQGDOOLWVFRQWHQWVXVHWKHIROORZLQJFRPPDQG
# rm -r VDPSOHGLU
:KHQ\RXKLWEnter\RXDUHDVNHGIRUDGHOHWHFRQILUPDWLRQ-XVWW\SHyDQGKLW Enter
DJDLQ7KLVVKRXOGFRPSOHWHWKHGHOHWLRQRIWKHGLUHFWRU\VDPSOHGLUDQGDOOWKHFRQWHQWV
LQVLGHLW
Logging Out
2QFH \RX DUH GRQH ZLWK \RXU ZRUN \RX FDQ FORVH WKH WHUPLQDO ZLQGRZ XVLQJ WKH exit
FRPPDQGDVIROORZV
# exit
Connecting to a Remote Host

6R IDU ZH KDYH GLVFXVVHG ZD\V WR H[HFXWH FRPPDQGV RQ \RXU RZQ /LQX[ FRPSXWHU
+RZHYHU VLQFH /LQX[ LV D PXOWLXVHU RSHUDWLQJ V\VWHP LW LV SRVVLEOH IRU WKH XVHUV WR
FRQQHFW WR D FRPSXWHU UXQQLQJ /LQX[ HYHQ LI WKH\ DUH PLOHV DZD\ IURP LWV SK\VLFDO
ORFDWLRQ,QWKLVVHFWLRQZHZLOOGLVFXVVVRPHRIWKHZD\VWKURXJKZKLFK\RXFDQFRQQHFW
WRDUHPRWHFRPSXWHUDQGH[HFXWHFRPPDQGVRQLW
SSHSecure ShellLVWKHPRVWSRSXODUDQGWKHHDVLHVWZD\WRDFFRPSOLVKWKLVWDVN7KLV
LVDSURWRFROWKDWDOORZVDFOLHQWWRFRQQHFWWRDUHPRWHKRVWDQGFDUU\RXWRSHUDWLRQVRQLW
SSH on Linux
,I\RXDUHRQD/LQX[FRPSXWHUFRQQHFWLQJWRDQRWKHU/LQX[FRPSXWHULVYHU\HDV\-XVW
RSHQWKHTerminalZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
Command Syntax:ssh XVHUQDPH#KRVW
+HUHusernamePHDQVXVHUQDPHRI\RXUDFFRXQWRQWKHUHPRWHFRPSXWHUDQGhostFDQEH
Ddomain nameVXFKDV[\]FRPRUWKHIP addressRIWKHUHPRWHFRPSXWHU7KHIROORZLQJ
H[DPSOHVPDNHLWPRUHFOHDU
# ssh MRKQ#[\]FRP
# ssh MRKQ#
# ssh URRW#[\]FRP
# ssh URRW#
,IWKHXVHUH[LVWVRQWKHWDUJHWPDFKLQHWKHFRQQHFWLRQZLOOEHHVWDEOLVKHGDQG\RXZLOOEH
DVNHG WR HQWHU WKH password 2QFH \RX HQWHU WKH SDVVZRUG DQG KLW Enter SDVVZRUG
HQWHUHGZLOOEHLQYLVLEOHGXHWRVHFXULW\UHDVRQV\RXZLOOEHJUDQWHGDFFHVVWRWKHWDUJHW
/LQX[ PDFKLQH ZKHUH \RX DUH IUHH WR H[HFXWH DQ\ FRPPDQG RQ LW DV GLVFXVVHG LQ WKH
SUHYLRXVVHFWLRQ
SSH on Windows
<RXFDQFRQQHFWWRDUHPRWH/LQX[PDFKLQHHYHQLI\RXDUHXVLQJD:LQGRZVFRPSXWHU
7KLVFDQEHGRQHXVLQJDVPDOOIUHHZDUHSURJUDPFDOOHGPuTTYZKLFKLVDQ66+FOLHQW
DQGDWHUPLQDOHPXODWRUIRU:LQGRZV<RXFDQGRZQORDGLWIURPWKHOLQNEHORZ
Download PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
$IWHUWKHGRZQORDGGRXEOHFOLFNRQWKHDSSOLFDWLRQputty.exeHQWHUWKHhostnameRU IP
DGGUHVV RI WKH WDUJHW PDFKLQH VHOHFW WKH SSH RSWLRQ DQG FOLFN RQ WKH EXWWRQ 2SHQ DV
VKRZQLQWKHEHORZVQDSVKRW
WHAT IS FOOTPRINTING?
Footprinting UHIHUV WR WKH SURFHVV RI JDWKHULQJ LQIRUPDWLRQ DERXW D VSHFLILF FRPSXWHU
V\VWHPRUDQHWZRUNHQYLURQPHQWDQGWKHFRPSDQ\LWEHORQJVWR7KLVLVWKHSUHSDUDWRU\
SKDVHIRUWKHKDFNHUZKHUHKHJDWKHUVDVPXFKLQIRUPDWLRQDVKHFDQVRDVWRILQGZD\VWR
LQWUXGHLQWRWKHWDUJHW)RRWSULQWLQJFDQUHYHDOWKHYXOQHUDELOLWLHVRIWKHWDUJHWV\VWHPDQG
LPSURYHWKHZD\VLQZKLFKWKH\FDQEHH[SORLWHG
)RRWSULQWLQJKDVWREHGRQHLQDVORZDQGPHWKRGRORJLFDOPDQQHUZKHUHWKHKDFNHUVSHQGV
RI KLV WLPH LQ EOXHSULQWLQJ WKH VHFXULW\ SURILOH RI WKH WDUJHW DQG RQO\ LQ
ODXQFKLQJ WKH DWWDFN )RRWSULQWLQJ FDQ DFWXDOO\ KHOS KDFNHU GHFLGH RQ WKH W\SH RI DWWDFN
WKDWLVPRVWVXLWDEOHIRUWKHWDUJHW
FURTHER REFERENCES
7KLVFKDSWHUKDVGHDOWZLWKVRPHRIWKHEDVLFFRQFHSWVDQGFRPPDQGH[DPSOHVRI/LQX[
RSHUDWLQJV\VWHPVRDVWROD\WKHJURXQGZRUNIRU\RXUIXUWKHUOHDUQLQJ,QRUGHUWRHPHUJH
DV D SURIHVVLRQDO KDFNHU LW LV QHFHVVDU\ WR KDYH D VRXQG XQGHUVWDQGLQJ RQ /LQX[ DQG
PDVWHU LWV FRPPDQGV )RU WKLV UHDVRQ , KDYH D IHZ UHFRPPHQGDWLRQV IRU \RXU IXUWKHU
UHIHUHQFHV
+HUHLVDOLVWRIVRPHRIWKHXVHIXOZHEVLWHVWRH[SDQG\RXU/LQX[NQRZOHGJH

Linux Official Website

Free Linux Training

Linux Knowledge Base

Linux Visual Training

+HUHLVDOLVWRIVRPHRIWKHJUHDWERRNVZRUWKUHDGLQJ

How Linux Works

A Practical Guide to Linux Commands, Editors, and Shell Programming
Chapter 4 - Programming
7KHQHHGWRSRVVHVVWKHNQRZOHGJHRISURJUDPPLQJDVDKDFNHULVRQHRIWKHPRVWGHEDWHG
WRSLFVLQWKHKDFNHUVFRPPXQLW\(YHQWKRXJKWKHDYDLODELOLW\RIDYDULHW\RIUHDG\PDGH
WRROV RQ WKH ,QWHUQHW KDV FRQVLGHUDEO\ HOLPLQDWHG WKH QHHG IRU SURJUDPPLQJ PDQ\ VWLOO
DUJXHWKDWKDYLQJDNQRZOHGJHRISURJUDPPLQJFDQEHDJUHDWDGYDQWDJHIRUWKHKDFNHU
WHY PROGRAMMING?
$WWKLVSRLQW\RXPLJKWEHDVNLQJ\RXUVHOI'R,QHHGWROHDUQSURJUDPPLQJ":HOOWKLV
TXHVWLRQLVKDUGWRDQVZHUDVLWDOOGHSHQGVRQLQGLYLGXDOJRDOV:KLOHVRPHSHRSOHKDWH
SURJUDPPLQJDQGORYHWRVWLFNZLWKUHDGLO\DYDLODEOHWRROVWKHUHDUHDIHZZKRZRXOGOLNH
WRJLYHSURJUDPPLQJDWU\5HPHPEHULWLVVWLOOSRVVLEOHWREHDIDLUO\JRRGHWKLFDOKDFNHU
ZLWKRXW NQRZLQJ DQ\ SURJUDPPLQJ DW DOO SURYLGHG \RX UHDOO\ PDVWHU WKH WKHRUHWLFDO
FRQFHSWVRIKDFNLQJDQGNQRZKRZWRXVHWKHWRROVHIIHFWLYHO\
+RZHYHU LI \RX DUH WR WDNH P\ SHUVRQDO DGYLFH , VWLOO UHFRPPHQG WKDW \RX OHDUQ VRPH
EDVLFVRISURJUDPPLQJVRWKDW\RXZLOOKDYHDPXFKEHWWHUXQGHUVWDWLQJRIWKHVLWXDWLRQV
$NQRZOHGJHRISURJUDPPLQJFDQJLYH\RXWKHIROORZLQJDGGHGEHQHILWV

<RXFDQFRGH\RXURZQH[SORLWIRUIUHVKO\GLVFRYHUHGYXOQHUDELOLWLHVZLWKRXWKDYLQJ
WRZDLWIRUVRPHRQHWRGHYHORSDWRRO
<RXFDQPRGLI\WKHH[LVWLQJVRXUFHFRGHWRPHHW\RXUFXVWRPL]HGQHHGV
<RXZLOOEHUHJDUGHGDVDQHOLWHHWKLFDOKDFNHULQWKHKDFNHUVFRPPXQLW\
$WODVW\RXFDQDYRLGSHRSOHFODVVLI\LQJ\RXDVDVFULSWNLGGLH
WHERE SHOULD I START?

,I\RXDUHFRPSOHWHO\QHZWRWKHZRUOGRIFRPSXWHUSURJUDPPLQJP\UHFRPPHQGDWLRQLV
WRVWDUWRIIZLWKWKHEDVLFVVXFKDVOHDUQLQJSURJUDPPLQJODQJXDJHVOLNHCHTML+\SHU
7H[W0DUNXS/DQJXDJHPHP DQGJavaScript&LVDZRQGHUIXOSURJUDPPLQJODQJXDJH
IRUEHJLQQHUVWKDWSOD\VDSURPLQHQWUROHLQHVWDEOLVKLQJWKHIRXQGDWLRQIRUOHDUQLQJRWKHU
ODQJXDJHV7KHIROORZLQJDUHVRPHRIWKHIUHHO\DYDLODEOHZHEVLWHVWROHDUQ&

C Programming

Learn-C

C4Learn

2QFH \RX DUH GRQH ZLWK WKH EDVLFV RI & OHDUQLQJ +70/, 3+3 DQG -DYD6FULSW EHFRPHV
IDLUO\ VLPSOH 7KH IROORZLQJ DUH WKH IUHHO\ DYDLODEOH ZHEVLWHV WR OHDUQ +70/ 3+3 DQG
-DYD6FULSW

HTML Tutorial w3schools

PHP Tutorial w3schools

JavaScript Tutorial w3schools

,Q DGGLWLRQ WR IUHH UHVRXUFHV \RX FDQ HYHQ FRQVLGHU SXUFKDVLQJ ERRNV LI \RX DUH PRUH
VHULRXVDERXWSURJUDPPLQJ7KHIROORZLQJDUHIHZRIWKHJUHDWERRNVZRUWKUHDGLQJ

The C Programming Language

HTML & CSS: A Beginners Guide

Programming PHP

JavaScript for Beginners

2QFH\RXKDYHPDGHXS\RXUPLQG\RXFDQVWDUWWROHDUQDQGSUDFWLFHSURJUDPPLQJDVD
VHSDUDWH MRXUQH\ ZLWKRXW KDYLQJ WR SDXVH SXUVXLQJ \RXU KDFNLQJ WXWRULDOV ,Q PRVW
FLUFXPVWDQFHV HWKLFDO KDFNLQJ RU SHQHWUDWLRQ WHVWLQJ LV LQGHSHQGHQW RI SURJUDPPLQJ DQG
KHQFH\RXFDQOHDUQWKHPVLPXOWDQHRXVO\,I\RXDUHQRW\HWUHDG\IRUSURJUDPPLQJ\RX
PD\HYHQFRPSOHWHUHDGLQJWKLVERRNDQGODWHUGHFLGHRQSURJUDPPLQJ
Chapter 5 - Footprinting
%HIRUHWKHUHDOIXQRIKDFNLQJEHJLQVWKHUHFRPHVWZRLPSRUWDQWVWHSVLQWKHLQWHOOLJHQFH
JDWKHULQJSURFHVVNQRZQDVfootprinting DQGscanningWREHSHUIRUPHGE\WKHKDFNHU7KLV
FKDSWHU ZLOO GHDO ZLWK WKH first VWHS FDOOHG footprinting ZKLFK VLPSO\ PHDQV JDWKHULQJ
LQIRUPDWLRQDERXWWKHWDUJHW
WHAT IS FOOTPRINTING?
Footprinting UHIHUV WR WKH SURFHVV RI JDWKHULQJ LQIRUPDWLRQ DERXW D VSHFLILF FRPSXWHU
V\VWHPRUDQHWZRUNHQYLURQPHQWDQGWKHFRPSDQ\LWEHORQJVWR7KLVLVWKHSUHSDUDWRU\
SKDVHIRUWKHKDFNHUZKHUHKHJDWKHUVDVPXFKLQIRUPDWLRQDVKHFDQVRDVWRILQGZD\VWR
LQWUXGHLQWRWKHWDUJHW)RRWSULQWLQJFDQUHYHDOWKHYXOQHUDELOLWLHVRIWKHWDUJHWV\VWHPDQG
LPSURYHWKHZD\VLQZKLFKWKH\FDQEHH[SORLWHG
)RRWSULQWLQJKDVWREHGRQHLQDVORZDQGPHWKRGRORJLFDOPDQQHUZKHUHWKHKDFNHUVSHQGV
RI KLV WLPH LQ EOXHSULQWLQJ WKH VHFXULW\ SURILOH RI WKH WDUJHW DQG RQO\ LQ
ODXQFKLQJ WKH DWWDFN )RRWSULQWLQJ FDQ DFWXDOO\ KHOS KDFNHU GHFLGH RQ WKH W\SH RI DWWDFN
WKDWLVPRVWVXLWDEOHIRUWKHWDUJHW
INFORMATION GATHERING METHODOLOGY

6XSSRVH LI D KDFNHU GHFLGHV WR EUHDN LQWR D WDUJHWFRPSDQ\ KH FDQ RQO\ GR VR DIWHU
EOXHSULQWLQJ WKH WDUJHW DQG DVVHVVLQJ WKH SRVVLEOH YXOQHUDELOLWLHV %DVHG RQ WKLV
LQIRUPDWLRQWKHKDFNHUFDQFDUU\RXWSRVVLEOHDWWDFNVVXFKDVEUHDNLQJLQWRWKHFRPSDQ\V
GDWDEDVHKDFNLQJLWVZHEVLWHRUFDXVLQJGHQLDORIVHUYLFH7KHIROORZLQJDUHVRPHRIWKH
GLIIHUHQWW\SHVRILQIRUPDWLRQWKDWDKDFNHUFRXOGJDWKHUEHIRUHDFWXDOO\FDUU\LQJRXWWKH
DWWDFN
Obtaining the Domain Name Information

9DULRXVEDFNJURXQGLQIRUPDWLRQDERXWWKHWDUJHWZHEVLWHGRPDLQQDPHVXFKDVWKHQDPH
RILWVowner DQGregistrardate of its registrationexpiry datename servers DVVRFLDWHG
FRQWDFW GHWDLOV DVVRFLDWHG ZLWK LW VXFK DV emailphoneDQGaddress FDQ EH IRXQG RXW E\
SHUIRUPLQJDWhois lookup7KHIROORZLQJDUHVRPHRIWKHSRSXODUZHEVLWHVZKHUH\RX
FDQSHUIRUP:KRLVORRNXSRQDQ\GRPDLQWRXQFRYHULWVEDFNJURXQGLQIRUPDWLRQ
http://www.whois.com/whois/
https://who.is/

http://whois.domaintools.com/
$VDPSOH:KRLV/RRNXSSHUIRUPHGRQIDFHERRNFRPDWhttp://www.whois.com/whois/
VKRZVWKHIROORZLQJLQIRUPDWLRQ
Figure 5. 1
Finding IP Address and Hosting Provider

,QIRUPDWLRQ VXFK DV WKH ,3 DGGUHVV RI WKH ZHEVLWH DQG LWV KRVWLQJ SURYLGHU FDQ EH YHU\
FUXFLDO7KLVFDQEHHDVLO\IRXQGRXWXVLQJWKHIROORZLQJZHEVLWH
WhoIsHostingThis: http://www.whoishostingthis.com/
-XVW YLVLW WKH DERYH ZHEVLWH DQG HQWHU WKH GRPDLQ QDPH RI \RXU FKRLFH WR REWDLQ LWV ,3
DGGUHVVDVZHOODVWKHQDPHRILWVKRVWLQJSURYLGHUDVVKRZQEHORZ
Figure 5. 2
$V \RX FDQ VHH IURP WKH DERYH VQDSVKRW D TXHU\ RQ IDFHERRNFRP UHYHDOV LWV IP
addresshosting providerDQGDOVRWKHname serversDVVRFLDWHGZLWKLW
Finding IP Address Location

)LQGLQJRXWWKHSK\VLFDOORFDWLRQRIWKH,3DGGUHVVLVYHU\VLPSOH-XVWYLVLWWKHIROORZLQJ
ZHEVLWHDQGHQWHUWKHWDUJHW,3DGGUHVVWRUHYHDOLWVSK\VLFDOORFDWLRQ
IP2Location:http://www.ip2location.com/demo
$VQDSVKRWRIVDPSOHTXHU\IRUWKH,3DGGUHVV173.252.120.6RQip2location.comZHEVLWH
LVVKRZQEHORZ
Figure 5. 3

Finding IP Address Range

:KLOHVPDOOZHEVLWHVPD\KDYHDVLQJOH,3DGGUHVVELJSOD\HUVVXFKDV*RRJOH)DFHERRN
DQG 0LFURVRIW KDYH D UDQJH RI ,3 DGGUHVVHV DOORFDWHG WR WKHLU FRPSDQ\ IRU KRVWLQJ
DGGLWLRQDO ZHEVLWHV DQG VHUYHUV 7KLV UDQJH RI LQIRUPDWLRQ FDQ EH REWDLQHG IURP WKH
RIILFLDOZHEVLWHRIAmerican Registry for Internet Numbers (ARIN)7KH85/IRUWKH
$5,1ZHEVLWHLVOLVWHGEHORZ
ARIN Website: https://www.arin.net/
9LVLW WKH DERYH 85/ DQG LQVHUW WKH IP address RI DQ\ JLYHQ ZHEVLWH LQ WKH Search
WhoisER[IRXQGDWWKHWRSULJKWFRUQHURIWKHZHESDJH+HUHLVDVQDSVKRWVKRZLQJWKH
UHVXOWVRIDVDPSOHTXHU\SHUIRUPHGRQWKH)DFHERRNV,3DGGUHVV173.252.120.6
Figure 5. 4
Traceroute
Traceroute LV D QHWZRUN GLDJQRVWLF WRRO WR LGHQWLI\ WKH DFWXDO SDWK URXWH WKDW WKH
LQIRUPDWLRQSDFNHWVWDNHVWRWUDYHOIURPVRXUFHWRGHVWLQDWLRQ7KHVRXUFHZLOOEH\RXU
RZQ FRPSXWHU FDOOHG localhost 7KH GHVWLQDWLRQ FDQ EH DQ\ KRVW RU VHUYHU RQ WKH ORFDO
QHWZRUNRU,QWHUQHW
7KH WUDFHURXWH WRRO LV DYDLODEOH RQ ERWK :LQGRZV DQG /LQX[ 7KH FRPPDQG V\QWD[ IRU
:LQGRZVLVDVIROORZV
tracert WDUJHWGRPDLQRU,3
7KHFRPPDQGV\QWD[IRU/LQX[LVDVIROORZV
traceroute WDUJHWGRPDLQRU,3
8VXDOO\ WKH WUDQVIHU RI LQIRUPDWLRQ IURP RQH FRPSXWHU WR DQRWKHU ZLOO QRW KDSSHQ LQ D
VLQJOHMXPS,WLQYROYHVDFKDLQRIVHYHUDOFRPSXWHUVDQGQHWZRUNGHYLFHVFDOOHGhopsWR
WUDQVPLWLQIRUPDWLRQIURPVRXUFHWRGHVWLQDWLRQ7UDFHURXWHLGHQWLILHVHDFKKRSRQWKDWOLVW
DQG WKH DPRXQW RI WLPH LW WDNHV WR WUDYHO IURP RQH KRS WR DQRWKHU $ VQDSVKRW RI WKH
WUDFHURXWHSHUIRUPHGRQJRRJOHFRPXVLQJD:LQGRZVFRPSXWHULVVKRZQEHORZ
Figure 5. 5

$VVKRZQLQWKHDERYHVQDSVKRWWKHWUDFHURXWHWRROLGHQWLILHVDOOWKHKRSVSUHVHQWLQWKH
SDWKWUDYHUVHGE\SDFNHWVIURPVRXUFHWRGHVWLQDWLRQ+HUH192.168.0.1LVWKHSULYDWH,3
DQG 117.192.208.1 LV WKH SXEOLF ,3 RI WKH VRXUFH P\ FRPSXWHU 74.125.236.66 LV WKH
GHVWLQDWLRQ,3DGGUHVV*RRJOHVVHUYHU$OOWKHUHPDLQLQJ,3DGGUHVVHVVKRZQLQEHWZHHQ
WKHVRXUFHDQGWKHGHVWLQDWLRQEHORQJWRFRPSXWHUVWKDWDVVLVWLQFDUU\LQJWKHLQIRUPDWLRQ

Obtaining Archive of the Target Website

*HWWLQJDFFHVVWRWKHDUFKLYHRIWKHWDUJHWZHEVLWHZLOOOHW\RXNQRZKRZWKHZHEVLWHZDV
GXULQJ WKH WLPH RI LWV ODXQFK DQG KRZ LW JRW DGYDQFHG DQG FKDQJHG RYHU WLPH <RX ZLOO
DOVR VHH DOO WKH XSGDWHV PDGH WR WKH ZHEVLWH LQFOXGLQJ WKH QDWXUH RI XSGDWHV DQG WKHLU
GDWHV<RXFDQXVHWKHWayBackMachineWRROWRDFFHVVWKHWKLVLQIRUPDWLRQ
WayBackMachine: http://archive.org/web/
-XVWXVHWKHDERYHOLQNWRYLVLWWKH:D\%DFN0DFKLQHZHEVLWHDQGW\SHLQWKH85/RIWKH
WDUJHWZHEVLWH<RXVKRXOGJHWDOLVWRIDUFKLYHVRIWKHZHEVLWHOLVWHGLQDPRQWKE\PRQWK
DQG\HDUO\EDVLVDVVKRZQLQWKHVQDSVKRWEHORZ
Figure 5. 6

COUNTERMEASURES
, KRSH \RX DUH QRZ DZDUH RI VHYHUDO ZD\V XVLQJ ZKLFK \RX FDQ VXFFHVVIXOO\ SHUIRUP
IRRWSULQWLQJWRJDWKHUDZKROHORWRILQIRUPDWLRQDERXWWKHWDUJHW2QFH\RXDUHGRQHZLWK
RUJDQL]LQJ WKH GDWD WKDW \RX KDYH REWDLQHG WKURXJK WKH IRRWSULQWLQJ SURFHVV \RX FDQ VLW
EDFNDQGDQDO\]HWKHPWRILQGRXWSRVVLEOHYXOQHUDELOLWLHVLQDQ\RIWKHWHFKQRORJLHVXVHG
LQWKHZHEVLWH
0DQ\QHWZRUNDGPLQLVWUDWRUVRIWHQIDLOWRXSGDWHYXOQHUDEOHVRIWZDUHDQGVFULSWVUXQQLQJ
RQWKHLUVHUYHUWRWKHODWHVWYHUVLRQ7KLVFDQRSHQDQRSSRUWXQLW\IRUWKHKDFNHUWRH[SORLW
DQGJDLQDFFHVVWRWKHV\VWHP7KHUHIRUHLWLVLPSRUWDQWWRLGHQWLI\DQGSDWFKWKHH[LVWLQJ
YXOQHUDELOLWLHVRQDUHJXODUEDVLVDQGDOVROLPLWWKHDPRXQWRIVHQVLWLYHLQIRUPDWLRQOHDNHG
WRWKH,QWHUQHW
Chapter 6 - Scanning
$IWHUJDWKHULQJDYDULHW\RILQIRUPDWLRQDERXWWKHWDUJHWWKURXJKfootprintingLWLVWLPHWR
PRYHRQWRWKHQH[WVWHSFDOOHGscanning6FDQQLQJLVWKHVHFRQGVWHSLQWKHLQWHOOLJHQFH
JDWKHULQJ SURFHVV RI D KDFNHU ZKHUH LQIRUPDWLRQ DERXW VSHFLILF ,3 DGGUHVVHV RSHUDWLQJ
V\VWHPV WKHLU DUFKLWHFWXUH DQG VHUYLFHV UXQQLQJ RQ FRPSXWHUV FDQ EH REWDLQHG 8QOLNH
footprinting ZKLFK JDWKHUV LQIRUPDWLRQ SDVVLYHO\ IURP YDULRXV WKLUG SDUW\ VRXUFHV
scanningLQYROYHVDFWLYHO\HQJDJLQJZLWKWKHWDUJHWWRREWDLQLQIRUPDWLRQ
DETECTING LIVE SYSTEMS

7KHILUVWVWHSLQWKHSURFHVVRIVFDQQLQJLVWRGHWHUPLQHZKHWKHUWKHWDUJHWLVDOLYHRUQRW
7KLVFDQEHGRQHXVLQJWKHping WRROWKDWLVUHDGLO\DYDLODEOHRQERWK:LQGRZVDQG/LQX[
FRPSXWHUV-XVWRSHQWKHFRPPDQGSURPSWLI\RXDUHRQ:LQGRZVRUWHUPLQDOZLQGRZLI
\RXDUHRQ/LQX[DQGW\SHSLQJIROORZHGE\WKHWDUJHW,3DGGUHVVDVVKRZQEHORZ
ping
,IWKHWDUJHWLVDOLYHDQGRQOLQH\RXVKRXOGJHWDUHSO\IURPWKHWDUJHWRU\RXLIWKHWDUJHWLV
QRWDOLYH\RXZLOOJHWDUHVSRQVHVD\LQJSLQJUHTXHVWFDQQRWILQGWKHKRVW
Angry IP Scanner
<RXFDQHYHQSLQJDUDQJHRI,3DGGUHVVHVDOODWRQFHXVLQJDQLFHWRROFDOOHG$QJU\,3
6FDQQHU ,W LV DQ RSHQVRXUFH FURVVSODWIRUP QHWZRUN VFDQQHU WRRO SDFNHG ZLWK VHYHUDO
XVHIXOIHDWXUHV
$OO\RXQHHGWRGRLVHQWHUWKHstartingDQGWKH ending ,3RIWKHUDQJHWKDW\RXZDQWWR
SLQJ DQG FOLFN RQ WKH 6WDUW EXWWRQ DV VKRZQ LQ WKH EHORZ ILJXUH 7KLV VKRXOG WHOO \RX
ZKLFKRIWKRVH,3VDUHDYDLODEOHDQGZKLFKDUHQRW
Figure 6. 1
$QJU\,36FDQQHULVDYDLODEOHIRUERWK:LQGRZVDQG/LQX[RSHUDWLQJV\VWHPVDQGFDQEH
GRZQORDGHGIURPWKHOLQNEHORZ
Angry IP Scanner: http://angryip.org/download/
Online Ping Tool

,I\RXZRXOGOLNHWRSLQJWKHWDUJHWXVLQJDWKLUGSDUW\FRPSXWHULQVWHDGRI\RXUV\RXFDQ
GR VR XVLQJ RQOLQH WRROV OLNH Just-Ping ZKLFK SLQJV WKH WDUJHW IURP GLIIHUHQW JHR
ORFDWLRQVZRUOGZLGH<RXFDQDFFHVV-XVW3LQJWRROIURPWKHOLQNEHORZ
Just-Ping: http://cloudmonitor.ca.com/en/ping.php
7KHIROORZLQJILJXUHRQWKHQH[WSDJHVKRZVDVDPSOHSLQJWHVWFRQGXFWHGXVLQJWKH
Just-PingWRRO
Figure 6. 2

TYPES OF SCANNING
1RZOHWXVGLVFXVVRQHE\RQHVRPHRIWKHGLIIHUHQWW\SHVRIVFDQQLQJWKDWDUHLQSODFH

Port Scanning
Port scanning LQYROYHV VHQGLQJ D VHULHV RI PHVVDJHV WR WKH WDUJHW FRPSXWHU WR GLVFRYHU
WKHW\SHVRIQHWZRUNVHUYLFHVUXQQLQJRQLW6LQFHHDFKVHUYLFHLVDVVRFLDWHGZLWKDZHOO
NQRZQ SRUW QXPEHU SHUIRUPLQJ D SRUW VFDQ RQ WKH WDUJHW ZLOO UHYHDO WKH SRUWV WKDW DUH
RSHQ6RZKHQDSRUWLVVDLGWREHRSHQWKHVHUYLFHDVVRFLDWHGZLWKLWLVVDLGWREHDFWLYH
DQGUXQQLQJWKHUHE\RSHQLQJXSWKHRSSRUWXQLW\IRUWKHDWWDFNHUWREUHDNLQWRLW
)RU H[DPSOH LI D SRUW VFDQ RQ WKH WDUJHW VKRZV WKDW SRUW DQG SRUW DUH RSHQ WKDW
PHDQVWKHWDUJHWFRPSXWHUKDVD+773VHUYLFHZHEVHUYHUDQGDQ6073VHUYLFHHPDLO
VHUYLFHUXQQLQJRQLWUHVSHFWLYHO\
Network Scanning
Network scanning LVDSURFHGXUHIRULGHQWLI\LQJDFWLYHKRVWVRQWKHWDUJHWQHWZRUNHLWKHU
IRU WKH SXUSRVH RI DWWDFNLQJ WKHP RU IRU VHFXULW\ DVVHVVPHQW ,Q WKLV ZD\ LW ZRXOG EH
SRVVLEOHIRUWKHKDFNHUWRPDNHDOLVWRIYXOQHUDEOHKRVWVIRUGLUHFWDWWDFNRUWRXVHWKHP
LQGLUHFWO\WRDWWDFNRWKHUKRVWV
Vulnerability Scanning
Vulnerability scanning LQYROYHV WKH XVH RI DXWRPDWHG WRROV NQRZQ DV vulnerability
scannersWRSURDFWLYHO\LGHQWLI\VHFXULW\YXOQHUDELOLWLHVRIFRPSXWHUV\VWHPVLQDQHWZRUN
7KHVH WRROV ZLOO VFDQ WKH WDUJHW WR ILQG RXW WKH SUHVHQFH RI NQRZQ IODZV WKDW DUH
VXVFHSWLEOHWRH[SORLWV
TOOLS FOR SCANNING

7KHIROORZLQJDUHVRPHRIWKHSRSXODUWRROVDYDLODEOHIRUVFDQQLQJ

Nmap
Nmap LV D SRSXODU RSHQVRXUFH WRRO IRU QHWZRUN GLVFRYHU\ DQG VHFXULW\ DXGLWLQJ WKDW
ZRUNVRQGLIIHUHQWSODWIRUPVOLNH/LQX[:LQGRZVDQG0DF,WEDVLFDOO\FRPHVLQWKHIRUP
RIDFRPPDQGOLQHLQWHUIDFHKRZHYHUWRIDFLOLWDWHWKHHDVHRIXVHLWLVDOVRDYDLODEOHLQD
*8, IRUPDW FDOOHG Zenmap )RU :LQGRZV PDFKLQHV \RX FDQ LQVWDOO WKH VHOILQVWDOOHU
YHUVLRQ RI Nmap WKDW FRPHV LQ WKH H[H IRUPDW 7KH GRZQORDG OLQN IRU WKH VDPH LQ
DYDLODEOHEHORZ
Nmap Download: http://nmap.org/download.html
$IWHU LQVWDOOLQJ WKH WRRO UXQ WKH GHVNWRS VKRUWFXW WR RSHQ WKH Zenmap ZLQGRZ ZKLFK
W\SLFDOO\ORRNVDVVKRZQEHORZ
Figure 6. 3
7KH7DUJHWER[QHHGVWREHILOOHGZLWKWKHWDUJHWIP addressRUdomain nameRQZKLFK

\RXZDQWWRSHUIRUPWKHVFDQ,WDOVRFRPHVSUHORDGHGZLWKGLIIHUHQWscan profilesWKDW
\RXFDQVHOHFWIURP
Intense Scan
7KLV VFDQ W\SH VKRXOG EH UHDVRQDEO\ TXLFN DV LW RQO\ VFDQV 7&3 SRUWV $GGLWLRQDOO\ LW
PDNHVDQDWWHPSWWRGHWHFWWKH26W\SHYDULRXVVHUYLFHVDQGWKHLUYHUVLRQQXPEHUVWKDW
DUHUXQQLQJRQWKHWDUJHWPDFKLQH
Intense Scan Plus UDP

,WLVWKHVDPHIntense scanDVGHVFULEHGDERYHEXWDOVRLQFOXGHVVFDQQLQJRI8'3SRUWV
Intense Scan, all TCP Ports

8QOLNHWKHQRUPDOIntense scanZKLFKRQO\VFDQVDOLVWRIPRVWFRPPRQSRUWVWKH
Intense scan, all TCP portsVFDQVDOODYDLODEOHSRUWV
Intense Scan, No Ping

7KLVRSWLRQZLOOH[FOXGHSLQJLQJWKHWDUJHWIURPWKHIntense scan<RXPD\XVHWKLVRSWLRQ
ZKHQ\RXDOUHDG\NQRZWKDWWKHWDUJHWLVXSRULVEORFNLQJSLQJUHTXHVWV
Ping Scan
7KLVRSWLRQZLOORQO\SLQJWKHWDUJHWEXWGRHVQRWSHUIRUPSRUWVFDQQLQJRIDQ\W\SH
Quick Scan
6FDQVIDVWHUWKDQWKHIntense scanE\OLPLWLQJWKHQXPEHURI7&3SRUWVVFDQQHGWRRQO\WKH
WRSPRVWFRPPRQ7&3SRUWV

Quick Scan Plus

Quick scan plusDGGV26GHWHFWLRQDQGDELWRIYHUVLRQGHWHFWLRQIHDWXUHVWRQuick scan
Quick Traceroute
7KLVRSWLRQZLOOVKRZ\RXWKHURXWHWKDWWKHSDFNHWVWDNHWRUHDFKWKHWDUJHWVWDUWLQJZLWK
WKHORFDOKRVWVRXUFHRU\RXURZQFRPSXWHU
Regular Scan
7KLVZLOOSHUIRUPWKHSLQJDQG7&3SRUWVFDQRIGHIDXOWSRUWVRQWKHWDUJHW
Slow Comprehensive Scan

7KLVVFDQZLOOWU\DOOSRVVLEOHRSWLRQVWRXQFRYHUDVPXFKLQIRUPDWLRQDVLWFDQDERXWWKH
WDUJHW,WXVHVWKUHHGLIIHUHQWSURWRFROV7&38'3DQG6&73LQRUGHUWRGHWHFWKRVWV
2XW RI DOO WKH VFDQQLQJ RSWLRQV , UHFNRQ Intense Scan WR EH DSSURSULDWH XQGHU PRVW
FRQGLWLRQV-XVWILOOWKH7DUJHWER[VHOHFWWKH,QWHQVHVFDQSURILOHDQGKLWWKH6FDQ
EXWWRQ/HWXVQRZDQDO\]HWKH1PDSUHVXOWRXWSXWE\UXQQLQJLWRQDVDPSOHWDUJHW
EXWWRQ/HWXVQRZDQDO\]HWKH1PDSUHVXOWRXWSXWE\UXQQLQJLWRQDVDPSOHWDUJHW0
X
$IWHUWKHV@DQ
Chapter 7 - Hacking Passwords

3DVVZRUG KDFNLQJ LV RQH RI WKH KRWWHVW DQG PRVW ZLGHO\ GLVFXVVHG WRSLFV LQ WKH ILHOG RI
FRPSXWHU KDFNLQJ ,Q WRGD\V ZRUOG SDVVZRUGV DORQH SOD\ D NH\ UROH LQ GHFLGLQJ WKH
VHFXULW\RIDZHEVHUYHURUDQ\RWKHUFRPSXWHUV\VWHP$VDUHVXOWKDFNLQJWKHSDVVZRUG
LV RQH RI WKH HDVLHVW DQG VRPHWLPHV WKH RQO\ ZD\ WR JDLQ DFFHVV WR WKH V\VWHP ,Q WKLV
FKDSWHU\RXZLOOEHLQWURGXFHGWRYDULRXVSDVVZRUGKDFNLQJWHFKQLTXHVWKDWDUHIUHTXHQWO\
XVHGLQWKHKDFNLQJLQGXVWU\
7REHJLQZLWK,ZLOOOHW\RXNQRZVRPHRIWKHREYLRXVVLPSOH\HWHIIHFWLYHWHFKQLTXHVWR
KDFNSDVVZRUGV

Social Engineering: 7KLVW\SHRIWHFKQLTXHLQYROYHVSV\FKRORJLFDOPDQLSXODWLRQRI
SHRSOH LQWR SHUIRUPLQJ DFWLRQV WKDW OHDG WR WKH GLVFORVXUH RI WKHLU FRQILGHQWLDO
LQIRUPDWLRQ,QRWKHUZRUGVVRFLDOHQJLQHHULQJLVMXVWDWULFNSOD\HGE\WKHKDFNHUWR
JDLQWKHWUXVWRISHRSOHVRWKDWWKH\UHYHDOWKHSDVVZRUGE\WKHPVHOYHV
Scenario-1:7KHKDFNHUPD\FDOOWKHWDUJHWSHUVRQE\SUHWHQGLQJKLPVHOIDVDEDQN
RIILFLDODQGDVNKLPWRFRQILUPKLVSDVVZRUGVWDWLQJWKDWWKLVKDVWREHGRQHDVDSDUW
RIDQRQJRLQJYHULILFDWLRQSURJUDP,QPRVWFDVHVWKHWDUJHWSHUVRQRQWKHRWKHUHQG
EHOLHYHVWKLVDQGUHYHDOVKLVSDVVZRUGWRWKHKDFNHU
Scenario-2: ,Q RUGHU WR DYRLG VXVSLFLRQ LQVWHDG RI GLUHFWO\ DVNLQJ WKH YLFWLP WR
UHYHDOWKHSDVVZRUGWKHKDFNHUPD\REWDLQRWKHUYLWDOLQIRUPDWLRQVXFKDVWKH'DWH
RI%LUWK3ODFHRI%LUWK+LJK6FKRRO'HWDLOVHWFIURPWKHWDUJHWSHUVRQ8VLQJ
WKHVHGHWDLOVWKHKDFNHUFDQHDVLO\UHVHWWKHSDVVZRUGDQGJDLQXQDXWKRUL]HGDFFHVV
(YHQ WKRXJK VRFLDO HQJLQHHULQJ VHHPV VLPSOH LW LV SURYHQ WKDW PRVW SHRSOH
ZRXOGHDVLO\IDOOYLFWLPWRWKLVDWWDFN/DFNRIDZDUHQHVVDPRQJSHRSOHLVWKH
SULPHUHDVRQIRUWKHVXFFHVVEHKLQGWKLVWULFN
Guessing: $VPRVWSHRSOHDUHNQRZQWRXVHHDV\WRUHPHPEHUZRUGVVXFKDVWKHLU

SHWV QDPH SKRQH QXPEHU FKLOGV QDPH HWF DV WKHLU SDVVZRUGV LW LV RIWHQ
SRVVLEOHIRUWKHKDFNHUWRHDVLO\JXHVVWKHSDVVZRUG

Shoulder surfing: ,W LV WKH DFW RI VS\LQJ RQ RQHV NH\ERDUG IURP EHKLQG WKH
VKRXOGHUVDVDSHUVRQW\SHVKLVKHUSDVVZRUG7KLVWHFKQLTXHZRUNVZHOOSDUWLFXODUO\
LQFURZGHGDUHDVVXFKDVF\EHUFDIHVDQG$70VZKHUHSHRSOHDUHXVXDOO\XQDZDUHRI
ZKDWLVKDSSHQLQJEHKLQGWKHLUVKRXOGHUV
$IWHUXQGHUVWDQGLQJVRPHRIWKHVLPSOHSDVVZRUGKDFNLQJWHFKQLTXHVLWLVWLPHWRPRYH
RQWRWKHQH[WOHYHO1RZOHWXVMXPSLQWRVRPHRIWKHVHULRXVPHWKRGVWKDWKDFNHUVXVHWR
FUDFNSDVVZRUGV
Figure 6. 6
7KH+RVW'HWDLOVWDEVKRZVWKHVWDWXVRIWKHKRVWLWVQDPHQXPEHURISRUWVVFDQQHG
XSWLPHODVWERRWWLPHW\SHRIRSHUDWLQJV\VWHPUXQQLQJLQFOXGLQJLWVYHUVLRQQXPEHUDQG
PDQ\RWKHUGHWDLOVDVVKRZQLQWKHEHORZILJXUH
Figure 6. 7
NetScanTools Pro
NetScanTools ProLVDQRWKHUZRQGHUIXOSURJUDPIRU:LQGRZVWKDWKDVDSRZHUIXOVHWRI
RYHUQHWZRUNWRROVLQFOXGLQJERWKDXWRPDWHGDQGPDQXDOZD\VWRUHWULHYHLQIRUPDWLRQ
IURPWKHWDUJHW
Figure 6. 8
<RX FDQ XVH WKH $XWRPDWHG 7RROV WR TXLFNO\ SHUIRUP SRUW VFDQ DQG JUDE YLWDO
LQIRUPDWLRQDERXWWKHWDUJHWVXFKDV'16UHFRUGV:KRLVGDWD7UDFHURXWHGHWDLOVDOOIURP
D VLQJOH SODFH 2Q WKH RWKHU KDQG WKH 0DQXDO 7RROV VHFWLRQ FRQWDLQV LQGLYLGXDO WRROV
VSHFLDOO\FUDIWHGWRJLYHPRUHFRQWUROLQWKHVFDQQLQJSURFHVVIRUDGYDQFHGXVHUV

Online Tools
<RX FDQ DOVR PDNH XVH RI RQOLQH WRROV WR SHUIRUP SRUW VFDQ DQG GLVFRYHU LPSRUWDQW
LQIRUPDWLRQ DERXW WKH WDUJHW 7KH IROORZLQJ DUH VRPH RI WKH OLQNV XVHIXO RQOLQH QHWZRUN
WRROVWKDWDUHZRUWKFRQVLGHULQJ

PenTest-Tools

YouGetSignal

Other Popular Tools

+HUHLVDOLVWRIVRPHRIWKHRWKHUSRSXODUWRROVWKDW\RXPD\ZDQWWRH[SORUH

SuperScan

ipEye

OS FINGERPRINTING
OS fingerprintingLVWKHSURFHVVRIGHWHFWLQJWKHRSHUDWLQJV\VWHPRIWKHWDUJHWKRVWRUD
QHWZRUN7KHIROORZLQJDUHVRPHRIWKHFRPPRQO\XVHG26ILQJHUSULQWLQJPHWKRGV

Active Fingerprinting
Active fingerprinting LV WKH PHWKRG LQ ZKLFK VSHFLDOO\ FUDIWHG SDFNHWV DUH VHQW WR WKH
WDUJHW V\VWHP DQG WKH UHVSRQVH LV QRWHG 6LQFH GLIIHUHQW RSHUDWLQJ V\VWHPV UHVSRQG WR
VRXUFHSDFNHWVLQGLIIHUHQWZD\VWKLVUHVSRQVHFDQEHDQDO\]HGWRGHWHUPLQHWKHWDUJHW26
2QHRIWKHVLPSOHH[DPSOHLVWKHXVHRI Nmap toolDVGLVFXVVHGLQWKHSUHYLRXVVHFWLRQ
ZKLFKHPSOR\Vactive fingerprintingPHWKRGWRGHWHUPLQHWKHWDUJHW26
Banner Grabbing
$QRWKHUFRPPRQO\XVHGPHWKRGRIDFWLYHILQJHUSULQWLQJLVFDOOHGbanner grabbing7KLV
FDQEHGRQHXVLQJDVLPSOHWRROFDOOHGtelnet7HOQHWLVUHDGLO\DYDLODEOHRQ:LQGRZV;3
DQGSUHYLRXVYHUVLRQV)RU:LQGRZV9LVWDDQGPDFKLQHV\RXQHHGWRDFWLYDWHWKHLQ
EXLOWWHOQHWWRROEHIRUH\RXFDQXVHLW-XVWVHDUFKIRUKRZWRHQDEOHWHOQHWRQZLQGRZV
RQ*RRJOHWRILQGGHWDLOHGLQVWUXFWLRQVIRUHQDEOLQJWHOQHWFOLHQWRQ\RXUFRPSXWHU
2QFH \RX KDYH HQDEOHG WKH WHOQHW FOLHQW RQ \RXU FRPSXWHU EDQQHU JUDEELQJ LV SUHWW\
VLPSOH-XVWW\SHWKHIROORZLQJFRPPDQGLQWKHFRPPDQGSURPSWWRGHWHFWWKHRSHUDWLQJ
V\VWHPUXQQLQJRQWKHWDUJHW
telnet WDUJHWGRPDLQRU,3
7KLVZLOORSHQWKHFRQQHFWLRQZLWKWKHWDUJHW1H[WW\SHWKHWH[WH[DFWO\DVIROORZVHEAD
/ HTTP/1.1 DQG KLW WKH Enter NH\ WZLFH 7KLV VKRXOG IHWFK UHVXOWV ZKHUH WKHUH LV D
SRVVLELOLW\RIWKHWDUJHW26EHLQJPHQWLRQHGDVVKRZQLQWKHEHORZILJXUH
Figure 6. 9

Passive Fingerprinting
Passive fingerprinting LV D WHFKQLTXH WKDW XVHV LQGLUHFW PHWKRGV WR GHWHUPLQH WKH WDUJHW
RSHUDWLQJV\VWHP8QOLNHDFWLYHILQJHUSULQWLQJZKLFKVHQGVSDFNHWVWRWKHWDUJHWSDVVLYH
ILQJHUSULQWLQJ RQ WKH RWKHU KDQG XVHV VQLIILQJ WHFKQLTXH WR DQDO\]H WKH WDUJHW QHWZRUN
WUDIILF DQG GHWHUPLQH WKH RSHUDWLQJ V\VWHP ,W LV OHVV DFFXUDWH WKDQ DFWLYH ILQJHUSULQWLQJ
<RXFDQXVHRQOLQHWRROVOLNHNetcraftWRSHUIRUPSDVVLYHILQJHUSULQWLQJ
Netcraft Tool: http://toolbar.netcraft.com/site_report
-XVW YLVLW WKH DERYH OLQN WR DFFHVV WKH 1HWFUDIW WRRO DQG HQWHU WKH WDUJHW GRPDLQ RU ,3
DGGUHVV WR NQRZ WKH WDUJHW RSHUDWLQJ V\VWHP SRVVLEOH YXOQHUDELOLWLHV LWV ULVN UDWLQJ DQG
RWKHUXVHIXOLQIRUPDWLRQ
CONCEALING YOUR IDENTITY

&RQFHDOLQJ \RX WUXH LGHQWLW\ GXULQJ WKH SURFHVVHV OLNH IRRWSULQWLQJ DQG VFDQQLQJ LV YHU\
PXFK QHFHVVDU\ DV WKHUH LV D UHDO FKDQFH RI WKH WDUJHW WUDFLQJ EDFN WR \RX 6RPH RI WKH
PHWKRGVWKDW\RXFDQHPSOR\WRFRQFHDO\RXULGHQWLW\DUHGLVFXVVHGEHORZ

Using a Proxy
$SUR[\VHUYHUFDQEHXVHGWRFRQFHDO\RXUUHDO,3DGGUHVVZKLOHSHUIRUPLQJVFDQQLQJDQG
KDFNDWWHPSWVRQWKHWDUJHW6LQFHWKH,3DGGUHVVWHOOVHYHU\WKLQJDERXW\RXFRQFHDOLQJLW
XVLQJDSUR[\FDQEHKLJKO\HIIHFWLYHLQKLGLQJ\RXURULJLQ
(YHQ WKRXJK WKHUH DUH GLIIHUHQW W\SHV RI SUR[LHV DYDLODEOH , UHFRPPHQG XVLQJ D 931
SUR[\VHUYLFHWRKLGH\RXU,3DGGUHVV931VHUYLFHVDUHIDVWDQGSURYLGHUHOLDEOHZD\VQRW
RQO\WRKLGH\RXU,3DGGUHVVEXWDOVRWRSURWHFW\RXUGDWDDQGLGHQWLW\RYHUWKH,QWHUQHW
+HUHDUHDIHZSRSXODU931VHUYLFHVWKDW\RXFDQWU\

HideMyAss Proxy

VyprVPN Proxy
$OWHUQDWLYHO\ \RX FDQ DOVR XVH D FKDLQ RI SXEOLF SUR[LHV WR IXUWKHU HQKDQFH \RXU VWHDOWK
RSHUDWLRQ XVLQJ IUHH WRROV OLNH ProxifierDQG SocksChain 3OHDVH QRWH WKDW XVLQJ SXEOLF
SUR[LHVFDQVORZGRZQ\RXUVSHHGDQGKHQFH931SUR[LHVDUHPRUHUHFRPPHQGHGDVWKH\
EHVWVHUYHWKHSXUSRVH
7KHRWKHUZD\WRKLGH\RXULGHQWLW\LVE\XVLQJRQOLQHWRROVIRUSLQJLQJDQGVFDQQLQJWKH
WDUJHW 'XULQJ WKH XVH RI RQOLQH WRROV WKH ,3 DGGUHVV RI WKH VHUYHU KRVWLQJ WKH WRROV LV
H[SRVHGWRWKHWDUJHWDQGQRWWKHRQHWKDWEHORQJVWRWKHDFWXDODWWDFNHU
2QFH \RX KDYH JDWKHUHG D ORQJ OLVW RI LQIRUPDWLRQ DERXW WKH WDUJHW WKURXJK footprinting
DQG scanning LW LV WLPH WR DQDO\]H WKHP IRU SRVVLEOH YXOQHUDELOLWLHV LQ WKH RSHUDWLQJ
V\VWHPWHFKQRORJLHVRUVHUYLFHVUXQQLQJRQWKHWDUJHW<RXFDQPDNHXVHRIWKHIROORZLQJ
ZHEVLWHVWRILQGLQIRUPDWLRQDERXWODWHVWYXOQHUDELOLWLHVDQGH[SORLWV

http://www.securiteam.com

http://www.zone-h.org

http://www.securityfocus.com

http://www.packetstormsecurity.com

http://www.cybercrime.gov
COUNTERMEASURES
6R IDU \RX KDYH OHDUQW GLIIHUHQW VFDQQLQJ WHFKQLTXHV WR GLVFRYHU LQIRUPDWLRQ DERXW WKH
WDUJHW1RZOHWXVORRNLQWRVRPHRIWKHFRXQWHUPHDVXUHVWKDWRQHFDQWDNHWRSUHYHQWYLWDO
LQIRUPDWLRQIURPOHDNLQJLQWRWKHKDQGVRIDQDWWDFNHU

&RQILJXUHZHEVHUYHUVWRSUHYHQWLQIRUPDWLRQOHDNDJH
'LVDEOHXQZDQWHGXQXVHGVHUYLFHVDQGSURWRFROV
8VHDQ,QWUXVLRQ'HWHFWLRQ6\VWHP,'6WRGHWHFWDQGORJSRUWVFDQV
Chapter 7 - Hacking Passwords

3DVVZRUG KDFNLQJ LV RQH RI WKH KRWWHVW DQG PRVW ZLGHO\ GLVFXVVHG WRSLFV LQ WKH ILHOG RI
FRPSXWHU KDFNLQJ ,Q WRGD\V ZRUOG SDVVZRUGV DORQH SOD\ D NH\ UROH LQ GHFLGLQJ WKH
VHFXULW\RIDZHEVHUYHURUDQ\RWKHUFRPSXWHUV\VWHP$VDUHVXOWKDFNLQJWKHSDVVZRUG
LV RQH RI WKH HDVLHVW DQG VRPHWLPHV WKH RQO\ ZD\ WR JDLQ DFFHVV WR WKH V\VWHP ,Q WKLV
FKDSWHU\RXZLOOEHLQWURGXFHGWRYDULRXVSDVVZRUGKDFNLQJWHFKQLTXHVWKDWDUHIUHTXHQWO\
XVHGLQWKHKDFNLQJLQGXVWU\
7REHJLQZLWK,ZLOOOHW\RXNQRZVRPHRIWKHREYLRXVVLPSOH\HWHIIHFWLYHWHFKQLTXHVWR
KDFNSDVVZRUGV

Social Engineering: 7KLVW\SHRIWHFKQLTXHLQYROYHVSV\FKRORJLFDOPDQLSXODWLRQRI
SHRSOH LQWR SHUIRUPLQJ DFWLRQV WKDW OHDG WR WKH GLVFORVXUH RI WKHLU FRQILGHQWLDO
LQIRUPDWLRQ,QRWKHUZRUGVVRFLDOHQJLQHHULQJLVMXVWDWULFNSOD\HGE\WKHKDFNHUWR
JDLQWKHWUXVWRISHRSOHVRWKDWWKH\UHYHDOWKHSDVVZRUGE\WKHPVHOYHV
Scenario-1:7KHKDFNHUPD\FDOOWKHWDUJHWSHUVRQE\SUHWHQGLQJKLPVHOIDVDEDQN
RIILFLDODQGDVNKLPWRFRQILUPKLVSDVVZRUGVWDWLQJWKDWWKLVKDVWREHGRQHDVDSDUW
RIDQRQJRLQJYHULILFDWLRQSURJUDP,QPRVWFDVHVWKHWDUJHWSHUVRQRQWKHRWKHUHQG
EHOLHYHVWKLVDQGUHYHDOVKLVSDVVZRUGWRWKHKDFNHU
Scenario-2: ,Q RUGHU WR DYRLG VXVSLFLRQ LQVWHDG RI GLUHFWO\ DVNLQJ WKH YLFWLP WR
UHYHDOWKHSDVVZRUGWKHKDFNHUPD\REWDLQRWKHUYLWDOLQIRUPDWLRQVXFKDVWKH'DWH
RI%LUWK3ODFHRI%LUWK+LJK6FKRRO'HWDLOVHWFIURPWKHWDUJHWSHUVRQ8VLQJ
WKHVHGHWDLOVWKHKDFNHUFDQHDVLO\UHVHWWKHSDVVZRUGDQGJDLQXQDXWKRUL]HGDFFHVV
(YHQ WKRXJK VRFLDO HQJLQHHULQJ VHHPV VLPSOH LW LV SURYHQ WKDW PRVW SHRSOH
ZRXOGHDVLO\IDOOYLFWLPWRWKLVDWWDFN/DFNRIDZDUHQHVVDPRQJSHRSOHLVWKH
SULPHUHDVRQIRUWKHVXFFHVVEHKLQGWKLVWULFN
Guessing: $VPRVWSHRSOHDUHNQRZQWRXVHHDV\WRUHPHPEHUZRUGVVXFKDVWKHLU

SHWV QDPH SKRQH QXPEHU FKLOGV QDPH HWF DV WKHLU SDVVZRUGV LW LV RIWHQ
SRVVLEOHIRUWKHKDFNHUWRHDVLO\JXHVVWKHSDVVZRUG

Shoulder surfing: ,W LV WKH DFW RI VS\LQJ RQ RQHV NH\ERDUG IURP EHKLQG WKH
VKRXOGHUVDVDSHUVRQW\SHVKLVKHUSDVVZRUG7KLVWHFKQLTXHZRUNVZHOOSDUWLFXODUO\
LQFURZGHGDUHDVVXFKDVF\EHUFDIHVDQG$70VZKHUHSHRSOHDUHXVXDOO\XQDZDUHRI
ZKDWLVKDSSHQLQJEHKLQGWKHLUVKRXOGHUV
$IWHUXQGHUVWDQGLQJVRPHRIWKHVLPSOHSDVVZRUGKDFNLQJWHFKQLTXHVLWLVWLPHWRPRYH
RQWRWKHQH[WOHYHO1RZOHWXVMXPSLQWRVRPHRIWKHVHULRXVPHWKRGVWKDWKDFNHUVXVHWR
FUDFNSDVVZRUGV
DICTIONARY ATTACK
$dictionary attackLVDW\SHRISDVVZRUGFUDFNLQJWHFKQLTXHZKHUHDORQJOLVWRIZRUGV
IURPWKHGLFWLRQDU\LVUHSHDWHGO\WULHGDJDLQVWWKHWDUJHWXQWLOWKHULJKWPDWFKLVIRXQG7KLV
WHFKQLTXHFDQEHXVHGWRFUDFNSDVVZRUGVWKDWFRQWDLQZRUGVIRXQGLQWKHGLFWLRQDU\
*HQHUDOO\WKHVXFFHVVRIDGLFWLRQDU\DWWDFNLVEDVHGRQWKHIDFWWKDWPRVWSHRSOHKDYHD
WHQGHQF\WRXVHHDV\WRUHPHPEHUSDVVZRUGVWKDWDUHIRXQGLQWKHGLFWLRQDU\+RZHYHULI
RQHXVHVDVWURQJSDVVZRUGZLWKDFRPELQDWLRQRIDOSKDEHWVDQGQXPEHUVRULQWURGXFLQJD
VOLJKWYDULDWLRQWRWKHDFWXDOVSHOOLQJZRXOGPDNHLWLPSRVVLEOHIRUWKHGLFWLRQDU\DWWDFNWR
FUDFNVXFKSDVVZRUGV
2QHRIP\IDYRXULWHWRROWRFDUU\RXWWKHGLFWLRQDU\DWWDFNLVBrutus,WLVDUHPRWHRQOLQH
SDVVZRUG FUDFNHU WKDW ZRUNV RQ :LQGRZV SODWIRUP DQG FDQ EH GRZQORDGHG IURP WKH
IROORZLQJOLQN
Brutus Download:http://www.hoobie.net/brutus/
NOTE:6RPHDQWLYLUXVSURJUDPVDUHNQRZQWRKDYHFRQIOLFWZLWKWKHBrutusDSSOLFDWLRQ
6RLWLVUHFRPPHQGWKDW\RXWHPSRUDULO\GLVDEOH\RXUDQWLYLUXVEHIRUHUXQQLQJWKHBrutus
DSSOLFDWLRQ
1RZ OHW PH JLYH \RX D VPDOO GHPR RQ KRZ WR XVH Brutus +HUH LV D VWHSE\VWHS
SURFHGXUH

$IWHUGRZQORDGLQJWKHWRROIURPWKHDERYHOLQNXQ]LSWKHSDFNDJHLQWRDQHZHPSW\
IROGHU
5XQWKH%UXWXV$H[HILOHWRRSHQWKHDSSOLFDWLRQDVVKRZQLQWKHILJXUHEHORZ
Figure 7. 1
(QWHU WKH IP address RU domain name RI WKH WDUJHW VHUYHU LQ WKH 7DUJHW ILHOG
6HOHFW WKH W\SH RI SDVVZRUG WKDW \RX ZDQW WR FUDFN IURP WKH 7\SH ILHOG RU HQWHU
\RXURZQFXVWRPSRUWQXPEHULQWKH3RUWILHOG
,I\RXNQRZWKHusernameIRUZKLFK\RXZDQWKDFNWKHSDVVZRUGIRUWKHQFKHFNWKH
6LQJOH8VHURSWLRQDQGHQWHUWKHusernameLQWKH8VHU,'ILHOG2WKHUZLVHOHDYH
WKH GHIDXOW VHWWLQJV WR ZRUN DV LW LV VR WKDW WKH username list LV ORDGHG IURP WKH
XVHUVW[WILOH
,Q WKH 3DVV 0RGH ILHOG VHOHFW WKH RSWLRQ :RUG /LVW 7KH list of words ZLOO EH
ORDGHG IURP WKH ZRUGVW[W ILOH E\ GHIDXOW ZKLFK FRQWDLQV DURXQG ZRUGV ,I
\RXYHD.TXTILOHWKDWFRQWDLQVPRUHZRUGVWKHQ\RXFDQXVHWKDWE\VHOHFWLQJWKH
%URZVH RSWLRQ 7KH PRUH ELJJHU WKH OLVW LV EHWWHU WKH FKDQFHV RI FUDFNLQJ WKH
SDVVZRUG %HORZ LV DQ H[DPSOH RI KRZ D username DQG password OLVW PLJKW ORRN
OLNH
Figure 7. 2
1RZKLWWKH6WDUWEXWWRQWREHJLQWKHFUDFNLQJSURFHVV%UXWXVZLOOWU\HYHU\ZRUG
LQWKH password list IRU HDFK RI WKH usernames SUHVHQW LQ WKH username list ,W ZLOO
WDNHDZKLOHIRUWKHSURFHVVWRFRPSOHWHDQGLI\RXUHOXFN\\RXVKRXOGJHWDpositive
authenticationUHVSRQVHDQGWKHFUDFNHGSDVVZRUGDVVKRZQLQWKHEHORZILJXUH
Figure 7. 3
NOTE:,WLVDOZD\VDVPDUWLGHDWRuse a proxyEHIRUHDWWHPSWLQJWKLVKDFNLQJSURFHVV
7KLVZLOOSUHYHQW\RXUUHDO,3DGGUHVVIURPEHLQJVWRUHGLQWKHORJVRIUHPRWHVHUYHUDQG
WKXVUHGXFHVWKHFKDQFHVRIEHLQJWUDFHGEDFN

BRUTE-FORCE ATTACK
8QOLNH WKH GLFWLRQDU\ DWWDFN ZKLFK WULHV RQO\ WKRVH ZRUGV SUHVHQW LQ WKH OLVW WKH brute
force attackRQWKHRWKHUKDQGWULHVHYHU\SRVVLEOHSHUPXWDWLRQRIDOSKDEHWVQXPEHUVDQG
HYHQVSHFLDOFKDUDFWHUVXQWLOWKHULJKWSDVVZRUGLIIRXQG
,QWKHRU\LWLVSRVVLEOHWRFUDFNDQ\SDVVZRUGXVLQJWKLVDSSURDFKEXWKHUHVWKHFDWFK
Brute force attackWDNHVDORQJWLPHWRFUDFNSDVVZRUGV7KHWLPHDFWXDOO\GHSHQGVRQWKH
VSHHGRIWKHFRPSXWHUDQGWKHFRPSOH[LW\RIWKHSDVVZRUG
)RUH[DPSOHLIWKHWDUJHWSDVVZRUGLVVPDOODQGGRHVQWFRQWDLQDQ\QXPEHUVRUVSHFLDO
FKDUDFWHUVLWLVIDLUO\HDV\WRFUDFNVXFKSDVVZRUGVXVLQJWKLVDSSURDFK+RZHYHULIWKH
SDVVZRUGLVOHQJWK\FRQWDLQVQXPEHUVRUHYHQVSHFLDOFKDUDFWHUVWKLVDSSURDFKPD\WDNH
DORQJWLPHWRFRPSOHWH)RUVRPHFRPSOH[SDVVZRUGVEUXWHIRUFHDSSURDFKPD\WDNHXS
HYHQ\HDUVWRILQLVKWKHFUDFNLQJSURFHVVDVWKHUHDUHELOOLRQVRISHUPXWDWLRQVWRWU\
+HUHLVKRZ\RXFDQFRQILJXUHWKHBrutusSURJUDPWRWU\WKHEUXWHIRUFHDSSURDFK

&RQILJXUH WKH 7DUJHW 7\SH DQG 3RUW LQ WKH VDPH ZD\ DV LQ FDVH RI WKH
dictionary attack 8QGHU WKH $XWKHQWLFDWLRQ 2SWLRQV VHOHFW WKH 3DVV 0RGH DV
Brute ForceDQGFOLFNRQWKH5DQJHEXWWRQDVVKRZQLQWKH)LJXUHEHORZ

2QFH\RXFOLFNRQ5DQJH\RXZLOOVHHDQXPEHURIRSWLRQVWRVHOHFWZLWKVXFKDV
'LJLWVRQO\/RZHUFDVH$OSKD8SSHUFDVH$OSKDDQGVRRQ<RXFDQDOVRVHW
WKHMin LengthDQGMax LengthWRQDUURZ\RXUEUXWHIRUFHDWWDFNRSWLRQV)LJXUH

Figure 7. 4
Figure 7. 5
,Q WKH DERYH H[DPSOH %UXWXV ZLOO WU\ DOO SHUPXWDWLRQV RI ORZHU DOSKDEHWV
UDQJLQJIURPWRFKDUDFWHUVLQOHQJWK*RLQJIRURSWLRQVOLNH0L[HG$OSKD
RU$OSKDQXPHULFDQGLQFUHDVLQJWKHMax LengthZRXOGLQFUHDVHWKHVXFFHVV
UDWHRIFUDFNLQJWKHSDVVZRUGEXWFRQVHTXHQWO\WDNHVPRUHWLPHWRFRPSOHWH
2QFH\RXUUDQJHVHOHFWLRQLVRYHUFOLFN2.DQGKLWWKH6WDUWEXWWRQ7KHEUXWH
IRUFH FUDFNLQJ DWWHPSW ZLOO EHJLQ DQG ZLOO WDNH DQ\ZKHUH IURP D IHZ PLQXWHV WR D
FRXSOH RI KRXUV WR FRPSOHWH ,I WKH FUDFN DWWHPSW LV VXFFHVVIXO \RX VKRXOG VHH WKH
usernameDQGLWVFRUUHVSRQGLQJpasswordGLVSOD\HGRQWKH%UXWXVZLQGRZ

RAINBOW TABLE
$rainbow tableLVDSUHFRPSXWHGWDEOHWKDWFRQWDLQVDORQJOLVWRISDVVZRUGKDVKHVIRU
GLFWLRQDU\ ZRUGV DV ZHOO DV DOSKDQXPHULF SHUPXWDWLRQ RI ZRUGV 7KH KDFNHU LQLWLDOO\
JHQHUDWHVDORQJOLVWRISDVVZRUGKDVKHVDQGVWRUHVWKHPLQDUDLQERZWDEOHIRUODWHUXVH
$OWKRXJKJHQHUDWLQJDUDLQERZWDEOHLQLWLDOO\WDNHVDORQJWLPHDQGXWLOL]HVPRUHVWRUDJH
VSDFH RQFH FRPSXWHG LW FDQ JUHDWO\ UHGXFH WKH WLPH WDNHQ IRU WKH SDVVZRUG FUDFNLQJ
SURFHVV
$Q\ FRPSXWHU V\VWHP WKDW UHTXLUHV SDVVZRUG DXWKHQWLFDWLRQ ZLOO PDLQWDLQ D WDEOH RI
XVHUQDPHVDQGSDVVZRUGVLQLWVGDWDEDVH,QFDVHLIWKHKDFNHUPDQDJHVWRVWHDOWKLVWDEOH
IURP WKH GDWDEDVH KH ZRXOG HDVLO\ EH LQ D SRVLWLRQ WR JDLQ DFFHVV WR D ODUJH QXPEHU RI
DFFRXQWVRQWKHWDUJHWV\VWHP,QRUGHUWRSUHYHQWWKLVIURPKDSSHQLQJPRVWV\VWHPVVWRUH
WKHSDVVZRUGVLQDFU\SWRJUDSKLFKDVKIRUPDWDVRSSRVHGWRSODLQWH[W
)RUH[DPSOHZKHQDXVHUFRPSOHWHVWKHVLJQXSSURFHVVRQDQRQOLQHSRUWDOWKHV\VWHP
PD\FRQYHUWKLVSDVVZRUGWR0'KDVKIRUPDWDQGVWRUHLWLQLWVGDWDEDVHWDEOH6XSSRVHLI
WKHXVHUKDVKLVSDVVZRUGDVgoldfishLWV0'KDVKZRXOGEHDVIROORZV
MD5 Hash:IHGGIDEGEH
7KHUHDIWHUZKHQHYHUWKHXVHUWULHVWRORJLQWRWKHSRUWDOKLVSDVVZRUGJHWVFRQYHUWHGWRWKH
0' KDVK IRUPDW RQ WKH IO\ DQG LV FRPSDUHG DJDLQVW WKH H[LVWLQJ KDVK LQ WKH GDWDEDVH
WDEOH,IERWKWKHKDVKHVPDWFKDFFHVVLVJUDQWHGWRWKHXVHU
1RZ HYHQ LI WKH KDFNHU PDQDJHV WR JDLQ DFFHVV WR WKH GDWDEDVH DQG VWHDO WKH SDVVZRUG
WDEOHKHZRXOGRQO\VHHDORQJOLVWRIFU\SWRJUDSKLFKDVKHVDQGQRWWKHDFWXDOSDVVZRUG
7KLV LV ZKHUH rainbow tables FRPH LQ KDQG\ 7KH KDFNHU FDQ XVH WKH rainbow tables WR
FRPSDUHWKHORQJOLVWRISUHFRPSXWHGKDVKHVDJDLQVWWKHVWROHQOLVWRISDVVZRUGKDVKHV,I
WKHKDVKHVPDWFKWKHSDVVZRUGZRXOGEHWKHRQHWKDWZDVLQLWLDOO\XVHGWRJHQHUDWHWKH
KDVK
8QOLNHDbrute forceDSSURDFKZKHUHWKHKDVKLVFRPSXWHGRQHYHU\DWWHPSWWKHrainbow
tableDSSURDFKRQWKHRWKHUKDQGXWLOL]HVDSUHFRPSXWHGOLVWRIKDVKHVWRGLUHFWO\FRPSDUH
WKHP DJDLQVW DQ H[LVWLQJ SDVVZRUG KDVK $V WKH WLPH UHTXLUHG WR FRPSXWH WKH KDVK RQ
HYHU\ DWWHPSW LV FXW GRZQ WKH rainbow table DSSURDFK WDNHV VLJQLILFDQWO\ OHVV WLPH WR
FRPSOHWHWKHFUDFNLQJSURFHVV
$SUDFWLFDOH[DPSOHRIrainbow tableDSSURDFKZLOOEHGLVFXVVHGLQWKHQH[WFKDSWHUZKHUH
ZHWDNHXSWKHWRSLFRIFUDFNLQJ:LQGRZVSDVVZRUGV
PHISHING ATTACK
3KLVKLQJ LV D IRUP RI VRFLDO HQJLQHHULQJ WHFKQLTXH XVHG E\ KDFNHUV WR JDWKHU VHQVLWLYH
LQIRUPDWLRQ VXFK DV XVHUQDPHV SDVVZRUGV DQG FUHGLW FDUG GHWDLOV E\ SRVLQJ DV
DWUXVWZRUWK\SHUVRQRURUJDQL]DWLRQ
3KLVKLQJ VFDPV XVXDOO\ VHQGV DQ HPDLO PHVVDJH WR XVHUV UHTXHVWLQJ IRU WKHLU SHUVRQDO
LQIRUPDWLRQRUUHGLUHFWVWKHPWRDZHEVLWHZKHUHWKH\DUHUHTXLUHGWRHQWHUWKHLUSHUVRQDO
LQIRUPDWLRQ
,Q PRVW FDVHV D SKLVKLQJ HPDLO GLUHFWV WKH YLFWLPV WR IROORZ D OLQN OHDGLQJ WR D ZHEVLWH
ZKHUH WKH\ ZLOO KDYH WR HQWHU WKHLU ORJLQ GHWDLOV RU RWKHU FRQILGHQWLDO LQIRUPDWLRQ ,Q
UHDOLW\ WKLV ZHEVLWH LV D IDNH RQH FUHDWHG E\ WKH KDFNHU RIWHQ UHIHUUHG WR DV VSRRIHG
ZHEVLWH ZKLFK LV DQ H[DFW UHSOLFD RI WKH RULJLQDO RU DSSHDUV VLPLODU :KHQ WKH YLFWLP
HQWHUVKLVKHUORJLQGHWDLOVRQDVSRRIHGSDJHWKH\DUHDFWXDOO\VWROHQDZD\E\WKHKDFNHU
)RUH[DPSOHWKHKDFNHUPD\VHQGDQHPDLOWKDWSUHWHQGVWRKDYHEHHQDSSHDULQJIURPWKH
EDQNZKHUHWKHYLFWLPPDLQWDLQVDQDFFRXQWDQGDVNKLPKHUWRXSGDWHWKHORJLQGHWDLOVE\
IROORZLQJWKHOLQNSUHVHQWLQWKHHPDLO7KHHPDLOIXUWKHUPHQWLRQVWKDWWKLVXSGDWHSURFHVV
LV PDQGDWRU\ DQG IDLOLQJ WR GR VR ZLOO UHVXOW LQ WKH EDQN DFFRXQW EHLQJ ORFNHG $V D
UHVSRQVHWKHYLFWLPFOLFNVRQWKHOLQNZKHUHKHVKHZLOOEHWDNHQWRWKHIDNHORJLQSDJH
WKDWORRNVVLPLODUWRWKHRULJLQDORQH+RZHYHUZKHQWKHORJLQGHWDLOVDUHHQWHUHGWKH\DUH
UHFRUGHG DQG VWRUHG RQ WKH ZHEVLWH IRU ODWHU DFFHVV E\ WKH KDFNHU 7KH YLFWLP UHPDLQV
XQDZDUHRIWKHHQWLUHSURFHVVEXWWKHKDFNHUVNLOIXOO\PDQDJHVWRKDFNWKHSDVVZRUG

COUNTERMEASURES
$IWHU DGGUHVVLQJ VRPH RI WKH SRSXODU SDVVZRUG FUDFNLQJ WHFKQLTXHV OHW XV QRZ ORRN DW
VRPH RI WKH FRXQWHUPHDVXUHV WKDW FDQ EH WDNHQ WR SURWHFW RXUVHOYHV IURP WKH DERYH
PHQWLRQHGDWWDFNV
Social Engineering
7KHPHDVXUHVQHHGHGWRSURWHFW\RXUVHOIIURPsocial engineeringDWWDFNVDUHSUHWW\VLPSOH
DQGVWUDLJKWIRUZDUG1HYHUGLVFORVH\RXUSDVVZRUGRUDQ\RWKHUSHUVRQDOLQIRUPDWLRQWR
DQ\RQHYLDSKRQHRUHPDLO$WWDFNHUVPD\HYHQWU\WRFRQYLQFH\RXE\SUHWHQGLQJWREHDQ
DXWKRUL]HGSHUVRQZLWKZKRP\RXFDQVKDUHWKHSHUVRQDOGHWDLOVZLWK%XWUHPHPEHUWKDW
SDVVZRUGV DUH PHDQW RQO\ WR EH HQWHUHG RQ ORJLQ SDJHV DQG QRW WR EH VKDUHG ZLWK DQ\
SHUVRQDWDOO

Guessing and Shoulder Surfing

$OZD\VPDNHVXUHWKDW\RXUSDVVZRUGGRHVQRWFRQWDLQ\RXUSHWQDPHVELUWKGDWHIDPLO\
PHPEHU QDPHV RU DQ\WKLQJ DV VXFK WKDW DUH HDV\ WR EH JXHVVHG ,W LV UHFRPPHQGHG WKDW
\RXU SDVVZRUG FRQWDLQV D FRPELQDWLRQ RI KDUG WR JXHVV ZRUGV QXPEHUV DQG VSHFLDO
FKDUDFWHUV
$VIDUDVWKHshoulder surfingLVFRQFHUQHG\RXFDQDYRLGWKHVDPHE\PDNLQJVXUHWKDW
QRRQHHOVHEHKLQG\RXLVZDWFKLQJWKHPRYHPHQWRI\RXUILQJHUVRYHUWKHNH\ERDUGZKHQ
\RXUDUHW\SLQJWKHSDVVZRUG

Dictionary Attack
7R SURWHFW \RXUVHOI IURP D dictionary attack DOO \RX QHHG WR GR LV PDNH VXUH WKDW \RXU
SDVVZRUG GRHV QRW FRQWDLQ ZRUGV IURP GLFWLRQDU\ 7KDW PHDQV \RXU SDVVZRUG LV QRW
VRPHWKLQJ OLNH DSSOH ORWXV RU PDQJR ,QVWHDG XVH ZRUGV WKDW DUH QRW LQ WKH
GLFWLRQDU\<RXFDQDOVRXVHDSKUDVHOLNHstr0ngpAss??DV\RXUSDVVZRUGVRWKDWLWFDQQRW
EHFUDFNHGXVLQJWKHGLFWLRQDU\DWWDFNDSSURDFK
Brute-Force Attack and Rainbow Table

Brute-ForceDWWDFNVRIWHQEHFRPHVXFFHVVIXOZKHQWKHSDVVZRUGVDUHVKRUW7KDWPHDQV
E\ NHHSLQJ WKH SDVVZRUG ORQJ HQRXJK \RX FDQ PDNH LW KDUG IRU WKH DWWDFNHU WR FUDFN LW
8VXDOO\DSDVVZRUGZKRVHOHQJWKLVRIFKDUDFWHUVZDVFRQVLGHUHGORQJHQRXJKDQGVDIH
LQ WKH SDVW +RZHYHU WKLV LV QRW WKH FDVH LQ WKH SUHVHQW GD\ VFHQDULR DV WKH PRGHUQ
FRPSXWHUVKDYHKLJKVSHHGSURFHVVLQJFDSDELOLWLHVWRWU\WKRXVDQGVRIJXHVVHVSHUVHFRQG
6R LQ RUGHU WR PDNH \RXU SDVVZRUG LPPXQH WR EUXWHIRUFH DWWDFN PDNH VXUH LW LV ODUJHU
WKDQFKDUDFWHUVDQGLVDFRPELQDWLRQVRIDOSKDEHWVQXPEHUVDQGVSHFLDOFKDUDFWHUV
<RX FDQ DYRLG UDLQERZ WDEOH DWWDFN RQ \RXU SDVVZRUGV E\ PDNLQJ LW WRR ORQJ ,I \RXU
SDVVZRUG LV PRUH WKDQ RU FKDUDFWHUV LW ZRXOG EH H[WUHPHO\ WLPH FRQVXPLQJ WR
FUHDWHWDEOHVIRUWKHP7KLVVKRXOGNHHS\RXSURWHFWHGIURPVXFKDWWDFNV

Phishing Attack
<RXFDQDYRLGSKLVKLQJDWWDFNE\IROORZLQJWKHEHORZPHQWLRQHGJXLGHOLQHV

'RQRWUHVSRQGWRVXVSLFLRXVHPDLOVWKDWDVN\RXWRJLYH\RXUSHUVRQDOLQIRUPDWLRQ
,I\RXDUHXQVXUHZKHWKHUDQHPDLOUHTXHVWLVOHJLWLPDWHYHULI\WKHVDPHE\FDOOLQJ
WKH UHVSHFWLYH EDQNFRPSDQ\ $OZD\V XVH WKH WHOHSKRQH QXPEHUV SULQWHG RQ \RXU
EDQNUHFRUGVRUVWDWHPHQWVDQGQRWWKRVHPHQWLRQHGLQWKHVXVSLFLRXVHPDLO
'R QRW XVH WKH OLQNV LQ DQ HPDLO LQVWDQW PHVVHQJHU RU FKDW FRQYHUVDWLRQ WR HQWHU D
ZHEVLWH,QVWHDGDOZD\VW\SHWKH85/RIWKHZHEVLWHRQ\RXUEURZVHUVDGGUHVVEDU
WRJHWLQWRDZHEVLWH
/HJLWLPDWHZHEVLWHVDOZD\VXVHDVHFXUHFRQQHFWLRQhttps://RQWKRVHSDJHVZKLFK

DUHLQWHQGHGWRJDWKHUVHQVLWLYHLQIRUPDWLRQVXFKDVSDVVZRUGVDFFRXQWQXPEHUVRU
FUHGLWFDUGGHWDLOV<RXZLOOVHHDORFNLFRQ LQ\RXUEURZVHUVDGGUHVVEDUZKLFK
LQGLFDWHV D VHFXUH FRQQHFWLRQ 2Q VRPH ZHEVLWHV OLNH 3D\3DO ZKLFK XVHV DQ
H[WHQGHGYDOLGDWLRQFHUWLILFDWHWKHDGGUHVVEDUWXUQVGREENDVVKRZQEHORZ
Figure 7. 6
(YHQ LI WKH ORJLQ SDJH LV QRW VHFXUH KWWSV WKH WDUJHW ZHEVLWH PD\ VWLOO EH
OHJLWLPDWH+RZHYHUORRNIRUPLVVSHOOLQJVOLNHwww.papyal.comwww.payapl.com
RU paypal.somethingelse.com LQVWHDG RI WKH OHJLWLPDWH VLWH www.paypal.com DQG
PDNHVXUHWKDWWKHORJLQGHWDLOVDUHRQO\HQWHUHGRQWKHOHJLWLPDWHZHESDJH
GD\VWRFRPSOHWHWKHFUDFNLQJSURFHVV6LQFHOphcrackLVQRWVRHIIHFWLYHIRUWKHEUXWH
IRUFHDSSURDFKZHZLOOXVHDQRWKHUSRZHUIXOWRROFDOOHGL0phtCrackZKLFKLVDYDLODEOH
IURPWKHOLQNEHORZ
L0PhtCrack Download: http://www.l0phtcrack.com/download.html
$IWHULQVWDOOLQJL0phtCrack&OLFNRQ,PSRUWKDVKHVEXWWRQIURPWKHPDLQZLQGRZWR
ORDGWKHKDVKHV<RXKDYHWKHRSWLRQWRORDGWKHKDVKHVIURPERWKWKH3:'803ILOHDV
ZHOODV6$0ILOH
Figure 8. 20
&OLFNRQWKH6HVVLRQ2SWLRQVEXWWRQWRIXUWKHUFRQILJXUHGLIIHUHQWDXGLWLQJRSWLRQVVXFK
DVGLFWLRQDU\DQGEUXWHIRUFHDWWDFNV<RXFDQHQDEOHRUGLVDEOHVSHFLILFDWWDFNVDQGDOVR
FXVWRPL]H FKDUDFWHU VHW SDVVZRUG OHQJWK DQG UDQJH RSWLRQV IRU EUXWHIRUFH DSSURDFK
&RQILJXULQJ WKH DXGLWLQJ RSWLRQV ZLVHO\ FDQ DYRLG XQQHFHVVDU\ WLPH GHOD\ DQG WKHUHE\
VSHHGXSWKHSDVVZRUGFUDFNLQJSURFHVV
2QFH \RX DUH GRQH ZLWK ORDGLQJ WKH KDVKHV DQG FRQILJXULQJ WKH RSWLRQV FOLFN RQ WKH
%HJLQEXWWRQ7KLVZLOOLQLWLDWHWKHFUDFNLQJSURFHVVDQGWKHWLPHFRQVXPHGWRFUDFNWKH
SDVVZRUG GHSHQGV RQ YDULRXV IDFWRUV OLNH WKH SDVVZRUG VWUHQJWK OHQJWK SUHVHQFH RI
DOSKDQXPHULFVSHFLDOFKDUDFWHUVW\SHRIDWWDFNGLFWLRQDU\K\EULGRUEUXWHIRUFHDQG
WKHVSHHGRI\RXUFRPSXWHU
,IWKHSDVVZRUGFUDFNLQJSURFHVVLVVXFFHVVIXO\RXVKRXOGVHHWKHFUDFNHGSDVVZRUGQH[W
WRWKHXVHUQDPHLQWKHL0phtCrackZLQGRZDVVKRZQEHORZ
Figure 8. 21
Sniffing Password Hashes on a Network

,I\RXUFRPSXWHULVRQDQHWZRUNVXFKDVRIILFHRUVFKRROLWLVSRVVLEOHWRUHPRWHO\LPSRUW
WKHSDVVZRUGKDVKHVRIRWKHUFRPSXWHUVRQWKHQHWZRUNZLWKRXWWKHQHHGWRJDLQSK\VLFDO
DFFHVVWRWKHP7KLVPHWKRGLVFDOOHGVQLIILQJDQGL0phtCrackDQGDERYHVXSSRUWVWKLV
RSWLRQ
7RVQLIISDVVZRUGKDVKHVIURPRWKHUFRPSXWHUVMXVWFOLFNRQWKH,PSRUW)URP6QLIIHU
EXWWRQRQWKHPDLQZLQGRZ,IPRUHWKDQRQHQHWZRUNLQWHUIDFHLVGHWHFWHGWKH6HOHFW
1HWZRUN ,QWHUIDFH GLDORJ ER[ DOORZV \RX WR FKRRVH WKH LQWHUIDFH WR VQLII RQ $IWHU
FKRRVLQJ\RXULQWHUIDFHWKH60%3DFNHW&DSWXUH2XWSXWGLDORJER[DSSHDUVZKHUH\RX
QHHGWRFOLFNRQ6WDUW6QLIILQJ
,IWKHKDVKHVDUHFDSWXUHGWKH\DUHLPPHGLDWHO\GLVSOD\HGLQWKHGLDORJER[DIWHUZKLFK
\RXFDQKLW6WRS6QLIILQJDQGFOLFNRQ,PSRUWEXWWRQWRORDGWKHSDVVZRUGKDVKHVIRU
FUDFNLQJ

COUNTERMEASURES
,QRUGHUWRVHFXUH\RXU:LQGRZVFRPSXWHUIURPDOOWKRVHSRVVLEOHDWWDFNVDVPHQWLRQHGLQ
WKLVFKDSWHUWKHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDW\RXQHHGWRIROORZ

'RQRWDOORZVWUDQJHUVWRDFFHVV\RXUFRPSXWHUGXULQJ\RXUDEVHQFH
,I WKH FRPSXWHU LV RQ D SXEOLF QHWZRUN VXFK DV VFKRRO RU RIILFH SDVVZRUG SURWHFW
WKRVHDFFRXQWVZLWKDGPLQLVWUDWRUDFFHVVDQGRQO\JLYHOLPLWHGDFFRXQWVWRWKHXVHUV
$OZD\VXVHDVWURQJSDVVZRUGWKDWLVKDUGWRJXHVV6WURQJSDVVZRUGVFRQWDLQDPL[
RIDOSKDQXPHULFDQGVSHFLDOFKDUDFWHUVWKDWDUHORQJHQRXJKWRDYRLGUDLQERZWDEOH
DQGEUXWHIRUFHDSSURDFKHV
'LVDEOHDFFHVVWR&''9'GULYHVDQG86%GHYLFHVRQSXEOLFQHWZRUNV
&RQILJXUH%,26WRGLVDEOHERRWLQJIURP86%&''9'DQGRWKHUSRUWDEOHGHYLFHV
3DVVZRUGSURWHFW\RXUFRPSXWHU%,26VRWKDWLWZRXOGQRWEHSRVVLEOHIRUDQDWWDFNHU
WRPRGLI\LWVVHWWLQJVDQGJDLQDFFHVV
6HOHFWWKHXVHUZKRKDVDGPLQLVWUDWRUSULYLOHJHDQGKLWEnter
Figure 8. 5
,QWKHQH[WVFUHHQ\RXZLOOEHDVNHGWRVHOHFWIURPDOLVWRIRSWLRQVWKDW\RXPD\ZDQWWR
SHUIRUP RQ WKH VHOHFWHG XVHU +HUH MXVW VHOHFW WKH RSWLRQ1 ZKLFK LV &OHDU EODQN XVHU
SDVVZRUGDQGKLWEnter
Figure 8. 6
7KLVVKRXOGUHVHWWKHSDVVZRUGIRUWKHXVHUDFFRXQWWRPDNHLWJREODQNVRWKDWWKHQH[W
WLPH\RXUHERRW\RXU:LQGRZV\RXVKRXOGEHDEOHWRORJLQDXWRPDWLFDOO\DVLIWKHUHZDV
QRSDVVZRUGVHWIRUWKDWXVHUDFFRXQW
1RZTXLWHGLWLQJXVHUE\SUHVVLQJqDQGKLWEnterXQWLO\RXSURFHHGWRWKHVFUHHQZKHUH
\RX ZLOO EH DVNHG WR FRQILUP ZULWLQJ EDFN FKDQJHV WR WKH 6$0 ILOH 7KLV VWHS LV YHU\
LPSRUWDQWZKHUH\RXQHHGWRSUHVVyDQGKLWEnterDVVKRZQLQWKHVQDSVKRWEHORZ,I\RX
DFFLGHQWDOO\SUHVVEnterNHHSLQJWKHGHIDXOWRSWLRQZKLFKLVnWKHUHVHWSURFHVVZLOOIDLO
DQGWKHZKROHSURFHGXUHZLOOKDYHWREHUHSHDWHGDJDLQIURPWKHEHJLQQLQJ6RFKDQJLQJ
WKHGHIDXOWRSWLRQIURPnWRyEHIRUHSUHVVLQJEnter LVYHU\LPSRUWDQW
Figure 8. 7
7KLVZLOOFRPSOHWHWKHUHVHWSURFHVVZKHUHWKHH[LVWLQJSDVVZRUGZLOOEHUHPRYHGDQGVHW
WR EODQN 'LVFRQQHFW WKH 86% GHYLFH DQG SUHVV CTRL+ALT+DEL WR UHERRW WKH
FRPSXWHU1RZWKH:LQGRZVVKRXOGOHW\RXORJLQWRWKHV\VWHPZLWKRXWLQVLVWLQJWRHQWHU
WKHSDVVZRUG
Restoring the Password After Breach

5HVHWWLQJ WKH SDVVZRUG LV D ZRQGHUIXO RSWLRQ WR HDVLO\ JDLQ DFFHVV WR WKH SDVVZRUG
SURWHFWHG DFFRXQWV +RZHYHU WKLV PHWKRG KDV D FOHDU GUDZEDFN DV WKH SDVVZRUG UHVHW
SURFHVVLVSHUPDQHQW7KHDGPLQLVWUDWRURIWKHWDUJHWPDFKLQHZLOOHDVLO\FRPHWRNQRZ
DERXWWKHVHFXULW\EUHDFKDVWKHUHDIWHUQRSDVVZRUGZLOOEHDVNHGGXULQJWKHORJLQSURFHVV
7RRYHUFRPHWKLVGUDZEDFNZHZLOOKDYHWRGHYLFHDPHDQVWRUHVWRUHHYHU\WKLQJEDFNWR
QRUPDORQFHWKHSXUSRVHRIEUHDFKLVFRPSOHWHG)RUWKLVZHZLOOKDYHWRWDNHDEDFNXSRI
WKHRULJLQDOSAMILOHEHIRUHPRGLI\LQJLWLQWKHSDVVZRUGUHVHWSURFHVVDQGVDIHO\UHVWRUH
LWEDFNWRPDNHHYHU\WKLQJORRNQRUPDO
7KHSAMILOHLVORFDWHGLQWKHGULYHZKHUHWKH:LQGRZVLVLQVWDOOHGXVXDOO\C:XQGHUWKH
IROORZLQJSDWK\windows\system32\config<RXFDQHDVLO\DFFHVVWKLVORFDWLRQE\ERRWLQJ
XSWKHFRPSXWHUIURP\RXUOLYHKali Linux'9'2QFHWKHKali'9'LVORDGHGGRXEOH
FOLFNWKH&RPSXWHU,FRQSUHVHQWRQWKHGHVNWRSWRRSHQXSWKHH[SORUHUZLQGRZ1RZ
QDYLJDWHWRWKHDERYHORFDWLRQWRILQGWKHSAMILOHDQGEDFNLWXSWRDGLIIHUHQWORFDWLRQ
VXFKDVDGLIIHUHQWGULYHRUWR\RXURZQ86%GHYLFH
Figure 8. 8
1RZUHERRWWKHV\VWHPDQGSHUIRUPWKHSDVVZRUGUHVHWSURFHVVDVGLVFXVVHGHDUOLHU2QFH
\RXDUHGRQHZLWK\RXUZRUNUHERRWWKHV\VWHPDJDLQZLWKKali'9'DQGQDYLJDWHWRWKH
ORFDWLRQ RI SAM ILOH 5HQDPH WKH H[LVWLQJ ILOH WR SAM.OLD DQG UHVWRUH WKH RULJLQDO
SAM ILOH IURP WKH EDFNXS ORFDWLRQ 7KLV VKRXOG EULQJ HYHU\WKLQJ EDFN WR QRUPDO DQG
DYRLGVXVSLFLRQ
Bypassing the Windows Authentication Process

,QWKHSUHYLRXVVHFWLRQZHKDGGLVFXVVHGRQKRZWRUHVHWWKHSDVVZRUGWRJDLQDFFHVVWR
WKH V\VWHP %XW WKHUH LV DQRWKHU VPDUW ZD\ WR JDLQ DFFHVV WR WKH :LQGRZV V\VWHP E\
VLOHQWO\ E\SDVVLQJ WKH DXWKHQWLFDWLRQ SURFHVV LWVHOI 7KLV LV GRQH E\ DSSO\LQJ WHPSRUDU\
FKDQJHV WR WKH :LQGRZV NHUQHO RQ WKH IO\ ZKLOH ERRWLQJ WR GLVDEOH WKH DXWKHQWLFDWLRQ
SURFHVV$WRROFDOOHGKon-BootDOORZV\RXWRDFFRPSOLVKWKLVWDVN<RXFDQGRZQORDGLW
IURPWKHOLQNEHORZ
Kon-Boot: http://www.piotrbania.com/all/kon-boot/
Kon-BootLVDKDQG\WRROWKDWDOORZV\RXWRHQWHUDQ\SDVVZRUGSURWHFWHG:LQGRZVXVHU
DFFRXQWZLWKRXWKDYLQJWRHQWHUWKHSDVVZRUGGXULQJWKHORJLQSURFHVV7KHWRRODOORZV
\RXWRFUHDWHDERRWDEOH&'RUD86%GULYH2QFH\RXERRWWKHWDUJHWFRPSXWHUIURPWKLV
ERRWDEOH GHYLFH LW ZLOO YLUWXDOO\ PRGLI\ SDUWV RI :LQGRZV NHUQHO WR ORDG WKH RSHUDWLQJ
V\VWHP LQ D VSHFLDO PRGH ZKHUH \RX ZLOO QRW EH LQVLVWHG WR HQWHU WKH SDVVZRUG 7KH
DGYDQWDJHRIWKLVWRROLVWKDWDOOWKHFKDQJHVDUHWHPSRUDU\DQGGLVDSSHDUDIWHUUHERRWVR
WKDW HYHU\WKLQJ ORRNV QRUPDO WKHUHDIWHU DQG GRHV QRW DURXVH VXVSLFLRQ RI D SRVVLEOH
VHFXULW\EUHDFK
DUMPING THE PASSWORD HASHES

$IWHUXQGHUVWDQGLQJVRPHRIWKHWHFKQLTXHVWRJDLQDFFHVVWRWKHV\VWHPZLWKRXWNQRZLQJ
WKH SDVVZRUG LW LV WLPH WR PRYH RQ RQH VWHS IXUWKHU DQG ILQG RXW D PHDQV WR FUDFN WKH
DFWXDOSDVVZRUGLWVHOI,ILWLVUHTXLUHGWRJDLQDFFHVVWRWKHWDUJHWV\VWHPPXOWLSOHWLPHV
RYHUDSHULRGLWLVDOZD\VDJRRGLGHDWRXQYHLOWKHSDVVZRUGE\FUDFNLQJLWVRWKDW\RX
FDQ HDVLO\ ORJLQ WR WKH V\VWHP E\ HQWHULQJ WKH SDVVZRUG WKHUHE\ HOLPLQDWLQJ WKH QHHG WR
UHVHWWKHSDVVZRUGHDFKWLPH\RXZDQWWRJDLQDFFHVV
:LQGRZV XVHU DFFRXQW SDVVZRUGV DUH FRQYHUWHG LQWR D FU\SWRJUDSKLF KDVK IRUPDW FDOOHG
NTLM (NT LAN MANAGER) KDVK 7KLV NTLM KDVK DORQJ ZLWK WKH XVHU SURILOH
GHWDLOVLVVWRUHGLQDVSHFLDOILOHFDOOHGSecurity Accounts ManagerRUSAM7KHSAM
ILOHLVIXUWKHUHQFU\SWHGZLWKWKHsyskey ZKLFK LV VWRUHG LQ D ILOH FDOOHG SYSTEM%RWK
SAMDQGSYSTEMDUHORFDWHGLQWKHGULYHZKHUHWKH:LQGRZVLQLQVWDOOHGXVXDOO\&
XQGHUWKHIROORZLQJSDWK\windows\system32\config
,Q RUGHU WR FUDFN WKH SDVVZRUG LW LV QHFHVVDU\ WR H[WUDFW WKH NTLM KDVK DQG XVHU
DFFRXQWV GHWDLOV VWRUHG LQ WKH SAM ILOH IURP WKH WDUJHW V\VWHP ZKLFK LV NQRZQ DV
GXPSLQJ7KHGXPSHGGHWDLOVDUHWUDQVIHUUHGWRWKHKDFNHUVFRPSXWHUDQGWKHSDVVZRUGLV
FUDFNHGXVLQJDQRIIOLQHSDVVZRUGFUDFNLQJWRRO7KHIROORZLQJDUHWKHWZRZD\VWRGXPS
SDVVZRUGKDVKHV
Dumping Hashes With Administrator Access

,I \RX KDYH DGPLQLVWUDWRU DFFHVV WR WKH V\VWHP RQ ZKLFK \RX ZDQW WR GXPS SDVVZRUG
KDVKHV\RXFDQXVHDKDQG\WRROFDOOHGPWDUMP7KLVLVDQRSHQVRXUFHFRPPDQGOLQH
WRROWRTXLFNO\GXPSSDVVZRUGKDVKHVRQWRDWH[WILOH7KHWRROFDQEHGRZQORDGHGIURP
WKHOLQNEHORZ
PWDUMP: http://www.tarasco.org/security/pwdump_7/
7KLVLVDYHU\VPDOOWRROZKLFKLVOHVVWKDQD0%LQVL]HDQGFDQEHFDUULHGWRWKHWDUJHW
ORFDWLRQLQD86%WKXPEGULYH7RGXPSWKHKDVKHVMXVWRSHQWKHFRPPDQGSURPSWZLWK
DGPLQLVWUDWRU ULJKWV QDYLJDWH WR WKH ORFDWLRQ RI WKH WRRO 3Z'XPSH[H DQG UXQ WKH
IROORZLQJFRPPDQG
PwDump7.exe >> WDUJHWILOHQDPHW[W
$V VKRZQ LQ WKH EHORZ VQDSVKRW , DP UXQQLQJ WKH PwDump.exe IURP P\ 86% WKXPE
GULYH M: DQG GXPSLQJ WKH KDVK GHWDLOV LQ D ILOH FDOOHG hash.txt 7KLV ILOH VKRXOG JHW
FUHDWHGLQWKHVDPHGLUHFWRU\IURPZKLFKPwDump.exeLVUXQQLQJ
Figure 8. 9
7KH hash.txt ILOH FRQWDLQV D OLVW RI H[LVWLQJ XVHU DFFRXQWV RQ WKH PDFKLQH DQG WKHLU
FRUUHVSRQGLQJNTLMKDVKHVDVVKRZQEHORZ
Figure 8. 10

Dumping Hashes Without Administrator Access
7KH SUHYLRXV VHFWLRQ VKRZV KRZ WR GXPS SDVVZRUG KDVKHV ZKHQ \RX DOUHDG\ KDYH
DGPLQLVWUDWRUDFFHVVWRWKHWDUJHWPDFKLQH:KDWLI\RXGRQRWKDYHDGPLQLVWUDWRUDFFHVV"
,QWKLVFDVH\RXFDQXVH\RXUKali Linux/LYH'9'WRERRWXSWKHV\VWHPDQGORDGWKH
/LQX[)URPKHUHDFFHVVWKHGULYHRQZKLFKWKH:LQGRZV26LVLQVWDOOHGDQGQDYLJDWHWR
\windows\system32\config\)URPKHUHFRS\WKHWZRILOHVSAMDQGSYSTEMRQWR\RXU
86%GHYLFHVRWKDW\RXFDQFDUU\WKHPWR\RXUFRPSXWHUIRURIIOLQHSDVVZRUGFUDFNLQJ
Figure 8. 11
&5$&.,1*7+(:,1'2:63$66:25'
$IWHU VXFFHVVIXOO\ GXPSLQJ WKH SDVVZRUG KDVKHV ZH FDQ QRZ HDVLO\ FUDFN WKHP XVLQJ
GLIIHUHQWWRROVDQGDSSURDFKHVDVPHQWLRQHGEHORZ
Using Rainbow Tables

$V GLVFXVVHG LQ WKH SUHYLRXV FKDSWHU D UDLQERZ WDEOH FRQWDLQV D OLVW RI SUHFRPSXWHG
KDVKHV WKDW FDQ EH LQVWDQWO\ FRPSDUHG DJDLQVW WKH GXPSHG SDVVZRUG KDVK WR FUDFN WKH
SDVVZRUG7KLVLVVRIDUWKHEHVWDQGWKHIDVWHGPHWKRGWRVXFFHVVIXOO\FUDFNWKH:LQGRZV
SDVVZRUG )RU WKLV ZH ZLOO XVH DQ RSHQVRXUFH WRRO FDOOHG Ophcrack WKDW FDQ EH
GRZQORDGHGIURPWKHOLQNEHORZ
Ophcrack Website : http://ophcrack.sourceforge.net/
)URP WKH DERYH OLQN GRZQORDG WKH LQVWDOODEOH YHUVLRQ RI Ophcrack QRW WKH /LYH &'
YHUVLRQ DQG LQVWDOO LW RQ \RXU V\VWHP 'XULQJ WKH LQVWDOODWLRQ SURFHVV ZKHQ WKH RSWLRQ
FRPHVXSWRGRZQORDGUDLQERZWDEOHVXQFKHFNWKHPDOODQGMXVWLQVWDOOWKHSURJUDP,WLV
DOZD\VEHWWHUWRGRZQORDGWKHUDLQERZWDEOHVVHSDUDWHO\
Figure 8. 12
2QFH\RXKDYHLWLQVWDOOHGRQ\RXUV\VWHPJRWRWKHOphcrack websiteIURPWKHDERYH
OLQN DQG FOLFN RQ Tables LQ WKH QDYLJDWLRQ PHQX +HUH \RX VKRXOG VHH D OLVW RI UDLQERZ
WDEOHV\RXFDQGRZQORDG
,I\RXZDQWWRFUDFNWKHSDVVZRUGVRIWindows XPDQGSULRURSHUDWLQJV\VWHPVGRZQORDG
WKHWDEOHVIURPWKHLM hashesVHFWLRQ)RURSHUDWLQJV\VWHPVDIWHU;3VXFKDVWindows
Vista7DQG8 GRZQORDGWKHWDEOHVIURPWKHNT hashesVHFWLRQ
Figure 8. 13
Figure 8. 14
Figure 8. 15
Chapter 10 - Hiding Information

2QFHWKHKDFNHUVJDLQDFFHVVDQGWDNHFRQWURORIWKHV\VWHPWKHQH[WVWHSWKH\PD\WU\WR
GRLVWRKLGHVRPHFULWLFDOILOHVDQGLQIRUPDWLRQRQLW7KHKDFNHUPD\GHFLGHWRKLGHILOHV
IRUODWHUH[HFXWLRQRUXVHWKHYLFWLPVFRPSURPLVHGV\VWHPWRVWRUHLQIRUPDWLRQVHFUHWO\VR
WKDWLWFDQEHDFFHVVHGODWHUDQGVHQWWRWKHILQDOGHVWLQDWLRQZKHUHLWLVLQWHQGHGWRJR,Q
WKLVFKDSWHUZHZLOOGLVFXVVVRPHRIWKHSRSXODUWHFKQLTXHVWRKLGHILOHVDQGLQIRUPDWLRQ
RQ D V\VWHP /HW XV VWDUW ZLWK WKH VLPSOH RQHV DQG JUDGXDOO\ DGYDQFH WR PRUH FRPSOH[
WHFKQLTXHV
Figure 8. 18

:KHQ HYHU\WKLQJ LV ORDGHG DQG UHDG\ DV VKRZQ LQ WKH DERYH VQDSVKRW FOLFN RQ
&UDFNEXWWRQDQGVLWHEDFNSDWLHQWO\7KHFUDFNLQJSURFHVVZLOOWDNHIURPDQ\ZKHUH
EHWZHHQIHZPLQXWHVWRIHZKRXUVWRFRPSOHWHGHSHQGLQJXSRQWKHVL]HRIWKHWDEOH
DQG VWUHQJWK RI WKH SDVVZRUG ,I LW LV VXFFHVVIXO WKH FUDFNHG SDVVZRUG ZLOO EH
GLVSOD\HGDORQJZLWKWKHWLPHWDNHQWRFUDFNDVVKRZQEHORZ
Figure 8. 19
,I \RX EHFRPH XQVXFFHVVIXO LQ FUDFNLQJ WKH SDVVZRUG \RX PD\ WU\ D GLIIHUHQW UDLQERZ
WDEOHWKDWFRYHUVPRUHFKDUDFWHUVDQGORQJSDVVZRUGV
Using Brute-Force Approach

(YHQ WKRXJK XVLQJ UDLQERZ WDEOHV LV E\ IDU WKH IDVWHVW DQG WKH EHVW DSSURDFK WR FUDFN
SDVVZRUGVLWPD\QRWEHVXFFHVVIXOIRUORQJDQGVWURQJSDVVZRUGVDVKDVKWDEOHVIRUVXFK
SDVVZRUGV DUH KDUG WR ILQG 6R EUXWHIRUFH DSSURDFK EHFRPHV LQHYLWDEOH XQGHU WKHVH
VLWXDWLRQV%XWUHPHPEHULWPD\WDNHDYHU\ORQJWLPHUDQJLQJIURPDIHZKRXUVWRIHZ
GD\VWRFRPSOHWHWKHFUDFNLQJSURFHVV6LQFHOphcrackLVQRWVRHIIHFWLYHIRUWKHEUXWH
IRUFHDSSURDFKZHZLOOXVHDQRWKHUSRZHUIXOWRROFDOOHGL0phtCrackZKLFKLVDYDLODEOH
IURPWKHOLQNEHORZ
L0PhtCrack Download: http://www.l0phtcrack.com/download.html
$IWHULQVWDOOLQJL0phtCrack&OLFNRQ,PSRUWKDVKHVEXWWRQIURPWKHPDLQZLQGRZWR
ORDGWKHKDVKHV<RXKDYHWKHRSWLRQWRORDGWKHKDVKHVIURPERWKWKH3:'803ILOHDV
ZHOODV6$0ILOH
Figure 8. 20
&OLFNRQWKH6HVVLRQ2SWLRQVEXWWRQWRIXUWKHUFRQILJXUHGLIIHUHQWDXGLWLQJRSWLRQVVXFK
DVGLFWLRQDU\DQGEUXWHIRUFHDWWDFNV<RXFDQHQDEOHRUGLVDEOHVSHFLILFDWWDFNVDQGDOVR
FXVWRPL]H FKDUDFWHU VHW SDVVZRUG OHQJWK DQG UDQJH RSWLRQV IRU EUXWHIRUFH DSSURDFK
&RQILJXULQJ WKH DXGLWLQJ RSWLRQV ZLVHO\ FDQ DYRLG XQQHFHVVDU\ WLPH GHOD\ DQG WKHUHE\
VSHHGXSWKHSDVVZRUGFUDFNLQJSURFHVV
2QFH \RX DUH GRQH ZLWK ORDGLQJ WKH KDVKHV DQG FRQILJXULQJ WKH RSWLRQV FOLFN RQ WKH
%HJLQEXWWRQ7KLVZLOOLQLWLDWHWKHFUDFNLQJSURFHVVDQGWKHWLPHFRQVXPHGWRFUDFNWKH
SDVVZRUG GHSHQGV RQ YDULRXV IDFWRUV OLNH WKH SDVVZRUG VWUHQJWK OHQJWK SUHVHQFH RI
DOSKDQXPHULFVSHFLDOFKDUDFWHUVW\SHRIDWWDFNGLFWLRQDU\K\EULGRUEUXWHIRUFHDQG
WKHVSHHGRI\RXUFRPSXWHU
,IWKHSDVVZRUGFUDFNLQJSURFHVVLVVXFFHVVIXO\RXVKRXOGVHHWKHFUDFNHGSDVVZRUGQH[W
WRWKHXVHUQDPHLQWKHL0phtCrackZLQGRZDVVKRZQEHORZ
Figure 8. 21
Sniffing Password Hashes on a Network

,I\RXUFRPSXWHULVRQDQHWZRUNVXFKDVRIILFHRUVFKRROLWLVSRVVLEOHWRUHPRWHO\LPSRUW
WKHSDVVZRUGKDVKHVRIRWKHUFRPSXWHUVRQWKHQHWZRUNZLWKRXWWKHQHHGWRJDLQSK\VLFDO
DFFHVVWRWKHP7KLVPHWKRGLVFDOOHGVQLIILQJDQGL0phtCrackDQGDERYHVXSSRUWVWKLV
RSWLRQ
7RVQLIISDVVZRUGKDVKHVIURPRWKHUFRPSXWHUVMXVWFOLFNRQWKH,PSRUW)URP6QLIIHU
EXWWRQRQWKHPDLQZLQGRZ,IPRUHWKDQRQHQHWZRUNLQWHUIDFHLVGHWHFWHGWKH6HOHFW
1HWZRUN ,QWHUIDFH GLDORJ ER[ DOORZV \RX WR FKRRVH WKH LQWHUIDFH WR VQLII RQ $IWHU
FKRRVLQJ\RXULQWHUIDFHWKH60%3DFNHW&DSWXUH2XWSXWGLDORJER[DSSHDUVZKHUH\RX
QHHGWRFOLFNRQ6WDUW6QLIILQJ
,IWKHKDVKHVDUHFDSWXUHGWKH\DUHLPPHGLDWHO\GLVSOD\HGLQWKHGLDORJER[DIWHUZKLFK
\RXFDQKLW6WRS6QLIILQJDQGFOLFNRQ,PSRUWEXWWRQWRORDGWKHSDVVZRUGKDVKHVIRU
FUDFNLQJ

COUNTERMEASURES
,QRUGHUWRVHFXUH\RXU:LQGRZVFRPSXWHUIURPDOOWKRVHSRVVLEOHDWWDFNVDVPHQWLRQHGLQ
WKLVFKDSWHUWKHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDW\RXQHHGWRIROORZ

'RQRWDOORZVWUDQJHUVWRDFFHVV\RXUFRPSXWHUGXULQJ\RXUDEVHQFH
,I WKH FRPSXWHU LV RQ D SXEOLF QHWZRUN VXFK DV VFKRRO RU RIILFH SDVVZRUG SURWHFW
WKRVHDFFRXQWVZLWKDGPLQLVWUDWRUDFFHVVDQGRQO\JLYHOLPLWHGDFFRXQWVWRWKHXVHUV
$OZD\VXVHDVWURQJSDVVZRUGWKDWLVKDUGWRJXHVV6WURQJSDVVZRUGVFRQWDLQDPL[
RIDOSKDQXPHULFDQGVSHFLDOFKDUDFWHUVWKDWDUHORQJHQRXJKWRDYRLGUDLQERZWDEOH
DQGEUXWHIRUFHDSSURDFKHV
'LVDEOHDFFHVVWR&''9'GULYHVDQG86%GHYLFHVRQSXEOLFQHWZRUNV
&RQILJXUH%,26WRGLVDEOHERRWLQJIURP86%&''9'DQGRWKHUSRUWDEOHGHYLFHV
3DVVZRUGSURWHFW\RXUFRPSXWHU%,26VRWKDWLWZRXOGQRWEHSRVVLEOHIRUDQDWWDFNHU
WRPRGLI\LWVVHWWLQJVDQGJDLQDFFHVV
Chapter 9 - Malware
0DOZDUHLVDFROOHFWLYHWHUPXVHGWRUHSUHVHQWYLUXVZRUPVVS\ZDUHDQGRWKHUPDOLFLRXV
SURJUDPVRXWWKHUHRQWKH,QWHUQHW,QVLPSOHZRUGVDQ\VRIWZDUHSURJUDPWKDWLVLQWHQGHG
WRFDXVHGLUHFWRULQGLUHFWKDUPWRWKHFRPSXWHUV\VWHPLVUHIHUUHGWRDVDPDOZDUH
6RPHPDOZDUHSURJUDPVFDQFDXVHVHULRXVSUREOHPVVXFKDVGHVWUR\LQJWKHV\VWHPILOHV
FDXVLQJ GLVUXSWLRQ WR WKH FRPSXWHU RSHUDWLRQ RU JDWKHULQJ VHQVLWLYH LQIRUPDWLRQ ZKLOH
RWKHUV PD\ RQO\ KDYH D OLJKW LPSDFW VXFK DV UHGLUHFWLQJ ZHEVLWHV WR ORDG SRUQRJUDSKLF
FRQWHQWRUDQQR\LQJWKHXVHUVZLWKSRSXSVDQGEDQQHUV
MALWARE VARIANTS AND COMMON TECHNIQUES

2QFHWKHKDFNHUKDVJDLQHGDFFHVVWRWKHWDUJHWDQGKDVDGPLQLVWUDWRUSULYLOHJHVRQLWWKH
IROORZLQJDUHVRPHRIWKHPDOZDUHSURJUDPVWKDWKHFDQXVHWRWDNHIXUWKHUFRQWURORIWKH
V\VWHP
Computer Virus
$VZHDOONQRZWKLVLVWKHW\SHRIPDOZDUHWKDWKDVEHFRPHKLJKO\SRSXODUDQGLVRQHRI
WKH PRVW ZLGHO\ GLVFXVVHG WRSLF LQ WKH ILHOG RI FRPSXWHU VHFXULW\ $ virus LV MXVW D
FRPSXWHUSURJUDPWKDWLVGHVLJQHGWRWDNHXQDXWKRUL]HGFRQWURORIWKHLQIHFWHGFRPSXWHU
VRDVWRFDXVHKDUPWRWKHV\VWHPVGDWDRUGHJUDGHLWVSHUIRUPDQFH
Mode of Operation:
&RPSXWHUYLUXVHVRSHUDWHVE\DWWDFKLQJWKHPVHOYHVWRDQDOUHDG\H[LVWLQJILOHRUSURJUDP
DQGUHSOLFDWHVLWVHOIWRVSUHDGIURPRQHFRPSXWHUWRDQRWKHU,QPRVWFDVHVWKH\WHQGWR
LQIHFWH[HFXWDEOHILOHVWKDWDUHSDUWVRIOHJLWLPDWHSURJUDPV6RZKHQHYHUWKHLQIHFWHGILOH
LV H[HFXWHG RQ D QHZ FRPSXWHU WKH YLUXV JHWV DFWLYDWHG DQG EHJLQV WR RSHUDWH E\
UHSOLFDWLQJIXUWKHURUFDXVLQJWKHLQWHQGHGGDPDJHWRWKHV\VWHP
$YLUXVFDQQRWSHUIRUPLWVWDVNRIKDUPLQJDQGUHSOLFDWLRQXQOHVVLWLVDOORZHGWRH[HFXWH
7KLVLVWKHUHDVRQZK\YLUXVHVRIWHQFKRRVHDQH[HFXWDEOHILOHDVLWVKRVWDQGJHWDWWDFKHG
WRWKHP9LUXVHVDUHPDLQO\FODVVLILHGLQWRWZRW\SHV
Non-Resident Viruses: 7KLV NLQG RI YLUXV ZLOO H[HFXWH DORQJ ZLWK LWV KRVW SHUIRUP WKH
QHHGIXODFWLRQRIILQGLQJDQGLQIHFWLQJWKHRWKHUSRVVLEOHILOHVDQGHYHQWXDOO\WUDQVIHUVWKH
FRQWUROEDFNWRWKHPDLQSURJUDPKRVW7KHRSHUDWLRQRIWKHYLUXVZLOOWHUPLQDWHDORQJ
ZLWKWKDWRILWVKRVW
Resident Viruses: ,QFDVHRIUHVLGHQWYLUXVHVZKHQHYHUWKHLQIHFWHGSURJUDPLVUXQE\WKH
XVHU WKH YLUXV JHWV DFWLYDWHG ORDGV LWV UHSOLFDWLRQ PRGXOH LQWR WKH PHPRU\ DQG WKHQ
WUDQVIHUVWKHFRQWUROEDFNWRWKHPDLQSURJUDP,QWKLVFDVHWKHYLUXVVWLOOUHPDLQVDFWLYHLQ
WKHPHPRU\ZDLWLQJIRUDQRSSRUWXQLW\WRILQGDQGLQIHFWRWKHUILOHVHYHQDIWHUWKHPDLQ
SURJUDPKRVWKDVEHHQWHUPLQDWHG

Damages Caused:
9LUXVHVDUHNQRZQWRFDXVHGHVWUXFWLRQRIGDWDDQGVRIWZDUHSURJUDPV,QVRPHFDVHVD
YLUXVPD\GRQRWKLQJRWKHUWKDQMXVWUHSOLFDWLQJLWVHOI+RZHYHUWKH\DUHUHVSRQVLEOHIRU
XVLQJDODUJHSRUWLRQRIWKHV\VWHPUHVRXUFHVVXFKDV&38DQGPHPRU\ZKLFKUHVXOWVLQ
WKHSHUIRUPDQFHGHJUDGDWLRQRIWKHFRPSXWHU
Worms
Worms DUH VWDQGDORQH FRPSXWHU SURJUDPV ZLWK D PDOLFLRXV LQWHQW WKDW VSUHDG IURP RQH
FRPSXWHUWRDQRWKHU8QOLNHYLUXVHVZRUPVKDYHWKHDELOLW\WRRSHUDWHLQGHSHQGHQWO\DQG
KHQFHGRQRWDWWDFKWKHPVHOYHVWRDQRWKHUSURJUDP
Mode of Operation:
:RUPV RIWHQ XVH D FRPSXWHU QHWZRUN WR VSUHDG LWVHOI E\ H[SORLWLQJ WKH VHFXULW\
YXOQHUDELOLWLHV WKDW H[LVW LQVLGH WKH LQGLYLGXDO FRPSXWHUV ,Q PRVW FDVHV ZRUPV DUH
GHVLJQHGRQO\WRVSUHDGZLWKRXWFDXVLQJDQ\VHULRXVFKDQJHWRWKHFRPSXWHUV\VWHP
Damages Caused:
8QOLNH YLUXVHV ZRUPV GR QRW FDXVH GDPDJH WR WKH V\VWHP ILOHV DQG RWKHU LPSRUWDQW
SURJUDPV+RZHYHUWKH\DUHUHVSRQVLEOHIRUFRQVXPLQJWKHEDQGZLGWKWKHUHE\GHJUDGLQJ
WKHSHUIRUPDQFHRIWKHQHWZRUN
Remote Administration Tools (RATs)

$ remote administration tool RAT LV D SLHFH RI VRIWZDUH WKDW DOORZV D KDFNHU WR
UHPRWHO\WDNHFRQWURORIWKHWDUJHWV\VWHPWRH[HFXWHFRPPDQGVDQGFDUU\RXWRSHUDWLRQV
RQLW:LWKWKHKHOSRI5$7VDKDFNHUFDQFRQWUROWKHWDUJHWV\VWHPDVLIKHKDVSK\VLFDO
DFFHVVWRLW
Mode of Operation:
$5$7FDQEHLQVWDOOHGPDQXDOO\E\WKHDWWDFNHUZKHQKHJHWVDGPLQLVWUDWRUDFFHVVWRD
V\VWHP 7KH\ FDQ DOVR EH DWWDFKHG WR RWKHU PDOLFLRXV SURJUDPV OLNH D WURMDQ KRUVH WR
GHOLYHULWWRWKHWDUJHWV\VWHP2QFHLQVWDOOHGD5$7FDQLPPHGLDWHO\DOORZWKHKDFNHUWR
UHPRWHO\WDNHFRQWURORIWKHV\VWHP

Damages Caused:
:LWKWKHKHOSRID5$7DQDWWDFNHUFDQFDUU\RXWWKHIROORZLQJRSHUDWLRQVRQWKHWDUJHW
V\VWHP

:DWFK/LYHVFUHHQDFWLYLWLHVDQGFDSWXUHVFUHHQVKRWV
5HDG:ULWH8SORDG'RZQORDGILOHVDQGIROGHUV
,QVWDOO8QLQVWDOODGGLWLRQDOPDOZDUHSURJUDPV
0RGLI\5HJLVWU\VXFKDVDGGHGLWGHOHWHHQWULHV
3RZHURII5HERRWWKHV\VWHP
$V\RXFDQVHHIURPWKHDERYHOLVWWKHUHLVYLUWXDOO\QRRSHUDWLRQWKDWWKHDWWDFNHUFDQQRW
SHUIRUPZLWKWKHXVHRID5$76RPHRIWKHH[DPSOHVRISRSXODU5$7VLQFOXGHPsTools
RadminDQGLogMeIn
Keystroke Loggers
$ keystroke logger RU VLPSO\ NQRZQ DV D keylogger LV D SURJUDP WKDW LV GHVLJQHG WR
UHFRUGHYHU\NH\VWURNHW\SHGRQWKHFRPSXWHUVNH\ERDUG

Mode of Operation:
$ NH\ORJJHU SURJUDP FDQ EH LQVWDOOHG PDQXDOO\ ZLWK SK\VLFDO DFFHVV WR WKH V\VWHP RU
UHPRWHO\XVLQJDRWKHUSURJUDPVOLNH5$72QFHWKHLQVWDOODWLRQLVFRPSOHWHDNH\ORJJHU
RSHUDWHVLQDFRPSOHWHVWHDOWKPRGHE\KLGLQJLWVHOIIURPZHOONQRZQSODFHVVXFKDVWKH
SURJUDPVIROGHUV\VWHPWUD\DGGUHPRYHSURJUDPVWDVNPDQDJHUHWFVRWKDWWKHYLFWLPV
RIWKHFRPSXWHUZLOOUHPDLQXQDZDUHRILWVSUHVHQFH
Damages Caused:
$ NH\ORJJHU ZLOO FDSWXUH HYHU\ NH\VWURNH W\SHG RQ WKH FRPSXWHUV NH\ERDUG LQFOXGLQJ
SDVVZRUGV EDQN ORJLQV FUHGLW FDUG GHWDLOV HPDLOV FKDW FRQYHUVDWLRQ HWF DQG VWRUHV WKH
ORJVLQDVDIHSODFHVRDVWREHDFFHVVLEOHRQO\WRWKHDWWDFNHU6RPHNH\ORJJHUVFDQDOVR
VHQGWKHORJVYLDHPDLORUXSORDGWKHPWRWKHKDFNHUV)73DFFRXQW
6RPHRIWKHSRSXODUNH\VWURNHORJJHUVLQFOXGHElite KeyloggerPowered KeyloggerDQG
Actual Keylogger
Spyware
SpywareLVDW\SHRIPDOLFLRXVVRIWZDUHWKDWFDQFROOHFWLQIRUPDWLRQDERXWWKHDFWLYLWLHVRI
WKHWDUJHWFRPSXWHUZLWKRXWWKHNQRZOHGJHRILWVXVHUV0RVWVS\ZDUHSURJUDPVDOVRFRPH
SUHORDGHGZLWKDNH\ORJJHUZKLFKPDNHVWKHPPRUHSRZHUIXO7KHVHW\SHRISURJUDPV
DUHRIWHQLQVWDOOHGE\WKHRZQHURUDGPLQLVWUDWRURIWKHFRPSXWHULQRUGHUWRPRQLWRUWKH
DFWLYLWLHV RI WKH XVHUV RQ LW 7KLV FDQ EH D SDUHQW WU\LQJ WR PRQLWRU KLVKHU FKLOG RU D
FRPSDQ\RZQHUWU\LQJWRPRQLWRUWKHLUHPSOR\HHV8QIRUWXQDWHO\LWFDQDOVREHXVHGE\
KDFNHUVDQGFULPLQDOVWRVS\RQXVHUVRIWKHLUWDUJHWPDFKLQHV

Mode of Operation:
6S\ZDUHV DUH GHVLJQHG WR RSHUDWH LQ D WRWDOO\ VWHDOWK PRGH VR WKDW LWV SUHVHQFH LV
FRPSOHWHO\KLGGHQIURPWKHXVHUVRIWKHFRPSXWHU2QFHLQVWDOOHGWKH\VLOHQWO\PRQLWRUDOO
WKH DFWLYLWLHV RI WKH FRPSXWHU VXFK DV NH\VWURNHV ZHE DFWLYLW\ VFUHHQVKRWV HPDLOV ,0
ORJV HWF 7KHVH ORJV DUH VWRUHG VHFUHWO\ IRU ODWHU DFFHVV RU XSORDGHG RQOLQH VR WKDW WKH
LQVWDOOHURIWKHVS\ZDUHSURJUDPFDQKDYHDFFHVVWRWKHP
Damages Caused:
$SDUWIURPPRQLWRULQJVS\ZDUHVGRQRWFDXVHDQ\GDPDJHWRWKHFRPSXWHU+RZHYHULQ
VRPHFDVHVWKHDIIHFWHGFRPSXWHUPD\H[SHULHQFHGHJUDGDWLRQLQLWVSHUIRUPDQFH
SniperSpySpyAgentDQG WebWatcher DUH VRPH RI WKH H[DPSOHV RI SRSXODU VS\ZDUH
SURJUDPV
Rootkits
Rootkit LV D VSHFLDO W\SH RI PDOLFLRXV SURJUDP GHVLJQHG E\ WKH KDFNHU WR KLGH FHUWDLQ
SURJUDPVOLNHVS\ZDUHNH\ORJJHUVDQGRWKHUSURFHVVHVIURPQRUPDOPHWKRGVRIGHWHFWLRQ
VRDVWRHQDEOHFRQWLQXHGSULYLOHJHGDFFHVVWRWKHWDUJHWFRPSXWHU
Mode of operation:
5RRWNLWVDUHRIWHQLQVWDOOHGE\WKHDWWDFNHUDVVRRQDVKHJDLQVDGPLQLVWUDWRUOHYHODFFHVV
WRWKHWDUJHW5RRWNLWVRSHUDWHE\PRGLI\LQJWKHNHUQHORIWKHRSHUDWLQJV\VWHPLWVHOIZKLFK
PDNHVLWUHDOO\KDUGWRGHWHFW
Damage caused:
5RRWNLWVFDXVHDVHULRXVGDPDJHWRWKHV\VWHPDVLWPRGLILHVWKH26NHUQHOWRFDUU\RXW
RSHUDWLRQV8QOHVVLWLVUHPRYHGFRPSOHWHO\LWFDQEHYHU\GDQJHURXV
Trojan Horse
$trojan horseRUVLPSO\FDOOHGDVtrojanLVDW\SHRIPDOLFLRXVSURJUDPWKDWGLVJXLVHV
LWVHOIDVVRPHWKLQJWKDWLVOHJLWLPDWHRUXVHIXO7KHPDLQSXUSRVHRIDWURMDQLVWRJDLQWKH
WUXVWRIWKHXVHUE\GLVJXLVLQJLWVHOIDVDXVHIXOSURJUDPRURWKHUXWLOLW\VRWKDWLWJHWVWKH
SHUPLVVLRQ WR EH LQVWDOOHG %XW IURP WKH EDFN HQG LW LV GHVLJQHG WR JUDQW XQDXWKRUL]HG
FRQWURORIWKHFRPSXWHUWRWKHKDFNHUE\LQVWDOOLQJD5$76S\ZDUHRUD5RRWNLW
Mode of Operation:
$7URMDQKRUVHGRQRWGHSHQGRQWKHKRVWWRFDUU\RXWLWVRSHUDWLRQ6RXQOLNHDFRPSXWHU
YLUXVLWGRHVQRWWHQGWRDWWDFKLWVHOIWRRWKHUILOHV7URMDQVDUHRIWHQGLVJXLVHGDVYLGHR
FRGHF VRIWZDUH FUDFNV NH\JHQV DQG RWKHU VLPLODU SURJUDPV GRZQORDGHG IURP XQWUXVWHG
VRXUFHV 6R RQH KDV WR EH FDUHIXO DERXW WKRVH XQWUXVWHG ZHEVLWHV WKDW RIIHU IUHH
GRZQORDGV
2QHRIWKHPRVWSRSXODUH[DPSOHLVWKHDNSChanger TrojanWKDWZDVGHVLJQHGWRKLMDFN
WKH '16 VHUYHUV RI WKH YLFWLPL]HG FRPSXWHUV ,W ZDV GLVWULEXWHG E\ VRPH RI WKH URJXH
SRUQRJUDSKLFZHEVLWHVDVDYLGHRFRGHFQHHGHGWRYLHZRQOLQHFRQWHQW
Damages Caused:
7URMDQKRUVHVDUHNQRZQWRFDXVHDZLGHYDULHW\RIGDPDJHVVXFKDVVWHDOLQJSDVVZRUGV
DQGORJLQGHWDLOVHOHFWURQLFPRQH\WKHIWORJJLQJNH\VWURNHVPRGLI\LQJRUGHOHWLQJILOHV
PRQLWRULQJXVHUDFWLYLW\DQGVRRQ
COUNTERMEASURES
7KH IROORZLQJ DUH VRPH RI WKH FRXQWHUPHDVXUHV WKDW \RX FDQ WDNH WR SUHYHQW PDOZDUH
DWWDFNRQ\RXUV\VWHPV

'HSOR\DWZRZD\ILUHZDOOZKLFKPDQDJHVERWKLQERXQGDVZHOODVRXWERXQGWUDIILF
,QVWDOODJRRGDQWLYLUXVSURJUDPDQGNHHSLWXSWRGDWH3HULRGLFDOO\UXQIXOOV\VWHP
VFDQVWRGHWHFWDQGUHPRYHNH\ORJJHUVS\ZDUHDQGURRWNLWV
.HHSXSWRGDWHRQDOOVHFXULW\VRIWZDUHSDWFKHV8VHDXWRPDWLFXSGDWHVWRNHHS\RXU
:LQGRZVSDWFKHGIRUODWHVWWKUHDWVDQGYXOQHUDELOLWLHV
,QVWDOO DGGLWLRQDO VHFXULW\ SURJUDPV VXFK DV DQWLVS\ZDUH DQWLNH\ORJJHUV DQG DQWL
URRWNLWV
5XQ ZLWK OHDVW SULYLOHJH /RJ LQ DV DGPLQLVWUDWRU RQO\ ZKHQ UHTXLUHG )RU OLJKWHU
DFWLYLWLHVOLNHEURZVLQJWKH,QWHUQHWDQGUHDGLQJHPDLOVORJLQZLWKDQDFFRXQWWKDWKDV
OLPLWHGDFFHVV
6FDQXQNQRZQSURJUDPVZLWKDQXSWRGDWHDQWLYLUXVVRIWZDUHEHIRUHLQVWDOOLQJWKHP
RQ\RXUV\VWHP
7DNH SHULRGLF EDFNXSV RI \RXU V\VWHP VR WKDW LQ FDVH RI GDWD ORVV RU GDPDJH IURP
PDOZDUH\RXFRXOGHDVLO\UHYHUWEDFNWRDSUHYLRXVGDWHRIQRUPDOZRUNLQJFRQGLWLRQ
Chapter 10 - Hiding Information

2QFHWKHKDFNHUVJDLQDFFHVVDQGWDNHFRQWURORIWKHV\VWHPWKHQH[WVWHSWKH\PD\WU\WR
GRLVWRKLGHVRPHFULWLFDOILOHVDQGLQIRUPDWLRQRQLW7KHKDFNHUPD\GHFLGHWRKLGHILOHV
IRUODWHUH[HFXWLRQRUXVHWKHYLFWLPVFRPSURPLVHGV\VWHPWRVWRUHLQIRUPDWLRQVHFUHWO\VR
WKDWLWFDQEHDFFHVVHGODWHUDQGVHQWWRWKHILQDOGHVWLQDWLRQZKHUHLWLVLQWHQGHGWRJR,Q
WKLVFKDSWHUZHZLOOGLVFXVVVRPHRIWKHSRSXODUWHFKQLTXHVWRKLGHILOHVDQGLQIRUPDWLRQ
RQ D V\VWHP /HW XV VWDUW ZLWK WKH VLPSOH RQHV DQG JUDGXDOO\ DGYDQFH WR PRUH FRPSOH[
WHFKQLTXHV
WINDOWS HIDDEN ATTRIBUTE

8VLQJWKH:LQGRZVEXLOWLQKLGGHQDWWULEXWHLVE\IDUWKHVLPSOHDQGHDVLHVWZD\WRKLGH
ILOHV DQG IROGHUV RQ D V\VWHP 7R HQDEOH KLGGHQ DWWULEXWH MXVW IROORZ WKH LQVWUXFWLRQV DV
JLYHQEHORZ

5LJKWFOLFNRQWKHILOHRUIROGHUWKDW\RXLQWHQGWRKLGHDQGVHOHFW3URSHUWLHVIURP
WKHSRSXSPHQX
,QWKH3URSHUWLHVZLQGRZXQGHUWKH$WWULEXWHVVHFWLRQFKHFNWKHER[ZKLFKVD\V
+LGGHQDQGFOLFNRQ2.
7KLVZLOOPDNHWKHVHOHFWHGILOHRUIROGHUJRLQYLVLEOH7RYLHZWKHKLGGHQILOHVDQGIROGHUV
IROORZWKHLQVWUXFWLRQEHORZ

2SHQWKH&RQWURO3DQHOE\FOLFNLQJWKH6WDUWEXWWRQ

1RZFOLFNRQ$SSHDUDQFHDQG3HUVRQDOL]DWLRQDQGWKHQRQ)ROGHU2SWLRQV

6ZLWFKWR9LHZWDEFKHFNWKHRSWLRQ6KRZKLGGHQILOHVIROGHUVDQGGULYHVXQGHU
$GYDQFHG6HWWLQJVDQGFOLFNRQ2.
7KLVVKRXOGXQKLGHDOOWKHKLGGHQILOHVDQGIROGHUV+RZHYHUWKHGUDZEDFNRIWKLVPHWKRG
LVWKDWPRVWXVHUVDUHDZDUHRIWKLVDQGKHQFHWKHKLGGHQILOHVFDQHDVLO\EHXQFRYHUHG,Q
RUGHU WR FRXQWHU WKLV GUDZEDFN VRPH RI WKH DGYDQFHG LQIRUPDWLRQ KLGLQJ PHWKRGV DUH
GLVFXVVHGEHORZ
NTFS ALTERNATE DATA STREAMS

Alternate Data Stream (ADS) LV D :LQGRZV KLGGHQ VWUHDP VXSSRUWHG RQ 17)6 ILOH
V\VWHP XVHG WR VWRUH PHWDGDWD RI D ILOH VXFK DV DWWULEXWHV ZRUG FRXQW DFFHVV DQG
PRGLILFDWLRQ WLPH HWF :KHQHYHU D ILOH LV FUHDWHG RQ 17)6 ILOH V\VWHP :LQGRZV
DXWRPDWLFDOO\FUHDWHVDQ$'6IRULW(YHQLQGLUHFWRU\OLVWLQJRQO\WKHDFWXDOILOHLVYLVLEOH
EXWLWV$'6LVNHSWKLGGHQ
,WLVHYHQSRVVLEOHWRDGGDGGLWLRQDO$'6WRDQH[LVWLQJILOHWRVWRUHKLGGHQLQIRUPDWLRQLQ
LW +DFNHUV RIWHQ XVH WKLV WHFKQLTXH WR VWRUH PDOLFLRXV FRGHV LQ FRPSURPLVHG V\VWHPV
ZLWKRXWWKHNQRZOHGJHRIWKHYLFWLPV
6XSSRVHLI\RXZDQWWRKLGHLQIRUPDWLRQLQVLGHDQLPDJHRUDQ\RWKHUILOHMXVWIROORZWKH
VWHSVPHQWLRQHGEHORZ

2SHQWKH:LQGRZVFRPPDQGSURPSW
7\SHWKHIROORZLQJFRPPDQGDQGKLW(QWHU
Command Syntax: notepad ILOHQDPH$'6QDPH

Example Command: notepad IORZHUVMSJKLGGHQLQIR

Figure 10. 1

$V VKRZQ LQ WKH DERYH VQDSVKRW , DP LVVXLQJ WKH DERYH FRPPDQG RQ
flowers.jpgSUHVHQWLQVLGHWKHIROGHUQDPHGHidden Info
1RZ :LQGRZV ZLOO FUHDWH D QHZ ADS IRU WKH VSHFLILHG ILOH DQG RSHQ LW LQ D QHZ
QRWHSDG ZLWK D PHVVDJH ZLQGRZ 'R \RX ZDQW WR FUHDWH D QHZ ILOH" DV VKRZQ
EHORZ
Figure 10. 2

&OLFNRQ<HVDQGW\SHWKHFRQWHQWWKDW\RXZLVKWRKLGHRQWRLWDQGRQFH\RXDUH
GRQHVDYHDQGFORVHWKHQRWHSDG
1RZDOO\RXUVHFUHWPHVVDJHZLOOEHVWRUHGLQDQHZADSFDOOHGhiddeninfoLQVLGH
WKHILOHflowers.jpg
7RWKHRXWVLGHZRUOGWKHflowers.jpgLVMXVWDQLPDJHILOHEXWRQO\WKHKDFNHUNQRZWKDWLW
FRQWDLQVKLGGHQGDWDLQVLGHLW(YHQLIWKHILOHLVPRYHGWRDQRWKHUV\VWHP17)6RQO\LW
VWLOOFDUULHVWKHKLGGHQLQIRUPDWLRQDORQJZLWKLW
7RYLHZWKHKLGGHQLQIRDOO\RXQHHGWRGRLVDJDLQW\SHWKHVDPHFRPPDQGDVnotepad
flowers.jpg:hiddeninfo LQ WKH FRPPDQG SURPSW 7KLV ZLOO RSHQ XS WKH ADS FRQWDLQHG
LQVLGHWKHflowers.jpgILOHLQDQRWHSDGGLVSOD\LQJDOOWKHKLGGHQWH[WWKDWZDVSUHYLRXVO\
VWRUHG
ADSWHFKQLTXHKDVDVPDOOGUDZEDFN,IWKLVILOHLVFRSLHGRUPRYHGRQWRDGLIIHUHQWILOH
V\VWHP VXFK DV FAT32 DOO WKH ADS LQIRUPDWLRQ ZLOO EH GURSSHG DQG WKH KLGGHQ
LQIRUPDWLRQZLOOEHORVW
STEGANOGRAPHY
Steganography LV D PHDQV RI REVFXULQJ GDWD ZKHUH VHFUHW PHVVDJHV DUH KLGGHQ
LQVLGHFRPSXWHUILOHVVXFKDVLPDJHVVRXQGILOHVYLGHRVDQGHYHQH[HFXWDEOHILOHVVRWKDW
QRRQHH[FHSWWKHFUHDWRUZLOONQRZDERXWWKHH[LVWHQFHRIVWHDOWKLQIRUPDWLRQLQLW
6WHJDQRJUDSK\ PD\ DOVR LQYROYH WKH XVDJH RI FU\SWRJUDSK\ ZKHUH WKH PHVVDJH LV ILUVW
HQFU\SWHG EHIRUH LW LV FRQFHDOHG LQ DQRWKHU ILOH *HQHUDOO\ WKH PHVVDJHV DSSHDU WR EH
VRPHWKLQJHOVHVXFKDVDQLPDJHVRXQGRUYLGHRVRWKDWWKHSUHVHQFHRIVHFUHWGDWDLQLW
UHPDLQVXQVXVSHFWHG
7KH PDLQ DGYDQWDJH RI VWHJDQRJUDSK\ RYHU RWKHU LQIRUPDWLRQ KLGLQJ PHWKRGV LV WKDW LW
ZLOO QRW DURVH VXVSLFLRQ HYHQ LI WKH ILOHV IDOO LQ WKH KDQGV RI D WKLUG SDUW\ 8QOLNH
FU\SWRJUDSK\ ZKLFK RQO\ HQFU\SWV LQIRUPDWLRQ VWHJQRJUDSK\ XVHV ERWK HQFU\SWLRQ DQG
REVFXULW\RIGDWDLQDQRUPDOILOH7KLVPDNHVVWHJQDQRJUDSK\KDUGWRGHWHFWDVWKHILOHV
ORRNFRPSOHWHO\QRUPDOIURPRXWVLGH
6WHJQRJUDSKLF WRROV LPSOHPHQW LQWHOOLJHQW DOJRULWKPV WR FDUHIXOO\ HPEHG WKH HQFU\SWHG
WH[WPHVVDJHVRUELQDU\GDWDLQVLGHRWKHUODUJHUILOHVVXFKDVDQLPDJHDXGLRYLGHRRUDQ
H[HFXWDEOHILOH6RPHWRROVZLOOHPEHGWKHHQFU\SWHGGDWDDWWKHHQGRIDQRWKHUILOHVRWKDW
WKHUHZLOOEHHQRXJKURRPIRUVWRULQJODUJHUGDWD
7KHUH DUH PDQ\ VWHJDQRJUDSLF WRROV DYDLODEOH RQOLQH EXW RQO\ D IHZ DUH DEOH WR ZRUN
IODZOHVVO\,GLGQRWILQGDQ\WRROWKDWZRUNHGSHUIHFWO\RQERWKVPDOODQGODUJHGDWD7R
FRXQWHUWKLVSUREOHP,KDYHPDQDJHGWRGHYHORSP\RZQWRROWKDWFDQZRUNSHUIHFWO\RQ
DOO W\SHV RI ILOHV DQG DOO VL]H RI GDWD , KDYH QDPHG WKH WRRO DV StegoMagic <RX FDQ
GRZQORDGLWIURPWKHIROORZLQJOLQN
Download StegoMagic
7KH]LSILOHFRQWDLQVWZRYHUVLRQVRIStegoMagic2QHIRUHQFU\SWLQJWKHWH[WPHVVDJHV
DQG WKH RWKHU IRU HQFU\SWLQJ ELQDU\ ILOHV StegoMagic_TXT FDQ EH XVHG WR KLGH WH[W
PHVVDJHVLQRWKHUILOHVVXFKDVDQLPDJHRUDVRXQGILOHStegoMagic_BINFDQEHXVHGWR
KLGH RQH ELQDU\ ILOH LQ DQRWKHU VXFK DV DQ H[HFXWDEOH ILOH LQVLGH DQ LPDJH RU DQ LPDJH
LQVLGHDYLGHRILOHDQGVRRQ
Figure 10. 3
:LWK StegoMagic WKHUH LV QR OLPLWDWLRQ RQ WKH VL]H DQG W\SH RI WKH ILOH WKDW \RX DUH
LQWHQGLQJWRKLGH)RUH[DPSOH\RXFDQKLGHDYLGHRRIVL]H*%LQDQLPDJHRIVL]H
0% RU KLGH DQ H[HFXWDEOH ILOH LQVLGH D :25' GRFXPHQW 7KH WRRO LV SUHWW\
VWUDLJKWIRUZDUGWRXVHDQGUHTXLUHVQRVSHFLDOXQGHUVWDQGLQJRIWKHFRQFHSW
$W WKH HQG RI WKH HQFU\SWLRQ SURFHVV D VHFUHW GHFU\SWLRQ NH\ ZLOO EH JHQHUDWHG DQG WKH
VDPHLVUHTXLUHGGXULQJWKHGHFU\SWLRQSURFHVV
How to Use StegoMagic?

6XSSRVH\RXZDQWWRKLGHDtext messageLQVLGHDJPG imageILOH

Place the .JPG image file and the text file (.txt) in the same folder as that
of StegoMagic_TXT.exe
5XQ StegoMagic_TXT.exe ZLWK DGPLQLVWUDWRU ULJKWV DQG IROORZ WKH VFUHHQ
LQVWUXFWLRQVWRHPEHGWKHWH[WPHVVDJHLQVLGHWKH-3*LPDJH
1RWHGRZQWKHsecret decryption key
1RZ \RX FDQ VHQG WKLV LPDJH WR \RXU IULHQG YLD HPDLO 7R GHFU\SW WKH KLGGHQ
PHVVDJH \RXU IULHQG VKRXOG ORDG WKLV JPG file RQWR WKH StegoMagic WRRO DQG XVH
WKHsecret decryption key
USING TOOLS FOR HIDING INFORMATION

<RX FDQ DOVR XVH VHYHUDO RSHQVRXUFH WRROV DQG SURJUDPV WR KLGH LPSRUWDQW ILOHV DQG
IROGHUVRQDJLYHQV\VWHP+HUHLVDOLVWRIDUHVRPHRIWKHKDQG\WRROVWKDW\RXFDQXVH
1. Free Hide Folder

7KLVLVDIUHHZDUHWRROIRU:LQGRZVWKDWFDQKLGHDQ\QXPEHURIIROGHUVDQGPDNHWKHP
JR FRPSOHWHO\ LQYLVLEOH IRU RWKHUV <RX DOVR KDYH WKH RSWLRQ WR SDVVZRUG SURWHFW WKH
SURJUDPIRUDGGLWLRQDOVDIHW\
2. Wise Folder Hider

Wise Folder Hider LV D IUHHZDUH XVHG WR KLGH \RXU SHUVRQDO IROGHUV RU ILOHV WR
VRPHZKHUHHOVHLQ\RXU3&RULQUHPRYDEOHGHYLFHVLQZKLFKZD\\RXFDQSURWHFW\RXU
SULYDF\ZLWKSDVVZRUGVE\IROORZLQJHDV\VWHSV
3. WinMend Folder Hidden

WinMendFolder Hidden LV D IUHH ILOHIROGHU KLGLQJ WRRO :KLOH HQVXULQJ WKH DEVROXWH
V\VWHPVDIHW\WKLVDSSOLFDWLRQFDQTXLFNO\KLGHILOHVDQGIROGHUVRQORFDOSDUWLWLRQVDQGRU
RQUHPRYDEOHGHYLFHV7KHKLGGHQILOHVIROGHUVZLOOEHVDIHO\KLGGHQZKHWKHUWKHGULYHLV
DFFHVVHG LQ DQRWKHU RSHUDWLQJ V\VWHP RQ WKH VDPH FRPSXWHU RU UHLQVWDOOHG RQ DQRWKHU
FRPSXWHU<RXFDQVHWDSDVVZRUGIRUWKLVDSSOLFDWLRQ+LGGHQGDWDFDQEHGLVSOD\HGDQG
XQKLGGHQRQO\ZKHQWKHXVHUHQWHUVWKHYDOLGSDVVZRUG
Chapter 11 - Sniffing

Sniffing DOVR FDOOHG DV packet sniffing UHIHUV WR WKH XVH RI D GHYLFH RU SURJUDP WR
FDSWXUHYLWDOLQIRUPDWLRQIURPDZLUHGRUZLUHOHVVQHWZRUNWUDIILFXVLQJGDWDLQWHUFHSWLRQ
WHFKQRORJ\7KHREMHFWLYHRIVQLIILQJLVWRVWHDOYDULRXVLQIRUPDWLRQVXFKDVSDVVZRUGVRI
DSSOLFDWLRQVOLNHHPDLODQG)73FRQWHQWVLQWKHHPDLOFKDWFRQYHUVDWLRQVILOHVWKDWDUHLQ
WUDQVIHUIURPRQHV\VWHPWRDQRWKHUDQGVRRQ
3URWRFROV WKDW VHQG DQG UHFHLYH GDWD LQ D UDZ IRUPDW ZLWKRXW HQFU\SWLRQ DUH HDVLO\
VXVFHSWLEOH WR VQLIILQJ DWWDFN +HUH LV D OLVW RI VRPH RI WKH FRPPRQ SURWRFROV WKDW DUH
YXOQHUDEOHWRVQLIILQJ

Telnet:.H\VWURNHVLQFOXGLQJXVHUQDPHVDQGSDVVZRUGV
HTTP:'DWDVHQWLQFOHDUWH[W
SMTP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
FTP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
POP:3DVVZRUGVDQGGDWDVHQWLQFOHDUWH[W
TYPES OF SNIFFING
6QLIILQJLVPDLQO\FODVVLILHGLQWRWZRW\SHVDVIROORZV
Passive Sniffing
Passive sniffingLVIDLUO\VLPSOHZKLFKLQYROYHVMXVWFRQQHFWLQJWRWKHWDUJHWQHWZRUNDQG
ZDLWLQJIRUWKHSDFNHWVWRDUULYHDW\RXUKRVWIRUVQLIILQJ7KLVW\SHRIVQLIILQJZRUNVRQO\
LQ DQ XQVZLWFKHG QHWZRUN HQYLURQPHQW ZKHUH WKH LQGLYLGXDO KRVWV DUH LQWHUFRQQHFWHG
XVLQJDhub
,QDKXEW\SHRIQHWZRUNHQYLURQPHQWWUDIILFSDFNHWVIURPDOOKRVWVDUHVHQWWRDOOSRUWV
RQWKHQHWZRUN7KLVPDNHVLWSRVVLEOHIRUWKHKDFNHUVFRPSXWHUWRVHFUHWO\LQWHUFHSWDQG
VQLIISDFNHWVWKDWEHORQJWRRWKHUFRPSXWHUVRQWKHVDPHQHWZRUN
,Q RUGHU WR FDUU\ RXW SDVVLYH VQLIILQJ WKH KDFNHU ZLOO VLPSO\ KRRN XS KLV ODSWRS WR WKH
QHWZRUNDQGUXQVDVQLIILQJVRIWZDUHWRVLOHQWO\FDSWXUHWKHSDFNHWVWKDWDUULYHDWKLVSRUW
6LQFHSDVVLYHVQLIILQJZRUNVE\VLPSO\H[SORLWLQJWKHH[LVWLQJYXOQHUDELOLW\RIXQVZLWFKHG
QHWZRUNVZLWKRXWPDNLQJDGGLWLRQDOPRGLILFDWLRQVLWLVRIWHQKDUGWRGHWHFW
Active Sniffing
Active sniffing LV WKH RQH WKDW LV RIWHQ SHUIRUPHG RQ D VZLWFKHG QHWZRUN HQYLURQPHQW
+HUHLQGLYLGXDOKRVWVRQWKHQHWZRUNDUHLQWHUFRQQHFWHGXVLQJswitchesWKDWNHHSVUHFRUG
RI0$&DGGUHVVHVKDUGZDUHDGGUHVVHVRIDOOKRVWVFRQQHFWHGWRLW:LWKWKLVLQIRUPDWLRQ
WKHVZLWFKFDQLGHQWLI\ZKLFKV\VWHPLVVLWWLQJRQZKLFKSRUWVRWKDWZKHQWKHSDFNHWVDUH
UHFHLYHGWKH\DUHLQWHOOLJHQWO\ILOWHUHGDQGIRUZDUGHGRQO\WRWKHLQWHQGHGSRUWV
7KLVPDNHVWKHSDFNHWVQLIILQJYHU\GLIILFXOWRQVZLWFKHGQHWZRUNDVWKHWUDIILFIURPDOO
KRVWV GRHV QRW IORZ WR DOO SRUWV RQ WKH QHWZRUN +RZHYHU LW LV VWLOO SRVVLEOH WR DFWLYHO\
VQLII SDFNHWV RQ VZLWFKHG QHWZRUNV XVLQJ WHFKQLTXHV VXFK DV ARP poisoning DQGMAC
floodingZKLFKDUHGLVFXVVHGEHORZ
TECHNIQUES FOR ACTIVE SNIFFING

6LQFHPRVWFRPSXWHUQHWZRUNVWRGD\XVHVVZLWFKHVLQVWHDGRIKXEVDFWLYHVQLIILQJSURYHV
PRUH IHDVLEOH XQGHU SUDFWLFDO FRQGLWLRQV 7KH IROORZLQJ DUH VRPH RI WKH LPSRUWDQW
WHFKQLTXHVXVHGLQactive sniffing
ARP Poisoning
%HIRUH DFWXDOO\ JRLQJ LQWR ARP poisoning OHW XV ILUVW WU\ WR XQGHUVWDQG ZKDW ARP
DFWXDOO\PHDQV
What is an ARP?
ARP ZKLFK VWDQGV IRU Address Resolution Protocol LV UHVSRQVLEOH IRU FRQYHUWLQJ IP
addressWRDSK\VLFDODGGUHVVFDOOHGMAC addressLQDQHWZRUN(DFKKRVWRQDQHWZRUN
KDVD0$&DGGUHVVDVVRFLDWHGZLWKLWZKLFKLVHPEHGGHGLQLWVKDUGZDUHFRPSRQHQWVXFK
DVNIC1HWZRUN,QWHUIDFH&RQWUROOHU7KLV0$&DGGUHVVLVXVHGWRSK\VLFDOO\LGHQWLI\D
KRVWRQWKHQHWZRUNDQGIRUZDUGSDFNHWVWRLW
:KHQ RQH KRVW ZDQWV WR VHQG GDWD WR DQRWKHU LW EURDGFDVWV DQ $53 PHVVDJH WR DQ ,3
DGGUHVVUHTXHVWLQJIRULWVFRUUHVSRQGLQJSK\VLFDODGGUHVV7KHKRVWZLWKWKH,3DGGUHVVLQ
WKHUHTXHVWUHSOLHVZLWKLWVSK\VLFDODGGUHVVDIWHUZKLFKWKHGDWDLVIRUZDUGHGWRLW7KLV
$53UHTXHVWLVFDFKHGLPPHGLDWHO\DQGVWRUHGLQDQ$53WDEOHWRHDVHIXUWKHUORRNXSV
6RARP poisoningDOVRNQRZQDVARP spoofingLVZKHUHWKHKDFNHUJRHVDQGSROOXWHV
WKH HQWULHV LQ WKH $53 WDEOH WR SHUIRUP GDWD LQWHUFHSWLRQ EHWZHHQ WZR PDFKLQHV LQ WKH
QHWZRUN)RUWKLVZKHQHYHUDVRXUFHKRVWVHQGVDQ$53PHVVDJHUHTXHVWLQJIRUWKH0$&
DGGUHVVRIWDUJHWKRVWWKHKDFNHUEURDGFDVWVWKH0$&DGGUHVVRIKLVPDFKLQHVRWKDWDOO
WKH SDFNHWV DUH URXWHG WR KLP DQG QRW WKH WDUJHW KRVW WKDW LV LQWHQGHG WR UHFHLYH 7KH
IROORZLQJILJXUHVKRZVDQLOOXVWUDWLRQRIKRZ$53SRLVRQLQJLVSHUIRUPHG
Figure 11. 1
$VVKRZQLQWKHDERYHH[DPSOH JohnAdamDQGWKHattackerDOOWKUHHVKDUHWKHVDPH
QHWZRUN -RKQ GHFLGHV WR VHQG D PHVVDJH WR $GDP ZKHUH KLV FRPSXWHU NQRZV WKH ,3
DGGUHVVRI$GDPDVEXWGRHVQRWNQRZLWV0$&DGGUHVV6RLWZLOOEURDGFDVW
DQ$53PHVVDJHUHTXHVWLQJIRUWKH0$&DGGUHVVRI%XWWKH$WWDFNHUZLOO
SRLVRQWKH$53FDFKHWDEOHE\VSRRILQJ$GDPV,3DGGUHVVDQGPDSSLQJKLVDWWDFNHUV
0$&DGGUHVVRQWR$VDUHVXOW-RKQVWUDIILFJHWVIRUZDUGHGWRWKHDWWDFNHUVFRPSXWHU
ZKHUH KH VQLIIV DOO WKH YLWDO LQIRUPDWLRQ DQG IRUZDUGV WKH VDPH WR $GDP VR DV WR PDNH
HYHU\WKLQJORRNQRUPDO
Tools for APR Poisoning

7KHIROORZLQJDUHVRPHRIWKHWRROVWKDWFDQEHXVHGWRFDUU\RXW$53SRLVRQLQJ
1. Ettercap
7KLVLVDQRSHQVRXUFHQHWZRUNVHFXULW\WRROXVHGIRUSHUIRUPLQJVQLIILQJDQGPDQLQWKH
PLGGOH DWWDFNV RQ D ORFDO QHWZRUN ,W LV FDSDEOH RI LQWHUFHSWLQJ QHWZRUN WUDIILF DQG
FDSWXULQJ YLWDO LQIRUPDWLRQ OLNH SDVVZRUGV DQG HPDLOV ,W ZRUNV E\ SXWWLQJ WKH QHWZRUN
LQWHUIDFHGHYLFHLQWRSURPLVFXRXVPRGHDQGSRLVRQLQJ$53HQWULHVRIWKHWDUJHWPDFKLQHV
WRVQLIIWUDIILFHYHQRQVZLWFKHGQHWZRUNHQYLURQPHQW,WFDQEHGRZQORDGHGIURPWKHOLQN
EHORZ
Download Ettercap: http://ettercap.github.io/ettercap/

2. Nightawk
7KLVLVDVLPSOHWRROIRUSHUIRUPLQJ$53VSRRILQJDQGSDVVZRUGVQLIILQJ,WKDVWKHDELOLW\
WR FDSWXUH SDVVZRUGV IURP ZHE ORJLQ IRUPV LPSOHPHQWHG RQ SURWRFROV OLNH +773 )73
6073DQG323,WFDQEHGRZQORDGHGIURPWKHOLQNEHORZ
Download Nightawk: https://code.google.com/p/nighthawk/

MAC Flooding
MAC flooding LV DQRWKHU W\SH RI VQLIILQJ WHFKQLTXH XVHG LQ D VZLWFKHG QHWZRUN
HQYLURQPHQW WKDW EDVLFDOO\ LQYROYHV IORRGLQJ WKH VZLWFK ZLWK QXPHURXV XQQHFHVVDU\
UHTXHVWV 6LQFH VZLWFKHV KDYH OLPLWHG PHPRU\ DQG SURFHVVLQJ FDSDELOLWLHV WR PDS 0$&
DGGUHVVHVWRSK\VLFDOSRUWVWKH\JHWVFRQIXVHGDQGKLWVWKHLUOLPLWDWLRQ
:KHQVZLWFKHVKLWVWKHLUOLPLWDWLRQWKH\ZLOOIDOOLQWRDQRSHQVWDWHDQGVWDUWVDFWLQJMXVW
OLNH D KXE 7KDW PHDQV DOO WUDIILF JHWV IRUZDUGHG WR DOO SRUWV MXVW OLNH LQ FDVH RI DQ
XQVZLWFKHGQHWZRUNVRWKDWWKHDWWDFNHUFDQHDVLO\VQLIIWKHUHTXLUHGLQIRUPDWLRQ
Tools for MAC Flooding

EtherFlood LV DQ HDV\ WR XVH RSHQVRXUFH WRRO WR FDUU\RXW 0$& IORRGLQJ LQ D VZLWFKHG
QHWZRUNHQYLURQPHQW7KHGRZQORDGOLQN(WKHU)ORRGLVPHQWLRQHGEHORZ
Download EtherFlood: http://ntsecurity.nu/toolbox/etherflood/
DNS CACHE POISONING

DNS cache poisoning DOVR NQRZQ DV DNS spoofing LV D WHFKQLTXH VLPLODU WR ARP
poisoning ZKHUH WKH 'RPDLQ 1DPH 6\VWHP '16 UHVROYHUV FDFKH LV SROOXWHG E\
LQWURGXFLQJ PDQLSXODWHG GDWD LQWR LW 6R ZKHQHYHU XVHUV WU\ WR DFFHVV ZHEVLWHV WKH
SRLVRQHG '16 VHUYHU UHWXUQV DQ LQFRUUHFW ,3 DGGUHVV WKHUHE\ GLUHFWLQJ WKH XVHUV WR WKH
DWWDFNHUVFRPSXWHUV
7KH '16 LV UHVSRQVLEOH IRU PDSSLQJ WKH KXPDQ UHDGDEOH GRPDLQ QDPHV WR WKHLU
FRUUHVSRQGLQJDGGUHVVHV,QRUGHUWRLPSURYHWKHVSHHGRIUHVROXWLRQ'16VHUYHUVRIWHQ
FDFKH WKH SUHYLRXVO\ REWDLQHG TXHU\ UHVXOWV %HIRUH FDFKLQJ RU IRUZDUGLQJ WKH TXHU\
UHVXOWVWKH'16VHUYHUKDVWRYDOLGDWHWKHUHVSRQVHREWDLQHGIURPRWKHUVHUYHUVWRPDNH
VXUHWKDWLWKDVFRPHIURPDQDXWKRULWDWLYHVRXUFH
+RZHYHU VRPH VHUYHUV DUH FRQILJXUHG ZLWK OHVV VHFXULW\ IHDWXUHV ZKHUH WKH\ IDLO WR
SURSHUO\ YDOLGDWH WKH VRXUFH RI UHVSRQVH +DFNHUV FDQ H[SORLW WKLV YXOQHUDELOLW\ WR
LQWURGXFHPDOLFLRXVUHFRUGVWRWKH'16FDFKHVRDVWRUHGLUHFWDODUJHJURXSRI,QWHUQHW
XVHUVWRWKHLUFRPSXWHUV:KHQD'16FDFKHLVVDLGWREHSRLVRQHGLWZLOODIIHFWDOOWKRVH
,QWHUQHW XVHUV ZKR KDYH FRQILJXUHG WKHLU V\VWHPV WR XVH LW DV WKHLU '16 VHUYHU 7KH
IROORZLQJILJXUHLOOXVWUDWHVWKHZRUNLQJRI'16FDFKHSRLVRQLQJDWWDFN
Figure 11. 2
$VVKRZQLQWKHDERYHILJXUHDXVHUZLOOSODFHDUHTXHVWWRWKH'16VHUYHUIRUUHVROYLQJ
IDFHERRNFRP6LQFHWKH'16VHUYHUGRHVQRWKDYHWKH,3LQLWVFDFKHLWIRUZDUGVWKH
VDPHUHTXHVWWRWKHQH[W'16VHUYHU1RZDURXJH'16VHUYHUSLFNVXSWKHUHTXHVWDQG
UHSOLHV ZLWK D IDNH ,3 IRU WKH TXHU\ IDFHERRNFRP :LWKRXW DFWXDOO\ YDOLGDWLQJ WKH
UHVSRQVH WKH '16 VHUYHU IRUZDUGV WKH UHVXOW WR WKH XVHU DQG DOVR VWRUHV WKH UHVXOW LQ LWV
FDFKH$VDUHVXOWWKHFDFKHJHWVSRLVRQHG
7KH XVHU LV QRZ GLUHFWHG WRZDUGV WKH fake )DFHERRN VHUYHU PDLQWDLQHG E\ WKH KDFNHU
LQVWHDGRIWKHUHDORQH$OOWKHVXEVHTXHQWUHTXHVWVIURPRWKHUXVHUVIRUIDFHERRNFRPLV
DOVRDQVZHUHGE\WKHFRPSURPLVHG'16VHUYHUXVLQJLWVSRLVRQHGFDFKHGDWD
,Q WKLV ZD\ LW LV SRVVLEOH IRU WKH KDFNHU WR YLFWLPL]H D ODUJH JURXS RI SHRSOH DQG KLMDFN
WKHLUSHUVRQDOLQIRUPDWLRQVXFKDVSDVVZRUGVHPDLOVEDQNORJLQVDQGRWKHUYDOXDEOHGDWD

MAN-IN-THE-MIDDLE ATTACK
Man-in-the-middleLVUHIHUUHGWRDNLQGRIDWWDFNZKHUHWKHDWWDFNHULQWHUFHSWVDQRQJRLQJ
FRPPXQLFDWLRQ EHWZHHQ WZR KRVWV LQ D QHWZRUN ZLWK DQ DELOLW\ WR VQLII WKH GDWD RU
PDQLSXODWH WKH SDFNHWV H[FKDQJHG EHWZHHQ WZR FRPPXQLFDWLQJ SDUWLHV 7KLV DWWDFN LV
VRPHZKDWVLPLODUWRWKHRQHVKRZQLQWKHILJXUHIURPWKHSUHYLRXVVHFWLRQ
$QRWKHUJRRGH[DPSOHRIPDQLQWKHPLGGOHDWWDFNLVDQDFWLYHHDYHVGURSSLQJFDUULHGRXW
E\ WKH DWWDFNHU E\ PDNLQJ WZR LQGHSHQGHQW FRQQHFWLRQV ZLWK WKH YLFWLPV WR PDNH WKHP
EHOLHYH WKDW WKH\ DUH FKDWWLQJ ZLWK HDFK RWKHU %XW WKH HQWLUH FRQYHUVDWLRQ LV DFWXDOO\
FRQWUROOHGE\WKHDWWDFNHUDVLOOXVWUDWHGLQWKHIROORZLQJILJXUH
Figure 11. 3

TOOLS FOR SNIFFING

$IWHUJRLQJIDUHQRXJKLQWRWKHWKHRUHWLFDOFRQFHSWVRIVQLIILQJOHWXVQRZORRNDWVRPHRI
WKHSRSXODUVQLIILQJWRROVDQGOHDUQKRZWRXVHWKHPWRFDUU\RXWYDULRXVNLQGVRIDWWDFNV

WireShark
Wireshark LV IUHH DQG RSHQVRXUFH SDFNHW DQDO\]HU SURJUDP XVHG IRU QHWZRUN
WURXEOHVKRRWLQJ DQG DQDO\VLV ,W LV DYDLODEOH IRU ERWK :LQGRZV DQG /LQX[ RSHUDWLQJ
V\VWHPVDQGFDQEHGRZQORDGHGIURPWKHIROORZLQJOLQN
Download WireShark: https://www.wireshark.org/download.html
2QFH \RX KDYH LQVWDOOHG WireShark RQ \RXU :LQGRZV FRPSXWHU VWDUW WKH SURJUDP E\
UXQQLQJLWZLWKDGPLQLVWUDWRUSULYLOHJHV
Figure 11. 4
)URP WKH PHQX RSWLRQV FOLFN RQ &DSWXUH DQG VHOHFW 2SWLRQV IURP WKH GURS GRZQ
PHQX7KLVZLOOVKRZDOLVWRIDYDLODEOHLQWHUIDFHGHYLFHVIRUVQLIILQJ
Figure 11. 5
<RXFDQHLWKHUVHOHFWDSDUWLFXODUGHYLFHRUFKRRVHWRFDSWXUHRQDOOLQWHUIDFHV$OVRPDNH
VXUHWKDWSURPLVFXRXVPRGHLVDFWLYDWHG:KHQ\RXDUHGRQHFOLFNRQWKH6WDUWEXWWRQ
WREHJLQWKHVQLIILQJSURFHVV
7KLVZLOOVWDUWFDSWXULQJDOOWKHLQFRPLQJDQGRXWJRLQJWUDIILFRQWKHQHWZRUNDVVKRZQLQ
WKHILJXUHEHORZ
Figure 11. 6
5XQWKLVWRROIRUDVORQJDV\RXZDQWDQGZKHQ\RXIHHOWKDW\RXDUHGRQHZLWKFDSWXULQJ
HQRXJK GDWD VWRS WKH VQLIILQJ SURFHVV E\ SUHVVLQJ WKH 6WRS EXWWRQ GLVSOD\HG LQ UHG
FRORXUDWWKHWRS
,QRUGHUWRDQDO\]HWKHFDSWXUHGGDWD\RXZLOOKDYHWRVHWILOWHUVLQIRUILOWHULQJWKHW\SHRI
GDWD WKDW \RX DUH ORRNLQJ IRU )RU H[DPSOH LI RQH LV ORRNLQJ WR FDSWXUH SDVVZRUGV IURP
ORJLQIRUPVZKLFKDUHQRUPDOO\VHQWXVLQJWKH+7733267UHTXHVWPHWKRG\RXFDQVHW
WKHILOWHUDVhttp.request.method == POST7KLVZLOOKHOS\RXQDUURZ\RXUUHVXOWVDQG
ILQGZKDW\RXDUHORRNLQJIRU
2QFHWKHILOWHULVVHWULJKWFOLFNRQWKHGHVLUHGUHVXOWWKDW\RXZDQWWRDQDO\]HDQGVHOHFW
)ROORZ7&36WUHDP7KLVZLOORSHQXSWKHHQWLUH7&3VWUHDPLQDQHZZLQGRZ+HUH
\RX FDQ FDUHIXOO\ DQDO\]H WKH GDWD WR ILQG RXW WKH SDVVZRUG HQWHUHG E\ XVHUV LQ
XQHQFU\SWHGORJLQIRUPVDVVKRZQLQWKHVDPSOHVQDSVKRWEHORZ
WIRELESS NETWORK BASICS

%HIRUHMXPSLQJLQWRWKHDFWXDOKDFNLQJOHWXVJRWKURXJKVRPHRIWKHEDVLFFRQFHSWVRI
ZLUHOHVVQHWZRUNLQJ
7KH ZLUHOHVV VWDQGDUG LV FRPPRQO\ UHSUHVHQWHG DV 802.11 DQG LV XVHG WR VHWXS ZLUHOHVV
ORFDO DUHD QHWZRUNV WLANs) LQ HQYLURQPHQWV VXFK DV VFKRROV DQG RIILFHV
VWDQGDUGKDVOHDGLQJSURWRFROVRUH[WHQVLRQVDVIROORZV

802.11a ,W RIIHUV KLJKHU VSHHG XS WR 0ESV PRUH FKDQQHOV DQG OHVV
LQWHUIHUHQFHV
802.11b7KLVSURWRFROLVDOVRSRSXODUO\NQRZQDVWi-Fi7KLVLVWKHVWDQGDUGWKDW
ZDVXVHGLQPRVWRIWKH:L)LKRWVSRWV
802.11g 7KLV LV VLPLODU WR WKH E SURWRFRO EXW SURYLGHV PXFK IDVWHU
WUDQVPLVVLRQ
Components of Wireless Network

$ZLUHOHVVQHWZRUNFRPSULVHVRIWKHIROORZLQJEDVLFFRPSRQHQWV
Figure 13. 1

Wi-Fi Radio Device:7KLVFDQEHDQ\GHYLFHWKDWKDVDZLUHOHVVFDUG1,&EXLOWLQWR
LWVXFKDVDODSWRSWDEOHW:L)LHQDEOHG3&RUDFHOOSKRQH
Access Point:7KLVLVWKHGHYLFHZKLFKDOORZV:L)LUDGLRGHYLFHVWRFRQQHFWWRWKH

ZLUHOHVVQHWZRUNXVLQJ:L)LVWDQGDUGV7KHAPWKHQKDVDZLUHGFRQQHFWLRQWRWKH
URXWHU+RZHYHUPRVWPRGHUQURXWHUVQRZFRPHZLWKEXLOWLQAPsWRHOLPLQDWHWKH
QHHGIRUDQH[WUDGHYLFH
Figure 11. 9
7KHGRZQORDGOLQNIRU60$&LVJLYHQEHORZ
SMAC Download : http://www.klcconsulting.net/smac/

COUNTERMEASURES
$IWHUNQRZLQJDERXWYDULRXVVQLIILQJPHWKRGVDQGWKHWRROVXVHGWRFDUU\RXWWKHPLWLV
WLPH WR VKHG VRPH OLJKW RQ SRVVLEOH FRXQWHUPHDVXUHV WKDW FDQ EH WDNHQ WR SUHYHQW VXFK
DWWDFNVRQ\RXUQHWZRUN

5HVWULFW SK\VLFDO DFFHVV WR WKH QHWZRUN IRU XQLQWHQGHG XVHUV 7KLV ZLOO VWRS WKH
DWWDFNHUIURPLQVWDOOLQJWKHSDFNHWVQLIIHURQWKHQHWZRUN
8VH HQFU\SWLRQ RQ WKH QHWZRUN VR WKDW HYHQ LI WKH DWWDFNHU PDQDJHV WR VQLII WKH
SDFNHWVKHZLOOQRWEHDEOHWRVHHWKHLQIRUPDWLRQLQDSODLQWH[WIRUPDW
3HUPDQHQWO\DGGLQJWKH0$&DGGUHVVRIWKHJDWHZD\WRWKH$53FDFKHZLOOSUHYHQW
WKHDWWDFNHUIURP$53VSRRILQJWKHJDWHZD\
,QFDVHRIDVPDOOQHWZRUNXVLQJVWDWLF,3DGGUHVVHVDQGVWDWLF$53WDEOHVZLOOSUHYHQW
KDFNHUVIURPDGGLQJVSRRIHG$53HQWULHV
,QFDVHRIDODUJHQHWZRUNLQVWDOOVZLWFKHVWKDWFRPHZLWKSRUWVHFXULW\IHDWXUHVZKLFK
PDNHVLWLPSRVVLEOHWRVSRRI
8VH WRROV OLNH Arpwatch RU DQ IDS ,QWUXVLRQ 'HWHFWLRQ 6\VWHP WR PRQLWRU DQG
GHWHFWVQLIILQJDFWLYLWLHVRQWKHQHWZRUN
Chapter 12 - Denial of Service

,Q WKLV FKDSWHU ZH ZLOO WDNH D FORVHU ORRN DW ZKDW H[DFWO\ DUH denial of service (DoS)
DWWDFNV WKHLU GLIIHUHQW W\SHV DQG WRROV XVHG WR SHUIRUP WKHP ,Q WKH UHFHQW \HDUV 'R6
DWWDFNVKDYHVLPSO\JURZQIURPPHUHDQQR\DQFHVWRPRUHVHULRXVDQGKLJKSURILOHWKUHDWV
WR EXVLQHVV DQG HFRPPHUFH ZHEVLWHV 7KLV LV WKH W\SH RI DWWDFN WKDW WKH KDFNHUV KDYH
VXFFHVVIXOO\XVHGWRWHPSRUDULO\EULQJGRZQPDMRURQOLQHSURYLGHUVOLNHYahoo!eBayDQG
RWKHUELJSOD\HUV6RKDYLQJDFOHDUXQGHUVWDQGLQJRIWKH'R6DWWDFNVDQGWKHLUZRUNLQJ
SULQFLSOH VHHPV KLJKO\ HVVHQWLDO IRU DQ\RQH ZKR QHHGV WR H[FHO LQ WKH ILHOG RI HWKLFDO
KDFNLQJ
WHAT IS DENIAL OF SERVICE (DOS) ATTACK?

$ denial of service (DoS) DWWDFN LV DQ DWWHPSW WR PDNH D V\VWHP VHUYLFH RU QHWZRUN
FRPSOHWHO\XQXVDEOHWRLWVLQWHQGHGXVHUVRUVLJQLILFDQWO\VORZGRZQLWVSHUIRUPDQFHE\
RYHUORDGLQJLWVUHVRXUFHV
,QPRVWFDVHVLIDQDWWDFNHULVXQDEOHWRJDLQXQDXWKRUL]HGDFFHVVWRWKHWDUJHWV\VWHPKH
ILQDOO\GHFLGHVWRFDUU\RXWD'R6DWWDFNE\WU\LQJWRFUDVKLWVUHVRXUFHV7KHDIWHUPDWKRI
WKH'R6DWWDFNFDQOHDGWRILQDQFLDOORVVHVHVSHFLDOO\LIWKHDIIHFWHGZHEVLWHRUVHUYHULV
DVVRFLDWHGZLWKHFRPPHUFHDFWLYLWLHV,WPD\DOVRDIIHFWWKHJRRGZLOORIWKHFRPSDQ\RU
RUJDQL]DWLRQ WKDW KDV EHFRPH D YLFWLP RI WKH DWWDFN DV WKHUH LV D FOHDU FKDQFH RI SHRSOH
ORVLQJWUXVWLQXVLQJLWVVHUYLFHV
Objectives of DoS Attacks

7KHREMHFWLYHRID'R6DWWDFNLVQRWWRJDLQXQDXWKRUL]HGDFFHVVWRWKHV\VWHPEXWUDWKHUWR
SUHYHQWWKHOHJLWLPDWHXVHUVRILWVVHUYLFHIURPDFFHVVLQJLW7RDFFRPSOLVKWKLVDQDWWDFNHU
PD\XVHGLIIHUHQWPHDQVVXFKDV

$WWHPSWWRflood the trafficWRWKHWDUJHWQHWZRUNVRDVWRPDNHLWXQUHDFKDEOHWRLWV
LQWHQGHGXVHUV
$WWHPSWWR disrupt connections EHWZHHQ WZR PDFKLQHV RQ WKH QHWZRUN ZKLFK PD\
OHDGWRGHQLDORIVHUYLFH
$WWHPSW WR prevent a particular individual IURP DFFHVVLQJ WKH VHUYLFH RU disrupt
only a specific serviceIURPJHWWLQJDFFHVVHG
DoS Attack Techniques

7KHIROORZLQJDUHVRPHRIWKHFRPPRQWHFKQLTXHVHPSOR\HGLQGHQLDORIVHUYLFHDWWDFN
1. Smurf Attack (ICMP flood)

,Q WKLV W\SH RI 'R6 DWWDFN WKH DWWDFNHU EURDGFDVWV D ODUJH DPRXQW RI ,QWHUQHW &RQWURO
0HVVDJH3URWRFRO,&03HFKRUHTXHVWSDFNHWVWRDFRPSXWHUQHWZRUNZLWKDVSRRIHG,3
DGGUHVVRIWKHWDUJHWKRVWYLFWLP7KLVZLOOIORRGWKHWDUJHWKRVWZLWKORWVRISLQJUHSOLHV
,&03HFKRUHSOLHVIURPWKHQHWZRUNZKLFKPDNHVLWLPSRVVLEOHWRKDQGOH7KHUHLVDOVR
D YDULDQW RI VPXUI DWWDFN FDOOHG fraggle DWWDFN ZKHUH 8'3 SDFNHWV DUH XVHG LQVWHDG RI
,&03SDFNHWV7KHIROORZLQJILJXUHLOOXVWUDWHVWKHPHFKDQLVPRIDVPXUIDWWDFN
Figure 12. 1
2. Ping of Death (POD)

,QWKLVNLQGRIDWWDFNWKHDWWDFNHUGHOLEHUDWHO\VHQGVDQ,3SDFNHWODUJHUWKDQWKHDOORZHG
VL]HRIE\WHV6LQFHWKHVL]HH[FHHGVWKHPD[LPXPDOORZHGOLPLWLWLVVSOLWDFURVV
PXOWLSOH ,3 SDFNHWV NQRZQ DV IUDJPHQWV DQG VHQW WR WKH WDUJHW KRVW +RZHYHU ZKHQ WKH
WDUJHW WULHV WR UHDVVHPEOH WKH SDFNHW RQ LWV HQG WKH IUDJPHQWV DGG XS WR PRUH WKDQ WKH
DOORZHG VL]H RI E\WHV %HLQJ XQDEOH WR KDQGOH RYHUVL]HG SDFNHWV WKH RSHUDWLQJ
V\VWHPZLOOIUHH]HUHERRWRUVLPSO\FUDVKWKHUHE\FDXVLQJDOOWKHVHUYLFHVUXQQLQJRQLWWR
EHFRPHXQDYDLODEOHWRWKHOHJLWLPDWHXVHUV
,QWKLVZD\WKHDWWDFNHUEHFRPHVVXFFHVVIXOLQFDXVLQJDGHQLDORIVHUYLFHXVLQJWKHping
of deathWHFKQLTXH
3. Teardrop Attack
7HDUGURS DWWDFN LQYROYHV VHQGLQJ ,3 IUDJPHQWV ZLWK RYHUVL]HG SD\ORDG DQG RYHUODSSLQJ
RIIVHWYDOXHHVSHFLDOO\LQWKHVHFRQGRUODWHUIUDJPHQW,IWKHUHFHLYLQJRSHUDWLQJV\VWHPLV
XQDEOHWRDJJUHJDWHWKHSDFNHWVDFFRUGLQJO\LWFDQOHDGWRV\VWHPFUDVK
4. SYN Flood Attack

7KH6<1IORRGDWWDFNH[SORLWVDNQRZQZHDNQHVVLQWKH7&3FRQQHFWLRQVHTXHQFHFDOOHG
WKH WKUHHZD\ KDQGVKDNH $FFRUGLQJ WR WKLV D KRVW VHQGV SYN Request WR WKH WDUJHW
VHUYHU ZKLFK UHVSRQGV ZLWK D SYN-ACK EDFN WR WKH KRVW )LQDOO\ WKH UHTXHVWLQJ KRVW
VHQGV DQ ACK Response EDFN WR WKH VHUYHU ZKLFK FRPSOHWHV WKH WKUHHZD\ KDQGVKDNH
SURFHVVWRHVWDEOLVKWKHFRQQHFWLRQ
+RZHYHULQFDVHRID6<1DWWDFNDODUJHQXPEHUERJXV7&36<1UHTXHVWVDUHVHQWWRWKH
WDUJHW VHUYHU EXW WKH 6<1$&. UHVSRQVH VHQW EDFN IURP WKH VHUYHU LV QRW DQVZHUHG
6RPHWLPHVWKHDWWDFNHUPD\HYHQXVHDVSRRIHG,3DGGUHVVZKLOHVHQGLQJD6<1UHTXHVW
)RUHDFK6<1UHTXHVWIURPWKHDWWDFNHUWKHYLFWLPVHUYHUDOORFDWHVUHVRXUFHVDQGNHHSV
ZDLWLQJIRUWKH$&.IURPWKHUHTXHVWLQJVRXUFHDWWDFNHU6LQFHQR$&.LVUHFHLYHGWKH
VHUYHU JHWV IORRGHG ZLWK D ODUJH DPRXQW RI KDOIRSHQ FRQQHFWLRQV WKHUHE\ OHDGLQJ WR
UHVRXUFHH[KDXVWLRQUHVXOWLQJLQDGHQLDORIVHUYLFH6<1IORRGDWWDFNLVGHPRQVWUDWHGLQ
WKHIROORZLQJILJXUH
Figure 12. 2

Tools for DoS Attacks

1RZOHWXVORRNDWVRPHRIWKHSRSXODUWRROVXVHGIRU'R6DWWDFNV
1. Slowloris
SlowlorisLVDWRROEXLOWIRU/LQX[SODWIRUPWKDWWDUJHWVKRVWVUXQQLQJZHEVHUYHUVVXFKDV
Apache dhttpd Tomcat DQG GoAhead 7KLV WRRO ZRUNV E\ VHQGLQJ WRR PDQ\ +773
KHDGHUVWRWKHWDUJHWVHUYHUEXWQHYHUFRPSOHWHVLW6ORZORULVLVGHVLJQHGWRWDNHGRZQD
WDUJHWZHEVHUYHUIURPDVLQJOHPDFKLQHE\KROGLQJDVPDQ\FRQQHFWLRQVWRLWDVSRVVLEOH
7KLV ZLOO HYHQWXDOO\ RYHUIORZ WKH PD[LPXP FRQQHFWLRQV WKDW WKH WDUJHW ZHE VHUYHU FDQ
KDQGOHWKHUHE\OHDGLQJWRDGHQLDORIVHUYLFHIRURWKHUOHJLWLPDWHFRQQHFWLRQV

2. QSlowloris
7KLV WRRO ZRUNV RQ WKH VDPH SULQFLSOH DV WKDW RI 6ORZORULV EXW KDV D JUDSKLFDO XVHU
LQWHUIDFHIRUHDVHRIXVHDQGZRUNVRQ:LQGRZVSODWIRUP
3. PyLoris
PyLorisLVEDVLFDOO\DWHVWLQJWRROIRUVHUYHUVEXWFDQDOVREHXVHGWRSHUIRUP'R6DWWDFNV
,WFDQWDUJHWYDULRXVSURWRFROVLQFOXGLQJHTTPFTPSMTPIMAPDQGTelnet
4. LOIC (Low Orbit Ion Cannon)

LOIC LV DQ RSHQVRXUFH QHWZRUN VWUHVV WHVWLQJ DQG 'R6 WRRO ,W IORRGV WKH WDUJHW VHUYHU
ZLWKDODUJHDPRXQWRI7&3RU8'3SDFNHWVUHVXOWLQJLQDGHQLDORIVHUYLFH
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK

$GLVWULEXWHGGHQLDORIVHUYLFHDWWDFNKDSSHQVZKHQWKHDWWDFNRQWKHWDUJHWKRVWRULJLQDWHV
IURP PXOWLSOH FRPSURPLVHG V\VWHPV %HIRUH ODXQFKLQJ WKH DWWDFN WKH DWWDFNHU
FRPSURPLVHV PXOWLSOH V\VWHPV IURP RQH RU PRUH QHWZRUNV XVLQJ WURMDQV DQG RWKHU
WHFKQLTXHV 7KHVH FRPSURPLVHG V\VWHPV DUH NQRZQ DV zombies ZKHUH WKH DWWDFNHU XVHV
WKHPWRODXQFKD''R6DWWDFNRQWKHILQDOWDUJHW
7KHDGYDQWDJHVRIGLVWULEXWHGGHQLDORIVHUYLFHLVWKDWVLQFHPXOWLSOHV\VWHPVDUHXVHGWKH
WDUJHW FDQ HDVLO\ EH IORRGHG ZLWK WRR PXFK WUDIILF HYHQWXDOO\ FDXVLQJ LW WR JR GRZQ $
PRUHFOHDUXQGHUVWDQGLQJFDQEHREWDLQHGXVLQJWKHIROORZLQJILJXUHZKLFKLOOXVWUDWHV
WKHPHFKDQLVPLQYROYHGLQDW\SLFDO''R6DWWDFN
Figure 12. 3
Characteristics of DDoS Attack

:KHQ FRPSDUHG WR D 'R6 DWWDFN ''R6 LV D ODUJH VFDOH FRRUGLQDWHG DWWDFN RQ WKH
WDUJHWXVLQJODUJHQXPEHURISUHFRPSURPLVHGV\VWHPV]RPELHV
''R6DWWDFNZRUNVXQGHUWZROHYHOV7KHILQDOWDUJHWZKLFKLVXQGHUGLUHFWDWWDFNLV
NQRZQDVWKHSULPDU\YLFWLPZKLOHWKH]RPELHVXVHGWRDWWDFNLWDUHUHIHUUHGWRDV
VHFRQGDU\YLFWLPV

$VWKHDWWDFNRULJLQDWHVIURPPXOWLSOHQHWZRUNORFDWLRQVDQGLQYROYHVODUJHQXPEHU
RI]RPELHVLWLVRIWHQKDUGWRGHWHFWRUSUHYHQW
$VLPSOH'R6DWWDFNZKLFKRULJLQDWHVIURPDVLQJOH,3DGGUHVVFDQHDVLO\EHEORFNHG
DW WKH ILUHZDOO OHYHO %XW D ''R6 DWWDFN ZKLFK RULJLQDWHV IURP WZHQW\ WR WKLUW\
WKRXVDQGGLIIHUHQWV\VWHPV,3DGGUHVVHVLVH[WUHPHO\KDUGWRGHWHFW

(YHQLIWKHFRPSDQ\PDNHVDJXHVVZRUNDQGPDQDJHVWREORFNPXOWLSOH,3DGGUHVVHV
DW LWV ILUHZDOO WKHUH LV D FOHDU FKDQFH RI UHDO XVHUV EHLQJ DGYHUVHO\ DIIHFWHG DV LW LV
KDUGWRGLIIHUHQWLDWHEHWZHHQJHQXLQHDQGPDOLFLRXVWUDIILF
DDoS Attack Mechanism

1RZOHWXVORRNDWVRPHRIWKH''R6DWWDFNPRGHOVWKDWDUHFRPPRQO\LQSODFH
Agent Handler Model

Agent handler model LV RQH RI WKH SRSXODU ''R6 PHFKDQLVPV ZKHUH WKH DWWDFNHU
FOHYHUO\GHVLJQVWKHDWWDFNLQDKLHUDUFKLFDOPDQQHUVRDVWRLPSURYHLWVHIIHFWLYHQHVVDQG
DOVRPDNHLWKDUGWRGHWHFWDQGWUDFHEDFN
$W WKH ILUVW OHYHO WKH DWWDFNHU FRPSURPLVHV D VHW RI FRPSXWHUV DQG LQVWDOOV D KDQGOHU
SURJUDP RQ WKHP $W WKH VHFRQG OHYHO WKH DWWDFNHU FRPSURPLVHV DQRWKHU ODUJH VHW RI
FRPSXWHUV FRPPRQO\ UHIHUUHG WR DV DJHQWV RU ]RPELHV ZKLFK DUH FRQWUROOHG E\ WKH
KDQGOHUV
Figure 12. 4
6R GXULQJ WKH WLPH RI DWWDFN WKH DWWDFNHU FOHYHUO\ VLWV DW WKH WRS RI WKH KLHUDUFK\
FRQWUROOLQJWKHKDQGOHUVZKLFKLQWXUQLQLWLDWHWKHDJHQWV]RPELHVWRDWWDFNWKHWDUJHWKRVW
YLFWLP 6LQFH WKH DWWDFNHU VDIHO\ KLGHV LQ WKH EDFNJURXQG WKLV W\SH RI DWWDFN PDNHV LW
UHDOO\KDUGWRWUDFHEDFNWRWKHVRXUFH
IRC Based Model

IRC based model LV VLPLODU WR WKH DERYH GLVFXVVHG DJHQW KDQGOHU PRGHO EXW WKH RQO\
GLIIHUHQFH LV WKDW WKH DWWDFNHU PDNHV XVH RI DQ ,QWHUQHW 5HOD\ &KDW ,5& QHWZRUN
LQVWHDGRIKDQGOHUVWRFRQQHFWWRWKHDJHQWV
Figure 12. 5
7KH DGYDQWDJH RI WKLV PRGHO LV WKDW WKH DWWDFNHU FDQ XVH OHJLWLPDWH ,5& SRUW WR HDVLO\
FRQQHFW KLPVHOI WR DJHQWV DQG LQLWLDWH WKH DWWDFN $OVR KXJH DPRXQW RI WUDIILF RQ ,5&
QHWZRUNPDNHVLWGLIILFXOWIRUWKHQHWZRUNDGPLQLVWUDWRUWRWUDFHWKHSUHVHQFHRIDWWDFNHU
RQWKHVHUYHU

Tools for DDoS Attacks

7KHIROORZLQJDUHVRPHRIWKHSRSXODUWRROVXVHGLQSHUIRUPLQJ''R6DWWDFNV

1. Trinoo
TrinooLVDSRSXODUWRROIRU''R6DWWDFNVWKDWKDVDUHFRUGRIWDNLQJGRZQODUJHVLWHVOLNH
<DKRR ,W LV GHVLJQHG WR FDXVH FRRUGLQDWHG ''R6 DWWDFNV RQ WKH WDUJHW IURP GLIIHUHQW
ORFDWLRQV7KLVWRROEDVLFDOO\XVHVWKHUHPRWHEXIIHURYHUUXQYXOQHUDELOLW\RIV\VWHPVWR
JHWLQVWDOOHGDQGODWHUXVHWKHPDV]RPELHV
2. DDoSim
DDoSim DOVRNQRZQDVLayer 7 DDoS simulatorLVDQH[FHOOHQWWRROWRFDUU\RXW''R6
DWWDFN RQ WKH WDUJHW E\ VLPXODWLQJ VHYHUDO ]RPELHV 7KHVH ]RPELHV FUHDWH IXOO 7&3
FRQQHFWLRQ WR WKH WDUJHW XVLQJ UDQGRP ,3 DGGUHVVHV ,W FDQ DOVR SHUIRUP +773 EDVHG
''R6DWWDFNVZLWKERWKYDOLGDQGLQYDOLGUHTXHVWV
3. Tors Hammer
7KLVLVDQRWKHUQLFH''R6WRROZULWWHQLQ3\WKRQ,WLVDKLJKO\HIIHFWLYHWRROWKDWKDVWKH
FDSDELOLW\ WR WDNH GRZQ PDFKLQHV UXQQLQJ $SDFKH DQG ,,6 VHUYHUV LQ D YHU\ VKRUW WLPH
7KH DGYDQWDJH RI WKLV WRRO LV WKDW LW KDV WKH DELOLW\ WR UXQ WKURXJK D 725 QHWZRUN
DQRQ\PRXVQHWZRUNWRNHHSWKHZKROHDWWDFNXQLGHQWLILHG
4. Davoset
DavosetLV\HWDQRWKHULPSUHVVLYHWRROIRUSHUIRUPLQJ''R6DWWDFNV,WPDNHVXVHRIWKH
DEXVH RI IXQFWLRQDOLW\ YXOQHUDELOLW\ RQ VLWHV WR XVH WKHP DV ]RPELHV DQG FDXVH ''R6
DWWDFNVRQWKHWDUJHW

COUNTERMEASURES
$IWHU H[SORULQJ D IDLU DPRXQW RI LQIRUPDWLRQ DERXW GLIIHUHQW W\SHV 'R6 DWWDFNV WKHLU
PHFKDQLVP DQG YDULRXV WRROV XVHG LQ SHUIRUPLQJ WKHP OHW XV QRZ ORRN DW VRPH RI WKH
FRXQWHUPHDVXUHVWKDWRQHFDQWDNHWRVWRSRUPLWLJDWHVXFKDWWDFNVIURPKDSSHQLQJRQ\RXU
V\VWHPV

8VLQJ DQ IDS ,QWUXVLRQ 'HWHFWLRQ 6\VWHP DQG IPS ,QWUXVLRQ SUHYHQWLRQ 6\VWHP
FDQEHRIDJUHDWDGYDQWDJHZKHQLWFRPHVWRGHWHFWLRQDQGSUHYHQWLRQRI'R6''R6
DWWDFNVDWDQHDUO\VWDJH
%ODFNOLVW,3DGGUHVVHVWKDWDUHIRXQGWREHWKHVRXUFHRIDSRVVLEOH'R6DWWDFN
Ingress Filtering: 0DNH VXUH WKDW WKH LQFRPLQJ SDFNHWV DUH FRPLQJ IURP D YDOLG
VRXUFH

Egress Filtering: 6FDQ DOO WKH RXWJRLQJ SDFNHWV IRU PDOLFLRXV GDWD EHIRUH WKH\
DFWXDOO\OHDYHWKHQHWZRUN

6LQFHLWLVSRVVLEOHWRHDVLO\VSRRIWKH,3DGGUHVVRILQFRPLQJ''R6SDFNHWVWKHUHLV
D JRRG FKDQFH WKDW WKH SDFNHWV ZLOO QRW UHSUHVHQW D YDOLG VRXUFH 6R FRQILJXUH WKH
ILUHZDOOWRGURSSDFNHWVWKDWGRQRWUHSUHVHQWDYDOLGVRXUFHDGGUHVV

3ODFHDILUHZDOORUSDFNHWVQLIIHUWKDWILOWHUVRXWDOOLQFRPLQJWUDIILFWKDWGRHVQRWKDYH
DQRULJLQDWLQJ,3DGGUHVV

,QFUHDVH WKH DYDLODEOH EDQGZLGWK RU UHVRXUFHV WR SUHYHQW WKH VHUYLFHV IURP JRLQJ
GRZQTXLFNO\GXULQJDQDWWDFN

Load Balancing:8VHDPXOWLSOHVHUYHUDUFKLWHFWXUHDQGEDODQFHWKHLQFRPLQJORDG
RQHDFKVHUYHU7KLVFDQKHOSLPSURYHSHUIRUPDQFHDVZHOODVPLWLJDWHWKHHIIHFWVRI
''R6DWWDFNV
Chapter 13 - Wireless Hacking

7KHXVDJHRIZLUHOHVVQHWZRUNVDUHEHFRPLQJLQFUHDVLQJO\SRSXODUWKHVHGD\VGXHWRWKHLU
RSHUDWLRQIOH[LELOLW\DQGORZFRVWVHWXS:LUHOHVVQHWZRUNVVXFKDV:/$1VDOORZXVHUVWR
DFFHVVQHWZRUNUHVRXUFHVIURPDQ\ZKHUHLQWKHFDPSXVXVLQJPRELOHGHYLFHVOLNHODSWRSV
DQG WDEOHWV 7KLV RIIHUV D JUHDW GHDO RI IOH[LELOLW\ WR VWXGHQWV DQG HPSOR\HHV WKHUHE\
HOLPLQDWLQJWKHQHHGWRDOZD\VVWLFNWRWKHLUGHVNVGXULQJWKHLUZRUNWLPH
+RZHYHURQWKHIOLSVLGHRIDOOLWVDGYDQWDJHVOLHVPDMRUVHFXULW\LVVXHV$VPRUHDQGPRUH
FRPSDQLHV KDYH QRZ VWDUWHG XVLQJ ZLUHOHVV WHFKQRORJLHV LQ WKHLU QHWZRUN WKHVH VHFXULW\
LVVXHVSXWVWKHEXVLQHVVRQDKLJKULVN$VRSSRVHGWRZLUHGQHWZRUNVZLUHOHVVWHFKQRORJ\
GRHVQRWOLPLWSK\VLFDODFFHVVWRDQRXWVLGHUVXFKDVDKDFNHU7RGD\ZLWKDOOWKHUHDGLO\
DYDLODEOHWRROVLWLVHDVLO\SRVVLEOHIRUWKHKDFNHUWRFRPSURPLVHORRSKROHVLQWKHZLUHOHVV
VHFXULW\V\VWHPDQGJDLQDFFHVVWRWKHQHWZRUN
,Q WKLV FKDSWHU ZH ZLOO ORRN DW VRPH RI WKH FRPPRQ YXOQHUDELOLWLHV WKDW H[LVWV LQ WKH
ZLUHOHVV QHWZRUNLQJ WHFKQRORJ\ ZD\V WR H[SORLW WKHP IRU JDLQLQJ DFFHVV DQG DOVR WKH
FRXQWHUPHDVXUHVIRUSUHYHQWLQJWKHP
WIRELESS NETWORK BASICS

%HIRUHMXPSLQJLQWRWKHDFWXDOKDFNLQJOHWXVJRWKURXJKVRPHRIWKHEDVLFFRQFHSWVRI
ZLUHOHVVQHWZRUNLQJ
7KH ZLUHOHVV VWDQGDUG LV FRPPRQO\ UHSUHVHQWHG DV 802.11 DQG LV XVHG WR VHWXS ZLUHOHVV
ORFDO DUHD QHWZRUNV WLANs) LQ HQYLURQPHQWV VXFK DV VFKRROV DQG RIILFHV
VWDQGDUGKDVOHDGLQJSURWRFROVRUH[WHQVLRQVDVIROORZV

802.11a ,W RIIHUV KLJKHU VSHHG XS WR 0ESV PRUH FKDQQHOV DQG OHVV
LQWHUIHUHQFHV
802.11b7KLVSURWRFROLVDOVRSRSXODUO\NQRZQDVWi-Fi7KLVLVWKHVWDQGDUGWKDW
ZDVXVHGLQPRVWRIWKH:L)LKRWVSRWV
802.11g 7KLV LV VLPLODU WR WKH E SURWRFRO EXW SURYLGHV PXFK IDVWHU
WUDQVPLVVLRQ
Components of Wireless Network

$ZLUHOHVVQHWZRUNFRPSULVHVRIWKHIROORZLQJEDVLFFRPSRQHQWV
Figure 13. 1

Wi-Fi Radio Device:7KLVFDQEHDQ\GHYLFHWKDWKDVDZLUHOHVVFDUG1,&EXLOWLQWR
LWVXFKDVDODSWRSWDEOHW:L)LHQDEOHG3&RUDFHOOSKRQH
Access Point:7KLVLVWKHGHYLFHZKLFKDOORZV:L)LUDGLRGHYLFHVWRFRQQHFWWRWKH

ZLUHOHVVQHWZRUNXVLQJ:L)LVWDQGDUGV7KHAPWKHQKDVDZLUHGFRQQHFWLRQWRWKH
URXWHU+RZHYHUPRVWPRGHUQURXWHUVQRZFRPHZLWKEXLOWLQAPsWRHOLPLQDWHWKH
QHHGIRUDQH[WUDGHYLFH
Gateway: 5RXWHUV DUH FRQQHFWHG WR WKH JDWHZD\V ZKLFK WKHQ FRQQHFWV WKH ZKROH
QHWZRUNWRWKH,QWHUQHW

Detecting Wireless Networks (War-Driving)

7R GHWHFW D ZLUHOHVV QHWZRUN VXFK DV D Wi-Fi Access Point \RX FDQ VWDUW URDPLQJ LQ D
WHFKQRORJ\SDUNGRZQWRZQDUHDRUVLPSO\WKURXJKWKHZDOOVRI\RXURZQEXLOGLQJXVLQJ
\RXU :L)L FDSDEOH GHYLFH VXFK DV ODSWRSV DQG SDOP GHYLFHV ZLWK D ZDUGULYLQJ
VRIWZDUH6RPHRIWKHSRSXODUZDUGULYLQJVRIWZDUHSURJUDPVDUHOLVWHGEHORZ

Netstumbler: 7KLV LV D :LQGRZV EDVHG ZDUGULYLQJ WRRO WKDW FDQ GHWHFW ZLUHOHVV
QHWZRUNVDQGDOVRPDUNWKHLUSRVLWLRQZLWKD*36
MiniStumbler: 7KLV LV D SRUWDEOH YHUVLRQ RI NetStumbler WKDW FDQ EH LQVWDOOHG RQ
KDQGKHOGFRPSXWHUV
Vistumbler: 7KLV LV DQRWKHU KDQG\ ZDUGULYLQJ WRRO IRU :LQGRZV EDVHG RSHUDWLQJ
V\VWHPV
Kismet: 7KLV LV D /LQX[ EDVHG ZLUHOHVV VQLIILQJ WRRO WKDW DOVR KDV WKH DELOLW\ WR
SHUIRUPZDUGULYLQJ
Wifi Scanner:7KLVLVD*8,EDVHG:LQGRZVWRROWRGHWHFWDOOWKHDYDLODEOH$3VLQ
\RXUVXUURXQGLQJV
3OHDVH QRWH WKDW DOO ZLUHOHVV QHWZRUN FDUGV 1,&V DUH QRW VDPH DQG VRPH PD\ QRW EH
FRPSDWLEOHZLWKWKHDERYHPHQWLRQHGZDUGULYLQJWRROV,QWKDWFDVH\RXZLOOKDYHWRXVH
WKHVRIWZDUHWKDWFDPHZLWK\RXUZLUHOHVV1,&IRUGHWHFWLQJDFFHVVSRLQWV
WIRELESS SNIFFING
Wireless sniffingLVQRGLIIHUHQWWKDQWKHZLUHGVQLIILQJWKDWZHKDYHDOUHDG\GLVFXVVHG
LQ WKH HDUOLHU FKDSWHU EXW WKH RQO\ GLIIHUHQFH KHUH LV WKDW WKLV RQH LV SHUIRUPHG RQ D
ZLUHOHVV HQYLURQPHQW ,Q WKLV FDVH WKH SURWRFRO XVHG IRU VQLIILQJ LV 6LQFH UDGLR
ZDYHVDUHRPQLGLUHFWLRQDOLWLVHDVLO\SRVVLEOHWRFDUU\RXWDPDQLQWKHPLGGOHDWWDFN
DQGFDSWXUHDOOWKHSDFNHWVIURPWKHZLUHOHVVWUDIILFDYDLODEOHLQ\RXUUDQJH
Configuring Wireless Cards for Promiscuous Mode

Promiscuous modeDOORZVWKH1,&1HWZRUN,QWHUIDFH&DUGWRFDSWXUHDOOWKHQHWZRUN
WUDIILF WKDW DUULYHV DW LW LQVWHDG RI FDSWXULQJ RQO\ WKRVH WKDW DUH LQWHQGHG IRU WKH 1,&
8QOHVV\RXUZLUHOHVVFDUGLVFRQILJXUHGWRRSHUDWHLQSURPLVFXRXVPRGHLWLVQRWSRVVLEOH
WRSHUIRUPZLUHOHVVVQLIILQJ
0RVW ZLUHOHVV QHWZRUN FDUGV GR QRW VXSSRUW SURPLVFXRXV PRGH RQ :LQGRZV RSHUDWLQJ
V\VWHPDQGKHQFHRQHKDVWRXVH/LQX[WRVXFFHVVIXOO\SHUIRUPZLUHOHVVVQLIILQJ,I\RX
VWLOO ZDQW WR SHUIRUP VQLIILQJ RQ :LQGRZV \RX FDQ XVH D VSHFLDO W\SH RI ZLUHOHVV FDUG
NQRZQDVAirPcap ZKLFK LV IDU WRR H[SHQVLYH FRPSDUHG WR QRUPDO RQHV $LU3FDS FDUGV
FDQEHXVHGRQ:LQGRZVZLWKVQLIILQJSURJUDPVOLNH:LUH6KDUNDQG&DLQ $EHOEXW
IRUDOORWKHUFDUGVRQHKDVWRXVH/LQX[SODWIRUP
Tools for Wireless Sniffing

/HWXVORRNDWVRPHRIWKHZLGHO\XVHGWRROVIRUSHUIRUPLQJZLUHOHVVVQLIILQJ
Wireshark
Wireshark LV RQH RI P\ IDYRXULWH SDFNHW VQLIILQJ WRRO DV LW LV HDV\ WR XVH DQG VXSSRUWV
*8, (YHQ WKRXJK LW ZRUNV RQ :LQGRZV , DP XVLQJ /LQX[ RSHUDWLQJ V\VWHP LQ P\
ZLUHOHVV VQLIILQJ GHPRQVWUDWLRQ DV SURPLVFXRXV PRGH LV QRW VXSSRUWHG RQ :LQGRZV
SODWIRUP,DPXVLQJTP-LINK TL-WN722NIRUWKLVGHPRDVLWLVIXOO\FRPSDWLEOHZLWK
.DOL /LQX[ WKDW , DP UXQQLQJ LW RQ ,I \RX KDYH D GLIIHUHQW ZLUHOHVV FDUG RU QHHG WR
SXUFKDVHRQHSOHDVHPDNHVXUHWKDWLWLVFRPSDWLEOHZLWKWKH/LQX[NHUQHOWKDW\RXZLOOEH
XVLQJLWRQ6LQFH.DOL/LQX[LVSDFNHGZLWK:LUHVKDUNDQGDOORWKHUXVHIXOWRROVWKHUHLV
QRQHHGWRLQVWDOOLWVHSDUDWHO\)ROORZWKHEHORZLQVWUXFWLRQVWRSHUIRUPDVDPSOHZLUHOHVV
VQLIILQJ

%RRWXS\RXUFRPSXWHUIURP\RXU/LYH.DOL/LQX['9'
2QFHWKH/LQX[LVORDGHGSOXJLQ\RXU86%ZLUHOHVVFDUG
2SHQWKH7HUPLQDOZLQGRZDQGW\SHWKHIROORZLQJFRPPDQG
iwconfig
Figure 13. 2

,I\RXUZLUHOHVVFDUGLVFRPSDWLEOH\RXVKRXOGVHH\RXUGHYLFHOLVWHGDVVKRZQLQWKH
DERYHVQDSVKRWDVZODQ
7KHQH[WVWHSLVWRSXWWKHFDUGLQWRWKHPRQLWRULQJPRGHSURPLVFXRXVPRGH)RU

WKLVW\SHWKHIROORZLQJFRPPDQG

airmon-ng start wlan0

2QP\FRPSXWHUZLUHOHVVFDUGLVOLVWHGDVZODQ6R,KDYHHQWHUHGZODQ
LQ WKH FRPPDQG ,I \RXU FRPSXWHU KDV D GLIIHUHQW OLVWLQJ VXFK DV ZODQ RU
ZODQWKHQ\RXQHHGWRUHSODFHWKHVDPHLQWKHDERYHFRPPDQG
$IWHU\RXH[HFXWHWKHFRPPDQGVXFFHVVIXOO\\RXUFRPSXWHUZLOOFUHDWHDQHZYLUWXDO
ZLUHOHVVFDUGDQGHQDEOHPRQLWRUPRGHLQLW,QP\FDVHLWLVPRQDVVKRZQLQ
WKHEHORZVQDSVKRW
Figure 13. 3

1RZ LW LV WLPH WR XVH :LUHVKDUN WR VWDUW FDSWXULQJ WKH SDFNHWV 7R VWDUW :LUHVKDUN
FOLFN RQ Applications -> Kali Linux -> Top 10 Security Tools -> wireshark DV
0DNHVXUHWKDW\RXVWULSRXWSRWHQWLDOO\GDQJHURXVFKDUDFWHUVOLNHVHPLFRORQVSLSHV
_ DQG DPSHUVDQGV IURP XVHU LQSXW EHIRUH SDVVLQJ LW RQWR WKH XQGHUO\LQJ
SURJUDPV
,ISRVVLEOHDYRLGSDVVLQJXVHUJLYHQDUJXPHQWVWR26SURJUDPV

Buffer Overflow
Buffer overflowDOVRNQRZQDVbuffer overrunLVDW\SHRIH[SORLWWKDWWDNHVDGYDQWDJH
RIYXOQHUDEOHDSSOLFDWLRQVWKDWDUHZDLWLQJWRSURFHVVXVHULQSXWV$ZHEDSSOLFDWLRQLVVDLG
WR EH YXOQHUDEOH WR WKLV NLQG RI DWWDFN ZKHQ WKH DSSOLFDWLRQ ZKLOH ZULWLQJ GDWD WR WKH
EXIIHURYHUUXQVWKHEXIIHUOLPLWDQGRYHUZULWHVWRDGMDFHQWPHPRU\

Key Concepts of Buffer Overflow

%XIIHURYHUIORZKDSSHQVZKHQWKHVL]HRIXVHULQSXWGDWDLVODUJHUWKDQLWVDOORFDWHG
EXIIHUVL]HDQGWKHDSSOLFDWLRQRYHUUXQVLWVEXIIHUVERXQGDU\ZKHQZULWLQJWKHLQSXW
WRWKHPHPRU\
7KHJRDOLVWRWULJJHUEXIIHURYHUIORZVLQYXOQHUDEOHDSSOLFDWLRQVWKURXJKLQSXWVWKDW
DUHGHVLJQHGWRH[HFXWHPDOLFLRXVFRGHVRUDOWHUWKHQRUPDOIORZRIWKHSURJUDPWR
WKHIORZGHWHUPLQHGE\WKHKDFNHU
Types of Buffer Overflows

%XIIHURYHUIORZDWWDFNVFDQEHFODVVLILHGLQWRWZRPDLQW\SHVDVIROORZV

Heap based attacks
Stack based attacks

+HDSEDVHGDWWDFNZRUNVE\IORRGLQJWKHPHPRU\VSDFHWKDWLVG\QDPLFDOO\DOORFDWHGWRD
SURJUDPEXWWKHGLIILFXOW\LQYROYHGLQFDUU\LQJRXWVXFKDWWDFNVPDNHVWKHPUDUH2QWKH
RWKHU KDQG VWDFN EDVHG DWWDFNV DUH WKH HDVLHVW DQG KHQFH PRVW ZLGHO\ SHUIRUPHG E\ WKH
DWWDFNHUV
Stack Buffer Overflow Example

$ VWDFN LV D FRPSXWHU PHPRU\ XVHG ZKHQ RQH IXQFWLRQ ZLWKLQ D SURJUDP FDOOV DQRWKHU
7KLVVWDFNFRQWDLQVGDWDORFDOYDULDEOHVYDULDEOHVWKDWDUHSULYDWHWRDIXQFWLRQIXQFWLRQ
DUJXPHQWVDQGPRVWLPSRUWDQWO\WKHUHWXUQDGGUHVVRIWKHLQVWUXFWLRQWRUHWXUQZKHQRQH
IXQFWLRQILQLVKHV,QRWKHUZRUGVZKHQ)XQFWLRQ$FDOOV)XQFWLRQ%WKH&38QHHGVWR
Figure 13. 6
7KHIROORZLQJDUHVRPHRIWKHRWKHUZLUHOHVVVQLIILQJWRROVZRUWKFRQVLGHULQJ
Ethereal
7KLVLVDQRWKHU/LQX[EDVHGVQLIILQJWRROWKDWZRUNVERWKRQZLUHGDQGZLUHOHVVQHWZRUNV
,WFRPHVDVDEXLOWLQVHFXULW\WHVWLQJWRROLQ.DOL/LQX[
OmniPeek Wireless
OmniPeek LV D FRPPHUFLDO VQLIIHU WRRO SDFNHW ZLWK WRQV RI XVHIXO IHDWXUHV IRU
QHWZRUNPRQLWRULQJ,WZRUNVRQ:LQGRZVSODWIRUP

WIRED EQUIVALENT PRIVACY (WEP)

WEP LV D FRPSRQHQW RI :/$1 QHWZRUNV GHVLJQHG WR SURYLGH FRQILGHQWLDOLW\ RI
GDWDLQWKHZLUHOHVVQHWZRUNV8QOLNHZLUHGQHWZRUNVZKHUHLWLVSRVVLEOHWROLPLWSK\VLFDO
DFFHVV RQO\ WR WUXVWHG XVHUV WKH VDPH LV QRW SRVVLEOH LQ FDVH RI D ZLUHOHVV QHWZRUN
7KHUHIRUHLQRUGHUWRRYHUFRPHWKLVOLPLWDWLRQDVSHFLDOW\SHRIHQFU\SWLRQFDOOHG:(3LV
XVHGWRSUHYHQWDWWDFNHUVIURPLQWHUFHSWLQJWKHZLUHOHVVGDWD
+RZHYHU WKHUH LV D FOHDU ZHDNQHVV LQ WKH :(3 VHFXULW\ V\VWHP WKDW FDQ EH H[SORLWHG
2QFHHQRXJKGDWDSDFNHWVDUHFDSWXUHGDQGJLYHQDPSOHWLPHWKHDWWDFNHUFDQHDVLO\FUDFN
WKH:(3NH\XVHGIRUHQFU\SWLRQVRDVWRGHFU\SWDOOLQIRUPDWLRQEDFNWRUDZGDWD
Cracking WEP Encryption

7KHIROORZLQJWRROVDUHXVHGSRSXODUO\IRUFUDFNLQJ:(3HQFU\SWLRQNH\SDVVZRUG
Aircrack-NG
7KLV LV D SRSXODU WRRO XVHG RQ /LQX[ WR FUDFN :(3 HQFU\SWLRQ NH\V ,W LV D
FRPPDQGOLQHWRROWKDWFRPHVDVDEXLOWLQIHDWXUHLQ.DOL/LQX[SDFNDJHDQGFDQHDVLO\EH
XVHG E\ ORDGLQJ LW IURP WKH OLYH '9' 6LQFH LW WDNHV D ORQJ OLVW RI FRPPDQGV DQG
SURFHGXUHV WR FUDFN :(3 SDVVZRUGV , KDYH GHFLGHG WR RPLW WKH GHPR RI WKH FUDFNLQJ
SURFHVVIURPWKLVERRN%XW\RXFDQVWLOO*RRJOHIRUKRZWRFUDFN:(3HQFU\SWLRQWR
ILQGPDQ\VWHSE\VWHSSURFHGXUHVWKDWGHVFULEHWKHDFWXDOFUDFNLQJSURFHVV

WEPCrack
WEPCrackLVDQRWKHUSRSXODUWRROIRUFUDFNLQJVHFUHWNH\V7KLVLVWKHILUVWWRROWR
JLYHDSXEOLFGHPRQVWUDWLRQRQKRZ:(3HQFU\SWLRQFDQEHH[SORLWHG
WI-FI PROTECTED ACCESS (WPA)

WPA LV DQRWKHU ZLUHOHVV VHFXULW\ VWDQGDUG WKDW ZDV PDLQO\ GHYHORSHG WR DGGUHVV WKH
VKRUWFRPLQJVRI:(3:3$XVHVDGLIIHUHQWHQFU\SWLRQVWDQGDUGZKLFKLVEHWWHUWKDQWKDW
RI:(3DQGLVGHVLJQHGDVDVRIWZDUHXSJUDGH
+RZHYHU D IODZ LQ WKLV VHFXULW\ IHDWXUH FDOOHG Wi-Fi Protected Setup WPS DOORZV
:3$SDVVZRUGVWREHFUDFNHGXVLQJEUXWHIRUFHDSSURDFK0RVWDFFHVVSRLQWVKDYH:36
HQDEOHGE\GHIDXOWDQGKHQFHUHPDLQYXOQHUDEOH

Cracking WPA Passwords

+HUH LV D VWHSE\VWHS GHPRQVWUDWLRQ RI FUDFNLQJ :3$ SDVVZRUG XVLQJ WKH Reaver WRRO
WKDWFRPHVZLWK.DOL/LQX[

%RRW \RXU FRPSXWHU XVLQJ WKH .DOL /LYH '9' DQG DOVR SOXJLQ WKH 86% ZLUHOHVV
FDUG
2SHQWKHWHUPLQDOZLQGRZDQGW\SHWKHFRPPDQGiwconfigWRPDNHVXUHWKDW\RXU
FDUGLVGHWHFWHG
Figure 13. 7

2QFH\RXVHH\RXUFDUGOLVWHGZODQDVVKRZQDERYHW\SHWKHIROORZLQJFRPPDQG
WRSXW\RXUFDUGLQWRWKHPRQLWRULQJPRGHDQGVWDUWXVLQJLW
airmon-ng start wlan0

7KLV VKRXOG DFWLYDWH PRQLWRULQJ PRGH IRU \RXU FDUG 2Q P\ FRPSXWHU LW LV
HQDEOHGRQPRQDVVKRZQLQWKHEHORZVQDSVKRW
Figure 13. 8

1RZW\SHWKHIROORZLQJFRPPDQGWRGHWHFWQHDUE\:36HQDEOHGDFFHVVSRLQWV
wash -i mon0 -C

7KLVVKRXOGSHUIRUPDVFDQDQGOLVWDOOWKHQHDUE\DFFHVVSRLQWVDVVKRZQEHORZ
2QFHDFFHVVSRLQWVDUHGHWHFWHGSUHVVCtrl+CWRVWRSWKHVFDQQLQJSURFHVV
Figure 13. 9

$VVKRZQDERYHWKHUHLVRQHOLVWLQJZKLFKVKRZVDYXOQHUDEOHDFFHVVSRLQWZLWKDQ
(66,'NETGEAR311RZLVVXHWKHIROORZLQJFRPPDQGWRSHUIRUPEUXWHIRUFH
DWWDFNRQWKHWDUJHW

reaver -i mon0 -b 2C:B0:5D:68:93:D6 -vv

3OHDVHQRWHWKDW\RXZLOOKDYHWRUHSODFH&%''ZLWKWKHBSSID
RIWKHWDUJHW$3LQ\RXUFDVH
7KHFUDFNLQJSURFHVVZLOOWDNHDIHZKRXUVWRFRPSOHWHDQGLIHYHU\WKLQJJRHVZHOO
\RXVKRXOGVHHWKHFUDFNHG3,1DQGSDVVSKUDVHLQWKHUHVXOWVDVVKRZQLQWKHEHORZ
VQDSVKRW
Figure 13. 10
1
Other To
13. 10
DENIAL OF SERVICE (DOS) ATTACKS

-XVW OLNH ZLUHG QHWZRUNV ZLUHOHVV QHWZRUNV DUH DOVR VXVFHSWLEOH WR GHQLDO RI VHUYLFH
DWWDFNV 6LQFH :/$1V XVH UDGLR ZDYHV RQ SXEOLF IUHTXHQFLHV IRU VHQGLQJ DQG UHFHLYLQJ
WKHWUDIILFLWLVHDV\WRXVHRWKHUWUDIILFIURPWKHVDPHEDQGWRFDXVHLQWHUIHUHQFH,IWKH
DWWDFNHUIDLOVWRJDLQDFFHVVWRWKHQHWZRUNKHPD\XVH'R6DVDILQDORSWLRQWRDWWDFNWKH
QHWZRUN'R6DWWDFNVFDXVHDOOWKHH[LVWLQJFRQQHFWLRQVWRWKHQHWZRUNWRJHWGURSSHGDQG
DOVR SUHYHQWV QHZ FRQQHFWLRQV IURP KDSSHQLQJ WKHUHE\ FDXVLQJ WKH :/$1 YLUWXDOO\
XQXVDEOH
Tools for Wireless DoS

.DOL/LQX[KDVDKDQGIXORIEXLOWLQWRROVDQGIHDWXUHVWRFDXVH'R6DWWDFNVRQ:/$1V
0RVWRIWKHVHWRROVZRUNVE\VHQGLQJGHDXWKHQWLFDWLRQSDFNHWVLQVWHDGRIDXWKHQWLFDWLRQ
SDFNHWV WR DFFHVV SRLQWV ZKLFK FDXVHV WKH QHWZRUN WR GURS DOO WKH H[LVWLQJ FRQQHFWLRQV
2WKHU ZD\ WR IORRG QHWZRUN LV E\ VHQGLQJ DXWKHQWLFDWLRQ UHTXHVWV WR $3V ZLWK
LQDSSURSULDWHVWDWXVFRGHVRUUDQGRPFOLHQW0$&V
6RPHRIWKHSRSXODUWRROVIRUZLUHOHVV'R6LQFOXGHVoid11, FatajackDQGFakeAPIRU
VSRRILQJRUFUHDWLQJODUJHQXPEHURIIDNHDFFHVVSRLQWVLQDQDWWHPSWWRFRQIXVHFOLHQWV
COUNTERMEASURES
7KHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDWRQHFDQHPSOR\WRSUHYHQWSRVVLEOH
DWWDFNVRQDZLUHOHVVQHWZRUN

MAC Address Filtering:7KLVIHDWXUHXVHVDSUHGHILQHGOLVWRI0$&DGGUHVVHVRI
WKHFOLHQWVZLUHOHVV1,&VZKRDUHDOORZHGWRFRQQHFWWRWKHQHWZRUN7KLVZD\LWLV
SRVVLEOHWRSUHYHQWVWUDQJHUVIURPDFFHVVLQJWKH:/$1V
Hidden SSID: 3UHYHQWLQJDQ$3WRVWRSEURDGFDVWLQJLWV66,'PDNHVLWJRLQYLVLEOH

DQGKHQFHEHFRPHVLQDFFHVVLEOHWRDWWDFNHUV
WPA instead of WEP:6LQFH:(3KDVZHOONQRZQVHFXULW\LVVXHVLWLVDOZD\VVDIH

WRXVHDOWHUQDWHHQFU\SWLRQVWDQGDUGVVXFKDV:3$RU:3$RYHU:(3
Disable WPS:6LQFH:36:L)L3URWHFWHG6HWXSLVVDLGWRKDYHIODZVHQDEOLQJLW

PDNHV :3$ YXOQHUDEOH 7KHUHIRUH LW LV QHFHVVDU\ WR PDQXDOO\ GLVDEOH WKH :36
IHDWXUHZKHUHLQPRVWURXWHUVLWFRPHVSUHDFWLYDWHGE\GHIDXOW
Firewall: 8VLQJ D ILUHZDOO ZLWK VWURQJ UXOHV KHOSV ILOWHU XQDXWKRUL]HG WUDIILF DQG
SUHYHQWEUXWHIRUFHDWWDFNV
Chapter 14 - Web Application Vulnerabilities

:HDNQHVVLQZHEDSSOLFDWLRQVDOORZKDFNHUVWRFDUU\RXWYDULRXVPDOLFLRXVDWWDFNVVXFKDV
KLMDFNLQJ DFFRXQWV VWHDOLQJ LGHQWLWLHV JDLQLQJ DFFHVV WR FRQILGHQWLDO LQIRUPDWLRQ DQG VR
RQ ,Q WKLV FKDSWHU ZH ZLOO ORRN DW VRPH RI WKH FRPPRQ YXOQHUDELOLWLHV IRXQG LQ ZHE
DSSOLFDWLRQVDQGZD\VWRH[SORLWWKHP

WEB APPLICATION BASICS

$ZHEDSSOLFDWLRQLVDFOLHQWVHUYHUVRIWZDUHWKDWUXQVRQDFRPSXWHUDQGLQWHUDFWVZLWKWKH
XVHUVRURWKHUV\VWHPVXVLQJSURWRFROVVXFKDV+7730RVWZHEDSSOLFDWLRQVDUHW\SLFDOO\
ZULWWHQ XVLQJ SURJUDPPLQJ ODQJXDJHV OLNH -DYD 3+3 3HUO 0LFURVRIW 1(7 DQG VR RQ
(DFKVHUYHUKDVPXOWLSOHZHEDSSOLFDWLRQVUXQQLQJRQLWXVLQJZKLFKLWLVSRVVLEOHWRPDNH
EDFN DQG IRUWK FRPPXQLFDWLRQ EHWZHHQ WKH FOLHQW DQG WKH VHUYHU IRU FDUU\LQJ RXW WDVNV
VXFK H[HFXWLQJ GDWDEDVH TXHULHV UHWULHYLQJ ILOHV HWF 7KH IROORZLQJ VWHSV H[SODLQ WKH
ZRUNLQJRIZHEDSSOLFDWLRQVRQDVHUYHU

7KHFOLHQWPDNHVDUHTXHVWIRUDZHESDJHE\W\SLQJLWV85/RQWKHEURZVHU
7KH WDUJHW ZHE VHUYHU UHFHLYHV WKLV UHTXHVW DQG IRUZDUGV WKH VDPH WR WKH ZHE
DSSOLFDWLRQVUHVLGLQJRQLW
7KHZHEDSSOLFDWLRQVZLOOSURFHVVWKHUHTXHVWWRIHWFKDOOWKHQHFHVVDU\LQIRUPDWLRQ
UHTXLUHGIRUWKHRXWSXWVXFKDVTXHU\LQJGDWDEDVHSURFHVVLQJLPDJHHWFDQGVHQGV
LWEDFNWRWKHZHEVHUYHU
7KHZHEVHUYHUIRUZDUGVWKHRXWSXWEDFNWRWKHUHTXHVWLQJFOLHQWVEURZVHU
Figure 14. 1

TYPES OF WEB APPLICATION VULNERABILITIES

1RZ OHW XV GLVFXVV VRPH RI WKH GLIIHUHQW W\SHV RI YXOQHUDELOLWLHV IRXQG LQ ZHE
DSSOLFDWLRQVKRZWKH\ZRUNDQGZD\VWRH[SORLWWKHP
Cross-Site Scripting (XSS)

Cross-site scripting DOVRNQRZQDV XSSLVDW\SHRIDWWDFNWKDWLQMHFWVPDOLFLRXVVFULSWV
VXFK DV -DYD6FULSW $FWLYH; 9%6FULSW )ODVK HWF LQWR YXOQHUDEOH ZHE SDJHV RI D VLWH
7KLVPDOLFLRXVVFULSWJHWVVWRUHGRQWKHZHEVLWHLWVHOIDQGZKHQHYHUXVHUVYLVLWWKLVVLWHRU
EURZVHLWVSDJHVWKHVFULSWJHWVODXQFKHGRQWKHFOLHQWVVLGHWRLQLWLDWHDQDWWDFN,QVLPSOH
ZRUGV;66LVDW\SHRIDWWDFNWKDWH[SORLWVDYXOQHUDEOHVLWHDQGXVHVLWDVDQLQWHUPHGLDU\
WRFDUU\RXWDWWDFNVRQWKHHQGXVHUV
Key Concepts of XSS

;66LVDZHEEDVHGDWWDFNSHUIRUPHGRQYXOQHUDEOHZHEDSSOLFDWLRQV
,Q;66DWWDFNVWKHILQDOWDUJHWRUWKHYLFWLPLVWKHHQGXVHUDQGQRWWKHYXOQHUDEOH
DSSOLFDWLRQ
+HUH WKH YXOQHUDEOH ZHE SDJH RU DSSOLFDWLRQ LV XVHG MXVW DV D FRQGXLW WR UHDFK WKH
ILQDOWDUJHWZKRLVWKHHQGXVHU
Impact of XSS Attack

:KHQDWWDFNHUVVXFFHHGLQH[SORLWLQJ;66YXOQHUDELOLWLHVWKH\FDQSHUIRUPWKHIROORZLQJ
DFWLYLWLHVRQWKHFOLHQWVLGH

*DLQDFFHVVWRVHVVLRQFRRNLHVDQGKLMDFNXVHUDFFRXQWV
6SUHDGZRUPVYLUXVDQG7URMDQV
*DLQDFFHVVWRWKHHQGXVHUVILOHVDQGGLUHFWRULHV
5HPRWHO\FRQWUROWKHXVHUVEURZVHUDFWLYLW\
XSS Scenario
/HWXVDVVXPHWKDWDKDFNHUGLVFRYHUVDQ;66YXOQHUDELOLW\LQRQHRIWKHZHEDSSOLFDWLRQV
RIDODUJHZHEVLWHOLNHfacebook.com7KHKDFNHUH[SORLWVWKLVYXOQHUDELOLW\DQGLQMHFWVD
PDOLFLRXVFRGHRQWRRQHRIWKH)DFHERRNVZHESDJH:KHQHYHUXVHUVYLVLWWKLVSDJHWKH
PDOLFLRXV FRGH UXQV RQ WKHLU EURZVHU DQG VWHDOV WKHLU VHVVLRQ FRRNLH DQG VHQGV WKLV
LQIRUPDWLRQEDFNWRWKHKDFNHU7KHDWWDFNHUZLOOQRZXVHWKLVFRRNLHWRKLMDFNWKHXVHUV
VHVVLRQDQGHDVLO\JDLQDFFHVVWRKLVKHU)DFHERRNDFFRXQW

XSS Countermeasures
7RGD\ PRGHUQ ZHEVLWHV UHO\ KHDYLO\ RQ FRPSOH[ ZHE DSSOLFDWLRQV WR GHOLYHU G\QDPLF
FRQWHQWRXWSXWVEDVHGRQXVHUVSHFLILFQHHGVDQGSUHIHUHQFHV8QOLNHVWDWLFZHEVLWHVLWLV
QRWSRVVLEOHIRUWKHG\QDPLFZHEVLWHVWRH[HUFLVHFRPSOHWHFRQWURORYHUKRZWKHLURXWSXW
LV LQWHUSUHWHG E\ WKH FOLHQW 7KLV PD\ RSHQ XS D SRVVLELOLW\ IRU WKH SUHVHQFH RI ;66
YXOQHUDELOLWLHVLQRQHRUPRUHZHEDSSOLFDWLRQVXVHGE\WKHG\QDPLFZHEVLWH<RXFDQWDNH
XSWKHIROORZLQJFRXQWHUPHDVXUHVWRVWRS;66DWWDFNVRQ\RXUZHEVLWHV

6WULFWO\YDOLGDWHDOOWKHLQFRPLQJGDWDWRWKHZHEDSSOLFDWLRQVEHIRUHH[HFXWLRQ
$GRSWDVWULFWVHFXULW\SROLF\WRSUHYHQWSHRSOHIURPGLUHFWO\VXEPLWWLQJVFULSWVWRWKH
VHUYHU
)LOWHUWKHLQSXWGDWDWRUHPRYHDQ\RIWKHH[LVWLQJVFULSWVLQLWEHIRUHSURFHVVLQJWKHP
SQL Injection
:HE DSSOLFDWLRQV XVH GDWDEDVHV WR VWRUH GDWD QHHGHG IRU ZHEVLWHV WR GHOLYHU VSHFLILF
FRQWHQWWRYLVLWRUVDQGUHQGHURWKHUXVHIXOLQIRUPDWLRQ'DWDEDVHVPD\DOVRFRQWDLQRWKHU
YLWDOLQIRUPDWLRQVXFKDVXVHUFUHGHQWLDOVILQDQFLDOGRFXPHQWDWLRQVXVHUVSHFLILFGDWDDQG
PDQ\RWKHUFRQILGHQWLDOLQIRUPDWLRQ:KHQHYHUOHJLWLPDWHXVHUVSODFHDUHTXHVWWRYLHZRU
PRGLI\ WKLV LQIRUPDWLRQ 64/ TXHULHV DOVR FDOOHG 64/ FRPPDQGV DUH XVHG E\ ZHE
DSSOLFDWLRQWRIHWFKRUPRGLI\WKHGDWDVWRUHGLQWKHGDWDEDVHV
SQL injection LV D W\SH RI DWWDFN ZKHUH WKH DWWDFNHU WULHV WR SDVV 64/ FRPPDQG LWVHOI
LQVWHDGRIWH[WGDWDWKURXJKWKHZHEDSSOLFDWLRQIRUH[HFXWLRQE\WKHEDFNHQGGDWDEDVH
+HUH WKH DWWDFNHU LQMHFWV VSHFLDOO\ FUDIWHG 64/ FRPPDQGV WR LQSXW ILHOGV VXFK DV VHDUFK
ER[HV ORJLQ ILHOGV IHHGEDFN IRUPV HWF WKDW DUH PHDQW WR UHFHLYH YDOLG GDWD ,I WKH ZHE
DSSOLFDWLRQV IDLO WR SURSHUO\ YDOLGDWH WKH LQSXW EHIRUH SDVVLQJ LW RQ WR WKH GDWDEDVH WKLV
PD\ JUDQW XQDXWKRUL]HG DFFHVV WR WKH DWWDFNHU DQG SHUPLW KLP WR YLHZ RU PRGLI\
LQIRUPDWLRQIURPWKHGDWDEDVH
Key Concepts of SQL Injection

64/LQMHFWLRQLVDVRIWZDUHYXOQHUDELOLW\WKDWRFFXUVZKHQXVHUGDWDLQSXWVDUHVHQW
GLUHFWO\WRWKH64/LQWHUSUHWHUIRUH[HFXWLRQZLWKRXWSURSHUYDOLGDWLRQ
$WWDFNHUVXVHLQSXWILHOGVWRSDVVVSHFLDOO\FUDIWHG64/TXHULHVLQDQDWWHPSWWRWULFN
WKHLQWHUSUHWHUWRH[HFXWHXQLQWHQGHGFRPPDQGVRQWKHGDWDEDVH
Impact of SQL Injection Attack

8SRQ VXFFHVV DQ 64/ LQMHFWLRQ DWWDFN PD\ DOORZ WKH KDFNHU WR SHUIRUP WKH IROORZLQJ
DFWLYLWLHV

%\SDVVXVHUDXWKHQWLFDWLRQDQGJDLQXQDXWKRUL]HGDFFHVV
*DLQDFFHVVWRLPSRUWDQWSDUWVRIWKHGDWDEDVHDQGYLHZXQLQWHQGHGGDWD
$GGRUUHPRYHQHZHQWULHVWRWKHGDWDEDVH
6RPHWLPHVLWLVHYHQSRVVLEOHWRFRPSOHWHO\ZLSHRXWWKHFRQWHQWVRIWKHGDWDEDVH

SQL Injection Example

/HWXVDVVXPHWKDWWKHUHH[LVWVDORJLQSDJHGHVLJQHGWRDOORZXVHUVWRDFFHVVDUHVWULFWHG
DUHDRIWKHZHEVLWHXSRQDXWKHQWLFDWLQJWKHLUFUHGHQWLDOV:KHQDJHQXLQHXVHUHQWHUVKLV
XVHUQDPHDQGSDVVZRUGLQWKHORJLQILHOGWKHZHEDSSOLFDWLRQH[HFXWHVDQ64/TXHU\
LQWKHEDFNJURXQGRQDGDWDEDVHZKLFKFRQWDLQVDOLVWRIXVHUQDPHVDQGSDVVZRUGV,IWKH
XVHUQDPHSDVVZRUG SDLU LV VDLG WR EH PDWFKLQJ WKH XVHU LV JUDQWHG DFFHVV RWKHUZLVH
DFFHVVLVGHQLHG
6XSSRVHZKHQDJHQXLQHXVHUHQWHUVKLVFUHGHQWLDOVDVIROORZV
Username: tom
Password: pass2000
7KH64/TXHU\XVHGWRSHUIRUPWKLVPDWFKZRXOGEHVRPHWKLQJDVIROORZV
SELECT * FROM users WHERE username=tom and password=pass2000
+HUH WKH DERYH 64/ TXHU\ LV WU\LQJ WR ILQG D URZ LQ WKH GDWDEDVH E\ PDWFKLQJ WKH
XVHUQDPHSDVVZRUG SDLU XVLQJ WKH logical and RSHUDWRU 7KH and RSHUDWRU UHWXUQV
TRUERQO\ZKHQERWKWKHRSHUDQGVXVHUQDPH SDVVZRUGPDWFKHV2WKHUZLVHDFFHVV
ZLOOEHGHQLHG
,PDJLQHZKDWZRXOGKDSSHQZKHQDKDFNHUGLVFRYHUVD64/LQMHFWLRQYXOQHUDELOLW\RQWKLV
ORJLQ SDJH +H ZRXOG LQMHFW D VSHFLDOO\ FUDIWHG 64/ FRPPDQG LQWR WKH ORJLQ ILHOG DV
IROORZV
Username: tom
Password: or 1=1
7KH YXOQHUDEOH ZHE DSSOLFDWLRQ VLPSO\ SDVVHV WKH GDWD LQ WKH SDVVZRUG ILHOG ZLWKRXW
SURSHU YDOLGDWLRQ DQG KHQFH LW JHWV LQWHUSUHWHG DV DQ 64/ FRPPDQG LQVWHDG RI D QRUPDO
WH[WGDWD1RZWKH64/TXHU\XVHGWRSHUIRUPWKLVPDWFKZRXOGEHVRPHWKLQJDVIROORZV
SELECT * FROM users WHERE username=tom and password= or 1=1

+HUHWKH logical operator orKROGVTRUE HYHQ LI RQO\ RQH RI LWV RSHUDQGV PDWFKHV ,Q
WKLVFDVH1=1PDWFKHVDQGKHQFHWKHKDFNHULVJUDQWHGDFFHVVWRWKHUHVWULFWHGDUHDIRU
WKH ZHEVLWH 7KLV ZD\ WKH 64/ LQMHFWLRQ YXOQHUDELOLW\ KHOSV KDFNHU E\SDVV WKH
DXWKHQWLFDWLRQV\VWHPDQGJDLQXQDXWKRUL]HGDFFHVVWRWKHV\VWHP

SQL Injection Countermeasures

$GRSWDQLQSXWYDOLGDWLRQWHFKQLTXHWRVDQLWL]HWKHXVHULQSXWEHIRUHSDVVLQJLWRQWR
WKHGDWDEDVHDSSOLFDWLRQVIRUH[HFXWLRQ
8VHUVPXVWEHJLYHQOHDVWSHUPLVVLRQZKHQWKH\DUHDOORZHGWRDFFHVVWKHGDWDEDVH
:HE DSSOLFDWLRQV PXVW QRW EH DOORZHG WR DFFHVV GDWDEDVH ZLWK DGPLQLVWUDWRU
SULYLOHJHV ,QVWHDG XVH D OLPLWHG DFFRXQW ZKHQ DFFHVVLQJ GDWDEDVHV YLD ZHE
DSSOLFDWLRQV

Command Injection
Command injection DOVRNQRZQDVshell injectionLVDW\SHRIDWWDFNZKHUHWKHDWWDFNHU
H[SORLWV YXOQHUDEOH ZHE DSSOLFDWLRQV WR LQMHFW PDOLFLRXV FRGHV LQWR WKH EDFNHQG
DSSOLFDWLRQVLQRUGHUWRVHHNXQDXWKRUL]HGDFFHVVWRGDWDRUQHWZRUNUHVRXUFHV7KLVDWWDFN
LVYHU\VLPLODUWRWKH64/LQMHFWLRQDWWDFNGHVFULEHGDERYH
'\QDPLFZHESDJHVXVHZHEDSSOLFDWLRQVWRSUHVHQWXVHUVSHFLILFGDWDDQGFDUU\RXWRWKHU
G\QDPLFRSHUDWLRQVVXFKDVUHWULHYLQJWKHFRQWHQWVRIDILOHVHQGLQJHPDLOVHWF7KHVHZHE
DSSOLFDWLRQVLQWXUQPDNHXVHRIXQGHUO\LQJSURJUDPVVXFKDVVKHOOVFULSWVDQGRSHUDWLQJ
V\VWHPFDOOVWRFRPSOHWHVSHFLILFUHTXHVWVDQGDFWLRQV
,IZHEDSSOLFDWLRQVVXFKDVIRUPILHOGVIDLOWRVDQLWL]HXVHULQSXWGDWDEHIRUHSDVVLQJWKH
VDPHWRWKHEDFNHQGDSSOLFDWLRQVDQDWWDFNHUFDQHDVLO\H[SORLWWKHPWRSHUIRUPFRPPDQG
LQMHFWLRQDWWDFN
Command Injection Countermeasures

7KHIROORZLQJDUHVRPHRIWKHFRXQWHUPHDVXUHVWKDWFDQEHHPSOR\HGWRSUHYHQWFRPPDQG
LQMHFWLRQDWWDFNV

3URSHUO\ VDQLWL]H DQG YDOLGDWH WKH XVHU LQSXW GDWD WR UHPRYH DQ\ RI WKH H[LVWLQJ
PDOLFLRXVFRQWHQW
6WUXFWXUH UHTXHVWV VR WKDW DOO VXSSOLHG SDUDPHWHUV DUH WUHDWHG DV GDWD LQVWHDG RI
SRWHQWLDOO\H[HFXWDEOHFRQWHQW
0DNHVXUHWKDW\RXVWULSRXWSRWHQWLDOO\GDQJHURXVFKDUDFWHUVOLNHVHPLFRORQVSLSHV
_ DQG DPSHUVDQGV IURP XVHU LQSXW EHIRUH SDVVLQJ LW RQWR WKH XQGHUO\LQJ
SURJUDPV
,ISRVVLEOHDYRLGSDVVLQJXVHUJLYHQDUJXPHQWVWR26SURJUDPV

Buffer Overflow
Buffer overflowDOVRNQRZQDVbuffer overrunLVDW\SHRIH[SORLWWKDWWDNHVDGYDQWDJH
RIYXOQHUDEOHDSSOLFDWLRQVWKDWDUHZDLWLQJWRSURFHVVXVHULQSXWV$ZHEDSSOLFDWLRQLVVDLG
WR EH YXOQHUDEOH WR WKLV NLQG RI DWWDFN ZKHQ WKH DSSOLFDWLRQ ZKLOH ZULWLQJ GDWD WR WKH
EXIIHURYHUUXQVWKHEXIIHUOLPLWDQGRYHUZULWHVWRDGMDFHQWPHPRU\

Key Concepts of Buffer Overflow

%XIIHURYHUIORZKDSSHQVZKHQWKHVL]HRIXVHULQSXWGDWDLVODUJHUWKDQLWVDOORFDWHG
EXIIHUVL]HDQGWKHDSSOLFDWLRQRYHUUXQVLWVEXIIHUVERXQGDU\ZKHQZULWLQJWKHLQSXW
WRWKHPHPRU\
7KHJRDOLVWRWULJJHUEXIIHURYHUIORZVLQYXOQHUDEOHDSSOLFDWLRQVWKURXJKLQSXWVWKDW
DUHGHVLJQHGWRH[HFXWHPDOLFLRXVFRGHVRUDOWHUWKHQRUPDOIORZRIWKHSURJUDPWR
WKHIORZGHWHUPLQHGE\WKHKDFNHU
Types of Buffer Overflows

%XIIHURYHUIORZDWWDFNVFDQEHFODVVLILHGLQWRWZRPDLQW\SHVDVIROORZV

Heap based attacks
Stack based attacks

+HDSEDVHGDWWDFNZRUNVE\IORRGLQJWKHPHPRU\VSDFHWKDWLVG\QDPLFDOO\DOORFDWHGWRD
SURJUDPEXWWKHGLIILFXOW\LQYROYHGLQFDUU\LQJRXWVXFKDWWDFNVPDNHVWKHPUDUH2QWKH
RWKHU KDQG VWDFN EDVHG DWWDFNV DUH WKH HDVLHVW DQG KHQFH PRVW ZLGHO\ SHUIRUPHG E\ WKH
DWWDFNHUV
Stack Buffer Overflow Example

$ VWDFN LV D FRPSXWHU PHPRU\ XVHG ZKHQ RQH IXQFWLRQ ZLWKLQ D SURJUDP FDOOV DQRWKHU
7KLVVWDFNFRQWDLQVGDWDORFDOYDULDEOHVYDULDEOHVWKDWDUHSULYDWHWRDIXQFWLRQIXQFWLRQ
DUJXPHQWVDQGPRVWLPSRUWDQWO\WKHUHWXUQDGGUHVVRIWKHLQVWUXFWLRQWRUHWXUQZKHQRQH
IXQFWLRQILQLVKHV,QRWKHUZRUGVZKHQ)XQFWLRQ$FDOOV)XQFWLRQ%WKH&38QHHGVWR
NQRZZKHUHWRJREDFNZKHQ)XQFWLRQ%ILQLVKHVLWVWDVNDQGWKLVUHWXUQDGGUHVVEDFNWR
)XQFWLRQ$LVVWRUHGLQWKHVWDFN
&RQVLGHUWKHIROORZLQJVDPSOHFRGH
YRLGfunctionA
^
IXQFWLRQ%5HDG8VHU1DPHVRFNHW
`

YRLGfunctionBFKDU QDPH
^
FKDUQDPHBDUU>@
VWUFS\QDPHBDUUQDPH
`
,QWKHDERYHH[DPSOHfunctionAUHDGVWKHVWULQJXVHUQDPHIURPWKHIURPWKHXVHUDQG

SDVVHVLWRQWRWKHfunctionBIRUFRS\LQJWKHVDPHWRDEXIIHUQDPHBDUU>@IRUZKLFK
WKH VL]H DOORFDWHG LV E\WHV :KHQ WKH DWWDFNHU HQWHUV D FOHYHUO\ GHYLVHG LQSXW QDPH
ZKRVH VL]H LV ODUJHU WKDQ E\WHV WKH GDWD FDQ RYHUIORZ EH\RQG WKH PHPRU\ SDUWV
DVVLJQHG WR QDPHBDUU UHVXOWLQJ LQ D EXIIHU RYHUIORZ 5HPHPEHU WKDW D VWDFN DOVR
FRQWDLQVUHWXUQDGGUHVVIRUfunctionAZKHQfunctionBFRPSOHWHVLWVH[HFXWLRQ:KHQWKH
EXIIHURYHUIORZVWKHDWWDFNHUFDQPDQLSXODWHWKHVWDFNWRVHWKLVRZQUHWXUQDGGUHVVWRWKH
SRLQWZKHUHKLVPDOLFLRXVSURJUDPH[LVWVLQWKHEXIIHU,QWKLVZD\WKHDWWDFNHUFDQH[SORLW
VWDFNRYHUIORZYXOQHUDELOLW\LQZHEDSSOLFDWLRQVWRH[HFXWHKLVRZQPDOLFLRXVFRGHVDQG
WDNHFRQWURORIWKHV\VWHP
Buffer Overflow Countermeasures

9DOLGDWHLQSXWOHQJWKRIGDWDLQIRUPVEHIRUHSDVVLQJWKHPRQWRWKHIXQFWLRQV
3UDFWLFHVDIHDQGVHFXUHFRGLQJKDELWVZKHQGHDOLQJZLWKEXIIHUV
8VHWRROVOLNHStack ShieldDQG Stack GuardIRU/LQX[V\VWHPVWRGHIHQGDJDLQVW

VWDFNRYHUIORZDWWDFNV

Directory Traversal
Directory traversal LV D W\SH RI +773 YXOQHUDELOLW\ XVHG E\ KDFNHUV WR JDLQ DFFHVV WR
UHVWULFWHGGLUHFWRULHVDQGILOHV\VWHPRQDZHEVHUYHU'LUHFWRU\WUDYHUVDODWWDFNKDSSHQV
GXHWRWKHZHEVHUYHUVVLQDELOLW\WRYDOLGDWHILOWHUXVHULQSXWV:HEDSSOLFDWLRQVGHYHORSHG
XVLQJ SURJUDPPLQJ ODQJXDJHV OLNH 3+3 3\WKRQ 3HUO $SDFKH DQG &ROG)XVLRQ DUH
FRPPRQO\YXOQHUDEOHWRWKLVW\SHRIDWWDFN
Key Concepts of Directory Traversal

8VLQJ WKLV YXOQHUDELOLW\ DWWDFNHUV FDQ EURZVH GLUHFWRULHV DQG ILOHV WKDW DUH RXWVLGH
QRUPDODSSOLFDWLRQDFFHVV
7KLVW\SHRIDWWDFNH[SRVHVGLUHFWRU\VWUXFWXUHXQGHUO\LQJZHEVHUYHUDQGRSHUDWLQJ
V\VWHPRIWKHYXOQHUDEOHPDFKLQH
$WWDFNDOORZVKDFNHUWRJDLQDFFHVVWRUHVWULFWHGSDJHVDQGFRQILGHQWLDOLQIRUPDWLRQ
RQWKHV\VWHP
Directory Traversal Countermeasures

3URSHUO\YDOLGDWHXVHULQSXWVIURPEURZVHUV
(PSOR\ ILOWHUV WR EORFN 85/V FRQWDLQLQJ FRPPDQGV DQG HVFDSH FRGHV WKDW DUH
FRPPRQO\XVHGE\DWWDFNHUV
'HILQH DFFHVV ULJKWV WR SURWHFWHG DUHDV RI WKH ZHEVLWH VR DV WR UHVWULFW QRUPDO XVHU
DFFHVV
.HHS\RXUZHEVHUYHUVRIWZDUHXSWRGDWHZLWKODWHVWSDWFKHVDQGXSGDWHV
TOOLS FOR VULNERABILITY SCANNING

7KHIROORZLQJDUHVRPHRIWKHSRSXODUWRROVWKDWFDQEHXVHGWRILQGYXOQHUDELOLWLHVLQZHE
DSSOLFDWLRQV

Acunetix: 7KLV LV DQ HQWHUSULVH OHYHO ZHE DSSOLFDWLRQ YXOQHUDELOLW\ VFDQQHU DQG
SHQHWUDWLRQWHVWLQJWRRODYDLODEOHIRU:LQGRZVPDFKLQHV
W3af:7KLVLVDQRSHQVRXUFHZHEDSSOLFDWLRQDWWDFNDQGDXGLWWRROIRU/LQX[%6'
0DFDQG:LQGRZVPDFKLQHV
Vega: 7KLV WRRO LV XVHG WR ILQG DQG IL[ FRPPRQO\ IRXQG ZHE DSSOLFDWLRQ
YXOQHUDELOLWLHVOLNH;6664/LQMHFWLRQDQGPRUH,WLVDQRSHQVRXUFHWRROZULWWHQLQ
-DYDDQGDYDLODEOHIRUERWK:LQGRZVDQG/LQX[RSHUDWLQJV\VWHPV
Arachni:7KLVLVDSRZHUIXORSHQVRXUFHWRROXVHGE\SHQHWUDWLRQWHVWHUVDQGV\VWHP
DGPLQLVWUDWRUVWRHYDOXDWHWKHVHFXULW\RIZHEDSSOLFDWLRQV7KHWRROLVDYDLODEOHIRU
/LQX[DQG0DFSODWIRUPV
X5S: ;6 LV D SRZHUIXO WRRO GHVLJQHG WR ILQG FURVVVLWH VFULSWLQJ YXOQHUDELOLWLHV LQ
ZHEDSSOLFDWLRQV
Chapter 15 - Hacking Internet Users

'XH WR D UDSLG LQFUHDVH LQ WKH QXPEHU RI ,QWHUQHW XVHUV LQ WKH UHFHQW \HDUV PDOLFLRXV
KDFNHUVKDYHQRZVWDUWHGWRWDUJHWLQGLYLGXDOXVHUVIRUWKHLUDWWDFN1XPHURXVFOLHQWVLGH
YXOQHUDELOLWLHV VXFK DV EURZVHU IODZV DQG ODFN RI VHFXULW\ DZDUHQHVV DPRQJ WKH ,QWHUQHW
XVHUVKDVPDGHWKHPDQHDV\WDUJHWIRUKDFNHUV,QWKLVFKDSWHUOHWXVORRNDWVRPHRIWKH
SRSXODUZD\VWRKDFN,QWHUQHWXVHUVDQGDOVRWKHFRXQWHUPHDVXUHVWRSUHYHQWWKHP
Objectives of Hacking Internet Users

+DFNHUVWDUJHWLQGLYLGXDOXVHUVIRUDZLGHYDULHW\RIUHDVRQVDVPHQWLRQHGEHORZ

)RU JDLQLQJ DFFHVV WR FRQILGHQWLDO LQIRUPDWLRQ VXFK DV FUHGLW FDUGV GHWDLOV EDQN
ORJLQVDFFRXQWLQIRUPDWLRQHWF
7RWDNHFRQWURORIXVHUVRQOLQHDFFRXQWVVXFKDV(PDLO)DFHERRNDQGRWKHUVRFLDO
QHWZRUNDFFRXQWV
7RHDUQDGYHUWLVLQJUHYHQXHE\IRUFHIXOO\GULYLQJXVHUVWRRQOLQHDGYHUWLVHPHQWVVXFK
DVEDQQHUVDQGSRSXSV
7RXVHLQGLYLGXDOXVHUVIRUDWWDFNLQJRWKHUV\VWHPVVXFKDVFDXVLQJD''R6DWWDFN
6RPHWLPHVHYHQIRUIXQRUWRVKRZRIIWDOHQWDPRQJWKHKDFNHUVFRPPXQLW\
COMMON HACKING TECHNIQUES

7KHIROORZLQJDUHVRPHRIWKHSRSXODUO\XVHGWHFKQLTXHVWRKDFNLQGLYLGXDOXVHUVRQWKH
,QWHUQHW
Session Hijacking (Cookie Hijacking)

6LQFHZHESDJHVKDYHQRPHPRULHVWKH\KDYHWRXVHDPHDQVWRLGHQWLI\DQGDXWKHQWLFDWH
LQGLYLGXDO XVHUV DFFHVVLQJ ZHE SDJHV (VSHFLDOO\ ZKHQ SHRSOH DUH DFFHVVLQJ UHVWULFWHG
SDJHVRUVHFXUHDUHDZKLFKUHTXLUHSDVVZRUGDXWKHQWLFDWLRQWKHZHEVLWHQHHGVDPHDQVWR
UHPHPEHUXVHUVLQGLYLGXDOO\DIWHUWKHLUVXFFHVVIXOORJLQV)RUH[DPSOHZKHQSHRSOHORJ
LQWR WKHLU )DFHERRN DFFRXQW E\ HQWHULQJ SDVVZRUG WKH\ PD\ DFFHVV VHYHUDO GLIIHUHQW
SDJHVXQWLOWKH\ILQDOO\VLJQRXW,WZRXOGEHLPSUDFWLFDOWRDVNXVHUVWRUHHQWHUSDVVZRUG
HDFKWLPHWKH\DFFHVVDGLIIHUHQWSDJH
Session Cookies
7KHUHIRUHLQRUGHUWRUHPHPEHULQGLYLGXDOXVHUVZHEVLWHVVWRUHDVPDOOILOHFDOOHGsession
cookie RQ WKH FOLHQW VLGH LQ WKH XVHUV EURZVHU ZKLFK FRQWDLQV XQLTXH DXWKHQWLFDWLRQ
LQIRUPDWLRQ DERXW WKH XVHUV DFWLYH VHVVLRQ 7KHVH FRRNLHV KHOS LGHQWLI\ LQGLYLGXDO XVHUV
WKURXJKRXWWKHZHEVLWH:KHQWKHXVHUKLWVWKHORJRXWEXWWRQRUFORVHVWKHEURZVHUWKH
VHVVLRQLVVDLGWRH[SLUH
6RZKHQDKDFNHUPDQDJHVWRVWHDOWKHFRRNLHVRIDQDFWLYHVHVVLRQKHPD\LQMHFWWKHPWR
KLV EURZVHU WR JDLQ XQDXWKRUL]HG WR DQ\ RQOLQH DFFRXQW VXFK DV HPDLOV VRFLDO PHGLD
DFFRXQWV DQG VR RQ 7KLV WHFKQLTXH LV NQRZQ DV session hijacking DOVR UHIHUUHG WR DV
cookie hijacking RUcookie stealing
Session Hijacking Demo

%HORZ LV D GHPRQVWUDWLRQ RI W\SLFDO VHVVLRQ KLMDFNLQJ SHUIRUPHG RQ D VDPSOH )DFHERRN
DFFRXQW+HUHWKHKDFNHUPD\XVHGLIIHUHQWWHFKQLTXHVVXFKDVcross-site scripting (XSS)RU
packet sniffingWRVWHDOWKHWDUJHWXVHUVVHVVLRQFRRNLHV
(YHQWKRXJK)DFHERRNVWRUHVVHYHUDOFRRNLHVLQWKHEURZVHUDIWHUVXFFHVVIXOORJLQWKHUH
DUH RQO\ WZR LPSRUWDQW FRRNLHV WKDW FRQWDLQV DXWKHQWLFDWLRQ GDWD WR GHFLGH DQ DFWLYH
VHVVLRQ7KHQDPHVRIWKHVHWZRFRRNLHVDUHDVIROORZV

c_user

xs
,QRUGHUWRKLMDFNDQDFWLYHVHVVLRQRQHKDVWRJDLQDFFHVVWRWKHFRQWHQWVRIWKHDERYHWZR
FRRNLHV6QDSVKRWVRIWKHVDPSOHGDWDFRQWDLQHGLQWKHVHWZRFRRNLHVDUHVKRZQEHORZ
Figure 15. 1
Figure 15. 2
2QFH\RXKDYHDFFHVVWRWKHFRQWHQWVRIWKHDERYHWZRVHVVLRQFRRNLHVc_userDQGxs
LW LV WLPH WR LQMHFW WKHP WR \RXU EURZVHU DQG JDLQ DFFHVV WR WKH WDUJHW XVHUV )DFHERRN
DFFRXQW $ )LUHIR[ H[WHQVLRQ FDOOHG Advanced Cookie Manager PDNHV WKLV MRE D ORW
VLPSOHU,WSURYLGHVDQRSWLRQWRDGGDQGHGLWFRRNLHVVWRUHGRQ)LUHIR[+HUHLVDVWHSE\
VWHSLQVWUXFWLRQWRLQMHFWFRRNLHWR)LUHIR[EURZVHU

,QVWDOOWKHDGGRQAdvanced Cookie Manager WR\RXU)LUHIR[EURZVHUDQGRSHQLW
E\FOLFNLQJWKHLFRQSUHVHQWLQWKHWRROEDU
6ZLWFKWRWKH0DQDJH&RRNLHVWDEDQGFOLFNRQWKH$GG&RRNLHVEXWWRQ
7R FUHDWH WKH c_user FRRNLH ILOO LQ DOO WKH GHWDLOV H[DFWO\ DV VKRZQ LQ WKH EHORZ
VQDSVKRWH[SHFWIRUWKH9DOXHILHOGZKLFKKDVWREHUHSODFHGE\WKHFRQWHQWIURP
WKHKLMDFNHGFRRNLH2QFH\RXDUHGRQHFOLFNRQ$GGEXWWRQ

Figure 15. 3

$JDLQFOLFNRQ$GG&RRNLHEXWWRQWRFUHDWHWKHFRRNLHxsLQWKHVDPHZD\$IWHU
ILOOLQJWKHGHWDLOVDVVKRZQEHORZFOLFNRQ$GGEXWWRQ'RQRWIRUJHWWRUHSODFHWKH
9DOXHILHOGZLWKWKHFRQWHQWIURP\RXUKLMDFNHG[VFRRNLH
Figure 15. 4
$IWHU \RX KDYH ILQLVKHG FUHDWLQJ WKHVH WZR FRRNLHV FORVH WKH $GYDQFHG &RRNLH
0DQDJHUDQGORDGWKH)DFHERRNSDJH<RXVKRXOGDXWRPDWLFDOO\EHORJJHGLQWRWKH
WDUJHWXVHUVDFFRXQWZKHUH\RXKDYHWKHFRPSOHWHDFFHVV
2QFH \RX DUH ORJJHG \RX FDQ DFFHVV WKH DFFRXQW DV ORQJ DV WKH WDUJHW XVHUV VHVVLRQ LV
DFWLYH7KDWPHDQV\RXFDQDFFHVVWKHDFFRXQWLQSDUDOOHOIURP\RXURZQFRPSXWHUXQWLO
WKHXVHUKLWV/RJ2XWEXWWRQRQKLVKHUFRPSXWHU
Session Hijacking Countermeasures

7KH IROORZLQJ DUH VRPH RI WKH FRXQWHUPHDVXUHV WR SUHYHQW VHVVLRQ KLMDFNLQJ RQ \RXU
FRPSXWHU

8VHHQFU\SWLRQVWDQGDUGVVXFKDV66/+7736WRSUHYHQWFRRNLHKLMDFNVYLDSDFNHW
VQLIILQJ
8VHDQXSWRGDWHEURZVHUSURJUDPWRSUHYHQWEURZVHUH[SORLWV
&RQILJXUH EURZVHU WR VWRS UXQQLQJ XQYHULILHG VFULSWV DQG DOVR DYRLG XVLQJ EURZVHU
SOXJLQVIURPXQWUXVWHGVRXUFHV
Email Hacking
(PDLOKDFNLQJLVRQHRIWKHSUHYDLOLQJKRWWRSLFVLQWKHILHOGRIHWKLFDOKDFNLQJ$KDFNHU
FDQJDLQDFFHVVWRDZLGHYDULHW\RISULYDWHLQIRUPDWLRQDERXWWKHWDUJHWXVHULIKHPDQDJHU
WR KDFN KLVKHU HPDLO DFFRXQW 6RPH RI WKH SRVVLEOH ZD\V WR KDFN HPDLO DFFRXQWV DUH
GLVFXVVHGEHORZ
Keylogging
8VLQJ D VS\ZDUH SURJUDP VXFK DV NH\ORJJHU LV WKH HDVLHVW ZD\ WR KDFN DQ HPDLO RU DQ\
RWKHURQOLQHDFFRXQWSDVVZRUG$OO\RXQHHGWRGRLVMXVWLQVWDOOWKHNH\ORJJHUSURJUDPRQ
WKHFRPSXWHUZKHUHWKHWDUJHWXVHULVOLNHO\WRDFFHVVKLVKHUHPDLODFFRXQWIURP7KHVH
VS\ZDUH SURJUDPV DUH GHVLJQHG WR RSHUDWH LQ D WRWDO VWHDOWK PRGH DQG KHQFH UHPDLQV
FRPSOHWHO\KLGGHQIURPQRUPDOXVHUV2QFHWKHNH\VWURNHVDUHUHFRUGHG\RXFDQXQORFN
WKHSURJUDPXVLQJDKRWNH\FRPELQDWLRQRUSDVVZRUGWRYLHZWKHORJV7KHORJVFRQWDLQ
DOO WKH NH\VWURNHV W\SHG RQ WKH FRPSXWHU NH\ERDUG LQFOXGLQJ WKH XVHUQDPHV DQG
SDVVZRUGV
0RGHUQ NH\ORJJHU SURJUDPV OLNH Realtime-Spy SpyAgent DQG SniperSpy VXSSRUWV
UHPRWH PRQLWRULQJ IHDWXUH ZKHUH \RX FDQ YLHZ WKH ORJV HYHQ IURP D UHPRWH ORFDWLRQ
6RPHRIWKHPDOVRKDYHDIHDWXUHWRVHQGORJVWKURXJKHPDLODQG)73
(YHQ WKRXJK NH\ORJJHUV FDQ PDNH WKH KDFNLQJ SURFHVV D ORW VLPSOHU WKH\ KDYH D IHZ
GUDZEDFNV0RVWRIWKHVHSURJUDPVKDYHWREHLQVWDOOHGPDQXDOO\RQWKHWDUJHWFRPSXWHU
IRUZKLFK\RXQHHGWRKDYHSK\VLFDODFFHVVWRLW$OVRWKHUHLVDFKDQFHRIDQWLVS\ZDUH
SURJUDPVGHWHFWLQJDQGGHOHWLQJWKHNH\ORJJHULQVWDOODWLRQRQWKHFRPSXWHU
Phishing
3KLVKLQJLVDQRWKHUSRSXODUDQGKLJKO\HIIHFWLYHWHFKQLTXHXVHGE\DWWDFNHUVWRKDFNHPDLO
DQGRWKHURQOLQHDFFRXQWV0RVW,QWHUQHWXVHUVZRXOGHDVLO\IDOOSUH\DQGEHFRPHYLFWLPV
WRWKLVW\SHRIDWWDFN+RZHYHUWRGHYLFHDSKLVKLQJDWWDFNRQHKDVWRKDYHDWOHDVWDEDVLF
NQRZOHGJHRI+70/DQGSURJUDPPLQJ
6WHSV,QYROYHGLQ3KLVKLQJ$WWDFN

7KHKDFNHUILUVWFUHDWHVDUHSOLFDRIWKHWDUJHWORJLQSDJHVXFKDV*PDLO<DKRRRU
DQ\RWKHURQOLQHDFFRXQW
7KLVSDJHLVGHVLJQHGWRVXEPLWDOOORJLQLQIRUPDWLRQXVHUQDPHDQGSDVVZRUGRQWKH

IRUP ILHOGV WR D ORFDO GDWDEDVH LQVWHDG RI WKH DFWXDO ZHEVLWH +DFNHU ZRXOG XVH D
VFULSWLQJODQJXDJHVXFKDV3+3DQGDGDWDEDVHVXFKDV0\64/WRDFFRPSOLVKWKLV
2QFHWKHSDJHLVLQWHJUDWHGWRWKHVFULSWDQGGDWDEDVHWKHKDFNHUXSORDGVWKHZKROH
VHWXSWRDKRVWLQJVHUYHUVRDVWRPDNHWKHSKLVKLQJSDJHJRRQOLQH
7KH KDFNHU FKRRVHV D PDWFKLQJ GRPDLQ VXFK DV gamil.com gmail-account.com

yahoo-mail.comHWFIRUKLVSKLVKLQJSDJHVRDVWRDYRLGDQ\VXVSLFLRQ
2QFHWKHSKLVKLQJSDJHLVOLYHDQGZRUNLQJWKHKDFNHUGULYHVSHRSOHWRWKLVSKLVKLQJ
SDJHE\VSUHDGLQJWKHSKLVKLQJOLQNYLDHPDLO,QWHUQHW0HVVHQJHUDQGIRUXPV
6LQFHSKLVKLQJSDJHVORRNH[DFWO\WKHVDPHDVWKHUHDORQHSHRSOHHQWHUWKHLUORJLQ
GHWDLOV RQ WKHVH SDJHV ZKHUH WKH\ DUH VWROHQ DZD\ DQG JHWV VWRUHG LQ WKH KDFNHUV
GDWDEDVH
Session Hijacking
$V GLVFXVVHG HDUOLHU LW LV SRVVLEOH WR JDLQ DFFHVV WR DQ HPDLO DFFRXQW WKURXJK VHVVLRQ
KLMDFNLQJ %\ VWHDOLQJ WKH FRRNLHV RI DQ DFWLYH VHVVLRQ DQG LQMHFWLQJ WKHP WR RQHV RZQ
EURZVHU LW LV SRVVLEOH WR JDLQ DFFHVV WR WKH WDUJHW HPDLO DFFRXQW +RZHYHU LI WKH WDUJHW
XVHUFORVHVKLVKHURQJRLQJVHVVLRQE\ORJJLQJRXW\RXZLOOQRORQJHUEHDEOHWRDFFHVVWKH
DFFRXQW $OVR XQOLNH NH\ORJJLQJ DQG SKLVKLQJ WKLV PHWKRG GRHV QRW JUDQW \RX WKH
SDVVZRUG RI WKH WDUJHW DFFRXQW DQG KHQFH \RX ZLOO QRW EH DEOH WR UHDFFHVV LW DW D ODWHU
WLPH
Unlocking Stored Passwords

0RVWXVHUVSUHIHUWRVWRUHWKHSDVVZRUGGHWDLOVRIHPDLODQGRWKHURQOLQHDFFRXQWVLQWKH
EURZVHUWRHQDEOHVSHHG\DFFHVV6RPHWLPHVORJLQGHWDLOVRIRIIOLQHHPDLOFOLHQWVVXFKDV
2XWORRNDUHDOVRVWRUHGRQWKHFRPSXWHU7KLVPDNHVWKHPYXOQHUDEOHWRKDFNHUVNirsoft
SURYLGHVDKDQGIXORIIUHHWRROVWRUHFRYHUVXFKVWRUHGSDVVZRUGVRQ:LQGRZV<RXFDQ
GRZQORDGWKHWRROVIURPWKHOLQNSURYLGHGEHORZ
Download: http://www.nirsoft.net/password_recovery_tools.html

Email Hacking Countermeasures

%HORZ DUH VRPH RI WKH FRXQWHUPHDVXUHV WKDW \RX FDQ DGRSW WR SUHYHQW \RXU HPDLO DQG
RWKHURQOLQHDFFRXQWVIURPJHWWLQJKDFNHG

,QVWDOODJRRGDQWLYLUXVDQGDQWLVS\ZDUHSURJUDPRQ\RXUFRPSXWHUDQGNHHSWKHP
XSWRGDWH
3DVVZRUGSURWHFW\RXURSHUDWLQJV\VWHPVRWKDWQRRQHFDQDFFHVV\RXUFRPSXWHULQ
\RXUDEVHQFH
$OZD\VSHUIRUPDPDOZDUHVFDQRQSURJUDPVEHIRUHLQVWDOOLQJWKHP
$YRLGDFFHVVLQJ\RXUDFFRXQWVLQSXEOLFSODFHVVXFKDVF\EHUFDIHV
0DNHVXUHWKDW+7736LVRQZKHQ\RXDUHDFFHVVLQJ\RXUHPDLOV
'R QRW FOLFN RQ WKH OLQNV LQ \RXU HPDLO RU IRUXP WR HQWHU WKH ORJLQ SDJH ,QVWHDG
DOZD\VW\SHWKH85/RIWKHZHEVLWHLQWKHEURZVHUVDGGUHVVEDUDQGDOVRPDNHVXUH
WKDW+7736LVHQDEOHGRQ\RXUORJLQSDJH
$YRLGVWRULQJ\RXUORJLQGHWDLOVRQWKHEURZVHUXQOHVV\RXDUHWKHRQO\XVHURQWKH
FRPSXWHU
Other Ways to Hack Internet Users

7KHIROORZLQJDUHVRPHRIWKHRWKHUKDFNLQJPHWKRGVWKDWDUHFRPPRQLQSUDFWLFH

JavaScript: 6LQFH PRVW FOLHQWVLGH DSSOLFDWLRQV DUH ZULWWHQ LQ -DYD6FULSW LW DOVR
PDNHV D ZRQGHUIXO WRRO IRU KDFNHUV WR ZULWH PDOLFLRXV SURJUDPV IRU H[SORLWLQJ
EURZVHU YXOQHUDELOLWLHV 'XH WR ODFN RI VHFXULW\ DZDUHQHVV DPRQJ XVHUV WKH\ FDQ
HDVLO\ EH IRROHG LQWR HQWHULQJ VHQVLWLYH LQIRUPDWLRQ RU QDYLJDWLQJ WR PDOLFLRXV
ZHEVLWHV,WFDQDOVREHXVHGWRFDUU\RXWRWKHUDWWDFNVVXFKDVFURVVVLWHVFULSWLQJDQG
SKLVKLQJ
Malware:8VLQJPDOZDUHLVDQRWKHUSRSXODUZD\RIKDFNLQJ,QWHUQHWXVHUV+DFNHUV
PDNHXVHRIPDOZDUHSURJUDPVOLNHYLUXVDQG7URMDQKRUVHVWRDFFRPSOLVKWKHLUWDVN
E\DIIHFWLQJODUJHQXPEHURISHRSOH$SRSXODUH[DPSOHRIVXFKDWWDFNLVWKHXVHRI
DNSChanger 7URMDQ ZKLFK DIIHFWHG PLOOLRQV RI ,QWHUQHW XVHUV E\ KLMDFNLQJ WKHLU
'16VHUYHUV
Instant Messaging:$WWDFNHUVFDQDOVRWDUJHW,0XVHUVE\VHQGLQJWKHPXQVROLFLWHG
RIIHUV LQ WKH IRUP RI ILOHV DQG OLQNV 7KLV PD\ PLVOHDG WKH XVHUV LQWR LQVWDOOLQJ
PDOZDUHRUQDYLJDWLQJWRPDOLFLRXVZHEVLWHV
CONCLUSION
,ZRXOGOLNHWRFRQJUDWXODWH\RXUHIIRUWIRUPDNLQJLWWKURXJKWKHZKROHERRN7KURXJKRXW
WKH FRXUVH RI WKLV ERRN \RX KDYH EHHQ LQWURGXFHG WR YDULRXV KDFNLQJ WHFKQLTXHV DQG
VHFXULW\FRQFHSWVWKDWKDVODLGDVROLGIRXQGDWLRQWRSUHVHQW\RXUVHOIDVDQHWKLFDOKDFNHU
+RZHYHUDVWKHQDPHRIWKLVERRNLWVHOIVXJJHVWVWKLVLVMXVWDEHJLQQLQJ,QWKHILHOGRI
LQIRUPDWLRQVHFXULW\WKHUHLVDOZD\VDURRPDQGQHHGIRUOHDUQLQJQHZWKLQJVDQGTXHVW
IRU H[SDQGLQJ NQRZOHGJH UHPDLQV IRUHYHU 5HPHPEHU SUHVHQW GD\ KDFNLQJ WHFKQLTXHV
PD\ QR ORQJHU ZRUN IRU WKH IXWXUH $V QHZ YXOQHUDELOLWLHV JHW GLVFRYHUHG ROG RQHV JHW
SDWFKHG 6R \RX DV DQ HWKLFDO KDFNHU PXVW DOZD\V KDYH DQ XSGDWH RQ WKH ODWHVW VHFXULW\
QHZVDQGQHZO\GLVFRYHUHGYXOQHUDELOLWLHV
FURTHER READING
,QRUGHUWRPDNHLWHDV\IRUWKHEHJLQQHUVDQGILUVWWLPHUHDGHUV,KDYHVLPSOLILHGVRPHRI
WKHWRSLFVLQWKHERRN+RZHYHUHDFKRIWKHPFDQEHH[SDQGHGDQGGLVFXVVHGLQDPXFK
GHHSHUZD\<RXFDQDOZD\VFKRRVH\RXUIDYRXULWHWRSLFIURPWKHERRNDQGEHJLQWROHDUQ
PRUHDERXWLW
2QHRIWKHEHVWZD\WRH[SDQGNQRZOHGJHLVE\SXUFKDVLQJDERRNRQDVSHFLILFWRSLFDQG
IXUWKHUSXUVXLQJLW,QDGGLWLRQ\RXFDQOHDUQPRUHRQLQGLYLGXDOWRSLFVE\MRLQLQJRQOLQH
FRPPXQLWLHVZKHUH\RXFDQGLVFXVV\RXUSUREOHPVDQGILQGTXLFNVROXWLRQVIURPH[SHUWV
+HUHLVDFRPSLODWLRQRIVRPHRIWKHXVHIXOOLQNVWKDWKHOSH[SDQG\RXUNQRZOHGJHRQWKH
VXEMHFW

HackThisSite:2QHRIWKHEHVWVLWHWKDWRIIHUVDQH[FHOOHQWSODWIRUPWROHDUQWHVWDQG
H[SDQG\RXUKDFNLQJVNLOOV
Hellbound Hackers: $QRWKHU ZHEVLWH WKDW JLYHV LQGHSWK LQIRUPDWLRQ RQ YDULRXV
VHFXULW\UHODWHGWRSLFV
Astalavista:7KLVLVDZRQGHUIXOSODFHWROHDUQDERXWODWHVWVHFXULW\H[SORLWVKDFNLQJ
WHFKQLTXHVFRGHFUDFNLQJDQGPRUH
Hack Forums: +HUH \RX FDQ GLVFXVV DQG LQWHUDFW ZLWK ODUJH JURXS RI OLNHPLQGHG
SHRSOHDQGH[SHUWVWRILQGLQIRUPDWLRQDQGVROXWLRQVIRUYDULRXVWRSLFVDQGSUREOHPV
DERXWKDFNLQJ
Codecall: 7KLV ZHEVLWH SURYLGHV DOO WKH SURJUDPPLQJ UHVRXUFHV QHHGHG IRU ZULWLQJ
\RXURZQFRGHVDQGH[SORLWV
Go4Expert: 7KLV LV DQRWKHU FRPPXQLW\ RIIHULQJ IUHH KHOS DQG UHVRXUFHV RQ
SURJUDPPLQJDQGZHEGHYHORSPHQW
SUGGESTIONS AND FEEDBACK

, KRSH \RX IRXQG WKLV ERRN LQIRUPDWLYH DQG DUH VDWLVILHG ZLWK WKH ZD\ WKLQJV DUH
SUHVHQWHG6KRXOG\RXKDYHDQ\TXHVWLRQVFRPPHQWVRUIHHGEDFNIHHOIUHHWRJHWLQWRXFK
ZLWKP\HPDLODGGUHVVPHQWLRQHGEHORZ

Email: info@gohacking.com

EHVWUHJDUGV
Srikanth Ramesh
Table of Contents
35()$&(
&KDSWHU,QWURGXFWLRQ
:+$7,6+$&.,1*"
+$&.(5&/$66,),&$7,21
(66(17,$/7(50,12/2*,(6
+$&.,1*)$46
&KDSWHU(VVHQWLDO&RQFHSWV
&20387(51(7:25.
1(7:25.+267
1(7:25.35272&2/
1(7:25.3257
1(7:25.3$&.(7
'20$,11$0(6<67(0'16
),5(:$//
352;<6(59(5
&KDSWHU,QWURGXFWLRQWR/LQX[
:+</,18;"
:,1'2:696/,18;
&+226,1*$/,18;',675,%87,21
5811,1*/,18;)520$/,9(',6.
/,18;%$6,&6
)857+(55()(5(1&(6
&KDSWHU3URJUDPPLQJ
:+<352*5$00,1*"
:+(5(6+28/',67$57"
&KDSWHU)RRWSULQWLQJ
:+$7,6)22735,17,1*"
,1)250$7,21*$7+(5,1*0(7+2'2/2*<
&2817(50($685(6
&KDSWHU6FDQQLQJ
'(7(&7,1*/,9(6<67(06
7<3(62)6&$11,1*
722/6)256&$11,1*
26),1*(535,17,1*
&21&($/,1*<285,'(17,7<
&2817(50($685(6
&KDSWHU+DFNLQJ3DVVZRUGV
',&7,21$5<$77$&.
%587()25&($77$&.
5$,1%2:7$%/(
3+,6+,1*$77$&.
&2817(50($685(6
&KDSWHU+DFNLQJ:LQGRZV
*$,1,1*$&&(66727+(6<67(0
'803,1*7+(3$66:25'+$6+(6
&5$&.,1*7+(:,1'2:63$66:25'
&2817(50($685(6
&KDSWHU0DOZDUH
0$/:$5(9$5,$176$1'&200217(&+1,48(6
&2817(50($685(6
&KDSWHU+LGLQJ,QIRUPDWLRQ
:,1'2:6+,''(1$775,%87(
17)6$/7(51$7('$7$675($06
67(*$12*5$3+<
86,1*722/6)25+,',1*,1)250$7,21
&KDSWHU6QLIILQJ
7<3(62)61,)),1*
7(&+1,48(6)25$&7,9(61,)),1*
'16&$&+(32,621,1*
0$1,17+(0,''/($77$&.
722/6)2561,)),1*
&2817(50($685(6
&KDSWHU'HQLDORI6HUYLFH
:+$7,6'(1,$/2)6(59,&('26$77$&."
',675,%87(''(1,$/2)6(59,&(''26$77$&.
&2817(50($685(6
&KDSWHU:LUHOHVV+DFNLQJ
:,5(/(661(7:25.%$6,&6
:,5(/(6661,)),1*
:,5('(48,9$/(1735,9$&<:(3
:,),3527(&7('$&&(66:3$
'(1,$/2)6(59,&('26$77$&.6
&2817(50($685(6
&KDSWHU:HE$SSOLFDWLRQ9XOQHUDELOLWLHV
:(%$33/,&$7,21%$6,&6
7<3(62):(%$33/,&$7,2198/1(5$%,/,7,(6
722/6)2598/1(5$%,/,7<6&$11,1*
&KDSWHU+DFNLQJ,QWHUQHW8VHUV
&20021+$&.,1*7(&+1,48(6

Hacking Secrets Exposed - A Beginner&#39;s Guide - January 1 2015

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hacking Secrets Exposed - A Beginner&#39;s Guide - January 1 2015

Uploaded by

Copyright:

Available Formats

PDQQHU ZKHUH RQH FRQFHSW IRUPV WKH IRXQGDWLRQ IRU WKH RWKHU 7KLV PD\ QRW EH WUXH

Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

Exploit:$QexploitLVDGHILQHGZD\ SLHFHRIVRIWZDUHVHWRIFRPPDQGVHWF WKDW

How long does it take to become a hacker?

What skills do I need to become a hacker?

What is the best way to learn hacking?

Chapter 2 - Essential Concepts

Local Area Network (LAN)

Wide Area Network (WAN)

Internet Protocol (IP Address)

Private IP Address:$private IP addressLVWKHRQHWKDWLVDVVLJQHGWRDFRPSXWHURQWKH

How to Find the IP Address of a Computer?

Hyper Text Transfer Protocol (HTTP)

File Transfer Protocol (FTP)

Simple Main Transfer Protocol (SMTP)

SSH (Secure Shell)

Name of Service/Protocol Port Number

DOMAIN NAME SYSTEM (DNS)

How DNS Works?

How Firewall Works?

Hardware vs. Software Firewall:

How Proxy Server Works?

Chapter 3 - Introduction to Linux

8QOLNH:LQGRZV26ZKLFKLVEXLOWRQJUDSKLFDOXVHULQWHUIDFH *8, /LQX[LVEXLOW

WINDOWS VS. LINUX

Listing Files and Directories

Deleting Files and Directories

Connecting to a Remote Host

/lib - System Libraries

/dev - Device Files

/etc - Configuration Files

/home - Home Directories

/user - User Programs

/tmp - Temporary Files

/var - Variable Files

Listing Files and Directories

Deleting Files and Directories

Connecting to a Remote Host

Free Linux Training

Linux Knowledge Base

Linux Visual Training

A Practical Guide to Linux Commands, Editors, and Shell Programming

WHERE SHOULD I START?

PHP Tutorial w3schools

JavaScript Tutorial w3schools

HTML & CSS: A Beginners Guide

JavaScript for Beginners

INFORMATION GATHERING METHODOLOGY

Obtaining the Domain Name Information

Finding IP Address and Hosting Provider

Finding IP Address Location

Finding IP Address Range

Obtaining Archive of the Target Website

DETECTING LIVE SYSTEMS

Online Ping Tool

TOOLS FOR SCANNING

7KH7DUJHWER[QHHGVWREHILOOHGZLWKWKHWDUJHWIP addressRUdomain nameRQZKLFK

Intense Scan Plus UDP

Intense Scan, all TCP Ports

Intense Scan, No Ping

Quick Scan Plus

Slow Comprehensive Scan

Chapter 7 - Hacking Passwords

Hacking Secrets Exposed - A Beginner's Guide - January 1 2015

Hacking Secrets Exposed - A Beginner's Guide - January 1 2015

PDQQHU ZKHUH RQH FRQFHSW IRUPV WKH IRXQGDWLRQ IRU WKH RWKHU 7KLV PD\ QRW EH WUXH

Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

Grey Hat Hacker$grey hatKDFNHULVVRPHRQHZKRIDOOVLQEHWZHHQWKHwhite hat

Exploit:$QexploitLVDGHILQHGZD\SLHFHRIVRIWZDUHVHWRIFRPPDQGVHWFWKDW

8QOLNH:LQGRZV26ZKLFKLVEXLOWRQJUDSKLFDOXVHULQWHUIDFH*8,/LQX[LVEXLOW

Guessing: $VPRVWSHRSOHDUHNQRZQWRXVHHDV\WRUHPHPEHUZRUGVVXFKDVWKHLU

8VHDQ,QWUXVLRQ'HWHFWLRQ6\VWHP,'6WRGHWHFWDQGORJSRUWVFDQV

Guessing: $VPRVWSHRSOHDUHNQRZQWRXVHHDV\WRUHPHPEHUZRUGVVXFKDVWKHLU

/HJLWLPDWHZHEVLWHVDOZD\VXVHDVHFXUHFRQQHFWLRQhttps://RQWKRVHSDJHVZKLFK

Command Syntax: notepad ILOHQDPH$'6QDPH

Access Point:7KLVLVWKHGHYLFHZKLFKDOORZV:L)LUDGLRGHYLFHVWRFRQQHFWWRWKH

WKRXVDQGGLIIHUHQWV\VWHPV,3DGGUHVVHVLVH[WUHPHO\KDUGWRGHWHFW

Access Point:7KLVLVWKHGHYLFHZKLFKDOORZV:L)LUDGLRGHYLFHVWRFRQQHFWWRWKH

7KHQH[WVWHSLVWRSXWWKHFDUGLQWRWKHPRQLWRULQJPRGHSURPLVFXRXVPRGH)RU