HACK TOOLS & COUNTERMEASURES Footprinting

Tools
Web Searches Organizations Website Job sites News sites and press releases Private websites Private.organizationwebsiteurl.com Members.organizationwebsiteurl.com Customers.organizationwebsiteurl.com ARIN- WhoIs Traceroute (Tracert in windows)- sends ICMP increasing the TTL with each hop TRACERT www.sysedco.com Google Search Archive.org WayBackMachine People.yahoo.com Netcraft.com enumerates DNS Hosts, gives OS Robots.txt- tells pages not to show in searchengine www.eccouncil.org/robots.txt Wikto Spider- grabs directories based on links Googler- searches for keyword within site BackEnd- powerful, attempts to connect to all potential directories for you Wikto- attempts different types of hacks GoogleHacks- attempts Google hacks EmailTrackerPro- tracks email header WebDataExtractor- Extract Data from Website SmartWhois- extract Domain information VisualRoute- traceroute, identifies webserver & firewalls

Countermeasures

SCANNING TOOLS NMAP- port scanning, network mapper, banner grab - Stealth scan (half open) COUNTERMEASURES

Xmas Scan (send all flags, only 793) FIN scan (send only FIN, only 793) NULL scan(no flags set, only 793) IDLE scan (we dont respond) TCP Connect scan (full open, 3 way handshake) Banner Grabbing - Telnet - P0F - HTTPrint - Netcraft website Scanning for Vulnerabilities - Baseline Security Analyzer- scan MS - Bidiblah- linux - SAINT - NESSUS, SAINT, SARA and SATAN Diagram Network - Visio - GFI LANguard War Dialing PING Angry IP Scanner- scans IPs to identify devices, will look for specific ports NMAP- find open ports, OS, gives difficulty of hack, Scan spoof your IP address Microsoft Baseline Security Analyzer- gives a Report of potential security issues HTTP Relay Server ENUMERATION TOOLS Null Sessions- NetBIOS enumeration NS Lookup Command- DNS enumeration LDAP- Active Directory enumeration LDIFDE- Active Directory dump DumpSec- opens a null session, graphical Hienna old, windows NT SuperScan- enumeration PASSWORD CRACKING TOOLS Historic tools Legion NTInfoScan

COUNTERMEASURES Null Session filter ports 139 and 445

COUNTERMEASURES Do not use default passwords anywhere Use strong passwords Enforce good password policies

L0phtCrack John the Ripper KerbCrack Cain and Abel SMBRelay pwdump2

Disable easily exploitable features

OWNER ESCALLATION TOOLS GetAdmin.exe - works with NT4 SP3 and earlier Secret Batch Files Command: net groups Domain Admins User_name/add/domain

TROJANS TOOLS BackOrifice- UDP ports 31337 or 31338 Deep Throat- UDP ports 2140 and 3150 NetBus- TCP ports 12345 and 12346 Whack a Mole- TCP ports 12361 and 12362 NetBus2- TCP port 20034 Girlfriend TCP port 21544 Masters Paradise- TCP ports 3129, 40421, 40422, 40423, and 40426 Tini- port 7777, very small, runs a command prompt, 8k Donald Dick- TCP or SPX (novel) ports 23476 or 23477, client/server NETCAT- opens a command line interface through TCP or UDP ports Datapipe port redirection, for Unix Fpipe- port redirection for windows

COUNTERMEASURES Nortons Antivirus Mcafee Spybot Webroot User Training- most important

SNIFFERS TOOLS Packetyzer- packet sniffer

COUNTERMEASURES ARP Watch AntiSnif

ARP, MAC Flooding & DNS Poisoning Tools TOOLS Ettercap- ARP Poisoning(spoofing) Tool, sniffer Cain and Abel- password cracking tool, All Ettercap features Etherflood- MAC flooding SMAC 2.0 modify windows MAC Macof- Linux, like etherflood

Denial of Service TOOLS SMURF SYN Attack Jolt- sends fragmented ICMP that cannot be reassembled HIJACKING TOOLS Juggernaut- linux, hijack sessions based on keywords Hunt- Linux, ARP Spoofing, MAC discovery T-Sight- windows WEB SERVER TOOLS IIS Unicode Attack (folder traversal attack) - IIS v5 and earlier Metasploit- multiple exploits in one, Unix Whisker- automated web application vulnerability Scanner, command line N-Stealth HTTP- like whisker but graphical Webinspect- graphical, over 1500 scans

COUNTERMEASURES Very few Redundancy in connections

COUNTERMEASURES IPv6 for communications Encryption

COUNTERMEASURES Patch management WSUS (windows server update services) Properly configure webservers Dont leave default settings Set policies and maintain it IISLockdownTool URLScan

Shadow Security Scanner- NetBIOS, HTTP, CGI, WInCGI, FTP, DNS, etc SecureIIS- specifically scans IIS Web Apps Google Hacking Database Johnny.hackstuff.com Inurl:custva.asp site: yoursite.com Wikto| Google Hacks Black Widow- web ripping tool

MBSA (Baseline Security Analyzer) Run web server services with least privilege accounts Use firewall Put Web Server in DMZ Rename admin accounts & use strong passwords Disable default websites Disable directory browsing Include legal notices Disable web/remote administration of web server Web Apps Use encryption Parse forms, inputs Dont store passwords

SQL TOOLS SQL Injection Attacks WebGoat- Open Source TomCat WebServer to Used to learn Web Server Attacks WebScarab Project- local proxy SQL2.EXE- UDP buffer overflow port 1434 WIRELESS TOOLS WEP Crack AirCrack- pulls WEP packets onwireless and cracks WEPLab coWPAtty- attacks WPA preshared keys Denial of Service Attacks ASLEAP- EAP attack EAP MD5- only for testing WIPS (wireless intrusion prevention system) Protocol analyzers

COUNTERMEASURES Use input validation Set appropriate permissions Do not run database with a powerful account Limit form utilization attempts

COUNTERMEASURES WPA- create keys of 20 or more characters

LINUX TOOLS Back Track 3 Distro

COUNTERMEASURES Bastille- Hardening tool for Linux

IDS Tools TOOLS Snort BlackIce Defender Cisco Secure IDS Dragon Sensor eTrust Internet Defense Check Point RealSource

COUNTERMEASURES Intrusion Detection Systems Fragroute AIDE Samhain

HoneyBot- Create Honeypots