About the Book
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.
Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:
Constructing convincing new phishing attacks
Discovering which sites other Web users are visiting
Wreaking havoc on IT security via wireless networks
Disrupting competitors’ Web sites
Performing–and preventing–corporate espionage
Destroying secure files
Gaining access to private healthcare records
Attacking the viewers of social networking pages
Creating entirely new exploits
and more
Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.
Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.
Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
informit.com/aw
Cover photograph © Corbis /
Jupiter Images
$49.99 US
$59.99 CANADA
Table of Contents:
Introduction xvii
Chapter 1 Get Your Free Credit Cards Here 1
Setting the Stage 1
The Approach 1
The Chained Exploit 2
Enumerating the PDXO Web Site 3
Enumerating the Credit Card Database 5
Stealing Credit Card Information from the Web Site 11
Selling the Credit Card Information on the Underground Market 13
Defacing the PDXO Web Site 15
Chained Exploit Summary 16
Countermeasures 17
Change the Default HTTP Response Header 17
Do Not Have Public Access to Developer Sites 17
Do Not Install SQL Server on the Same Machine as IIS 17
Sanitize Input on Web Forms 18
Do Not Install IIS in the Default Location 18
Make Your Web Site Read-Only 18
Remove Unnecessary Stored Procedures from Your SQL Database 18
Do Not Use the Default Username and Password for Your Database 18
Countermeasures for Customers 19
Conclusion 20
Chapter 2 Discover What Your Boss Is Looking At 21
Setting the Stage 21
The Approach 22
For More Information 25
The Chained Exploit 28
Phishing Scam 29
Installing Executables 32
Setting Up the Phishing Site 38
Sending Mr. Minutia an E-mail 38
Finding the Boss’s Computer 42
Connecting to the Boss’s Computer 43
WinPcap 45
Analyzing the Packet Capture 46
Reassembling the Graphics 48
Other Possibilities 51
Chained Exploit Summary 52
Countermeasures 52
Countermeasures for Phishing Scams 53
Countermeasures for Trojan Horse Applications 53
Countermeasures for Packet-Capturing Software 54
Conclusion 54
Chapter 3 Take Down Your Competitor’s Web Site 55
Setting the Stage 55
The Approach 57
For More Information 59
The Chained Exploit 59
Attack #1: The Test 60
Attack #2: The One That Worked 66
Getting Access to the Pawn Web site 68
Lab-Testing the Hack 70
Modifying the Pawn Web Site 80
Other Possibilities 83
Chained Exploit Summary 84
Countermeasures 85
Countermeasures for Hackers Passively Finding Information about Your Company 85
Countermeasures for DDoS Attacks via ICMP 85
Countermeasures for DDoS Attacks via HTTP and Other Protocols 86
Countermeasures for Unauthorized Web Site Modification 86
Countermeasures for Compromise of Internal Employees 87
Conclusion 88
Chapter 4 Corporate Espionage 89
Setting the Stage 89
The Approach 91
The Chained Exploit 92
Reconnaissance 92
Getting Physical Access 96
Executing the Hacks 101
Bringing Down the Hospital 107
Other Possibilities 119
Chained Exploit Summary 120
Countermeasures 121
Countermeasures for Physical Security Breaches and Access Systems
Compromise 121
Countermeasures for Scanning Attacks 121
Countermeasures for Social Engineering 122
Countermeasures for Operating System Attacks 122
Countermeasures for Data Theft 123
Conclusion 124
Chapter 5 Chained Corporations 125
Setting the Stage 125
The Approach 126
The Chained Exploit 127
Reconnaissance 127
Social Engineering Attack 135
More and Yet More Recon 137
Aggressive Active Recon 140
Building the Exploit Infrastructure 149
Testing the Exploit 156
Executing the Hack 166
Constructing the Rootkit 167
Game Over–The End Result 172
Other Possibilities 173
Chained Exploit Summary 173
Countermeasures 174
Countermeasures for Hackers Passively Finding Information about Your Company 174
Countermeasures for Social Engineering Attack on Visual IQ 175
Countermeasures for Recon on the Visual IQ Software 175
Countermeasures for Wi-Fi Attack on Quizzi Home Network 175
Countermeasures for the Keylogger Attack 176
Conclusion 176
Chapter 6 Gain Physical Access to Healthcare Records 177
Setting the Stage 177
The Approach 179
For More Information 179
The Chained Exploit 181
Social Engineering and Piggybacking 181
Gaining Physical Access 195
Booting into Windows with Knoppix 201
Modifying Personally Identifiable Information or Protected Medical
Information 204
Chained Exploit Summary 205
Countermeasures 205
Social Engineering and Piggybacking 206
Lock Picking 208
Defeating Biometrics 208
Compromising a PC 208
Conclusion 209
Chapter 7 Attacking Social Networking Sites 211
Setting the Stage 211
The Approach 212
The Chained Exploit 213
Creating a Fake MySpace Web Site 213
Creating the Redirection Web Site 217
Creating a MySpace Page 218
Sending a Comment 221
Compromising the Account 224
Logging In to the Hacked Account 224
The Results 227
Chained Exploit Summary 228
Countermeasures 228
Avoid Using Social Networking Sites 229
Use a Private Profile 229
Be Careful about Clicking on Links 229
Require Last Name / E-mail Address to Be a Friend 230
Do Not Post Too Much Information 230
Be Careful When Entering Your Username/Password 230
Use a Strong Password 230
Change Your Password Frequently 231
Use Anti-Phishing Tools 231
Conclusion 231
Chapter 8 Wreaking Havoc from the Parking Lot 233
Setting the Stage 233
The Approach 236
For More Information 237
Accessing Networks Through Access Points 238
The Chained Exploit 239
Connecting to an Access Point 239
Performing the Microsoft Kerberos Preauthentication Attack 248
Cracking Passwords with RainbowCrack 254
Pilfering the Country Club Data 256
Chained Exploit Summary 257
Countermeasures 258
Secure Access Points 258
Configure Active Directory Properly 259
Use an Intrusion Prevention System or Intrusion Detection System 260
Update Anti-Virus Software Regularly 261
Computer Network Security Checklist 261
Conclusion 266
TOC, 2/9/09, 9780321498816
About the Author :
Andrew Whitaker (M.Sc., CISSP, CEI, LPT, ECSA, CHFI, CEH, CCSP, CCNP, CCVP, CCDP, CCNA, CCDA, CCENT, MCSE, MCTS, CNE, A+, Network+, Convergence+, Security+, CTP, EMCPA) is a recognized expert, trainer, and author in the field of penetration testing and security countermeasures. He works as the Director of Enterprise InfoSec and Networking and as a senior ethical hacking instructor for Training Camp. Over the past several years his courses have trained thousands of security professionals throughout the world. His security courses have also caught the attention of the Wall Street Journal, BusinessWeek, San Francisco Gate, and others.
Keatron Evans is a senior penetration tester and principal of Blink Digital Security based in Chicago, Illinois. He has more than 11 years experience doing penetration tests, vulnerability assessments, and forensics. Keatron regularly consults with and sometimes trains several government entities and corporations in the areas of network penetration, SCADA security, and other related national infrastructure security topics. He holds several information security certifications including CISSP, CSSA, CEH, CHFI, LPT, CCSP, MCSE:Security, MCT, Security+, and others.When not doing penetration tests, you can find Keatron teaching ethical hacking and forensics classes for Training Camp and a few other security training organizations.
Jack Voth has been working in the information technology field for 24 years. He holds numerous industry certifications including CISSP, MCSE, L|PT, C|EH, C|HFI, E|CSA, CTP, Security+, ACA, MCT, CEI, and CCNA. He specializes in penetration testing, vulnerability assessment, perimeter security, and voice/data networking architecture. In addition to being a co-owner and senior engineer of The Client Server, Inc., Jack has been instructing for more than six years on subject matter including Microsoft, Telecommunications Industry Association (TIA), EC-Council, ISC/2, and CompTIA.
