- Chapter 0: What is this document about anyway?..4
- Chapter 1: Setting the stage. …5
- Permanent connection (leased line, cable, fiber) …6
- Dial-up …6
- Mobile (GSM) dial-up …6
- How to…7
- Using the 'net …8
- Other techniques …9
- Chapter 2: Mapping your target…10
- Websites, MX records…DNS! …10
- RIPE, ARIN, APNIC and friends…13
- Routed or not?..16
- Traceroute & world domination…16
- Reverse DNS entries…17
- Summary…18
- Chapter 3: Alive & kicking ? …24
- Unrouted nets, NAT…24
- Ping - ICMP…25
- Ping -TCP (no service, wrappers, filters)…26
- Method1 (against stateful inspection FWs) …26
- Method2 (against stateless Firewalls)…29
- Summary…30
- Before we go on…30
- Chapter 4 : Loading the weapons…30
- General scanners vs. custom tools…31
- The hacker’s view on it (quick kill example)…31
- Hacker’s view (no kill at all)…34
- Chapter 5: Fire!..36
- Telnet (23 TCP) …36
- HTTP (80 TCP)…38
- HTTPS (SSL2) (443 TCP)…40
- HTTPS (SSL3) (443 TCP)…41
- HTTP + Basic authentication…43
- Data mining…44
- Web based authentication. …45
- Tricks…47
- ELZA & Brutus…48
- IDS & webservers…48
- Pudding …49
- Now what? …50
- What to execute?..53
- SMTP (25 TCP)…54
- FTP (21 TCP + reverse)…55
- DNS (53 TCP,UDP)…57
- Finger (79 TCP)…59
- NTP (123 UDP) …61
- RPC & portmapper (111 TCP + other UDP)…61
- TFTP (69 UDP)…63
- SSH (22 TCP) …64
- POP3 (110 TCP) …64
- SNMP (161 UDP)…65
- Proxies (80,1080,3128,8080 TCP)…66
- X11 (6000 TCP)…67
- R-services (rshell, rlogin) (513,514 TCP)…68
- NetBIOS/SMB (139 TCP)…68
- Chapter 6 : Now what? …70
- Windows…70
- Only port 139 open - administrator rights…71
- Port 21 open …71
- Port 80 open and can execute…71
- Port 80 and port 139 open…74
- What to execute?..74
- Unix…76
- What to execute?..76
- Things that do not fit in anywhere - misc. …76
- Network level attack - Source port 20,53 …77
- HTTP-redirects …77
- Other Topics…78
- Trojans…78
Go To Base64 & Decode:
aHR0cHM6Ly9hbm9uZmlsZXMuY29tL1Y1aTQwNXA4cDUvQW5raXRfRmFkaWFfSGFja2luZ19HdWlkZV9wZGY=
Happy learning!