Slashdot Mirror
Hack Attacks Revealed, Second Edition
The first edition instigated quite a bit of controversy with some glaring errata and misconstrued statements, and the author claims to have alleviated them as well as accommodating critiques:
The primary difference between this second edition and the original Hack Attacks Revealed, aside from some rectified errata, is approximately 300 pages of over 170 new exploits, advanced discovery techniques, malicious code coverage of Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II and more, current vulnerabilities, advisories, and hacking labs with additional illustrations, and techniques for routers, operating systems (including Windows 2000/Pro and XP, Solaris, LINUX), and server software daemons. You'll also find a special chapter dedicated to the Top 75 Hack Attacks.This book promises quite a bit in a new edition; let's see what's really in here ...
To accommodate the new material, most of the extraneous information, lists, and most source code was moved from the book to the CD-ROM. In addition to the new material, you'll find a special single license release of the internetworking security toolkit, TigerSuite Pro 3.5. This kit contains modules to discover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and more, plus a special 60-page usage and user guide.'
Okay, there are 914 pages (only about 15 or so with source code this time) and the chapter layout is completely different as the book starts with a Technology section, followed by Discovery, then Penetration, Vulnerabilities, and finally the Toolbox.
The technology section is nicely abridged to about 87 pages. The Discovery part differs greatly in that the source code has been moved to the CD and the author has added more coverage and examples, plus some stealthier techniques and more recent
SNMP, file sharing, DNS, NetBIOS, and CGI stuff. The ports and services sections are still there but I found them to be pretty handy references at any rate. Also, the Penetration section now contains updated material; it's nice to see IDS stuff added in here too.
In addition, the Vulnerabilities section is promising. There's an excellent
chapter in which Chirillo identifies what he considers the top 75 exploits -- examples that have certainly proven to be persistent examples of security weaknesses -- and the newer material especially makes this chapter significant. It contains thorough coverage as well as countermeasures for the listed exploits.
The CD contains some of the same plus full licensed software, an updated repository and all of the source code moved from the original text.
All things considered, Wiley should have waited and released this first; this book pans out to be more of an original than a second edition and well worth the read.
You can purchase Hack Attacks Revealed, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Okay, I can think of five separate double-entendre jokes built on this framework. I'll leave you to your own devices (Does that make six?).
The best I've seen was a worm that propogated using a vulnerability in Red Hat Linux 5 systems. When it arrived it opened up a mail relay and started forwarding spam, as well as spawning new copies of itself.
This was a few years ago, before most of the Outhouse Exposed mail worms arrived, so the idea of worms sending spams was new and, uhmm, exciting.
I found the review to be interesting but a bit short in terms of details. The top 75 exploits almost seem worth the price of admission on this book though.
./ land have really been hacked?
However, this brings up a really good question.
How many of the folks out there in
How did you recover?
ACK
If I want a content summary I'll read the blurb on the back or inside cover, usually when I read a review I'm looking for an informed opinion of someone who's actually read the thing.
I'm not sure how a few two-sentence factual paragraphs is considered a book review, but I'll have to let my English teacher know that the the definition of "review" may have changed.
Anyway, that flamebait aside, I'd like to offer up an actual book review that will help you decide whether to buy the book at all. I mean, that's the *point* of a review, isn't it?
Computer security made simpler......, October 15, 2002
Reviewer: Kelly Larsen from Augusta Georgia
I have been teaching Windows 2000 and Unix security for the U.S. Army for 3 years. I am constantly searching for a book that will provide true insight into the hacker mindset and methods. Most books dawdle in the routine and well known hacks and still leave you wanting. "Hack Attacks Revealed, 2nd edition", takes you to the next level. It is the single best security reference book that I've seen.
You rarely find a book that provides indepth coverage of Windows, Unix, and Linux security. Hack Attacks Revealed's information, tutorials, and tools provide you with everything you would need to test and secure a computer system or network. As a bonus, the fully licensed TigerSuite Professional (version 3.5) is included on the accompanying CD. This is an amazing grouping of tools to analyze and test the security of a computer network. In class, I routinely use TigerSuite to demonstrate security shortfalls. My students are so impressed that they immediately ask me where I got it and how can they get it.
"Hack Attacks Revealed" has something for every skill level, whether it is teaching you how to subnet, compile a security tool or walking you through a buffer overflow. The First edition was great and John Chirillo found a way to go it one better.
Background: 28/M/Bi-Sexual; Owner of a Linux company; MBA Harvard 2003; B.S. Comp Sci MIT 2000
To accommodate the new material, most of the extraneous information, lists, and most source code was moved from the book to the CD-ROM. In addition to the new material, you'll find a special single license release of the internetworking security toolkit, TigerSuite Pro 3.5. This kit contains modules to discover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and more, plus a special 60-page usage and user guide.'
in other news... script kiddies on the rise....
Selling software wont make you money, selling a service will.
Security through obscurity might not be good in principle, but in practice it's well-tested and the only way to go
Really? When MIT-students back in the 60-70ies stopped playing with modeltrains and started looking into the new emerging telephone networks, I thought we learned that obscurity is no match for devoted geeks.
but didn't know how.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
One of my previous companies had been hacked several times. Each of those times, we discovered the remnants of a script kiddie "root kit", and an irc server. At the time, what I did was search the net for the root kit (which was quite easy to find) and learned as much about the kit as I could. Once I did that, it was much easier to shield against further attacks. It was also fun to "bug" the irc server and watch what the idiots were doing ;-).
Very popular slashdot journal for adul
When Hackers attack! Brought to you by Tom Arnold, or William Shatner..
Blech.
I'm suprised that this (and other books like it) haven't been beaten down by the DMCA. I would have thought that giving specific information on hacking a Microsoft O/S would piss MS off, and I'm sure that there is at least one example in the book where the hacking involves decryption of some sort. Isn't that bypassing a security measure, and therefore against the DMCA, or does the DMCA only matter when the point of the attack is to duplicate a copyrighted work?
When I was brand new to Linux (Mid '97), I was 0wned by a script kiddie. Here's what happened:
... I tried to change to .. and, of course, was changed to the parent directory. After I changed back I did a long directory listing and saw that the directory was actually ".. ". After puzzling over how to get into the directory, rather than up to the parent, I realized I could put quotes around it and I cd'd into it. The contents were very interesting.
:) I of course killed the bots and removed the eggdrop software. Then I checked out the ftp exploit. This was obviously how the user had gotten into the system. I'm not sure why he uploaded the exploit code to my box. Perhaps so he could 0wn other systems from our server? Probably. In any case, the code was written by a guy known as "wile coyote" (I just googled and couldn't find the exploit). I don't know the details of how the code worked; I think it exploited a SITE EXEC vulnerability. In any case, I saw that the code was written for the version of Wu-FTP that I was running. I e-mailed "wile" and he replied telling me that the code only worked for wu's that were "poorly configured =p". Hehe. I knew I wasn't any good so I just laughed :).
/etc/inetd.conf. I had no idea! At this point I decided I couldn't know what else he had done. I decided to redo the system (with a focus on security this time). I learned my lesson and now I know a great deal more about securing a network. I don't run wu-ftp anymore :)
I had a Red Hat 6.0 box running 2.2.12. I was running Apache, Sendmail, wu-ftpd (2.6?) and bind, as well as all the default services that were running on a stock Red Hat box (all the RPC stuff, portmap and such). I was poking around on my system one day and I saw a user that I didn't create. The name was interesting (can't remember exactly what it was) so I decided to check it out. I first shutdown the gateway interface so the user was disconnected (this wasn't a big deal at the very small business that I worked for at the time). I went into his home directory and didn't see anything obvious - at first. After giving it a second glance I saw two directories with the title
The contents were very interesting. There were two items of interest - an eggdrop IRC bot and the code for a wu-ftpd exploit. I knew I had been 0wned and called up a friend who was familiar with Unix. He showed me how to check what services were running. The eggdrop had spawned about 8 processes that were connecting to various IRC networks and were advertising warez/pr0n ftp sites! It was interesting logging into an IRC channel and seeing a bot running off of MY hardware
I thought I had cleaned up the mess after I'd removed the user, the exploit, and patched wu. I was wrong. I had been foolish and hadn't run a port scan. After a week or so I saw another user on my system that I wasn't aware of! Same deal as before; running eggdrop code, this time no exploit. I killed the user and asked some local guru's about what to do. One of them introduced me to nmap. After running it (and seeing many, many unessential services wide open), there was a very interesting one: a bash shell exposed to some high port (~50000). I telnetted to the port and I was r00t, just like that. No password authentication or anything (who knows the command to do this?). The guru helped me find where the exploit was. The guy had left a backdoor for himself in
Ben
"I either want less corruption, or more chance
to participate in it." -- Ashleigh Brilliant
I worked for a small academic department within a large teaching hospital. We had been running Solaris using NFS for file sharing between Win 3.1 clients (With PCNFS client software). At the time, we were migrating to Win95 and it didn't have built in NFS support, and I couldnt get that iteration of Samba to work on our solaris box. I wanted to save money from buying client software for the new Win95 boxes.
Long story short, I had two 486's running RedHat (5.0 I think) with the Solaris NFS shares exported to the RedHat boxes, then those shares exported as SMB shares to the Win boxes. This was my first experience with Redhat, and I had no real background in IS. Our boxes sat behind the hospital firewall, and I didnt think there was a problem with internal hacking. So i basically had the box wide open to internal threats.
I was leaving my job and we were in the process of hiring a new part time IS person for the department. Posted an ad through a local linux users group, and interviewed a potential, qualified candidate. Unfortunately, the candidate was from Canada and not a US citizen. This posed a problem cause my job was funded through the UAW (United AutoWorkers union) and the position had to go to a US citizen. We told this to the candidate and he was not hired.
About 3 weeks later, the hospital was hit with a substatial DOS attack necessitating the entire hospital network being shutdown. When it was traced, it was coming from inside the hospital, and yes, from one of my RedHat boxes. It turned out the hospital IS dept. had left some backdoors in through the firewall. The hacker had used that hole to get access to the hospital network, then finally once in, my unprotected Redhat boxes were prime pickings.
We certainly never could prove anything, but I certainly had my suspicions about the culprit. Fortunately, at a team meeting of dept. heads and and IS people, as they tried to blame our dept, it came out that these backdoors had been purposefully left in the firewall, and IS had held shared responsibility.
It was not pleasant as there were substantial numbers of staff (doctors included) trying to access the hospital network from home who couldn't get in for an entire weekend as the hospital network had to be taken offline.
aside from some rectified errata, is approximately 300 pages of over 170 new exploits
And when the book left the printer that's 300 pages of over 170 old exploits.
http://www.securityfocus.com
Well, the windows stuff is pretty lame. It has lots of pages dedicated to it, but mostly describes things that were old before they started compiling (not writing) the book.
The linux part is laughable. Lists of cracks that are worthless on any machine that was installed in the last five years. Does anyone run WU-FTPD from before 1995 now? I don't think so. Why waste the space? Besides, we want to understand how to hack/crack systems, not how to run an outdated exploit. If he took time to teach how an exploit worked, that'd be one thing, but as is this book is really really lame on the unix side. THe windows readers probably don't care, since they'd best be able to be script kiddies anyway.
My recomendations are as follows:
Hacking Linux Exposed second edition for all thing Linux/Unix. Can't be beat.
Hacking Windows 2000 Exposed. Do not get Hacking exposed, it tries to cover everything, and does them all poorly. The Windows 2000 edition is the only one you should get if you need windows information. (Applies to older and XP also in many cases.)
Hack Proofing your Network, edited by Blue Boar. Covers many of the same topics of the two books above, but by different experts. Multiple voices is good...
Any of the SANS books put out by NewRiders, most of which are written in part by Steven Northcutt. Lots of IDS and security titles by that publisher.
And you can't go wrong with Building Internet Firewalls, now out in a second edition.
I'd recommend any of the books above - they are accurate, informaaive, and either up to date or timeless. Any of these is worth 500 copies of Hack Attacks Revealed.
I had this book in my car, sitting on the panel above the backseats near the rear window, when a police officer stopped me. Granted my car was somewhat messy at the time (I was moving so it was full of boxes). The officer stopped me for a brake light, and decided that the book was probable enough cause to search my car. I laughed, said sure and let him go at it (I had nothing to hide). Ignorance, can be quite funny sometimes.