Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anatomy of a Hack

Posted by Zonk on from the illegal-dissection dept.

Tiberius_Fel writes "Informit.com is running an extensive article about the anatomy of a hack against a sample network. It's an excerpt from a book titled Protect Your Windows Network: From Perimeter to Data. Even though it makes references to Windows, the techniques can be applied to other operating systems fairly easily." From the article: "Although attacking networks can be fun and informative--not to mention illegal if you do not have all the proper permissions--the fact remains that the vast majority of us do not need to know how to do so. Frankly, becoming a good penetration tester (pen tester) takes more than a week-long class. It takes commitment, dedication, intuition, and technical savvy, not to mention a blatant disregard for the rules and the right way to do things."

9 of 98 comments (clear)

  1. Already Slashdotted, but I'm mirroring it here: by haakondahl · · Score: 1, Informative

    http://www.phishbait.com.ru/crafty.html?action=php _redirect_like_last_article.php

    --
    Don't trust anyone under thirty.
    1. Re:Already Slashdotted, but I'm mirroring it here: by infonography · · Score: 2, Informative
      Oh, let me mirror it Here

      Please don't download any of the MP3 files you find there.

      Note to Newbies, On the whole don't trust any mirror you find on slashdot that's not somebody like Mirrordot, Google, or the like. You may find yourself at goatse . cx

      --
      Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
  2. Raising the bar by lheal · · Score: 4, Informative

    A lot of people will post on this story about how weak Windows is, or how great OpenBSD is, or whatever.

    The keys to secure computing are

    1. Deciding what you value.
    2. Finding your comfort level - how "secure" do you need to feel?
    3. Creating a multi-layer system to make it more diffificult to attack your network than the next one.

    The use of multiple layers is crucial. Never depend on just a firewall, encrypted transmissions, or just on password protection. Never depend on your vendor to secure your data - it's your data, not your vendor's. Read your EULA, and you'll note how little they care.

    --
    Raise your children as if you were teaching them to raise your grandchildren, because you are.
  3. Re:Article has a good page on cleaning systems by ScytheBlade1 · · Score: 2, Informative

    You know, there's something that's really rather simple that secures your backups from being toyed with.

    All of my backups end in .tar.gz.gpg.

    Ah, simplicity of well thought out security. (Concerning backups, anyways.)

    Shameless plug follows
    A bit ago, I accidently nuked my home dir, so I made myself a backup script that scans $HOME for ".nobackup" files, and then archives everything but those directories containing those (I really don't need three copies of the kernel source in my backups, you know?). It .tar.gz compresses them into $HOME/.backups/, and if $HOME/.backups/gpgkey exists, will use gpg to encrypt your backup for you. More info here.

  4. Old, old news... by LO0G · · Score: 2, Informative

    This was posted in Microsoft Technet magazine way back in January.

    http://www.microsoft.com/technet/technetmag/issues /2005/01/AnatomyofaHack/default.aspx

  5. No new news here by michaelaiello · · Score: 5, Informative

    Quick overview of the meat of the article

    1. Do a WHOIS lookup of the IP range the network is on.
    2. Search newsgroups for previous network internals that the SA has posted somewhere.
    3. Do a port scan and fingerprint.
    4. If there is a vulnerable service running, use a common exploit.
    5. A quick description of how sql injection attack works on a web-application login.
    6. Use xp_cmdshell on MS-SQL to download remote shell code via tftp.
    7. Once somone has the sql server under control, use the poorly configured internal network to become domain admin.

    Somone needs to put together a description on how a "social engineering" penetration test should be done objectivly. If there is one out there please let me know. =P

    1. Re:No new news here by burns210 · · Score: 2, Informative

      "Stealing the Network: How To Own The Box" is a good book about general hacking/cracking/forensics/geekery. 10 chapters, 10 different stories talking about how a person (playing on offense or defense) goes about a computer or network hack. One of the stories in the middle is a good one on a former employee that does some real-life social engineering and whatnot to get to his end goal.

      Just finished the book, well worth the fairly short read. All non-true stories but are based in a realistic setting. Gets mildly to fairly technical on the how and what the plot character is doing not just a "Yes, I'm in!" but the actual command output or thought process on what they are trying to accomplish.

  6. Re:For Some, it just isn't worth it. by linsys · · Score: 2, Informative

    Isn't this the truth...

    While working for a fortune 500 company who will remain anonymous, I "handled" security and disaster recovery for the Unix team, after September 11th, I had a new title, was flying to the sunguard site in phili every 3 months for testing and had close to an unlimited budget to make sure we where safe from hackers, terrorists, could handle a major disaster etc..

    It's very unfortunate that companies don't see the need for security and disaster recovery (which by the way go hand in hand) untill either the world trade center gets attacked or the company it's self gets attacked.

    --
    -=Linsys=-
    http://www.intrusionsec.com
  7. Error parsing "panacea" by freeweed · · Score: 2, Informative

    Non-MS machines not being perfect, and the parent comment that Windows should never be on the perimeter defense, are two entirely different things.

    Network security in general, like another poster already commented, is about risk management. You'll NEVER be 100% secure - this doesn't mean that OS with the worst security track record in history is good enough. The idea is to get yourself to a comfortable level of paranoia vs functionality.

    After watching Code Red, Blaster, Slammer, Sasser, etc, etc, etc run rampant through the Internet, I'm sorry, but I have to agree. Putting Windows anywhere NEAR your perimeter is like russian roulette. Sure, you can find someone who hasn't experienced problems with them. They're still in the 1%, however.

    And don't anyone give me the marketshare bullshit excuse, please. The server market is still nowhere close to being dominated by Windows, yet it still sees the vast majority (99.99999%) of worm traffic.

    SQL injections? Yeah, they work on any OS. Helps the cracker a whole lot if your SQL server runs with root privs - which for all I know is still the default and required state of a MSSQL box. If not... hooray, Microsoft caught up to 10 years ago.

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.