www.dbebooks.com - Free Books & magazines solutions@syngress.com Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique solutions@syngress.com program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only solutions@syngress.com program. Once you have registered, you will enjoy several benefits, including: ■ Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. ■ A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search web page, pro- viding you with the concise, easy-to-access data you need to perform your job. ■ A “From the Author” Forum that allows the authors of this book to post timely updates and links to related sites, or additional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process. You will need to have this book with you when you register. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there is anything else we can do to make your job easier. Register for Free Membership to [...]... Registries 47 Open Source Tools 50 Intelligence-Gathering Tools 50 Web Resources 51 *nix Command-Line Tools 55 Open Source Windows Tools 65 WinBiLE (www.sensepost.com/research) 66 xv xvi Contents Footprinting Tools 67 Web Resources ... are using it But, as with most open source projects, documentation is lacking Developers are primarily busy maintaining the CD, and the community is often too busy or under a legal boundary when developing guidelines and documents This book closes this gap, and the authors do a great job describing the knowledge of penetration testers in relation to the other great open source security testing tools... development of the open source penetration- testing platform called Auditor Security Collection and maintain it on the Web site www.remote-exploit.org I guess the real reason I started to develop the Auditor Security Collection was because of my forgetfulness It might sound crazy, but I bet most people reading this book will know exactly what I mean.When I was performing security penetration tests,... one of the largest vulnerability databases and security portals on the xi Internet He has contributed to several security-related open source projects, including an active role in the Nessus security scanner project He has written more than 150 security tests to the open source tool’s vulnerability database and also developed the first Nessus client for the Windows operating system Noam is apparently... button on our Web site We do not actually force anyone to donate, but as with most open source projects, we need to finance our expenses using our own money and your donations So if you use our toolsets commercially in courses, all we ask is that you just play fair xxix Chapter 1 Reconnaissance Core Technologies and Open Source Tools in this chapter: ■ Search Engines ■ WHOIS ■ RWHOIS ■ Domain Name Registries... Web Resources ■ Netcraft (www.netcraft.com) ■ *nix Command-Line Tools ■ Open Source Windows Tools ■ Intelligence Gathering, Footprinting, and Verification of an Internet-Connected Network 1 2 Chapter 1 • Reconnaissance Objectives So, you want to hack something? First, you have to find it! Reconnaissance is quite possibly the least understood, or even the most misunderstood, component of Internet penetration. .. Contents Footprinting Tools 67 Web Resources 68 *nix Console Tools 69 Open Source Windows Tools 72 Verification Tools 73 Web Resources 74 *nix Console Tools 77 Case Studies—The Tools in Action 80 Intelligence... 152 Process of Penetration Testing a Database 152 Core Technologies 153 Basic Terminology 153 Database Installation 155 Default Users and New Users 156 Roles and Privileges 158 Technical Details 161 Open Source Tools ... (RHCE) is a Senior Information Security Engineer based out of Columbus, OH He has over 5 years of practical experience in penetration testing and over 10 years in the information technology field Since June, 2002, he has worked for the U.S Department of Energy, leading and performing penetration testing and vulnerability assessments at DOE facilities nationwide He has published several articles and whitepapers... Database Query Injection Attacks 206 Cross-site Scripting 207 Authentication and Authorization 207 Parameter Passing Attacks 207 Open Source Tools 208 Intelligence Gathering Tools 208 Scanning Tools 217 Assessment Tools 229 Authentication . Bayles James C. Foster Chris Hurley Mike Petruzzi Noam Rathaus SensePost Mark Wolfgang Penetration Tester’s Open Source Toolkit Auditor Security Collection Bootable Linux Distribution Syngress Publishing,. IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Penetration Tester’s Open Source Toolkit Copyright © 2006 by Syngress Publishing, Inc. All rights reserved. Printed. several security-related open source projects, including an active role in the Nessus security scanner pro- ject. He has written more than 150 security tests to the open source tool’s vulnerability