www.sharexxx.net - free books & magazines 363_Web_App_FM.qxd 12/19/06 10:46 AM Page ii www.syngress.com SOLUTIONS WEB SITE ULTIMATE CDs DOWNLOADABLE E-BOOKS SYNGRESS OUTLET SITE LICENSING CUSTOM PUBLISHING Visit us at 384_STS_FM.qxd 1/3/07 10:04 AM Page i 384_STS_FM.qxd 1/3/07 10:04 AM Page ii STEALING THE NETWORK How to Own a Shadow Johnny Long Timothy (Thor) Mullen Ryan Russell THE CHASE FOR KNUTH 384_STS_FM.qxd 1/3/07 10:04 AM Page iii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci- dental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 YRT43998KL 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Copyright © 2007 by Elsevier, Inc.All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1 2 3 4 5 6 7 8 9 0 ISBN-10: 1-59749-081-4 ISBN-13: 978-1-59749-081-8 Publisher: Andrew Williams Page Layout and Art: Patricia Lupien Editor: D. Scott Pinzon Copy Editor: Christina LaPrue For information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Sales and Rights, email M.Pedersen@elsevier.com. 384_STS_FM.qxd 1/3/07 10:04 AM Page iv Acknowledgments Syngress would like to acknowledge the following people for their kindness and support in making this book possible. A special thank you to all of the authors and editors who worked on the first three books in the “Stealing” series, each of whom is listed individually later in this front matter. To Jeff Moss and Ping Look of Black Hat, Inc. who have been great friends and supporters of the Syngress publishing program over the years.The Black Hat Briefings have provided the perfect setting for many Stealing brainstorming sessions. 384_STS_FM.qxd 1/3/07 10:04 AM Page v 384_STS_FM.qxd 1/3/07 10:04 AM Page vi Authors Johnny Long: Author, Technical Edit, Primary Stealing Character: Pawn Who’s Johnny Long? Johnny is a Christian by grace, a family guy by choice, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. My home on the web is http://johnny.ihackstuff.com. This page can support only fraction of all I am thankful for.Thanks first to Christ without whom I am nothing.Thanks to Jen, Makenna,Trevor and Declan.You guys pay the price when deadlines hit, and this book in partic- ular has taken me away from you for far too long.Thanks for understanding and supporting me.You have my love, always. Thanks to Andrew and Christina (awesome tech edit) and the rest of my Syngress family.Thanks to Ryan Russell (Blue Boar) for your contribu- tions over the years and for Knuth.What a great character! Thanks to Tim “Thor” Mullen.We work so well together, and your great ideas and collaborative contributions aside, you are a great friend. Thanks to Scott Pinzon for the guidance and the editorial work.Your contribution to this project has literally transformed my writing. Thanks to Pawn. If I have my say, we’ll meet again. Thanks to the johnny.ihackstuff.com mods (Murf, Jimmy Neutron, JBrashars, CP Klouw, Sanguis,ThePsyko,Wolveso) and members for your help and support.Thanks to RFIDeas for the support, and to Pablos for the RFID gear.Thanks to Roelof and Sensepost for BiDiBLAH, to NGS for the great docs, to nummish and xeron for Absinthe. Thanks to everyone at the real Mitsuboshi dojo, including Shidoshi and Mrs.Thompson, Mr.Thompson, Mr. Stewart, Mrs. Mccarron, Mrs. Simmons, Mr. Parsons, Mr. Birger, Mr. Barnett, Ms. Simmons, Mr. Street, Mrs. Hebert, Mrs. Kos, Mrs.Wagner and all those not listed on the official instructor sheet. 384_STS_FM.qxd 1/3/07 10:04 AM Page vii Shouts: Nathan “Whatever” Bowers, Stephen S, Mike “Sid A. Biggs”, John Lindner, Chaney, Jenny Yang, SecurityTribe, the Shmoo Group, Sensepost, Blackhat, Defcon, Neal Stephenson (Baroque), Stephen King (On Writing),Ted Dekker (Thr3e), Project86, Shadowvex, Green Sector, Matisyahu,Thousand Foot Krutch, KJ-52 (Slim Part 2).To Jason Russell, Bobby Bailey and Laren Poole for the Invisible Children movement (http://www.invisiblechildren.com). Timothy (Thor) Mullen: Created concept for this book, Author, Technical Edit, Primary Stealing Character: Gayle Thor has been educating and training users in the tech- nology sector since 1983 when he began teaching BASIC and COBOL through a special educational pro- gram at the Medical University of South Carolina (while still a high school senior). He then launched his professional career in application development and network integration in 1984. Timothy is now CIO and Chief Software Architect for Anchor Sign, one of the 10 largest sign-system manufacturers in America. He has developed and implemented Microsoft networking security solutions for institutions like the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions. He has developed applications ranging from military aircraft statistics interfaces and biological aqua-culture management to nuclear power-plant effects monitoring for private, government, and military entities.Timothy is currently being granted a patent for the unique architecture of his payroll processing engine used in the AnchorIS accounting solutions suite. Timothy has been a columnist for Security Focus’ Microsoft section, and is a regular contributor of InFocus technical articles. Also known as “Thor,” he is the founder of the “Hammer of God” security co-op group. His writings appear in multiple publications such as Hacker’s Challenge, the Stealing the Network series, and in Windows XP Security. His security tools, techniques and processes 384_STS_FM.qxd 1/3/07 10:04 AM Page viii [...]... hack as well as his role in it Just as readers latched on to the concept of How to Own the Box, the readers of How to Own a Continent latched on to this Knuth character, and again, they wanted more The third book in the series Stealing the Network: How to Own a Shadow continued the story of Knuth .The authoring team on this book included Stealing veterans Ryan Russell,Thor,Tom Parker, and Jay Beale... For the second book in the series, Stealing the Network: How to Own a Continent, the authors aspired to write a series of stories that actually formed a single, coherent story line (unlike the unrelated stories in How to Own the Box) How to Own a Continent was released at Black Hat USA 2004 in Las Vegas and featured many authors from the first book, including Ryan Russell,Thor, Joe Grand and Paul Craig .The. .. obsession with creativity lead him to start a company along with a similar minded friend.Together they operated from a master bedroom at Roelof ’s house and started SensePost During his time at SensePost Roelof became a veteran BlackHat trainer/speaker and spoke at RSA and Ruxcon - to name a few He also contributed to many Syngress books such as How to own a continent’ and ‘Aggressive Network Self Defense’... South Africa from where it provides services primarily large and very large clients in Australia, South Africa, Germany, Switzerland, Belgium ,The Netherlands, United Kingdom, Malaysia, Gibraltar, Panama, the USA, and various African countries The majority of these clients are in the financial services industry, government, gaming and manufacturing where information security is an essential part of their... ultimately spawned and evolved into a new Stealing book So now, we will find out where How to Own a Shadow leads us as the chase for the Shadowy “Knuth” continues Enjoy the read, and I hope to see you at the annual: Stealing book signing at Black Hat USA 2007 in Las Vegas —Jeff Moss Black Hat, Inc www.blackhat.com December, 2006 Jeff Moss is CEO of Black Hat, Inc and founder of DEFCON He is also a renowned... Stealing the Network: How to Own the Box changed that and provided the general public with a real understanding of the true world of hacking; that is, how criminals use hacking techniques to commit crimes and how law enforcement strives to prevent crimes and apprehend those responsible After Stealing the Network: How to Own the Box was published, readers wanted more Stealing books, and the series was born... function of the tools that he created - from Wikto and the infamous BiDiBLAH (whom someone fondly described as “having a seizure on the keyboard”) to innovative tools like Crowbar and Suru NGS Software is the leader in database vulnerability assessment Founded by David and Mark Litchfield in 2001 the team at NGS has pioneered advanced testing techniques, which are both accurate and safe and which are employed... on as technical advisers Now, getting 10 hackers to follow the same thread is, in the words of lead author Ryan Russell, like “herding cats.” How to Own a Continent was written in the vein of the film “Usual Suspects.” It featured a criminal hacker group led by the shadowy Bob Knuth Each member of the group was expert in a particular area of compromise, and each had a varying understanding of the larger... services to more than 70 large and very large clients in Australia, South Africa, Germany, Switzerland, Belgium ,The Netherlands, United Kingdom, Malaysia, United States of America, and various African countries More than 20 of these clients are in the financial services industry, where information security is an essential part of their core competency SensePost analysts are regular speakers at international... in Las Vegas became a reality as Stealing the Network: How to Own the Box was released at Black Hat USA 2003 in Las Vegas.This first book brought together some of the most talented and creative minds in the security world, including Ryan Russell,Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig In all honesty, Stealing was not conceived of as a series, . regional power generation facilities and interna- tional banking/financial institutions. He has developed a myriad of applications from military aircraft statistics interfaces and biological aqua-culture. Jen, Makenna,Trevor and Declan, my love always.Thanks to Anthony for his great insight into LE and the forensics scene, and the “AWE-some” brainstorming sessions.Thanks to Jaime and Andrew at Syngress. ISBN: 1-9 2899 4-7 0-9 ), contributing author and technical editor of Stealing The Network: How to Own The Box (Syngress, ISBN: 1-9 3183 6- 8 7-6 ), and is a frequent technical editor for the Hack Proofing