734 port 1170 Psyber Stream Server, Streaming Audio Trojan, Voice port 1234 Ultors Trojan port 1243 BackDoor-G, SubSeven, SubSeven Apocalypse port 1245 VooDoo Doll port 1269 Mavericks Matrix port 1349 (UDP) BO DLL port 1492 FTP99CMP port 1509 Psyber Streaming Server port 1600 Shivka-Burka port 1807 SpySender port 1981 Shockrave port 1999 BackDoor port 1999 TransScout port 2000 TransScout port 2001 TransScout port 2001 Trojan Cow port 2002 TransScout port 2003 TransScout (continues) port 2004 TransScout port 2005 TransScout port 2023 Ripper port 2115 Bugs port 2140 DeepThroat, The Invasor port 2155 Illusion Mailer port 2283 HVL Rat5 port 2565 Striker port 2583 WinCrash port 2600 Digital RootBeer port 2801 Phineas Phucker port 2989 (UDP) RAT port 3024 WinCrash port 3128 RingZero port 3129 Masters Paradise port 3150 DeepThroat, The Invasor port 3459 Eclipse 2000 port 3700 Portal of Doom 735 port 3791 Eclypse port 3801 (UDP) Eclypse port 4092 WinCrash port 4321 BoBo port 4567 File Nail port 4590 ICQTrojan port 5000 Bubbel, Back Door Setup, Sockets de Troie port 5001 Back Door Setup, Sockets de Troie port 5011 One of the Last Trojans (OOTLT) port 5031 NetMetro port 5321 Firehotcker port 5400 Blade Runner, Back Construction port 5401 Blade Runner, Back Construction port 5402 Blade Runner, Back Construction port 5512 Illusion Mailer port 5550 Xtcp port 5555 ServeMe (continues) port 5556 BO Facil port 5557 BO Facil port 5569 Robo-Hack port 5742 WinCrash port 6400 The Thing port 6669 Vampyre port 6670 DeepThroat port 6771 DeepThroat port 6776 BackDoor-G, SubSeven port 6912 Shit Heep (not port 69123!) port 6939 Indoctrination port 6969 GateCrasher, Priority, IRC 3 port 6970 GateCrasher port 7000 Remote Grab, Kazimas port 7300 NetMonitor port 7301 NetMonitor port 7306 NetMonitor port 7307 NetMonitor port 7308 NetMonitor 736 port 7789 Back Door Setup, ICKiller port 8080 RingZero port 9400 InCommand port 9872 Portal of Doom port 9873 Portal of Doom port 9874 Portal of Doom port 9875 Portal of Doom port 9876 Cyber Attacker port 9878 TransScout port 9989 Ini-Killer port 10067 (UDP) Portal of Doom port 10101 BrainSpy port 10167 (UDP) Portal of Doom port 10520 Acid Shivers port 10607 Coma port 11000 Senna Spy (continues) port 11223 Progenic Trojan port 12076 Gjamer port 12223 Hack´99 KeyLogger port 12345 GabanBus, NetBus, Pie Bill Gates, X-bill port 12346 GabanBus, NetBus, X-bill port 12361 Whack-a-mole port 12362 Whack-a-mole port 12631 WhackJob port 13000 Senna Spy port 16969 Priority port 17300 Kuang2 The Virus port 20000 Millennium port 20001 Millennium port 20034 NetBus 2 Pro port 20203 Logged port 21544 GirlFriend port 22222 Prosiak port 23456 Evil FTP, Ugly FTP, Whack Job port 23476 Donald Dick 737 port 23477 Donald Dick port 26274 (UDP) Delta Source port 29891 (UDP) The Unexplained port 30029 AOL Trojan port 30100 NetSphere port 30101 NetSphere port 30102 NetSphere port 30303 Sockets de Troie port 30999 Kuang2 port 31336 Bo Whack port 31337 Baron Night, BO Client, BO2, Bo Facil port 31337 (UDP) BackFire, Back Orifice, DeepBO port 31338 NetSpy DK port 31338 (UDP) Back Orifice, DeepBO port 31339 NetSpy DK port 31666 BOWhack (continues) port 31785 Hack´a´Tack port 31787 Hack´a´Tack port 31788 Hack´a´Tack port 31789 (UDP) Hack´a´Tack port 31791 (UDP) Hack´a´Tack port 31792 Hack´a´Tack port 33333 Prosiak port 33911 Spirit 2001a port 34324 BigGluck, TN port 40412 The Spy port 40421 Agent 40421, Masters Paradise port 40422 Masters Paradise port 40423 Masters Paradise port 40426 Masters Paradise port 47262 (UDP) Delta Source 738 port 50505 Sockets de Troie port 50766 Fore, Schwindler port 53001 Remote Windows Shutdown port 54320 Back Orifice 2000 port 54321 School Bus port 54321 (UDP) Back Orifice 2000 port 60000 DeepThroat port 61466 Telecommando port 65000 Devil 739 Appendix E What’s on the CD Appendix E contains an outline for the components included on the CD in the back of this book. Most of the programs herein can be executed directly from the CD, without local setup and configuration. The directory listing, in Figure E.1 below, contains the root folder categories for the outline in this Appendix. Figure E.1 Companion CD components. Figure E.2 Searching the Tiger Tools Repository. 740 Tiger Tools 2000 File: TT2K.HTM (Open with frames-compatible Web browser) Requirements: Windows/LINUX/Solaris/OS2/Mac; frames-compatible web browser With more than 15,000 security resources, Tiger Tools 2000 (see Figure E.2) is the largest repository and link structure on the Internet. Local Internet access is required to follow these hyperlinks. Also included in the repository is the complete, original Rainbow Books series, which encompasses the Department of Defense (DOD) Computer Security Standards. The series (so named because each book is a different color) evaluates ‘‘trusted computer systems,” according to the National Security Agency (NSA). To quickly search for a specific topic within this section, use your browser Edit/Find menu function. TigerSuite (see Chapter 12) File: TSmobile.EXE (Execute to run TS from the CD) File: TSsetup.EXE (Execute to install on local hard drive) Requirements: Windows 9x, NT, 2000 TigerSuite is the first complete TigerBox tool set; it was designed and programmed by the author for the new Windows generation, and is being released for the first time in this book. TigerSuite was developed to provide network security tools unique to the computer industry and sorely needed by individuals, commercial organizations, network professionals, and corporate managers concerned with maintaining a secure network. Such security violations include personal attacks, external attacks, and internal attempts at viewing or leveraging confidential company information against the organization or individual. This suite can be used to facilitate an analysis to examine, test, and secure personal computers and networks for and against security vulnerabilities. The goal of the TigerSuite is to take the mystery out of security and to bring it directly to the consumer and/or technology professional, where it belongs. Chapter 5 Scanning exploitable security holes and keeping track of those that are receptive or useful to a particular need is not new. A scanner program reports these receptive listeners, analyzes weaknesses, and cross-references those vulnerabilities with a database of known hack methods for further explication. The scanner process can be broken down into three steps: locating nodes, performing service discoveries on them, and testing those services for known security holes. This directory contains various scanners defined in Chapter 5. jakal File: UNIX jakal.c.gz Requirements: Linux/Solaris 741 Among scanners, jakal is among the more popular of the “stealth” or “half-scan” variety. nmap File: UNIX nmap-2.53.tgz Requirements: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, IRIX, BSDI The nmap utility is world-renowned for port-scanning large networks, although it works well on single hosts, too. SAFEsuite Requirements: Windows NT, Linux, Solaris, SunOS, HPUX, AIX SAFEsuite is a security application that also identifies security ‘‘hot spots” in a network. SATAN File: UNIX satan_tar.gz Requirements: Linux, Solaris, IRIX As the acronym defines, a security administrator’s tool for analyzing networks. Chapter 8 Numerous vulnerability penetrations are used to substantiate and take advantage of breaches uncovered during the discovery and site scan phases of a security analysis. Hackers typically use these methods to gain administrative access, and to break through and control computers, servers, and internetworking equipment. Backdoor Kits Files: UNIX telnet-acker.c, UNIX crackpipe.c Hackers often want to preserve access to systems that they have penetrated even in the face of obstacles such as new firewalls, filters, proxies, and/or patched vulnerabilities. To accomplish this, the attacker must install a backdoor that does the job and is not easily detectable. Flooders Files: UNIX ping.c, UNIX pong.c, UNIX synflood.c Hackers use malicious penetration attacks, known as flooding, to render some or all network services unavailable. Log Bashers Files: UNIX cloaker.c, UNIX convert.c, UNIX W95klog.c 742 Hackers use audit-trail editing as a method to cover their tracks when accessing a system, using log bashers, wipers, and track-editing mechanisms such as anti-keyloggers. Mail Bombers and Spammers Files: avalanch.zip bombsquad.zip upyours.zip Mail bombs are examples of malicious harassment in the technological age. Mail bombs are actually email messages that are used to crash a recipient’s electronic mailbox, or spammed by sending unauthorized mail using illicit SMTP gateways. Password Crackers Forget your password? Have your passwords been destroyed? Need access to password-protected files or systems? Did former employees leave without unprotecting their files? Or do you simply want to learn how hackers gain access to your network, system, and secured files? If so, these files can help recover passwords. Programs: BIODemo IPC PassG115 PWDump UnSecure v1.2 Ami BIOS Cracker Ami BIOS Decoder Award BIOS v4.22 Password Cracker Kill CMOS WINBIOS Snap Cracks POP CAIN 743 CracPk18 UNIX POP3HACK.C RiPFTPServer WebCrack Aim1 Aim2 Aim3 Arjcrack UNIX ASMCrack256 Autohack Award azpr244 Breakzip brkarj10 claymore10 cmos cmoscrack UNIX crack-2a.tgz cracker13 crakerjack crackfaq crackpc datecrac [...]... Agiplan AI AIDS II Aircop Akuku Alabama Alameda Albania Alcon Alex Alex-818 Alexander Alfo Alfons Alien Alphabet Alphastrike Always.2000 AM/AccessiV AM/Cross Ambulance Amilia AmiMacro Amoeba AMSE Amstrad ANANAS Anarkia Andryushka Angarsk Angelina Angus Animus AniSR1 Anna Anthrax anti-CDA Anti-Cmos Anti-D Anti- Exe Anti-MIT Anti-tel AntiCAD AntiChrist AntiCMOS AntiDMV AntiExe Antimon AntiNS AntiPascal AntiPascal... Bewarebug BFD Big Caibua Big Joke BigMouse BillMe Biological Warfare Bios BIOSPASS Birdie Bit Addict Bizatch Black Jec 753 AOL4FREE Apache Apilapil Apocalipse Apocalypse Apocalypse-2 Appder April 1 COM April 1 EXE Arab Aragon ARCV-1 Arf Argentina ARJ250 ARCV.Anna.737 Backformat Backtime Bad Boy Bad Taste BadGuy BadSector Bait Bamestra Banana Bandit Bandung Bang Baobab Barcelona Barrotes BatMan_II Black... AntiPascal II Anto Anxiety .A Anxiety.B AOL AOL.PWSTEAL AOL.Trojan Armagedon Arriba Arusiek Ash Ash-743 Asstral_Zeuss ASStrall_Zeuss Astra Astral AT AT II Atas Athens Atom Attention August 16th Avalanche AZEUSS-1 Azusa B1 Baba.470 Baba.700 Baboon Baby Back Orifice Backfont Backform BAT.Orag BBS-1643 Beast Bebe Bebe-486 Beer Beijing Beryllium Best Wishes Best Wishes-970 Beta Betaboys Better World Beware... CyberAIDS D2D D3 DA’BOYS Dad Dada Dagger Dalian Damage Damage-2 DAME Daniel Danish Tiny Danish Tiny.163 Danish Tiny.476 Danube Dark Dark Avenger Dark End Dark Lord DarkElf Darkside Dash-em Data Molester DataCrime Datacrime II Datalock Datalock -104 3 Date Datos David Davis Day10 dBASE DBF Virus Deadbabe Dir-II.Byway Dir.Byway DirFill Dutch Tiny Dutch Tiny-124 Dutch Tiny-99 755 Death to Msoft Death to Pascal... Tout Manitoba Mannequin Manowar Manta Manuel Many Fingers Manzon Mao Marauder Marauder-560 Marburg Mardi Bros Markj Markt Mars Land Math-Test Matra Matura Mcgy McWhale MDMA MDMA.AK MDMA.BE MDMA.C Meatgrinder Media Meditation Melissa Meme Memorial Memorial Abend Memory Lapse Memphis.98.MMS Mendoza Mental Merde Messina Metal Thunder MG MGTU MH-757 Michelangelo Micro-128 Microbes Microelephant Microsofa Migram... man Girafe Gliss Globe Glupak GMB Gnu Goblin Goblin .A Gold Goldbug Goldfish Gomb Good News Good Times Goodbye Gorg Gonzal.60 Gosia Got You Gotcha Gotcha-D Gotcha-E Gotcha-F Hacker HCarry.826 Hackingburgh Haddock Hafenstrasse Haifa Haifa Halloechen Hamster Hanger Hanta Happy Happy Birthday Happy Day Happy Monday Happy New Year Harakiri Hare Hare.7750 Hare.7786 Hark Harkone Harry Hippie Hitchcock Hitchcock.1238... Quiz Qumma Quox R-440 Raadioga Radiosys Rage Rainbow Rape Rape -10 Rape-11 Rape-2.2 Rapi Rasek Raubkopie Ravage Ray Razer RD Euthanasia Readiosys Reboot Reboot Patcher Red Diavolyata Red Diavolyata-662 Red Spider Red-Zar Redspide Redstar RedTeam RedX Reggie Reklama Relzfu Replicator.472 Replicator.767 Replicator.815 Replicator.888 REQ! Requires Rescue Reset RMA- hh RNA2 Rock Steady Rogue Roma Rosen RP... SMEG.Pathogen SMEG.Queeg Smile Smiley Snake Socha Sofa Solano Sorry Soupy South African Sova Spanish Spanska Spanska .100 0 Spanska.1120.B Spanska.1500 Spanska.4250 Spanska_II Spanz Sparkle Spartak.1360 Sparse Spirit Spreader Squawk Squeaker Squisher SSSSS Stanco Staog Stardot Stardot-600 Stat STEALTH_B KOH Stealth_boot STEALTH_C STELBOO Steroid Stickykeys Stigmata StinkFoot Stoned Stoned.Angelina Stoned.i... Bravo Brazil Breasts Breeder Brenda Budfrogs Budo Buero Bug Bug70 Bug_070 Bugs Bugsres Bukit BUPT Buptboot Burger Burger 382 Burger 405 Burghofer Burglar Busted Butterfly Butthead BW Bye Byway Bzz Bzz-based C-23693 Cabanas Cabanas.B Cadkill Cancer Cansu Cantando CAP CAP.dam Capital Capitall Captain Trips CARA Cascade .a Casino Casper Catholic Caz CB-1530 CB-4111 CC CD CDC-BO CDC-BO .A CDC-BO.Addon .A. .. Lizard Loading Bootstrap Locker Login Loki Lomza Londhouse Lord Zer0 Lordzero Loslobos Love LoveChild Love You, I Lowercase Lozinsky lpt1 Lucifer Ludwig_Boot_Bait Ludwig_EXE_Bait Lunch Lyceum Lyceum-1788 Lyceum-1832 LZR Macabi Macedonia MacGyver Macho Macro Macro.Access Macro.Excel Macro.Word Mad Satan MadMan Mages.604 Mages.606 759 Magnitogorsk Major MajorBBS Malaga Malaise Malmsey Maltese Amoeba Mange- . Aircop Akuku Alabama Alameda Albania Alcon Alex Alex-818 Alexander Alfo Alfons Alien Alphabet Alphastrike Always.2000 AM/AccessiV AM/Cross Ambulance Amilia AmiMacro Amoeba AMSE. AMSE Amstrad ANANAS Anarkia Andryushka Angarsk Angelina Angus Animus AniSR1 Anna Anthrax anti-CDA Anti-Cmos Anti-D Anti-Exe Anti-MIT Anti-tel AntiCAD AntiChrist AntiCMOS AntiDMV. AntiExe Antimon AntiNS AntiPascal AntiPascal II Anto Anxiety .A Anxiety.B AOL AOL.PWSTEAL AOL.Trojan Armagedon Arriba Arusiek Ash Ash-743 Asstral_Zeuss ASStrall_Zeuss Astra