[...]... Operating 10 .89 .14 4 .13 3 10 .89 .14 4 .14 0 10 .89 .14 4 .15 5 10 .89 .14 4 .15 4 10 .89 .14 4 .16 6 10 .89 .14 4.2 41 80 80 80 22 80 25 Cisco device Cisco device Windows NT 4.0 Unknown Windows 2000 Sun (WWW) (WWW) (WWW), 443 (SSL) (SSH) (WWW), 443 (SSL) (SMTP) I had this list, but now I needed to find out some more information First off, the Cisco devices—what were they? Were they routers or switches? Since I had access to the Web... What if they had the guts and skills to perform sophisticated attacks? After a few drinks, the authors of the book you are holding in your hands were quick to speculate on what would be possible Now, they have taken the time and effort to create 10 stories exploring just what it would take to own the network When the movie War Games came out in 19 83, it galvanized my generation and got me into hacking... exploits and Windows-based exploits From there, I break down these two categories into the subcategories of remote and local.Then I subdivide the remote and local categories into exploits for various services .The next level is the breakdown of the exploits based on the operating system they affect The structure of the attack tree is mirrored in the attack tree directory structure If I needed an exploit... for network devices like Cisco routers and switches I have a directory dedicated to default passwords for various systems and accounts All in all, I have a pretty big toolbox for cracking into networks Once I get into a system, I usually try to dump out either the SAM or capture the UNIX password and shadow files If I can get those, then I download them to my local system and run them through John the. .. someone wants to fix some of their internal boxes, they won’t have to run around to the consoles.Then I go ahead and change it to do a whole range of IP addresses, so admins can use it on their whole internal network at once When everyone gets to work tomorrow, they’re going to need all the help they can get I do it in C so I can compile it to a exe, since most people won’t have the Windows perl installed... e-commerce stuff separated from their corporate network, which sounds reasonable to me.That made it easy for me to decide how I would approach their network I would look at the corporate network, rather than their data center, since I figured they probably had tighter security on their data center www.syngress.com 249_StealThis_ 01. qxd 4 /18 /03 6:20 PM Page 3 Hide and Sneak • Chapter 1 Tools First off, my platform... closeout.Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen.They said, “policy is policy,” and “didn’t you read the fine print?” Well, if they’re going to take that position… Look, they were okay guys on the whole.They just needed a bit of a lesson.That’s all So, there I was, the day after Christmas, with nothing to do .The family gathering was... take time, especially when the network admins have made the effort to secure the network Anyway, I had another Cisco device to check out as well.This one wasn’t susceptible to the same bug It actually wanted a username and password to get to privileged EXEC mode Well, I now had two passwords to try: the VTY password from the router (attack) and the enable password (cisco) The enable password got me... that’s worth selling to a competitor, or maybe to get hired on with them And can you xv 249_StealThis_TOC qxd xvi 4 /18 /03 5:55 PM Page xvi Contents imagine the looks on their faces when they find out they were hacked? If only I could be a fly on the wall Chapter 9 211 BabelNet—Dan Kaminsky Black Hat Defense: Know Your Network Better Than The Enemy Can Afford To SMB—short for Server... both at the same end of the spectrum, the rest of the world on the other end.There really is no difference between responsible hacking and evil hacking Either way it’s hacking .The only difference is the content Perhaps that is why it is so natural for a black hat to go legit, and why it is so easy for a white hat to go black .The line between the two is fine, mostly defined by ethics and law .To the hacker, . stealing your network. 249_StealThis_TOC. qxd 4 /18 /03 5:55 PM Page xvii 249_StealThis_TOC. qxd 4 /18 /03 5:55 PM Page xviii Stealing the Network: How to Own the Box is a unique book in the fiction. to use the root.exe and make the infected boxes TFTP down my tool and fix themselves. Maybe by putting it out there some idiot will volunteer himself. Otherwise the tool won’t do much good, the. . . .15 5 Flying the Friendly Skies—Joe Grand Not only am I connected to the private wireless network, I can also access the Internet. Once I’m on the network, the underlying wireless protocol