Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Network Security Tools
A Note Regarding Supplemental Files
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We’d Like to Hear from You
Safari Enabled
Acknowledgments
I. Modifying and Hacking Security Tools
1. Writing Plug-ins for Nessus
The Nessus Architecture
Installing Nessus
Using Nessus
The NASL Interpreter
Hello World
Datatypes and Variables
Numbers
Strings
Arrays and Hashes
Local and Global Variables
Operators
Arithmetic Operators
Comparison Operators
Assignment Operators
if...else
Loops
for
foreach
repeat...until
while
Functions
Predefined Global Variables
TRUE and FALSE
NULL
Script Categories
Network Encapsulation
Important NASL Functions
Strings
Simple string manipulation functions
Finding and replacing strings
Conversions
Plug-in Descriptions
Knowledge Base
Reporting Functions
Nessus Plug-ins
Probing for Anonymous FTP Access
Using Packet Forgery to Perform a Teardrop Attack
Scanning for CGI Vulnerabilities
Probing for VNC Servers
Installing Your Own Plug-in
2. Developing Dissectors and Plug-ins for the Ettercap Network Sniffer
Installing and Using Ettercap
Writing an Ettercap Dissector
Overview of FTP Authentication
The FTP Password Dissector
Writing an Ettercap Plug-in
The find_tcp_conn Plug-in
find_tcp_conn.c
3. Extending Hydra and Nmap
Extending Hydra
Overview of Hydra
Overview of SMTP Authentication
Adding Additional Protocols to Hydra
Implementing SMTP-AUTH in Hydra
Complete Source to hydra-smtpauth.c
Quick Reference to Hydra Functions
void hydra_child_exit(int code)
void hydra_register_socket(int sock)
char *hydra_get_next_pair( )
char *hydra_get_next_login( )
char *hydra_get_next_password( )
void hydra_completed_pair( )
void hydra_completed_pair_found( )
void hydra_report_found(int port, char *svc, FILE *fp)
void hydra_report_found_host (int port, unsigned int ip, char *svc, FILE *fp)
void hydra_report_found_host_msg (int port, unsigned int ip, char *svc, FILE *fp, char *msg)
int hydra_connect_tcp(unsigned long int host, int port)
int hydra_connect_ssl(unsigned long int host, int port)
int hydra_connect_udp(unsigned long int host, int port)
int hydra_disconnect(int socket)
int hydra_data_ready_writing_timed(int socket, long sec, long usec)
int hydra_data_ready_writing(int socket)
int hydra_data_ready_timed(int socket, long sec, long usec)
int hydra_data_ready(int socket)
int hydra_recv(int socket, char *buf, int length)
char *hydra_receive_line(int socket)
int hydra_send(int socket, char *buf, int size, int options)
int make_to_lower(char *buf)
unsigned char hydra_conv64(unsigned char in)
void hydra_tobase64(unsigned char *buf)
void hydra_dump_asciihex(unsigned char *string, int length)
Adding Service Signatures to Nmap
The nmap-service-probes File
Probes
Matches
Soft matches
ports
sslports
totalwaitms
4. Writing Plug-ins for the Nikto Vulnerability Scanner
Installing Nikto
Using Nikto
Nikto Under the Hood
Nikto’s Program Flow
Nikto’s Plug-in Interface
Existing Nikto Plug-ins
Adding Custom Entries to the Plug-in Databases
.db Files Associated with the nikto_core Plug-in
outdated.db for the nikto_outdated Plug-in
realms.db for the nikto_realms Plug-in
server_msgs.db for the nikto_msgs Plug-in
Using LibWhisker
Writing an NTLM Plug-in for Brute-Force Testing
Writing a Standalone Plug-in to Attack Lotus Domino
5. Writing Modules for the Metasploit Framework
Introduction to MSF
Overview of Stack Buffer Overflows
Memory Segments and Layout
How a Buffer Overflows and Why It Matters
Shellcode
Putting It All Together: Exploiting a Program
Writing Exploits for MSF
Writing a Module for the MnoGoSearch Overflow
Setting Up the Bug
The Evolution of a Working Exploit Module
Writing an Operating System Fingerprinting Module for MSF
Operating System Fingerprinting and p0f
Setting Up and Modifying p0f
Writing the p0f_socket Module
6. Extending Code Analysis to the Webroot
Attacking Web Applications at the Source
Scope of a Web Application
Symptomatic Code Approach
Symptom Code
User-Controllable Input
Toolkit 101
Symptom Code Databases
PMD
PMD Rulesets
Installing and Running PMD
Extending PMD
Objectives
Code Walkthrough
ASTCompilationUnit
ASTClassBodyDeclaration
ASTMethodDeclaration
ASTMethodDeclarator
ASTAdditiveExpression
Data tracing
SqlInjectionExample.java
DynSqlSelectStmts.java
dynamicsql.xml
II. Modifying and Hacking Security Tools
7. Fun with Linux Kernel Modules
Hello World
hello_world.c
Compiling and Testing hello_world
Intercepting System Calls
The System Call Table
strace Is Your Friend
Forcing Access to sys_call_table
intercept_open.c
Compiling and testing intercept_open
Intercepting sys_unlink( ) Using System.map
intercept_unlink.c
Compiling and testing intercept_unlink
Intercepting sys_exit( ) in 2.4 Kernels
intercept_exit.c
Compiling and testing intercept_exit
Hiding Processes
hidepid.c
Compiling and Testing hidepid
Hiding from netstat
hide_sshd.c
Compiling and Testing hide_sshd
8. Developing Web Assessment Tools and Scripts
Web Application Environment
HTTP
SSL
Perl and LWP
Web Application Vulnerabilities
Designing the Scanner
Functional Requirements
Scanner Design
parseLog.pl
simpleScanner.pl
Generating Test Data
Building the Log Parser
Building the Scanner
Printing Output
printReport subroutine
Parsing the Input File
Making an HTTP Request
makeRequest subroutine
Parameter-Based Testing
sqlTest subroutine
xssTest subroutine
Directory-Based Testing
dirList subroutine
dirPut subroutine
Using the Scanner
Complete Source Code
simpleScanner.pl
parseLog.pl
9. Automated Exploit Tools
SQL Injection Exploits
Exploit Categories
Exploit Techniques
Error-based SQL injection
Blind SQL injection
The Exploit Scanner
Exploit Logic
The Code
sqlOrTest subroutine
sqlBlindColumnTest subroutine
sqlBlindDataTypeTest subroutine
sqlUnionTest subroutine
sqlColumnTest subroutine
sqlDataTypeTest subroutine
Using the Scanner
10. Writing Network Sniffers
Introduction to libpcap
Why Use libpcap?
Installing libpcap
Getting Started with libpcap
Overview of Arpsniff
Identify the Network Interface
Open the Network Interface
Configure Packet-Capture Options
Capture and Process Packets
Close Down
Arpsniff
libpcap and 802.11 Wireless Networks
802.11 Monitor Mode
Adapting Arpsniff to 802.11
libpcap and Perl
Arpsniff in Perl
libpcap Library Reference
Lookup Functions
pcap_lookupdev
pcap_findalldevs
pcap_lookupnet
pcap_freealldevs
Packet-Capture Functions
pcap_open_live
pcap_next
pcap_next_ex
pcap_loop
pcap_dispatch
pcap_setnonblock
pcap_getnonblock
pcap_set_datalink
pcap_compile
pcap_compile_nopcap
pcap_setfilter
pcap_freecode
pcap_breakloop
pcap_fileno
pcap_close
pcap_open_dead
Save and Dump File Functions
pcap_open_offline
pcap_dump_open
pcap_dump
pcap_dump_close
pcap_dump_flush
pcap_major_version
pcap_minor_version
pcap_file
pcap_is_swapped
Status Functions
pcap_datalink
pcap_list_datalinks
pcap_snapshot
pcap_stats
pcap_lib_version
pcap_datalink_name_to_val
pcap_datalink_val_to_name
pcap_datalink_val_to_description
Error-Handling Functions
pcap_geterr
pcap_strerror
pcap_perror
11. Writing Packet-Injection Tools
Introduction to libnet
Installing libnet
Getting Started with libnet
Writing the I am Tool
Initializing the Session
Building the Protocol Blocks
Sending the Packet
Cleaning Up
The I am Tool Source Code
Advanced libnet Functions
Accessing Raw Packet Data
Context Queues
Combining libnet and libpcap
Overview of SYNplescan
Creating the SYN Packet
Capturing the Responses
The SYNplescan Tool Source Code
Introducing AirJack
Installing AirJack
Using AirJack
Overview of reinject
Using sockets with AirJack
The reinject Tool Source Code
Index
About the Authors
Colophon
Copyright
← Prev
Back
Next →
← Prev
Back
Next →