731986-Hacker's Desk Reference - The MH DeskReference

Table of Contents
=Part One=
=Essential background Knowledge=
[0.0.0] Preface
[0.0.1] The Rhino9 Team
[0.0.2] Disclaimer
[0.0.3] Thanks and Greets
[1.0.0] Preface To NetBIOS
[1.0.1] What is NetBIOS?
[1.0.2] NetBIOS Names
[1.0.3] NetBIOS Sessions
[1.0.4] NetBIOS Datagrams
[1.0.5] NetBEUI Explained
[1.0.6] NetBIOS Scopes
[1.2.0] Preface to SMB's
[1.2.1] What are SMB's?
[1.2.2] The Redirector
[2.0.0] What is TCP/IP?
[2.0.1] FTP Explained
[2.0.2] Remote Login
[2.0.3] Computer Mail
[2.0.4] Network File Systems
[2.0.5] Remote Printing
[2.0.6] Remote Execution
[2.0.7] Name Servers
[2.0.8] Terminal Servers
[2.0.9] Network-Oriented Window Systems
[2.1.0] General description of the TCP/IP protocols
[2.1.1] The TCP Level
[2.1.2] The IP level
[2.1.3] The Ethernet level
[2.1.4] Well-Known Sockets And The Applications Layer
[2.1.5] Other IP Protocols
[2.1.6] Domain Name System
[2.1.7] Routing
[2.1.8] Subnets and Broadcasting
[2.1.9] Datagram Fragmentation and Reassembly
[2.2.0] Ethernet encapsulation: ARP
[3.0.0] Preface to the WindowsNT Registry
[3.0.1] What is the Registry?
[3.0.2] In Depth Key Discussion
[3.0.3] Understanding Hives
[3.0.4] Default Registry Settings
[4.0.0] Introduction to PPTP
[4.0.1] PPTP and Virtual Private Networking
[4.0.2] Standard PPTP Deployment
[4.0.3] PPTP Clients
[4.0.4] PPTP Architecture
[4.0.5] Understanding PPTP Security
[4.0.6] PPTP and the Registry
[4.0.7] Special Security Update
[5.0.0] TCP/IP Commands as Tools
[5.0.1] The Arp Command
[5.0.2] The Traceroute Command
[5.0.3] The Netstat Command
[5.0.4] The Finger Command
[5.0.5] The Ping Command
[5.0.6] The Nbtstat Command
[5.0.7] The IpConfig Command
[5.0.8] The Telnet Command
[6.0.0] NT Security
[6.0.1] The Logon Process
[6.0.2] Security Architecture Components
[6.0.3] Introduction to Securing an NT Box
[6.0.4] Physical Security Considerations
[6.0.5] Backups
[6.0.6] Networks and Security
[6.0.7] Restricting the Boot Process
[6.0.8] Security Steps for an NT Operating System
[6.0.9] Install Latest Service Pack and applicable hot-fixes
[6.1.0] Display a Legal Notice Before Log On
[6.1.1] Rename Administrative Accounts
[6.1.2] Disable Guest Account
[6.1.3] Logging Off or Locking the Workstation
[6.1.4] Allowing Only Logged-On Users to Shut Down the Computer
[6.1.5] Hiding the Last User Name
[6.1.6] Restricting Anonymous network access to Registry
[6.1.7] Restricting Anonymous network access to lookup account names and network
shares
[6.1.8] Enforcing strong user passwords
[6.1.9] Disabling LanManager Password Hash Support
[6.2.0] Wiping the System Page File during clean system shutdown
[6.2.1] Protecting the Registry
[6.2.2] Secure EventLog Viewing
[6.2.3] Secure Print Driver Installation
[6.2.4] The Schedule Service (AT Command)
[6.2.5] Secure File Sharing
[6.2.6] Auditing
[6.2.7] Threat Action
[6.2.8] Enabling System Auditing
[6.2.9] Auditing Base Objects
[6.3.0] Auditing of Privileges
[6.3.1] Protecting Files and Directories
[6.3.2] Services and NetBios Access From Internet
[6.3.3] Alerter and Messenger Services
[6.3.4] Unbind Unnecessary Services from Your Internet Adapter Cards
[6.3.5] Enhanced Protection for Security Accounts Manager Database
[6.3.6] Disable Caching of Logon Credentials during interactive logon.
[6.3.7] How to secure the %systemroot%\repair\sam._ file
[6.3.8] TCP/IP Security in NT
[6.3.9] Well known TCP/UDP Port numbers
[7.0.0] Preface to Microsoft Proxy Server
[7.0.1] What is Microsoft Proxy Server?
[7.0.2] Proxy Servers Security Features
[7.0.3] Beneficial Features of Proxy
[7.0.4] Hardware and Software Requirements
[7.0.5] What is the LAT?
[7.0.6] What is the LAT used for?
[7.0.7] What changes are made when Proxy Server is installed?
[7.0.8] Proxy Server Architecture
[7.0.9] Proxy Server Services: An Introduction
[7.1.0] Understanding components
[7.1.1] ISAPI Filter
[7.1.2] ISAPI Application
[7.1.3] Proxy Servers Caching Mechanism
[7.1.4] Windows Sockets
[7.1.5] Access Control Using Proxy Server
[7.1.6] Controlling Access by Internet Service
[7.1.7] Controlling Access by IP, Subnet, or Domain
[7.1.8] Controlling Access by Port
[7.1.9] Controlling Access by Packet Type
[7.2.0] Logging and Event Alerts
[7.2.1] Encryption Issues
[7.2.2] Other Benefits of Proxy Server
[7.2.3] RAS
[7.2.4] IPX/SPX
[7.2.5] Firewall Strategies
[7.2.6] Logical Construction
[7.2.7] Exploring Firewall Types
[7.2.3] NT Security Twigs and Ends
=Part Two=
=The Techniques of Survival=
[8.0.0] NetBIOS Attack Methods
[8.0.1] Comparing NAT.EXE to Microsoft's own executables
[8.0.2] First, a look at NBTSTAT
[8.0.3] Intro to the NET commands
[8.0.4] Net Accounts
[8.0.5] Net Computer
[8.0.6] Net Config Server or Net Config Workstation
[8.0.7] Net Continue
[8.0.8] Net File
[8.0.9] Net Group
[8.1.0] Net Help
[8.1.1] Net Helpmsg message#
[8.1.2] Net Localgroup
[8.1.3] Net Name
[8.1.4] Net Pause
[8.1.5] Net Print
[8.1.6] Net Send
[8.1.7] Net Session
[8.1.8] Net Share
[8.1.9] Net Statistics Server or Workstation
[8.2.0] Net Stop
[8.2.1] Net Time
[8.2.2] Net Use
[8.2.3] Net User
[8.2.4] Net View
[8.2.5] Special note on DOS and older Windows Machines
[8.2.6] Actual NET VIEW and NET USE Screen Captures during a hack
[9.0.0] Frontpage Extension Attacks
[9.0.1] For the tech geeks, we give you an actual PWDUMP
[9.0.2] The haccess.ctl file
[9.0.3] Side note on using John the Ripper
[10.0.0] WinGate
[10.0.1] What Is WinGate?
[10.0.2] Defaults After a WinGate Install
[10.0.3] Port 23 Telnet Proxy
[10.0.4] Port 1080 SOCKS Proxy
[10.0.5] Port 6667 IRC Proxy
[10.0.6] How Do I Find and Use a WinGate?
[10.0.7] I have found a WinGate telnet proxy now what?
[10.0.8] Securing the Proxys
[10.0.9] mIRC 5.x WinGate Detection Script
[10.1.0] Conclusion
[11.0.0] What a security person should know about WinNT
[11.0.1] NT Network structures (Standalone/WorkGroups/Domains)
[11.0.2] How does the authentication of a user actually work
[11.0.3] A word on NT Challenge and Response
[11.0.4] Default NT user groups
[11.0.5] Default directory permissions
[11.0.6] Common NT accounts and passwords
[11.0.7] How do I get the admin account name?
[11.0.8] Accessing the password file in NT
[11.0.9] Cracking the NT passwords
[11.1.0] What is 'last login time'?
[11.1.1] Ive got Guest access, can I try for Admin?
[11.1.2] I heard that the %systemroot%\system32 was writeable?
[11.1.3] What about spoofin DNS against NT?
[11.1.4] What about default shared folders?
[11.1.5] How do I get around a packet filter-based firewall?
[11.1.6] What is NTFS?
[11.1.7] Are there are vulnerabilities to NTFS and access controls?
[11.1.8] How is file and directory security enforced?
[11.1.9] Once in, how can I do all that GUI stuff?
[11.2.0] How do I bypass the screen saver?
[11.2.1] How can tell if its an NT box?
[11.2.2] What exactly does the NetBios Auditing Tool do?
[12.0.0] Cisco Routers and their configuration
[12.0.1] User Interface Commands
[12.0.2] disable
[12.0.3] editing
[12.0.4] enable
[12.0.5] end
[12.0.6] exit
[12.0.7] full-help
[12.0.8] help
[12.0.9] history
[12.1.0] ip http access-class
[12.1.1] ip http port
[12.1.2] ip http server
[12.1.3] menu (EXEC)
[12.1.4] menu (global)
[12.1.5] menu command
[12.1.6] menu text
[12.1.7] menu title
[12.1.8] show history
[12.1.9] terminal editing
[12.2.0] terminal full-help (EXEC)
[12.2.1] terminal history
[12.2.2] Network Access Security Commands
[12.2.3] aaa authentication arap
[12.2.4] aaa authentication enable default
[12.2.5] aaa authentication local-override
[12.2.6] aaa authentication login
[12.2.7] aaa authentication nasi
[12.2.8] aaa authentication password-prompt
[12.2.9] aaa authentication ppp
[12.3.0] aaa authentication username-prompt
[12.3.1] aaa authorization
[12.3.2] aaa authorization config-commands
[12.3.3] aaa new-model
[12.3.4] arap authentication
[12.3.5] clear kerberos creds
[12.3.6] enable last-resort
[12.3.7] enable use-tacacs
[12.3.8] ip radius source-interface
[12.3.9] ip tacacs source-interface
[12.4.0] kerberos clients mandatory
[12.4.1] kerberos credentials forward
[12.4.2] kerberos instance map
[12.4.3] kerberos local-realm
[12.4.4] kerberos preauth
[12.4.5] kerberos realm
[12.4.6] kerberos server
[12.4.7] kerberos srvtab entry
[12.4.8] kerberos srvtab remote
[12.4.9] key config-key
[12.5.0] login tacacs
[12.5.1] nasi authentication
[12.5.2] ppp authentication
[12.5.3] ppp chap hostname
[12.5.4] ppp chap password
[12.5.5] ppp pap sent-username
[12.5.6] ppp use-tacacs
[12.5.7] radius-server dead-time
[12.5.8] radius-server host
[12.5.9] radius-server key
[12.6.0] radius-server retransmit
[12.6.1] show kerberos creds
[12.6.2] show privilege
[12.6.3] tacacs-server key
[12.6.4] tacacs-server login-timeout
[12.6.5] tacacs-server authenticate
[12.6.6] tacacs-server directed-request
[12.6.7] tacacs-server key
[12.6.8] tacacs-server last-resort
[12.6.9] tacacs-server notify
[12.7.0] tacacs-server optional-passwords
[12.7.1] tacacs-server retransmit
[12.7.2] tacacs-server timeout
[12.7.3] Traffic Filter Commands
[12.7.4] access-enable
[12.7.5] access-template
[12.7.6] clear access-template
[12.7.7] show ip accounting
[12.7.8] Terminal Access Security Commands
[12.7.9] enable password
[12.8.0] enable secret
[12.8.1] ip identd
[12.8.2] login authentication
[12.8.3] privilege level (global)
[12.8.4] privilege level (line)
[12.8.5] service password-encryption
[12.8.6] show privilege
[12.8.7] username
[12.8.8] A Word on Ascend Routers
[13.0.0] Known NT/95/IE Holes
[13.0.1] WINS port 84
[13.0.2] WindowsNT and SNMP
[13.0.3] Frontpage98 and Unix
[13.0.4] TCP/IP Flooding with Smurf
[13.0.5] SLMail Security Problem
[13.0.6] IE 4.0 and DHTML
[13.0.7] 2 NT Registry Risks
[13.0.8] Wingate Proxy Server
[13.0.9] O'Reilly Website uploader Hole
[13.1.0] Exchange 5.0 Password Caching
[13.1.1] Crashing NT using NTFS
[13.1.2] The GetAdmin Exploit
[13.1.3] Squid Proxy Server Hole
[13.1.4] Internet Information Server DoS attack
[13.1.5] Ping Of Death II
[13.1.6] NT Server's DNS DoS Attack
[13.1.7] Index Server Exposes Sensitive Material
[13.1.8] The Out Of Band (OOB) Attack
[13.1.9] SMB Downgrade Attack
[13.2.0] RedButton
[13.2.1] FrontPage WebBot Holes
[13.2.2] IE and NTLM Authentication
[13.2.3] Run Local Commands with IE
[13.2.4] IE can launch remote apps
[13.2.5] Password Grabbing Trojans
[13.2.6] Reverting an ISAPI Script
[13.2.7] Rollback.exe
[13.2.8] Replacing System .dll's
[13.2.9] Renaming Executables
[13.3.0] Viewing ASP Scripts
[13.3.1] .BAT and .CMD Attacks
[13.3.2] IIS /..\.. Problem
[13.3.3] Truncated Files
[13.3.4] SNA Holes
[13.3.5] SYN Flooding
[13.3.6] Land Attack
[13.3.7] Teardrop
[13.3.8] Pentium Bug
[14.0.0] VAX/VMS Makes a comeback (expired user exploit)
[14.0.1] Step 1
[14.0.2] Step 2
[14.0.3] Step 3
[14.0.4] Note
[15.0.0] Linux security 101
[15.0.1] Step 1
[15.0.2] Step 2
[15.0.3] Step 3
[15.0.4] Step 4
[15.0.5] Step 5
[15.0.6] Step 6
[16.0.0] Unix Techniques. New and Old.
[16.0.1] ShowMount Technique
[16.0.2] DEFINITIONS
[16.0.3] COMPARISION TO THE MICROSOFT WINDOWD FILESHARING
[16.0.4] SMBXPL.C
[16.0.5] Basic Unix Commands
[16.0.6] Special Chracters in Unix
[16.0.7] File Permissions Etc..
[16.0.8] STATD EXPLOIT TECHNIQUE
[16.0.9] System Probing
[16.1.0] Port scanning
[16.1.1] rusers and finger command
[16.1.2] Mental Hacking, once you know a username
[17.0.0] Making a DDI from a Motorola Brick phone
[18.0.0] Pager Programmer
[19.0.0] The End