Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Discussion about particular books go here.
Forum rules
Please make title book name & author.
Books about computers or hacking get stickied

Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by M00rlicious on Fri Dec 27, 2013 7:07 pm
([msg=78617]see Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

I borrowed three books from the library today, one of them being "Hacking Exposed 6"

As I can be considered completely new to hacking I am going to share you chapter by chapter(probably?) what I'm learning and what is interesting to me. Please join in my quest for knowledge and we will make this a good learning experience.
M00rlicious
New User
New User
 
Posts: 17
Joined: Mon Dec 23, 2013 7:25 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by Goatboy on Sat Dec 28, 2013 1:00 am
([msg=78622]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

You really do not need to make three separate posts about basically the same thing without adding any value between them.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by M00rlicious on Sat Dec 28, 2013 3:45 am
([msg=78625]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

I thought it was necessary because they are 3 different books.
M00rlicious
New User
New User
 
Posts: 17
Joined: Mon Dec 23, 2013 7:25 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by Goatboy on Sat Dec 28, 2013 12:34 pm
([msg=78628]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

If you had added significant information about the books, I would agree with you. All of those posts could have gone neatly into one, maybe neatened up a bit with some formatting. Would look a lot nicer and keep forum clutter to a minimum.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by M00rlicious on Sun Dec 29, 2013 5:33 am
([msg=78642]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

I just finished chapter 1 which is about Footprinting. I understand and agree that it is the first and a very important step before you do anything, though i don't really understand certain things. For example; Searching the dumpster of a certain person/company just to have extra information(not even necesarrily IT-related.)

Should I/a hacker really be busy with such odd activities?
Isn't it enough to just sit behind our desk and gather whatever information is necesarry?

Also, in the first casestudy it mentioned about "Joe Hacker" can make someones life miserable by just typing in google

intitle:test.page.for.apache "It worked!" "This web site"

and find out whatever information he needs to penetrate and attack a random website.

What I missed was how to find a specific target, are there any preffered ways you guys use?

-- Sun Dec 29, 2013 11:43 am --

Chapter 2; Portscanning

A question I have is it possible to prevent your ports being scanned without pulling your plug to the internet?

-- Sun Dec 29, 2013 12:08 pm --

Chapter 3 enumeration;

It is pretty straightforward and describes various enumeration techniques.

Though I have a question about the Novell enumeration technique; Is Novell still much used?
M00rlicious
New User
New User
 
Posts: 17
Joined: Mon Dec 23, 2013 7:25 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by fashizzlepop on Sun Dec 29, 2013 6:35 pm
([msg=78650]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

Finding targets: Research Google dorks. There are many ways to use Google to find targets (assuming you don't care *who* you are targeting). Google allows you to search for various error messages, HTML comments, etc. This can lead you to hundreds of websites that were built with identical software with known vulnerabilities.

Portscanning: no. Your best bet is to just make sure your firewall rules are bullet proof. Port scanning is just recon. If you can pinpoint those doing recon, you can probably block them. This is just a very breif intro to general system administration/security.

Novell: still used in a lot schools and probably some less up-to-date companies. Wouldn't hurt to be familiar with it.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by WallShadow on Sun Dec 29, 2013 7:35 pm
([msg=78654]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

actually there are ways to prevent port scanning. you can set up a port knocking system which listens for traffic and explicitly opens ports only when a specific combination of packets and messages are found at specific ports and sequences. i've never used it, but i imagine it doesn't show up on a port scan as the ports are explicitly closed until the proper 'knock' is heard.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz

Post by fashizzlepop on Mon Dec 30, 2013 12:47 am
([msg=78658]see Re: Hacking Exposed 6 by Mcclure, Scambray & Kurtz[/msg])

this is possible. It doesn't prevent portscanning per se, but it does add a layer of obscurity.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)



Return to Books

Who is online

Users browsing this forum: No registered users and 0 guests