Hacking Exposed 6 by Mcclure, Scambray & Kurtz

[M00rlicious]

I borrowed three books from the library today, one of them being "Hacking Exposed 6"

As I can be considered completely new to hacking I am going to share you chapter by chapter(probably?) what I'm learning and what is interesting to me. Please join in my quest for knowledge and we will make this a good learning experience.

[Goatboy]

You really do not need to make three separate posts about basically the same thing without adding any value between them.

[M00rlicious]

I thought it was necessary because they are 3 different books.

[Goatboy]

If you had added significant information about the books, I would agree with you. All of those posts could have gone neatly into one, maybe neatened up a bit with some formatting. Would look a lot nicer and keep forum clutter to a minimum.

[M00rlicious]

I just finished chapter 1 which is about Footprinting. I understand and agree that it is the first and a very important step before you do anything, though i don't really understand certain things. For example; Searching the dumpster of a certain person/company just to have extra information(not even necesarrily IT-related.)

Should I/a hacker really be busy with such odd activities?
Isn't it enough to just sit behind our desk and gather whatever information is necesarry?

Also, in the first casestudy it mentioned about "Joe Hacker" can make someones life miserable by just typing in google

intitle:test.page.for.apache "It worked!" "This web site"

and find out whatever information he needs to penetrate and attack a random website.

What I missed was how to find a specific target, are there any preffered ways you guys use?

-- Sun Dec 29, 2013 11:43 am --

Chapter 2; Portscanning

A question I have is it possible to prevent your ports being scanned without pulling your plug to the internet?

-- Sun Dec 29, 2013 12:08 pm --

Chapter 3 enumeration;

It is pretty straightforward and describes various enumeration techniques.

Though I have a question about the Novell enumeration technique; Is Novell still much used?

[fashizzlepop]

Finding targets: Research Google dorks. There are many ways to use Google to find targets (assuming you don't care *who* you are targeting). Google allows you to search for various error messages, HTML comments, etc. This can lead you to hundreds of websites that were built with identical software with known vulnerabilities.

Portscanning: no. Your best bet is to just make sure your firewall rules are bullet proof. Port scanning is just recon. If you can pinpoint those doing recon, you can probably block them. This is just a very breif intro to general system administration/security.

Novell: still used in a lot schools and probably some less up-to-date companies. Wouldn't hurt to be familiar with it.

[WallShadow]

actually there are ways to prevent port scanning. you can set up a port knocking system which listens for traffic and explicitly opens ports only when a specific combination of packets and messages are found at specific ports and sequences. i've never used it, but i imagine it doesn't show up on a port scan as the ports are explicitly closed until the proper 'knock' is heard.

[fashizzlepop]

this is possible. It doesn't prevent portscanning per se, but it does add a layer of obscurity.