Understanding Network Hacks (eBook)

Bastian Ballmann is a professional programmer, system engineer and member of the Chaos Computer Club since 2002. He holds lectures on network hijacking attacks as well as Bluetooth hacking and is the author of various security related tools like P.A.T.H., Blue diving and Chaosmap. In his free time he also writes the German Datenterrorist Blog and produced the podcasts Freibyte and Gesprächssituation about computer and security related stuff.

Preface 8
Contents 10
Introduction 14
Who Should Read This Book? 14
The Structure of the Book 14
The Most Important Security Principles 15
Chapter1 Installation 16
1.1 The Right Operating System 16
1.2 The Right Python Version 16
1.3 Development Environment 17
1.4 Python Modules 18
Chapter2 Network 4 Newbies 19
2.1 Components 19
2.2 Topologies 19
2.3 ISO/OSI Layer Model 21
2.4 Ethernet 22
2.5 VLAN 23
2.6 ARP 24
2.7 IP 24
2.8 ICMP 26
2.9 TCP 26
2.10 UDP 30
2.11 An Example Network 30
2.12 Architecture 31
2.13 Gateway 32
2.14 Router 32
2.15 Bridge 33
2.16 Proxies 33
2.17 Virtual Private Networks 33
2.18 Firewalls 34
2.19 Man-in-the-Middle-Attacks 35
Chapter3 Python Basics 36
3.1 Every Start Is Simple 36
3.2 The Python Philosophy 37
3.3 Data Types 38
3.4 Data Structures 39
3.5 Functions 40
3.6 Control Structures 41
3.7 Modules 43
3.8 Exceptions 44
3.9 Regular Expressions 44
3.10 Sockets 46
Chapter4 Layer 2 Attacks 48
4.1 Required Modules 48
4.2 ARP-Cache-Poisoning 48
4.3 ARP-Watcher 52
4.4 MAC-Flooder 54
4.5 VLAN Hopping 55
4.6 Let's Play Switch 55
4.7 ARP Spoofing Over VLAN Hopping 56
4.8 DTP Abusing 57
4.9 Tools 58
4.9.1 NetCommander 58
4.9.2 Hacker's Hideaway ARP Attack Tool 58
4.9.3 Loki 58
Chapter5 TCP/IP Tricks 59
5.1 Required Modules 59
5.2 A Simple Sniffer 59
5.3 Reading and Writing PCAP Dump Files 61
5.4 Password Sniffer 63
5.5 Sniffer Detection 65
5.6 IP-Spoofing 66
5.7 SYN-Flooder 67
5.8 Port-Scanning 68
5.9 Port-Scan Detection 71
5.10 ICMP-Redirection 73
5.11 RST Daemon 75
5.12 Automatic Hijack Daemon 77
5.13 Tools 80
5.13.1 Scapy 80
Chapter6 WHOIS DNS? 84
6.1 Protocol Overview 84
6.2 Required Modules 85
6.3 Questions About Questions 85
6.4 WHOIS 86
6.5 DNS Dictionary Mapper 87
6.6 Reverse DNS Scanner 88
6.7 DNS-Spoofing 91
6.8 Tools 94
6.8.1 Chaosmap 94
Chapter7 HTTP Hacks 95
7.1 Protocol Overview 95
7.2 Web Services 98
7.3 Required Modules 98
7.4 HTTP Header Dumper 99
7.5 Referer Spoofing 99
7.6 The Manipulation of Cookies 100
7.7 HTTP-Auth Sniffing 101
7.8 Webserver Scanning 102
7.9 SQL Injection 105
7.10 Command Injection 111
7.11 Cross-Site-Scripting 112
7.12 SSL Sniffing 113
7.13 Proxy Scanner 117
7.14 Proxy Port Scanner 119
7.15 Tools 121
7.15.1 SSL Strip 121
7.15.2 Cookie Monster 121
7.15.3 Sqlmap 122
7.15.4 W3AF 122
Chapter8 Wifi Fun 123
8.1 Protocol Overview 123
8.2 Required Modules 125
8.3 Wifi Scanner 126
8.4 Wifi Sniffer 127
8.5 Probe-Request Sniffer 128
8.6 Hidden SSID 129
8.7 MAC-Address-Filter 130
8.8 WEP 130
8.9 WPA 132
8.10 WPA2 134
8.11 Wifi-Packet-Injection 134
8.12 Playing Wifi Client 135
8.13 Deauth 137
8.14 Wifi Man-in-the-Middle 138
8.15 Wireless Intrusion Detection 143
8.16 Tools 144
8.16.1 WiFuzz 144
8.16.2 Pyrit 145
8.16.3 AirXploit 145
Chapter9 Feeling Bluetooth on the Tooth 146
9.1 Protocol Overview 146
9.2 Required Modules 147
9.3 Bluetooth-Scanner 148
9.4 SDP-Browser 149
9.5 RFCOMM-Channel-Scanner 149
9.6 OBEX 151
9.7 Blue Snarf Exploit 152
9.8 Blue Bug Exploit 153
9.9 Bluetooth-Spoofing 154
9.10 Sniffing 155
9.11 Tools 157
9.11.1 BlueMaho 157
Chapter10 Bargain Box Kung Fu 158
10.1 Required Modules 158
10.2 Spoofing E-mail Sender 158
10.3 DHCP Hijack 159
10.4 IP Brute Forcer 163
10.5 Google-Hacks-Scanner 164
10.6 SMB-Share-Scanner 165
10.7 Login Watcher 166
AppendixA Scapy Reference 170
A.1 Protocols 170
A.2 Functions 171
AppendixB Secondary Links 182
Index 184