Cyber Operations Building, Defending, and Attacking Modern Computer Networks [2nd edition]
9781484242933, 9781484242940, 1484242939, 1484242947
Know how to set up, defend, and attack computer networks with this revised and expanded second edition.
You will learn
202
9
26MB
English
Pages 1134
[1151]
Year 2019
Report DMCA / Copyright
DOWNLOAD PDF FILE
Table of contents :
Table of Contents......Page 5
About the Author......Page 21
About the Technical Reviewer......Page 22
Acknowledgments......Page 23
Introduction......Page 24
Virtualization Tools......Page 29
Installing a VMWare Guest......Page 30
Managing VMWare Guests......Page 31
Networking in VMWare......Page 32
VMWare Tools......Page 33
Installing a VirtualBox Guest......Page 34
Managing VirtualBox Guests......Page 35
Networking in VirtualBox......Page 37
VirtualBox Guest Additions......Page 38
Networking in CentOS......Page 39
Networking in OpenSuSE......Page 42
Networking in Ubuntu......Page 44
Configuring Software Repositories......Page 46
Configuring yum in CentOS......Page 47
Configuring zypper in OpenSuSE......Page 49
Configuring apt in Ubuntu......Page 50
Services......Page 52
VirtualBox Guest Additions......Page 53
Installing VirtualBox Guest Additions on OpenSuSE......Page 54
Installing VirtualBox Guest Additions on Ubuntu, Mint, and Kali......Page 55
Installing Java on CentOS......Page 56
Installing Adobe Flash Player on CentOS......Page 58
Installing Java on OpenSuSE......Page 59
Installing Adobe Flash Player on OpenSuSE......Page 60
Installing Java on Ubuntu......Page 61
Installing Adobe Flash Player on Ubuntu......Page 62
Installing Java and Adobe Flash Player on Mint......Page 63
Building Windows Systems......Page 64
Installation......Page 65
Configuring Windows Update......Page 66
Configuring Windows Defender......Page 67
Networking on Windows......Page 68
Browsers on Windows......Page 71
Notes and References......Page 73
Building Linux Systems......Page 74
Building Windows Systems......Page 75
Ethics......Page 78
Vulnerabilities......Page 79
Configuring the Metasploit Internal Database......Page 80
Selecting the Exploit......Page 81
Choosing the Payload......Page 83
Launching the Exploit......Page 86
Interacting with Meterpreter......Page 87
Metasploit Sessions......Page 88
Metasploit Modules for Internet Explorer......Page 89
Starting the Exploit......Page 92
Choosing the Payload......Page 94
Interacting with the Shell......Page 96
Metasploit Modules for Firefox......Page 98
Attack: Firefox Proxy Prototype Privileged Javascript Injection......Page 99
Configuring the Exploit......Page 100
Configuring the Payload......Page 101
Launching the Exploit as a Background Job......Page 102
Interacting with the Shell......Page 103
Metasploit Modules for Adobe Flash Player......Page 104
Configuring the Exploit......Page 109
Configuring the Payload......Page 110
Launching the Exploit as a Background Job......Page 111
Interacting with the Shell......Page 112
Metasploit Modules for Java......Page 113
Configuring the Exploit......Page 115
Configuring the Payload......Page 117
Launching the Exploit as a Background Job......Page 118
Interacting with the Shell......Page 119
Configuring the Exploit and Payload......Page 120
Java Security Settings......Page 121
Configuring the Malware......Page 123
Generating the Malware......Page 124
Handlers......Page 125
Interacting with the Shell......Page 126
Malware Attack: Linux ELF......Page 127
Help......Page 128
Managing Sessions......Page 129
Commands......Page 130
Networking......Page 131
File System......Page 133
Processes......Page 134
Migrating Processes......Page 136
Creating Additional Sessions......Page 138
Channels......Page 140
Armitage......Page 142
Notes and References......Page 144
References......Page 146
Who......Page 148
Last......Page 149
Aureport......Page 150
GNU Accounting Tools......Page 151
Top......Page 153
Netstat......Page 154
Lsof......Page 155
The /proc Directory......Page 157
Detect: Java JAX-WS Remote Code Execution......Page 158
Detect: Firefox XCS Code Execution......Page 164
PsLoggedon......Page 168
LogonSessions......Page 169
Tasklist......Page 171
Sc......Page 172
Task Manager......Page 173
Process Explorer......Page 174
Netstat......Page 176
TCPView......Page 177
Detect: MS13-055 CAnchorElement......Page 178
Detect: Adobe Flash Player Shader Buffer Overflow......Page 181
Wireshark......Page 184
Detect: Java JAX-WS Remote Code Execution......Page 187
Notes and References......Page 190
Namespaces......Page 192
Installing BIND......Page 193
Building a Master......Page 195
named.conf......Page 196
Forward Zone......Page 197
Reverse Zone......Page 200
Scripting......Page 201
Loopbacks......Page 202
Controlling the Nameserver......Page 204
Starting BIND on Linux......Page 205
Starting BIND on Windows......Page 208
Completing the Installation......Page 210
Building a Slave......Page 211
Nslookup......Page 214
Dig: Host Name Query......Page 216
Dig: Response Fields......Page 217
Dig: Any Query......Page 218
Dig: Specifying the Server......Page 219
Dig: Zone Transfers......Page 220
Controlling Zone Transfers......Page 221
Rndc: Updating Zone Data......Page 222
Rndc: Server Control and Statistics......Page 223
Rndc: Logging DNS Queries......Page 224
BIND Version Reporting......Page 225
Forwarders......Page 226
Example: TKEY CVE 2015-5477......Page 228
Example: Buffer.c CVE 2016-2776......Page 231
Recursion and DNS Amplification Attacks......Page 232
Notes and References......Page 235
NMap: Basic Usage......Page 239
NMap: Ping Scans......Page 241
NMap: Determining if the Host Is Alive......Page 242
NMap: List Scans......Page 243
NMap: Stealth Scans......Page 244
NMap: UDP Scans......Page 246
NMap: Operating System Detection......Page 247
NMap: Scripts......Page 250
Zenmap......Page 252
Network Scanning and Metasploit......Page 253
Metasploit Database......Page 254
Metasploit Scanning Modules......Page 256
Custom Metasploit Modules......Page 258
Notes and References......Page 260
Installation on Windows Server 2012 and Later......Page 261
Installation on Windows Server 2008 R2......Page 265
Windows DNS......Page 266
Scripting Windows DNS......Page 268
Conditional Forwarding and Server Forwarding......Page 270
Recursion......Page 271
DNS Logging......Page 272
Stub Zones and Slave Zones......Page 274
Adding OpenSuSE Systems to a Windows Domain......Page 276
Adding Linux Systems to a Windows Domain Using PowerBroker Open......Page 277
Adding Users......Page 283
Scripting and PowerShell......Page 285
Organizing a Domain......Page 288
Groups and Delegation......Page 291
Remote Server Administration Tools......Page 292
Group Policy......Page 293
Group Policy Example: Directory Creation......Page 295
Group Policy Example: Software Restriction Policies......Page 296
Adding a Second Domain Controller......Page 298
Notes and References......Page 299
Managing a Domain......Page 300
Organizing a Domain......Page 301
Managing Systems Remotely......Page 302
SMB Firewall Rules......Page 303
Remote File Access......Page 304
Drive Mapping......Page 305
Managing Users and Groups......Page 306
Services......Page 307
Registry......Page 308
RPC Firewall Rules......Page 309
Scheduled Tasks......Page 310
Managing the Firewall Remotely......Page 311
Sysinternals Tools......Page 312
Psexec......Page 314
Enabling WinRM; Firewall Rules......Page 315
Winrs......Page 316
PowerShell......Page 317
WMI Structure......Page 318
Using WinRM to Enumerate WMI Data......Page 321
Windows Query Language (WQL)......Page 323
Using WinRM to Set WMI Values......Page 325
Using WinRM to Invoke WMI Methods......Page 326
Creating a WMI Namespace and Class......Page 328
WQL Schema Queries......Page 331
WMI Consumer Example: USB Connections......Page 332
WMI Consumer Example: PowerShell Start or Stop......Page 334
WMI Consumer Example: User Logon/Logoff......Page 336
Using wmic to Interact with WMI......Page 339
Using wmic to Enumerate WMI Data......Page 340
Using wmic to Invoke WMI Methods......Page 341
Using PowerShell to Interact with WMI......Page 342
Using Other Languages to Interact with WMI......Page 345
Using Linux to Interact with WMI......Page 346
Installation Without a GUI......Page 347
Adding or Removing the GUI......Page 348
Configuring a Server Without a GUI......Page 350
Managing the Firewall......Page 351
Configuring the Firewall to Allow SMB......Page 353
Configuring the Firewall to Allow RPC......Page 354
Allowing Windows Remote Management via the Command Line......Page 355
Windows Server 2012 and Later......Page 356
Windows Server 2008 R2......Page 357
Notes and References......Page 359
Useful WMI Classes......Page 360
Useful WMI Events......Page 367
Useful WMI Subscription Classes......Page 368
References......Page 369
Windows Reconnaissance......Page 371
Determining Privileges......Page 372
Determining the Domain......Page 373
Determining the Users......Page 374
Determining Privileges......Page 377
Determining the Domain......Page 378
Determining the Users......Page 379
Bypassing UAC......Page 380
Bypassing UAC by Asking......Page 383
Bypassing UAC via Injection......Page 386
Windows Privilege Escalation to SYSTEM......Page 388
Example: Windows 10-1504 and MS16-032 Secondary Logon Handle Privilege Escalation......Page 391
Example: Windows 8.1 and NtApphelpCacheControl......Page 393
Exploiting Insecure Configuration......Page 395
Always Install Elevated......Page 396
Local Administrator Password......Page 397
.dll Hijacking of IKEEXT......Page 400
Brute Force Attacks......Page 402
Network Hash Capturing......Page 405
LLMNR Poisoning and NBNS Poisoning......Page 408
WPAD and Responder......Page 411
Phishing for Credentials......Page 415
Dropping a Link......Page 418
Local Credential Gathering......Page 419
Cached Domain Credentials......Page 421
Token Impersonation and Incognito......Page 422
Mimikatz and Kiwi......Page 423
Cracking Hashes with John the Ripper......Page 428
Using Credentials Locally......Page 431
Windows Native Tools......Page 433
Psexec......Page 434
Wmiexec.py and smbexec.py......Page 436
Passing the Hashes......Page 437
Dumping Domain Hashes......Page 438
Notes and References......Page 440
Metasploit Tools......Page 442
Native Tools......Page 444
Example: Ubuntu 14.04 and Overlayfs Privilege Escalation......Page 445
Linux Direct Privilege Escalation......Page 448
Example: Ubuntu 15.04 Apport CVE-2015-1325 Local Privilege Escalation Vulnerability......Page 450
Uploading Files via a Simple Web Server......Page 451
Working with Limited Shells......Page 452
Completing the Attack......Page 453
Example: CentOS 6.3 and semtex.c......Page 454
Creating a Second Shell......Page 455
Completing the Attack......Page 456
Dirty COW......Page 457
Using Dirty COW......Page 458
Creating an Entry in /etc/passwd......Page 459
Using Dirty COW to Escalate Privileges......Page 461
Avoiding the Crash......Page 463
System cron Jobs......Page 464
User cron Jobs......Page 466
Exploiting cron......Page 469
SUID Programs......Page 470
Example: Exploiting SUID NMap......Page 471
Outline Placeholder......Page 472
Copying a File with netctat and /dev/tcp......Page 473
Notes and References......Page 474
Dirty COW......Page 475
Logging in Linux......Page 477
Syslog Messages......Page 478
Configuring the rsyslog Daemon on CentOS 6......Page 479
Configuring the rsyslog Daemon on Other Distributions......Page 481
Reading systemd-journald Logs with journalctl......Page 482
Configuring systemd-journald......Page 484
Spoofing Log Messages......Page 487
auditd......Page 488
Creating Auditd Rules......Page 489
Reading the Audit Log......Page 491
ausearch......Page 492
Sending Logs with Syslog......Page 494
Receiving Logs with syslog......Page 495
Spoofing Remote Logs......Page 496
Log Rotation......Page 497
Log Rotation with systemd-journald......Page 498
Logging in Windows......Page 499
Viewing Windows Logs......Page 503
Using PowerShell to View Logs......Page 504
PsLogList......Page 506
Clearing Logs......Page 508
Auditing File Access......Page 509
Remote Windows Logs......Page 512
Windows Event Collector......Page 513
Sysmon......Page 515
Using PowerShell to Query Sysmon Logs......Page 516
Sysmon Configuration......Page 520
Installing and Configuring Sysmon Across the Domain......Page 521
Integrating Windows and Linux Logs......Page 523
Notes and References......Page 524
Msfvenom......Page 528
Msfvenom Example: Linux ELF 64-bit Executable......Page 529
Msfvenom Architectures......Page 530
Msfvenom Formats......Page 531
Msfvenom Payloads......Page 533
Msfvenom Example: Java......Page 534
Msfvenom Example: Python......Page 535
Msfvenom Templates......Page 537
Veil-Evasion......Page 538
Persistence Using the Windows Startup Folder......Page 543
Persistence Using Registry Startup Keys......Page 544
Persistence Using Registry Winlogon Key......Page 546
Metasploit Registry-Only Persistence......Page 547
Metasploit Registry File System Persistence......Page 550
Schtasks: User-Level Persistence at Fixed Times......Page 551
Schtasks: Advanced Scheduling Options......Page 553
DLL Hijacking......Page 554
Custom Services for Windows Persistence......Page 555
WMI Persistence......Page 557
Tracking Failed Logons......Page 558
Configuring Web Delivery to Serve Malware......Page 560
Adding the Entry to the WMI Database......Page 562
Removing the Persistence......Page 564
WMI Persistence Using Metasploit......Page 565
Determining the Domain SID......Page 567
Determining the Hash for Krbtgt......Page 568
Creating a Golden Ticket......Page 569
Using a Golden Ticket......Page 570
Metasploit Golden Tickets......Page 572
Persistence Using ~/.bash_profile or ~/.profile and Local Malware......Page 573
Persistence Using ~/.bashrc and Web Delivered Malware......Page 576
Root Persistence Using System Cron Jobs and Local Malware......Page 578
User Persistence Using Cron Jobs......Page 579
Custom Services for Linux Persistence......Page 580
Linux Persistence via Services Using Metasploit......Page 582
Other Approaches......Page 584
Windows Persistence......Page 585
WMI Persistence......Page 586
Golden Tickets......Page 587
Introduction......Page 588
Software Restriction Policies: Shortcuts......Page 589
Software Restriction Policies: Subdirectories......Page 591
Logs Generated by Software Restriction Policies......Page 592
Bypassing Software Restriction Policies via Web Delivery......Page 594
PowerShell Execution Policy......Page 596
Bypassing PowerShell Execution Policy......Page 597
PowerShell Language Mode......Page 598
Bypassing Constrained Language Mode......Page 601
Blocking PowerShell......Page 603
Autoruns......Page 605
Using PowerShell to Detect Startup Persistence in a Domain......Page 606
Detecting Changes to Startup......Page 607
Registry Persistence......Page 610
WOW6432Node......Page 611
Autoruns......Page 612
Enumerating the Hosts on a Domain......Page 613
Using psexec to Detect Registry Persistence in a Domain......Page 614
Autoruns and PowerShell......Page 615
Auditing Registry Changes......Page 616
Scheduled Tasks......Page 617
Schtasks......Page 618
Task Scheduler......Page 619
Blocking the Creation of Scheduled Tasks via Group Policy......Page 620
Service Persistence......Page 621
Detecting Services on Remote Systems Using sc......Page 622
Detecting Recently Added Services......Page 624
Detecting WMI Persistence on a Domain......Page 625
Using Sysmon to Detect WMI Modifications......Page 628
Password Length, Complexity, and Rotation......Page 629
Account Lockouts......Page 630
Cached Domain Logons......Page 631
WDigest Registry......Page 632
LSA Protection......Page 633
Mimikatz Detection via Sysmon......Page 634
Finding the Local Administrator Account......Page 639
Limiting the Local Administrator Account......Page 640
The Local Administrator Password Solution (LAPS)......Page 641
Watching the Network......Page 645
Disable LLMNR......Page 646
Disable NetBIOS over TCP/IP......Page 647
DNS Entries for WPAD......Page 650
Detecting Responder Attacks on the Network......Page 651
Controlling Lateral Movement......Page 653
Firewall Source IP Rules......Page 654
Logging SMB Use......Page 655
Logging PSEXEC Use......Page 656
Blocking PSEXEC Use......Page 659
SMB Version 1......Page 660
Logging WinRM Use......Page 661
Logging WMI Queries......Page 663
PowerShell......Page 666
WMI......Page 667
Networking......Page 668
Detecting Lateral Movement......Page 669
Linux Client Programs......Page 670
Scp and Sftp Clients......Page 671
OpenSSH Server on CentOS 5, 6......Page 673
OpenSSH Server on CentOS 7......Page 674
OpenSSH Server on OpenSuSE......Page 675
OpenSSH Server on Mint and Ubuntu......Page 676
OpenSSH Server: Networking and Protocol......Page 677
OpenSSH Server: Key Locations......Page 678
OpenSSH Server: Key Creation......Page 679
OpenSSH Server: Authentication......Page 680
OpenSSH Server: Public Key Authentication......Page 681
Protecting SSH Keys......Page 683
OpenSSH Server: Other Authentication Methods......Page 684
OpenSSH Server: X11 Forwarding......Page 685
PuTTY......Page 686
PuTTY Agents and Other Options......Page 688
Attacks Against SSH......Page 689
Enumerating Users via SSH......Page 692
Attacking Passphrase Protected SSH Keys......Page 694
Securing OpenSSH......Page 696
SSHGuard......Page 697
SSHGuard 2.1 on CentOS 7.3 Using TCP Wrappers......Page 698
SSHGuard 2.1 on OpenSuSE 13.2 Using iptables......Page 700
SSHGuard 1.5 on CentOS 5.9......Page 703
FTP Servers......Page 705
Connecting to FTP Servers......Page 707
Creating a File Share from the Command Line......Page 708
Creating a File Share from File Explorer......Page 709
Windows Server 2012, 2012 R2, or 2016......Page 710
Windows Server 2008......Page 713
Accessing SMB File Shares......Page 714
Drive Mapping Using Group Policy......Page 715
Creating Individual SMB File Shares on a Windows File Server......Page 716
Installing and Controlling Samba......Page 719
Samba Configuration......Page 720
Command-Line Interface to Samba......Page 723
Version Detection......Page 725
Share Detection......Page 726
User Detection......Page 729
Preventing Brute Force Attacks......Page 730
Eternal Red/SambaCry......Page 731
Stopping Eternal Red / SambaCry......Page 733
Remote Desktop......Page 734
Persistence via Remote Desktop and Sticky Keys......Page 736
Enabling Remote Desktop via Metasploit......Page 737
Enabling Sticky Keys......Page 738
Notes and References......Page 739
Apache Installation......Page 742
Installing Apache on CentOS......Page 743
Installing Apache on OpenSuSE......Page 744
Installing Apache on Ubuntu and Mint......Page 745
Version and Module Structure of Apache......Page 746
Configuring Apache on CentOS......Page 747
Configuring Apache on OpenSuSE......Page 748
Configuring Apache on Ubuntu and Mint......Page 749
Loading Apache Modules in OpenSuSE......Page 750
Module Configuration: Apache Status......Page 751
SetHandler Directives......Page 753
Controlling Access via Require Directives......Page 754
Apache Status from the Browser......Page 755
Apache Status from the Apache Control Program......Page 756
Module Configuration: User Directories......Page 758
UserDir Directives......Page 761
Options Directive......Page 762
Apache Modules: Aliases......Page 763
Loading the CGI Module......Page 764
Configuring the CGI Module; ScriptAlias......Page 765
CGI Script: Example......Page 767
Logs and Logging......Page 768
LogFormat Directive......Page 769
CustomLog Directive......Page 770
Parsing Access Logs with Scripts......Page 771
Configuring a Virtual Host......Page 773
NameVirtualHost Directives......Page 774
VirtualHost Directive......Page 775
Building a Virtual Host on TCP/8080......Page 776
Apache Modules: ssl_module......Page 777
SSLProtocol and Ciphers......Page 778
Selecting Protocols and Ciphers......Page 780
SSL/TLS Keys......Page 781
SSL/TLS Self-Signed Certificate......Page 782
SSL/TLS Certificate Signing Request......Page 784
CA Keys......Page 785
CA Certificate......Page 786
Signing a .csr......Page 787
Redirection......Page 788
Testing HTTP Connections......Page 789
Testing HTTPS Connections......Page 790
htpasswd......Page 793
Configuring Basic Authentication......Page 795
Installing ModSecurity on OpenSuSE......Page 797
Installing ModSecurity on Ubuntu and Mint......Page 798
ModSecurity Logging......Page 799
ModSecurity Temporary Data......Page 801
ModSecurity Rules......Page 802
Installing the CRS on OpenSuSE......Page 804
Installing the CRS on Ubuntu and Mint......Page 805
Notes and References......Page 806
Configuring EPEL......Page 808
Installation......Page 810
IIS Manager......Page 811
Managing Multiple Web Servers from IIS Manager......Page 812
Web Sites......Page 814
Adding a Second Web Site......Page 815
Error Messages......Page 818
Virtual Directories......Page 819
Command-Line Tools......Page 820
Access Control......Page 822
Request Filtering......Page 824
Authentication......Page 825
Managing Web Server Certificates......Page 826
Windows System Certificates......Page 827
Managing Remote Servers......Page 828
Creating a Certificate Signing Request......Page 829
Completing a Certificate Signing Request......Page 830
Choosing SSL/TLS Protocols and Ciphers......Page 831
Redirection......Page 832
Logs and Logging......Page 833
ModSecurity......Page 836
Notes and References......Page 839
Extracting Credentials from Internet Explorer......Page 841
Using PasswordFox Against Windows......Page 843
Using PasswordFox Against Linux......Page 845
Firefox Master Password......Page 846
Ettercap......Page 847
Generating an SSL/TLS Certificate for MitM......Page 848
Ettercap ARP Poisoning......Page 849
SSLStrip......Page 853
Password Attacks......Page 854
Burp Suite Web Proxy......Page 855
Burp Suite Brute Force Password Attacks......Page 857
Custom Password Attacks......Page 862
Installing mod_evasive on CentOS 5......Page 863
Installing mod_evasive on OpenSuSE......Page 864
Configuring mod_evasive......Page 865
Heartbleed......Page 866
ShellShock......Page 870
Notes and References......Page 876
Network Firewalls......Page 877
IPFire......Page 879
Installing IPFire......Page 880
IPFire Initial Configuration......Page 881
Network Traffic Rules......Page 883
Configuring the Network......Page 884
External Alias Addresses......Page 887
Web Proxies......Page 890
Egress Filtering on the Internal (GREEN) Network......Page 892
Egress Filtering from the Firewall......Page 893
IPFire Features......Page 894
Impact of Egress Filters......Page 895
Reconnaissance Beyond the Firewall......Page 896
Determining the Network......Page 897
ARP Scans Through the Firewall......Page 898
Domain Identification Through a Firewall......Page 899
Proxy Detection......Page 900
DNS and DHCP Identification......Page 901
SSH SOCKS5 Proxy......Page 902
ProxyChains......Page 903
Using Proxies with Metasploit......Page 904
Using Metasploit Routes as Pivots......Page 906
Metasploit Port Scan Through a Pivot......Page 907
Metasploit Pivot as a SOCKS4a Proxy......Page 908
Mapping Egress Filter Rules......Page 909
Obtaining IPFire Administrative Credentials......Page 911
Pivoting to IPFire......Page 912
Attacking IPFire......Page 913
Notes and References......Page 915
Installation......Page 917
Installing MySQL and MariaDB on Linux......Page 918
MySQL 5.5 on Windows......Page 919
MySQL 5.6 on Windows......Page 920
MySQL 5.7 on Windows......Page 921
MariaDB on Windows......Page 923
The mysql Client......Page 924
HeidiSQL......Page 927
Initial Connections on CentOS or OpenSuSE......Page 928
Initial Connections on Mint and Ubuntu......Page 929
Initial Connections on Windows......Page 930
The Table mysql.user......Page 932
Initial Values in mysql.user......Page 933
Changing Passwords in MySQL ≤ 5.6......Page 935
Changing Authentication Plugins......Page 936
Creating Users......Page 937
The MySQL Password Hashing Algorithm......Page 939
The User debian-sys-maint......Page 940
Wildcards......Page 942
Privileges......Page 943
Viewing Assigned Privileges......Page 945
Assigning Privileges......Page 946
Revoking Privileges......Page 948
FILE Privileges......Page 949
Securing the Initial Installation......Page 950
MySQL Configuration Files......Page 951
MySQLAdmin......Page 953
The MySQL History......Page 954
Network Scanning for MySQL/MariaDB......Page 955
Identifying MySQL Users......Page 957
Brute Force Password Attacks Against MySQL and MariaDB......Page 958
CVE 2012-2122 User Login Vulnerability......Page 960
Cracking MySQL/MariaDB Hashes......Page 961
CVE 2012-5613 Windows FILE Privilege Attack......Page 962
Notes and References......Page 965
Downloading Snort......Page 966
Installing Snort Dependencies on OpenSuSE......Page 967
Installing Snort Dependencies on CentOS 5......Page 968
Installing Snort Dependencies on Mint or Ubuntu......Page 969
Snort as a Packet Sniffer......Page 970
Installing Precompiled Rules......Page 975
Starting Snort as an Intrusion Detection System......Page 976
Running Snort as an IDS on OpenSuSE......Page 977
Running Snort as an IDS on Windows......Page 979
Creating Custom Snort Rules......Page 980
Snort and Packet Captures......Page 982
Snort Users and Permissions......Page 983
Configuring Snort as a Service on CentOS 5/6......Page 984
Configuring Snort as a Service on CentOS 7......Page 985
Configuring Snort as a Service on Mint or Ubuntu......Page 986
Configuring Snort as a Service on OpenSuSE......Page 987
Snort as a Windows Service......Page 988
Snort Variables......Page 990
Snort Rule Locations......Page 991
Stream Preprocessor......Page 992
HTTP Preprocessor......Page 993
ARP Spoof Detection......Page 994
Sensitive Data and Other Preprocessors......Page 995
Controlling Snort Output from the Command Line......Page 996
Snort Unified Log......Page 997
Snort Rules......Page 998
Snort and EternalBlue......Page 999
Notes and References......Page 1000
Installing PHP on Linux......Page 1002
Testing PHP on CentOS......Page 1003
Configuring PHP as an Apache Module on CentOS......Page 1004
Configuring PHP as a CGI Module on CentOS......Page 1005
Configuring PHP......Page 1006
PHP on OpenSuSE......Page 1007
PHP 7 on OpenSuSE 42.2, 42.3......Page 1008
Testing PHP on OpenSuSE......Page 1009
Configuring PHP as a CGI Module on OpenSuSE......Page 1010
Configuring PHP......Page 1011
PHP on Mint or Ubuntu......Page 1012
Configuring PHP as a CGI Module on Mint or Ubuntu......Page 1014
XAMPP Installation......Page 1017
SSL/TLS with XAMPP......Page 1020
The XAMPP Configuration and Security Pages......Page 1023
PHP on IIS......Page 1025
Testing the Installation......Page 1026
Installing the CGI Module on IIS......Page 1027
Configuring an IIS Handler for PHP......Page 1028
Configuring PHP......Page 1029
PHP Extensions......Page 1031
Register Globals......Page 1032
Include Vulnerabilities......Page 1035
Remote Include Vulnerabilities......Page 1038
Manually Exploiting a Remote Include Vulnerability......Page 1039
Exploiting a Remote Include Vulnerability with Metasploit......Page 1040
Configuring PHP......Page 1043
Determining the PHP Version......Page 1044
PHP CGI Argument Injection......Page 1046
PHP Persistence......Page 1049
PHP Persistence with Metasploit Malware......Page 1050
PHP Persistence with Weevely......Page 1052
Notes and References......Page 1055
phpMyAdmin on CentOS via yum......Page 1057
Configuring Apache for phpMyAdmin on CentOS......Page 1058
Configuring phpMyAdmin on CentOS......Page 1060
Using phpMyAdmin on OpenSuSE......Page 1061
Configuring Apache for phpMyAdmin on OpenSuSE......Page 1062
Configuring phpMyAdmin on OpenSuSE......Page 1063
phpMyAdmin on Mint/Ubuntu via apt......Page 1064
Configuring phpMyAdmin on Mint/Ubuntu......Page 1067
phpMyAdmin on Windows with XAMPP......Page 1069
phpMyAdmin on Windows with IIS......Page 1070
phpMyAdmin Feature Storage......Page 1072
Brute Force Password Attacks......Page 1074
Metasploit Attacks Against phpMyAdmin......Page 1079
Installing Joomla!......Page 1082
Example: Joomla! 3.0 on CentOS 6.3......Page 1083
Example: Joomla! 3.2 on Ubuntu 14.04......Page 1085
Example: Joomla! 3.3 on Windows Server 2012 with XAMPP 5.5.19......Page 1086
Example: Joomla! 3.4 on Windows Server 2016 with IIS......Page 1087
Example: Joomla! 3.6 on OpenSuSE 42.2......Page 1088
Using Joomla!......Page 1090
Attacking Joomla!......Page 1091
Brute Force Password Attacks......Page 1092
Joomla! Scanning......Page 1095
Metasploit Attacks Against Joomla!......Page 1097
PHP Persistence on Joomla! with Weevely......Page 1100
Example: WordPress 3.3 on Mint 12......Page 1102
Example: WordPress 3.5 on Windows Server 2012 with IIS......Page 1106
Example: WordPress 4.0 on OpenSuSE 13.2......Page 1107
Example: WordPress 4.1 on XAMPP 5.6.3 on Windows Server 2012 R2......Page 1108
Example: WordPress 4.3 on CentOS 7.2......Page 1109
WordPress Plugins......Page 1110
Attacking WordPress......Page 1111
Brute Force Password Attacks......Page 1112
WordPress Scanning......Page 1115
Metasploit Modules......Page 1118
Notes and References......Page 1119
Index......Page 1120