www.it-ebooks.info Gray Hat Hacking, Third Edition Reviews “Bigger, better, and more thorough, the Gray Hat Hacking series is one that I’ve enjoyed from the start. Always right on time information, always written by experts. The Third Edition is a must-have update for new and continuing security experts.” —Jared D. DeMott Principle Security Researcher, Crucial Security, Inc. “This book is a great reference for penetration testers and researchers who want to step up and broaden their skills in a wide range of IT security disciplines.” —Peter Van Eeckhoutte (corelanc0d3r) Founder, Corelan Team “I am often asked by people how to get started in the InfoSec world, and I point people to this book. In fact, if someone is an expert in one arena and needs a leg up in another, I still point them to this book. This is one book that should be in every security professional’s library—the coverage is that good.” —Simple Nomad Hacker “The Third Edition of Gray Hat Hacking builds upon a well-established foundation to bring even deeper insight into the tools and techniques in an ethical hacker’s arsenal. From software exploitation to SCADA attacks, this book covers it all. Gray Hat Hacking is without doubt the definitive guide to the art of computer security published in this decade.” —Alexander Sotirov Security Rockstar and Founder of the Pwnie Awards “Gray Hat Hacking is an excellent ‘Hack-by-example’ book. It should be read by anyone who wants to master security topics, from physical intrusions to Windows memory protections.” —Dr. Martin Vuagnoux Cryptographer/Computer security expert “Gray Hat Hacking is a must-read if you’re serious about INFOSEC. It provides a much- needed map of the hacker’s digital landscape. If you’re curious about hacking or are pursuing a career in INFOSEC, this is the place to start.” —Johnny Long Professional Hacker, Founder of Hackers for Charity.org www.it-ebooks.info This page intentionally left blank www.it-ebooks.info Gray Hat Hacking The Ethical Hacker’s Handbook Third Edition Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, and Terron Williams New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto www.it-ebooks.info Copyright © 2011 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-174256-6 MHID: 0-07-174256-5 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-174255-9, MHID: 0-07-174255-7. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefi t of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at [email protected]. Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGrawHill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. www.it-ebooks.info n^netsec Swimming with the Sharks? Get Peace of Mind. Are your information assets secure? Are you sure? N2NetSecurity's Information Security and Compliance Services give you the peace of mind of knowing that you have the best of the best in information Security on your side. Our deep technical knowledge ensures that our solutions are innovative and efficient and our extensive experience will help you avoid common and costly mistakes. N2NetSecurity provides information security services to government and private industry. We are a certified Payment Card Industry Qualified Security Assessor (PCI QSA). Our talented team includes Black Hat Instructors, received a 2010 Department of Defense CIO Award, and has coauthored seven leading IT books including Gray Hat Hacking: The Ethical Hacker's Handbook and Security Information Event Management Implementation. Contact us for a Free Gap Assessment and see how we can help you get peace of mind. Get Back to Normal, Back to Business! N2NetSecurity, Inc. www.n2netsec.com [email protected] 800.456.0058 www.it-ebooks.info StopHackersinTheirTracks HackingExposed, HackingExposed HackingExposedComputer 24DeadlySinsof 6thEdition Malware&Rootkits Forensics,2ndEdition SoftwareSecurity HackingExposedWireless, HackingExposed: HackingExposedWindows, HackingExposedLinux, 2ndEdition WebApplications,3rdEdition 3rdEdition 3rdEdition HackingExposedWeb2.0 ITAuditing, ITSecurityMetrics GrayHatHacking, 2ndEdition 3rdEdition Availableinprintandebookformats FollowusonTwitter@MHComputing www.it-ebooks.info Boost Your Security Skills (and Salary) with Expert Tn ming for CISSP Certification The Shon Harris ClSSP'-Solution is the perfect self-study training package not only for the CISSP*0 candidate or those renewing certification, but for any security pro who wants to increase their security knowledge and earning potential. Take advantage of this comprehensive multimedia package that lets you learn at your own pace and in your own home or office. This definitive set includes: ^ DVD set of computer-based training, over 34 hours of instruction on the Common Body of Knowledge, the 10 domains required for certification. In class instruction at your home CISSP55 All-in-One 5th Edition, the 1193 page best- " selling book by Shon Harris. 0 2,200+ page CISSP® Student Workbook developed by Shon Harris. ^Multiple hours of Shon Harris' lectures explaining the concepts in the CISSP® Student Workbook in MP3 format Complex concepts fully explained ^Bonus MP3 files with extensive review sessions for Everything you each domain. need to pass the CISSP1 exam. j Over 1,600 CISSP^ review questions to test your knowledge. 300+ Question final practice exam. more! Learn from the best! Leading independent authority and recog- nized CISSP'' training guru, Shon Harris, CISSPW, MCSE, delivers this definitive certification program packaged together and avail- able for the first time. Order today! Complete info at http://logicalsecurity.com/cissp CISSP K a registered certification mark of the International Information Systems Settirily Certification Cunscrtiurn, Jnc., aTso known as (ISC)!. No f ridersemant by, affiliation or association with (ISC)? ie impFiad. www.it-ebooks.info To my brothers and sisters in Christ, keep running the race. Let your light shine for Him, that others may be drawn to Him through you. —Allen Harper To my loving and supporting husband, David Harris, who has continual patience with me as I take on all of these crazy projects! —Shon Harris To Jessica, the most amazing and beautiful person I know. —Jonathan Ness For my train-loving son Aaron, you bring us constant joy! —Chris Eagle To Vincent Freeman, although I did not know you long, life has blessed us with a few minutes to talk and laugh together. —Terron Williams www.it-ebooks.info ABOUT THE AUTHORS Allen Harper, CISSP, PCI QSA, is the president and owner of N2NetSecurity, Inc. in North Carolina. He retired from the Marine Corps after 20 years and a tour in Iraq. Additionally, he has served as a security analyst for the U.S. Department of the Treasury, Internal Revenue Service, and Computer Security Incident Response Center (IRS CSIRC). He regularly speaks and teaches at conferences such as Black Hat and Techno. Shon Harris, CISSP, is the president of Logical Security, an author, educator, and secu- rity consultant. She is a former engineer of the U.S. Air Force Information Warfare unit and has published several books and articles on different disciplines within informa- tion security. Shon was also recognized as one of the top 25 women in information security by Information Security Magazine. Jonathan Ness, CHFI, is a lead software security engineer in Microsoft’s Security Response Center (MSRC). He and his coworkers ensure that Microsoft’s security up- dates comprehensively address reported vulnerabilities. He also leads the technical response of Microsoft’s incident response process that is engaged to address publicly disclosed vulnerabilities and exploits targeting Microsoft software. He serves one week- end each month as a security engineer in a reserve military unit. Chris Eagle is a senior lecturer in the Computer Science Department at the Naval Post- graduate School (NPS) in Monterey, California. A computer engineer/scientist for 25 years, his research interests include computer network attack and defense, computer forensics, and reverse/anti-reverse engineering. He can often be found teaching at Black Hat or spending late nights working on capture the flag at Defcon. Gideon Lenkey, CISSP, is the president and co-founder of Ra Security Systems, Inc., a New Jersey–based managed services company, where he specializes in testing the infor- mation security posture of enterprise IT infrastructures. He has provided advanced training to the FBI and served as the president of the FBI’s InfraGard program in New Jersey. He has been recognized on multiple occasions by FBI director Robert Muller for his contributions and is frequently consulted by both foreign and domestic govern- ment agencies. Gideon is a regular contributor to the Internet Evolution website and a participant in the EastWest Institute’s Cybersecurity initiative. Terron Williams, NSA IAM-IEM, CEH, CSSLP, works for Elster Electricity as a Senior Test Engineer, with a primary focus on smart grid security. He formerly worked at Nortel as a Security Test Engineer and VoIP System Integration Engineer. Terron has served on the editorial board for Hakin9IT Security Magazine and has authored articles for it. His inter- ests are in VoIP, exploit research, SCADA security, and emerging smart grid technologies. Disclaimer: The views expressed in this book are those of the authors and not of the U.S. government or the Microsoft Corporation. www.it-ebooks.info