Hacking Hacking 6th Edition by Kevin Beaver Hacking For Dummies®, 6th Edition Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com Copyright © 2018 by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc., and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS IN PREPARING THIS BOOK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS. THE ADVISE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A PROFESSIONAL WHERE APPROPRIATE. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2018944084 ISBN 978-1-119-48547-6 (pbk); ISBN 978-1-119-48554-4 (ebk); ISBN 978-1-119-48551-3 (ebk) Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Part 1: Building the Foundation for Security Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 CHAPTER 1: Introduction to Vulnerability and Penetration Testing . . . . . . . . . . . . . . . . 7 CHAPTER 2: Cracking the Hacker Mindset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 CHAPTER 3: Developing Your Security Testing Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 CHAPTER 4: Hacking Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Part 2: Putting Security Testing in Motion . . . . . . . . . . . . . . . . . . . 59 CHAPTER 5: Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 CHAPTER 6: Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 CHAPTER 7: Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 CHAPTER 8: Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Part 3: Hacking Network Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 CHAPTER 9: Network Infrastructure Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 CHAPTER 10: Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 CHAPTER 11: Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Part 4: Hacking Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 199 CHAPTER 12: Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 CHAPTER 13: Linux and macOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Part 5: Hacking Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 CHAPTER 14: Communication and Messaging Systems . . . . . . . . . . . . . . . . . . . . . . . . . 253 CHAPTER 15: Web Applications and Mobile Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 CHAPTER 16: Databases and Storage Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Part 6: Security Testing Aftermath . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 CHAPTER 17: Reporting Your Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 CHAPTER 18: Plugging Your Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 CHAPTER 19: Managing Security Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 Part 7: The Part of Tens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 CHAPTER 20: Ten Tips for Getting Security Buy-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 CHAPTER 21: Ten Reasons Hacking Is the Only Effective Way to Test . . . . . . . . . . . . . 347 CHAPTER 22: Ten Deadly Mistakes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 .51 Appendix: Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Table of Contents INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Foolish Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Icons Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Beyond the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 PART 1: BUILDING THE FOUNDATION FOR SECURITY TESTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Introduction to Vulnerability and Penetration CHAPTER 1: Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Straightening Out the Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Malicious user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Recognizing How Malicious Attackers Beget Ethical Hackers . . . . . . . . 10 Vulnerability and penetration testing versus auditing . . . . . . . . . . . 10 Policy considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Compliance and regulatory concerns . . . . . . . . . . . . . . . . . . . . . . . . . 12 Understanding the Need to Hack Your Own Systems . . . . . . . . . . . . . . 12 Understanding the Dangers Your Systems Face . . . . . . . . . . . . . . . . . . . 14 Nontechnical attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Network infrastructure attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Operating system attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Application and other specialized attacks . . . . . . . . . . . . . . . . . . . . . 15 Following the Security Assessment Principles . . . . . . . . . . . . . . . . . . . . .16 Working ethically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Respecting privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Not crashing your systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Using the Vulnerability and Penetration Testing Process . . . . . . . . . . . 18 Formulating your plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Selecting tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Executing the plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Evaluating results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Moving on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Table of Contents vii CHAPTER 2: Cracking the Hacker Mindset . . . . . . . . . . . . . . . . . . . . . . . . . 25 What You’re Up Against . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Who Breaks into Computer Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Hacker skill levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Hacker motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Why They Do It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Planning and Performing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Maintaining Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 CHAPTER 3: Developing Your Security Testing Plan . . . . . . . . . . . . . . 37 Establishing Your Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Determining Which Systems to Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Creating Testing Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Timing your tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Running specific tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Conducting blind versus knowledge assessments . . . . . . . . . . . . . . 45 Picking your location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Responding to vulnerabilities you find . . . . . . . . . . . . . . . . . . . . . . . . 46 Making silly assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Selecting Security Assessment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 CHAPTER 4: Hacking Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Setting the Stage for Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Seeing What Others See . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Scanning Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Open ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Determining What’s Running on Open Ports . . . . . . . . . . . . . . . . . . . . . 54 Assessing Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Penetrating the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 PART 2: PUTTING SECURITY TESTING IN MOTION . . . . . . . . . 59 CHAPTER 5: Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Gathering Public Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Social media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Web search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Web crawling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Mapping the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 WHOIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Privacy policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 viii Hacking For Dummies CHAPTER 6: Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Introducing Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Starting Your Social Engineering Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Knowing Why Attackers Use Social Engineering . . . . . . . . . . . . . . . . . . . 69 Understanding the Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Building trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Exploiting the relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Performing Social Engineering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Determining a goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Seeking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Social Engineering Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 User awareness and training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 CHAPTER 7: Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 Identifying Basic Physical Security Vulnerabilities . . . . . . . . . . . . . . . . . 84 Pinpointing Physical Vulnerabilities in Your Office . . . . . . . . . . . . . . . . . 85 Building infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Office layout and use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Network components and computers . . . . . . . . . . . . . . . . . . . . . . . . 90 CHAPTER 8: Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Understanding Password Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . 96 Organizational password vulnerabilities . . . . . . . . . . . . . . . . . . . . . . 97 Technical password vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Cracking passwords the old-fashioned way . . . . . . . . . . . . . . . . . . . 99 Cracking passwords with high-tech tools . . . . . . . . . . . . . . . . . . . . .102 Cracking password-protected files . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Understanding other ways to crack passwords . . . . . . . . . . . . . . . 112 General Password Cracking Countermeasures . . . . . . . . . . . . . . . . . . 117 Storing passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Creating password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Taking other countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Securing Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Linux and Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 PART 3: HACKING NETWORK HOSTS . . . . . . . . . . . . . . . . . . . . . . . . 123 CHAPTER 9: Network Infrastructure Systems . . . . . . . . . . . . . . . . . . . . 125 Understanding Network Infrastructure Vulnerabilities . . . . . . . . . . . .126 Choosing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 Scanners and analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Vulnerability assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Table of Contents ix