Kevin Beaver, CISSP Information Security Consultant Learn to: • Use the latest ethical hacking methods and tools • Test your Windows® or Linux® systems • Hack databases, VoIP systems, and Web applications • Report vulnerabilities and improve information security Hacking 3rd Edition Making Everything Easier!™ Open the book and find: • What makes a hacker hack • Why you need to hack your systems • How to gain management’s approval for your ethical hacking tests • Countermeasures to common attacks • Linux and Novell NetWare risks • Techniques for defending databases • How wireless LANs are compromised • Ten deadly mistakes to avoid Kevin Beaver is an independent information security consultant, expert witness, and speaker with more than 20 years of security experience. He specializes in performing information security assessments that support compliance and risk management. He is also coauthor of Hacking Wireless Networks For Dummies. $29.99 US / $35.99 CN / £21.99 UK ISBN 978-0-470-55093-9 Computers/Security/General Go to Dummies.com® for videos, step-by-step examples, how-to articles, or to shop! Get out your white hat and learn where your systems may be vulnerable You’re a good guy or gal, so why do you need to learn how to hack? Because the only way to be sure your systems are secure is to find out how the bad guys work and examine your defenses from their point of view. This guide shows you how, explains common attacks, tells you what to look for, and gives you the tools to safeguard your sensitive business information. • Build the foundation — understand the value of ethical hacking, what’s involved, and the malicious hacker’s mindset • Games people play — discover how hackers use social engineering to breach security and what to do about it • It’s the network — explore common network vulnerabilities and the creative ways they’re exploited • Down and dirty OS hacking — learn how Windows, Linux, and Novell NetWare are being attacked and how to scan for vulnerabilities • Sneak attacks — see why applications, especially Web apps, are vulnerable and how to protect them • Get the message — prepare for attacks on e-mail, IM, and VoIP systems • Tools of the trade — learn about Metasploit, BackTrack, and other important security testing tools • Now what? — find out how to use the information you gather to minimize business risks Hacking Beaver 3rd Edition spine=.8160” spine=.8160” Start with FREE Cheat Sheets Cheat Sheets include • Checklists • Charts • Common Instructions • And Other Good Stuff! Get Smart at Dummies.com Dummies.com makes your life easier with 1,000s of answers on everything from removing wallpaper to using the latest version of Windows. Check out our • Videos • Illustrated Articles • Step-by-Step Instructions Plus, each month you can win valuable prizes by entering our Dummies.com sweepstakes. * Want a weekly dose of Dummies? Sign up for Newsletters on • Digital Photography • Microsoft Windows & Office • Personal Finance & Investing • Health & Wellness • Computing, iPods & Cell Phones • eBay • Internet • Food, Home & Garden Find out “HOW” at Dummies.com *Sweepstakes not currently available in all countries; visit Dummies.com for official rules. Get More and Do More at Dummies.com® To access the Cheat Sheet created specifically for this book, go to www.dummies.com/cheatsheet/hacking by Kevin Beaver Foreword by Stuart McClure Hacking FOR DUMmIES ‰ 3RD EDITION Hacking For Dummies®, 3rd Edition Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http:// www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/ or its affi liates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITH- OUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZA- TION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. FULFILLMENT OF EACH COUPON OFFER IS THE SOLE RESPONSIBILITY OF THE OFFEROR. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2009942371 ISBN: 978-0-470-55093-9 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 About the Author Kevin Beaver is an independent information security consultant, expert witness, keynote speaker, and author with Atlanta-based Principle Logic, LLC. He has over two decades of experience and specializes in performing information security assessments for Fortune 1000 corporations, security product vendors, independent software developers, universities, govern- ment agencies, nonprofi t organizations, and small businesses. Before starting his information security consulting practice in 2001, Kevin served in various information technology and security roles for several healthcare, e-commerce, fi nancial, and educational institutions. Kevin has appeared on CNN television as an information security expert and has been quoted in The Wall Street Journal, Fortune Small Business, Women’s Health, and Inc. magazine’s technology site IncTechnology.com. Kevin’s work has also been referenced by the PCI Council in their Data Security Standard Wireless Guidelines. Over the years, Kevin has been a top-rated keynote speaker and seminar leader and has presented at shows for IDC, RSA, CSI, IIA, ISSA, ISACA, and SecureWorld Expo more than 100 times. Additionally, he has performed over three dozen webcasts for TechTarget, Ziff-Davis, and other publishers. Kevin has authored/co-authored seven information security books, including Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies, Laptop Encryption For Dummies, The Defi nitive Guide to Email Management and Security (RealtimePublishers.com), and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). Kevin has written 18 whitepapers and more than 350 articles and is a regu- lar contributor to SearchCompliance.com, SearchSoftwareQuality.com, SearchEnterpriseDesktop.com, SearchWindowsServer.com, SearchWinIT. com, and Security Technology Executive magazine. He has also written for CSOonline.com, Computerworld.com, and Information Security magazine. Kevin is the creator and producer of the audio series Security On Wheels providing security learning for IT professionals on the go (SecurityOn Wheels.com) and its associated blog (SecurityOnWheels.com/blog). He also rants about information security on Twitter at www.twitter.com/ kevinbeaver. Kevin earned his bachelor’s degree in Computer Engineering Technology from Southern College of Technology and his master’s degree in Management of Technology from Georgia Tech. He has been a CISSP since 2001 and also holds MCSE, Master CNE, and IT Project+ certifi cations. Kevin can be reached through his Web sites at www.principlelogic.com and http://securityonwheels.com. Dedication Mom, this one’s for you. You’ve been so strong fi ghting your cancer and have no idea how much of an inspiration you’ve been to me. I love you. Author’s Acknowledgments First, I want to thank Amy, Garrett, and Mary Lin for being here for me and supporting me during the long hours I put into this edition. You all are the best! I’d like to thank Melody Layne, my original acquisitions editor at Wiley, for contacting me long ago with this book idea and providing me this great opportunity. I’d also like to thank my new acquisitions editor, Amy Fandrei, for continuing this project and presenting me the opportunity to shape this book into something I’m very proud of. I’d like to thank my project editor, Jean Nelson. Yet again, you’ve been more than a pleasure to work with and have added a lot of value to this book. I’d also like to thank Brian Walls, my copy editor, for keeping my focus (and English) in line. Also, many thanks to my technical editor, business colleague, friend, and co-author of Hacking Wireless Networks For Dummies, Peter T. Davis. Again, I’m honored to be working with you and very much appreciate your valuable feedback. Your keen eye has really kept me in check. Thanks to Ira Winkler and Jack Wiles for following up with me regarding my case study requests. Also, many thanks for Joshua Wright and Chip Andrews for contributing new case study material. You guys have really contributed some valuable content to this book. Much gratitude to Joe Yeager formerly with HP’s Application Security Center; Robert Abela with Acunetix; Chia-Chee Kuan with AirMagnet; Vladimir Katalov with Elcomsoft; Tony Haywood with Karalon; Victoria Muscat Inglott formerly with GFI Software; Kirk Thomas with Northwest Performance Software; David Vest with Mythicsoft; Thiago Zaninotti with N-Stalker; Mike Andrews and Chris Neppes with Port80 Software; Michael Berg with TamoSoft; Terry Ingoldsby with Amenaza Technologies; Amit Goyal and Fern Edison with Identity Finder for responding to all my requests. Much gratitude to all the others I forgot to mention as well! Mega thanks to Queensrÿche, Rush, and Triumph for your energizing sounds and inspirational words. Yet again, your music helped me through the long days getting this new edition out. I wouldn’t have wanted to do it without you! Thanks again to Neal Boortz for going against the grain and educating me about what’s happening in our country and the world we live in. You keep me motivated as an entrepreneur, small business owner, and Libertarian. You speak the truth – keep it coming! Thanks again to Brian Tracy for your immeasurable insight and guidance about what it takes to be a better person. Your contributions have helped me in so many ways — both personally and professionally. Finally, I want to send out many thanks and humble appreciation to my cli- ents for hiring me, a “no-name-brand” consultant, and keeping me around for the long term. I wouldn’t be here without your willingness to break out of the “must hire big company” mindset and your continued support. Thank you very much. Publisher’s Acknowledgments We’re proud of this book; please send us your comments at http://dummies.custhelp.com. For other comments, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial Project Editor: Jean Nelson Acquisitions Editor: Amy Fandrei Copy Editor: Brian Walls Technical Editor: Peter T. Davis Editorial Manager: Kevin Kirschner Media Development Project Manager: Laura Moss-Hollister Media Development Assistant Project Manager: Jenny Swisher Media Development Associate Producers: Josh Frank, Marilyn Hummel, Douglas Kuhn, and Shawn Patrick Editorial Assistant: Amanda Graham Sr. Editorial Assistant: Cherie Case Cartoons: Rich Tennant (www.the5thwave.com) Composition Services Project Coordinator: Sheree Montgomery Layout and Graphics: Samantha K. Cherolis, Joyce Haughey, Ronald G. Terry Proofreaders: Lindsay Littrell, Linda Seifert Indexer: BIM Indexing & Proofreading Services Special Help: Beth Stanton Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary Bednarek, Executive Acquisitions Director Mary C. Corder, Editorial Director Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Composition Services Debbie Stailey, Director of Composition Services Contents at a Glance Foreword ....................................................................xix Introduction ................................................................ 1 Part I: Building the Foundation for Ethical Hacking ....... 7 Chapter 1: Introduction to Ethical Hacking ....................................................................9 Chapter 2: Cracking the Hacker Mindset ......................................................................25 Chapter 3: Developing Your Ethical Hacking Plan .......................................................35 Chapter 4: Hacking Methodology ..................................................................................45 Part II: Putting Ethical Hacking in Motion .................. 59 Chapter 5: Social Engineering ........................................................................................61 Chapter 6: Physical Security ..........................................................................................75 Chapter 7: Passwords ......................................................................................................85 Part III: Hacking the Network .................................. 115 Chapter 8: Network Infrastructure ..............................................................................117 Chapter 9: Wireless LANs .............................................................................................151 Part IV: Hacking Operating Systems ......................... 179 Chapter 10: Windows ....................................................................................................181 Chapter 11: Linux ...........................................................................................................207 Chapter 12: Novell NetWare .........................................................................................229 Part V: Hacking Applications ................................... 247 Chapter 13: Communication and Messaging Systems ..............................................249 Chapter 14: Web Sites and Applications .....................................................................277 Chapter 15: Databases and Storage Systems .............................................................303 Part VI: Ethical Hacking Aftermath .......................... 315 Chapter 16: Reporting Your Results ............................................................................317 Chapter 17: Plugging Security Holes ...........................................................................323 Chapter 18: Managing Security Changes ....................................................................329 Part VII: The Part of Tens ......................................... 335 Chapter 19: Ten Tips for Getting Upper Management Buy-In ..................................337 Chapter 20: Ten Reasons Hacking Is the Only Effective Way to Test .....................343 Chapter 21: Ten Deadly Mistakes ................................................................................347 Appendix: Tools and Resources ..................................................................................351 Index ...................................................................... 367