Hacking Exposed: Windows

[begood]

If you do Windows security assessments, this page is for you. We've gathered all of the tools and techniques discussed in Hacking Exposed: Windows and prior editions (that we have used extensively as consultants) and cataloged them here, with live hyperlinks for easy access. Keep your eyes on this space as we post custom scripts and tools from the authors!

Third Edition

(more updates coming...)

Chapter 8, Achieving Stealth and Maintaining Presence

F-Secure Blacklight

GMER Rootkit Detection Tool

RKUnhooker Rootkit Detection Tool created by authors of Unreal.A rootkit

WinObj v2.15

Streams v1.56

Using Driver Verifier to Troubleshoot Windows 2000 Device Drivers

Chapter 9: Hacking SQL Server

Paros Proxy

Absinthe

BobCat

Sqlninja

SQL Power Injector

Achilles

OWASP WebScarab

Sqlpoke, sqlbf, sqldict, and assorted dictionaries

SQLPing

Second Edition, Windows Server 2003

Chapter 1: Information Security Basics

ISO17799/BS7799

Chapter 2: The Windows Server 2003 Security Architecture from the Hacker's Perspective

User2sid/sid2user

DumpTokenInfo

wsname

Chapter 3: Footprinting and Scanning

Sam Spade

Nmap

Google

SuperScan

ScanLine

netcat

Windows Server 2003 Security Guide

ARIN whois Web interface (also search RIPE and APNIC for non-U.S. Internet information)

IANA Port Number Assignments

Chapter 4: Enumeration

nbtscan by Alla Bezroutchko

epdump

rpcdump, part of the RPCTools by Todd Sabin

Winfo by Arne Vidstrom

nbtdump by David Litchfield

DumpSec by Somarsoft

enum

nete

sid2user/user2sid by Evgenii Rudnyi

UserInfo and UserDump by Thor at HammerofGod

GetAcct by Urity

walksam, part of the RPCTools by Todd Sabin

SolarWinds Professional Plus Edition Toolset

“CIFS: Common Insecurities Fail Scrutiny” by Hobbit, the original SMB hacker's technical reference

Chapter 5: Hacking Windows-Specific Services

DelGuest by Arne Vidstrom

COAST dictionaries and word lists

WinPcap, a free packet capture architecture for Windows by the Politecnico di Torino, Italy (included with L0phtcrack 3 and later)

kerbsniff and kerbcrack by Arne Vidstrom

ScoopLM and BeatLM

SMBRelay by Sir Dystic

snarp by Frank Knobbe, ARP cache poisoning utility, works on NT 4 only, not always reliably

Ettercap, a multipurpose sniffer/interceptor/logger for switched LANs

Event Log Monitor (ELM) from TNT Software

EventAdmin from Aelita Software

L0phtcrack with SMB Packet Capture

Chapter 6: Privilege Escalation

PipeUpAdmin by Maceo

netddemsg.cpp, source code for netddemsg by @stake

Debploit by EliCZ

Windows kernel exploit source code by eyas

Chapter 7: Getting Interactive

Pipelist from Sysinternals

Netcat for NT

VNC (Virtual Network Computing), the lightweight graphical remote control tool from AT&T Research Laboratories

Windows 2000 Resource Kits, online version of the printed books, tools, and references

WinRoute Professional by Kerio

Personal Firewall by Tiny Software

Vision, the port-to-process mapper from Foundstone

Chapter 8: Expanding Influence

Free Sample Windows 2000 Resource Kit Tools

pwdump2 by Todd Sabin

pwdump3 by e-business technology, Inc.

John the Ripper, a great password-cracking tool

NTLM algorithm support for John (this is also available off the main John site)—only for UNIX version of John

MDcrack

Dictionaries and word lists from Purdue University's COAST Archive

lsadump2

FakeGINA from Arne Vidstrom

Snort, a free packet sniffer and intrusion detection tool

Dsniff, UNIX version

Ethereal

Free SSHD for Windows NT/2000

puTTY, a free SH client

rinetd

fpipe from Foundstone, Inc.

L0phtcrack4

Invisible Keylogger Stealth (IKS) for NT

Van Dyke Technologies' VShell SS2D server and SecureCRT client

SSH Communications Security's Secure Shell for Windows, server and client

Network Associates' CyberCop Monitor and Sniffer Pro

Chapter 9: Cleanup

SubSeven

BoDetect v2.01 from Chris Benson

NTRoot, NullSys, NTKap rootkits

Elitewrap

elsave from Jesper Lauritsen

WinZapper, selective Event Log entry eraser

Forensic Toolkit, including the afind, hfind, and sfind utilities

Textutils from GNU

Cygwin

BinText

DumpSec (formerly DumpACL), DumpReg, and DumpEvt from Somarsoft

HexEdit, by Expert Commercial Software

Tripwire

Network Associates’ Entercept

Chapter 10: Hacking IIS

Main Microsoft Tools and Checklists page; go here if any subsequent links are broken

IISLockdown

UrlScan

Microsoft Network Security Hotfix Checker (Hfnetchk.exe)

IIS 4 Security Checklist

Secure Internet Information Services 5 Checklist

How to Disable WebDAV for IIS 5.0

unicodeloader by Roelof Temmingh

Chapter 11: Hacking SQL Server

sqlpoke

sqlbf

sqldict

Sqlping

Assorted dictionaries for brute-forcing passwords

Encryptionizer

ISS Database Scanner

XP_Crypt v3.1

Chapter 12: Hacking Terminal Server

The Remote Desktop Client (RDC), including information on the Remote Desktop Web Connection

RDC Web Connection (ActiveX control that was formerly called Terminal Server Advanced Client, TSAC)

ProbeTS.exe

TSEnum.exe

TSGrinder.exe

TSCrack (under “Downloads”)

Selected Windows 2000 Resource Kit tools, including Appsec

Chapter 13: Hacking Internet Clients

mpack, for encoding email attachments to MIME/Base64 format

HTML Help Workshop, a free tool from Microsoft for creating .chm files

Senna Spy VBS Worm Generator

Chapter 14: Physical Attacks

NTFSDOS Pro

dskprobe.exe (from the Windows 2000 Support Tools on the Windows 2000 installation CD-ROM)

ERD Commander, boots dead systems directly from CD into a Windows-like repair environment and can reset admin passwords

Windows PreInstallation Environment (WinPE), essentially a Windows XP boot CD-ROM

Chapter 15: Denial of Service

Zombie Zapper by Bindview's Razor team

DDOSPing, a utility for remotely detecting the most common DDoS programs

Arbor Networks Peakflow DoS

Chapter 16: NT Family Security Features and Tools

Microsoft Security Tools Home Page

Chapter 17: The Future of Windows Security

L2TP/IPSec NAT-T Update for Windows XP and Windows 2000

Windows Server 2003 Downloads (includes Tools and Ad-ins)

Active Directory in Application Mode (ADAM)

Microsoft Operations Framework (MOF)

Microsoft Operations Manager

Patch Management Using Microsoft Systems Management Server - Operations Guide

Securing IT with Systems Management Server (SMS)

Microsoft Guide to Security Patch Management

Shavlik Technologies LLC, makers of HfNetChkPro for patch management

Microsoft Identity Integration Server 2003

Hacking Exposed - Windows

[pyth0n3]

Oricum winhackingexposed este o carte foarte recomandata , in multe carti de securitate face exemplu pt ea . Citisem cateva scrise de Stuart McClure in care face referinte la aceasta carte si cateva exemple .

[prodil89]

Mda ca si toate cartiile de la mcgraw hill adica alea de genul hacking exposed...sunt mai multe

[Flubber]

Aveti cumva cartile in forma .pdf? Eu am gasit asta: Hacking Exposed 6: Network Security Secrets & Solutions / McClure & Scambray -- am citit cateva pagini si deja mi-a captivat toata atentia, foarte foarte interesant

-- nu stiu ce capitol e, aparent 3 sau 4 (cred)

Daca aveti si voi altele de genul, va rog anuntati-ma prin PM