Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
56 Pages
Web_Hacking
Course: MIS 2040, Fall 2009School: Villanova
Rating:
Word Count: 821
Document Preview
Hacking KSAJ Web Inc. www.PENETRATIONTEST.com HaX0rz Toolkit Complicated sploits that need a Bachelors degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser A Web Browser? Web surfing: Is easy to do, Is Operating System independent, Doesnt require intimate knowledge of the system, Provides access to vast...
Unformatted Document Excerpt
Coursehero >> Pennsylvania >> Villanova >> MIS 2040Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Hacking
KSAJ Web Inc. www.PENETRATIONTEST.com
HaX0rz Toolkit
Complicated sploits that need a Bachelors degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
A Web Browser?
Web surfing:
Is easy to do, Is Operating System independent, Doesnt require intimate knowledge of the system, Provides access to vast amounts of data and information, and topped off with all kinds of data mining tools
Web Features
Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain Data aggregation makes it more serious
What Well Learn
Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on privacy
Where to start?
Search Engines are one of the first things people learn to use on the Internet Most use highly effective search algorithms to mine the Internet Most provide equally advanced search abilities to the user
allintitle:Index of /admin
Here is a Google hit from MIT, pulled from the cache
allintitle:Index of / site:mil
Sometimes it works when broken
From an allintitle:Index of /admin search Admin account had been patched But the error information was pretty interesting, too
Within the full page error report was:
Full paths to libraries /home/faraway/opt/cancat/lib /usr/local/share/perl/5.6.1/Apache/ASP.pm /usr/local/lib/perl/5.6.1/DBD/mysql.pm
Search Engines
allintitle:Index of / site:gov site:mil site:ztarget.com filetype:doc filetype:pdf filetype:xls [cached] [view as html] intitle:, inurl:, allinurl: Filetypes include: pdf, ps, wk[12345], wki, wks, wku, lwp, mw, xls, ppt, doc, wps, wdb, wri, rtf, ans and txt
Other Interesting Searches
Far too many password files to bother counting anymore Access and error logs from a hotel chain
Included booking information and how long customers were staying Some very well-known people had their full vacation schedules made available to the public
Military Procedures and Practices
Other Interesting Searches
allintitle:Index of / +confidential filetype:doc A regulatory matters postal letter to an executive at a telecommunications commission, which contained competitor and specific revenue information, and made the following declaration:
The release of such information on the public record would allow current and potential competitors to develop more effective business and strategies
Other marketing Interesting Searches
Searches for WS_FTP.LOG give a rather detailed list of files that are updated regularly, and often provides internal network IP information normally hidden from the Internet Name, job title, phone number, and email address of mailroom staff at major military sites Inter-department electronic funds transfers
Other Interesting Searches
robots.txt files tell search engines dont look here World-readable and in a known location so the search engines will find it easily, and ignore confidential or private directories What do you find when you do look in those directories?
Other Interesting Searches
Passive scanning for vulnerable targets Where to find targets:
Search for phrases commonly found on web-based application interfaces (and especially their error messages) Sites like http://www.securityfocus.com provide information that can be used to create search criteria
Unreported Vulnerabilities
Many vulnerabilities go unreported and unfixed, despite how obvious they are Example:
HAMWeather is a weather software package that allows websites to provide accurate weather information. Geared towards news sites. Does not require authentication for any of its administrative processes Lets search for that administrative program
More Web Hacking
Search engines are a treasure trove of information Weve looked at general web search engines, but lets now look at more information specific sites
Administrative web servers Reconnaissance from the sky Proxies
Administrative Web Servers
Many devices come with web servers ...
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
University of Illinois, Urbana Champaign - CS - 373
CS 373: Theory of ComputationAssigned: October 16, 2008 Due on: October 23, 2008Problem Set 6Instructions: This homework has two parts. The rst part has practice problems from the textbook many of whose solutions can be found in the textbook its
University of Texas - CS - 361
CS 361 Quiz 2: February 18, 2009 Name:Note that this quiz has two sides. 1. (10 points) Suppose you have a system with three subjects and three objects, with integrity levels as listed below. Type Subject Subject Subject Object Object Object Name Su
Purdue - IE - 486
IE 486 Work Analysis and Design IIProfessor Mark Lehto Fall 2003 TTH 9:30 - 10:201QUALITY CONTROL AND INSPECTIONSome initial points Product quality can be lost in manufacturing, shipping & delivery, use, and elsewhere Quality control requires
Georgia Tech - MATH - 6014
WEEK 16 PROBLEMS Math 6014A 1. Let G be a graph, let T be a spanning tree of G, and for e E(G) E(T ) let C e be the edge-set of the unique cycle in T + e. Prove that {Ce : e E(G) E(T )} is a basis of the cycle space of G. 2. Let G be a graph, let
Walla Walla University - MATH - 496
Mathematics Seminar (MATH 496)Winter Quarter, 2004Time/Place: Supervisor: Office: Office Hours: Webpage: F 2:00-2:50 p.m. KRH 345Jonathan Duncan (duncjo@wwc.edu) Kretchmar Hall 330, phone: 527-2097 10:00 T, 11:00 R, 1:00 MTWRF, or by appointment
Georgia Tech - CS - 3510
Design and analysis of algorithms Lecture 36 & 37 Edyta Szymanskaedyta@cc.gatech.eduCS3510 A, Fall 2005 p. 1/?Subset sum - numerical problemGiven a sequence of integers a1 , . . . , an and a parameter k, decide whether there is a subset of i
UNC Asheville - MATH - 462
MATH 462, Section 1 Abstract Algebra II Spring 2009PIDs and primesOkay, so now we've managed to generalize both the Division Algorithm and greatest common divisors to polynomial rings over fields. Before we ask the question "what else can be gener
UNC Asheville - MATH - 280
MATH 280, Section 1 Foundations of Mathematics Spring 2009Greatest Hits, volume 3Ive selected one each from among the solutions to dierent problems for this weeks installment of MATH 280s Greatest Hits. This rst one is distinguished by its clarity
UNC Asheville - MATH - 280
MATH 280, Section 1 Foundations of Mathematics Spring 2009Tools of the Trade: Notation (and Denitions!), volume IIOur special series of handouts continues with this one, a summary of important denitions and proof techniques! (1) Common proof techn
Allan Hancock College - MATH - 4091
C rq8Gd5VFCsWe5b3F9bCCWXyvupeAd37Fh&Hg73dCrAPbA5gH3`gWFCeWgVFb9e5dVFrDFb9BPBgb3xbiPeAlF`}CFPjhi wY 5 5 9W 7 G q 7 G 9 G 79 3 V G 5 3DA 5 Y 7 i9W 3DAi q 9 G q S 39D IW Y9 G SA qw 3 Y 7 W i9Wd 5i Y i9W 5 VA `fWrVqFeb3r5`Ae7BPAR`Higq35RbI85Fvupe
RIT - DOEREVIEW - 20060718
DIRSIG:A Framework for Radiometry Modeling and Image SimulationDIRSIG FrameworkOverview What is it? DIRSIG is a "toolbox" of first principles radiation propagation models with a focus on the prediction of photon travel through scenes at spectr
University of Illinois, Urbana Champaign - STAT - 425
Factorial DesignsSpeedometer cables can be noisy because of shrinkage in the plastic casing material, so an experiment was conducted to find out what caused shrinkage. The engineers started with 15 different factors: liner O.D., liner die, liner mat
Georgia Tech - ECE - 2030
Georgia Tech - ECE - 2030
STUDENT NAME: (PLEASE PRINT CLEARLY)Georgia Institute of Technology Department of Electrical and Computer EngineeringFinal ExamECE2030: Introduction to Computer EngineeringDATE: August 1, 2001TIME: 11:30 p.m. - 2:20 p.m.REMARKS: 1. All que
Georgia Tech - ECE - 2030
Answer the following questions with respect to the MIPS program shown below and the GT MIPS datapath. Assume that the data segment starts at 0x10010000 and the text segment starts at 0x00400000. .data L1: .word 0x32, 104 .asciiz "Test 1" .align 2 Bla
Georgia Tech - ECE - 2030
Answer the following questions with respect to the MIPS program shown below. Assume that each instruction is a native instruction and can be stored in one word! Further, assume the data segment starts at 0x10001000 and that the text segment starts ar
Georgia Tech - ECE - 2030
Answer the following questions with respect to the MIPS program shown below. Assume that the data segment starts at 0x10010000 and the text segment starts at 0x00400000..data first: .word 0x21, 32 .byte 4, 3 .align 2 str: .asciiTest .text main: li
Georgia Tech - ECE - 2030
ECE 2030 J 4 problems, 6 pagesComputer Engineering Exam OneFall 2002 19 September 2002Instructions: This is a closed book, closed note exam. Calculators are not permitted. If you have a question, raise your hand and I will come to you. Please w
Georgia Tech - ECE - 2030
ECE 2030 10:00am 4 problems, 4 pages Problem 1 (3 parts, 27 points)Computer Engineering Exam One SolutionsFall 2002 18 September 2002 Incomplete CircuitsFor each partial switch circuit below, complete the complementary switching network so the
East Los Angeles College - CL - 0708
Software DesignModels, Tools & ProcessesAlan Blackwell Cambridge University Computer Science Tripos Part 1aHow hard can it be?State what the system should do{D1, D2, D3 .}State what it shouldn't do{U1, U2, U3 .}Systematically add features
Georgia Tech - ECE - 3035
ECE 3035 A 4 problems, 7 pagesComputing Mechanisms Exam TwoFall 2007 7 November 2007Instructions: This is a closed book, closed note exam. Calculators are not permitted. If you have a question, raise your hand and I will come to you. Please wor
Georgia Tech - ECE - 3035
ECE 3035 A 11:00am 4 problems, 5 pagesComputing Mechanisms Exam OneSpring 2005 16 February 2005Instructions: This is a closed book, closed note exam. Calculators are not permitted. If you have a question, raise your hand and I will come to you.
Georgia Tech - ECE - 3035
ECE 3035 A 12:00 5 problems, 6 pages Problem 1 (2 parts, 30 points)Computing Mechanisms Final ExamSpring 2007 4 May 2007 Compiling MIPSPart A (20 points) Write an efficient MIPS program fragment that is equivalent to the C program fragment belo
Georgia Tech - ECE - 3035
ECE 3035 B 4 problems, 5 pagesComputing Mechanisms Exam TwoSpring 2007 11 April 2007Instructions: This is a closed book, closed note exam. Calculators are not permitted. If you have a question, raise your hand and I will come to you. Please wor
Binghamton - CS - 460
Binghamton University EngiNetState University of New YorkEngiNetThomas J. Watson School of Engineering and Applied ScienceWARNINGAll rights reserved. No Part of this video lecture series may be reproduced in any form or by any electronic or m
SPSU - CS - 4263
C hapte 1: I ntroduction rOur goal:of ne tworking m de ore pth, de late in tail r course approach: r de scriptive r useI nte t as e rne xam pleOve w: rvie what's a protocol? ne twork e dge ne twork core acce ne physical m dia ss t, e I nte
Georgia Tech - ECE - 4000
ECE 4000 - Project Engineering and Professional Practice February 22, 2006 Problem 1. (20 points)EXAM #1 Solution Page 1 of 6For each motor, the present value of the operating cost = Purchase Price (not considered here) + Present value of (Mainte
Georgia Tech - ECE - 2030
ECE 2030aQuiz #8Spring 2007Name:Student #: * Closed Book * No Notes * No Calculators *1. (5 points) A finite state machine (FSM) with one input (X) and one output (Z) is defined by the state diagram below. Answer the following questions abo
Georgia Tech - ECE - 2025
GEORGIA INSTITUTE OF TECHNOLOGYSCHOOL of ELECTRICAL and COMPUTER ENGINEERINGECE 2025 Fall 2004 Problem Set #4Assigned: 2-Sept-04 Due Date: Week of 13-Sept-04 Quiz #1 will be held in lecture on Monday 13-Sept-04. It will cover material from Chapte
Georgia Tech - ECE - 2025
GEORGIA INSTITUTE OF TECHNOLOGYSCHOOL of ELECTRICAL and COMPUTER ENGINEERINGECE 2025 Spring 2001 Problem Set #3Assigned: 19-January-01 Due Date: Week of 29-January-01 Quiz #1 will be held in lecture on Friday 2-February-01. It will cover material
Georgia Tech - ECE - 2025
GEORGIA INSTITUTE OF TECHNOLOGYSCHOOL of ELECTRICAL and COMPUTER ENGINEERINGECE 2025 Spring 2003 Problem Set #11Assigned: 21-Mar-03 Due Date: Week of 31-March-03 Quiz #3 will be given on 11-April. Reading: In SP First, Chapter 8: IIR Filters = Pl