A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers TJ OConnor
Copyright
Acquiring Editor:
Chris KatsaropolousDevelopment Editor:
Meagan WhiteProject Manager:
Priya KumaraguruparanDesigner:
Russell PurdySyngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright 2013 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing.
As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-957-6 Printed in the United States of America 13 14 15 10 9 8 7 6 5 4 3 2 1 For information on all Syngress publications visit our website at www.syngress.com
Trade marks
Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively Makers) of this book (the Work) do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.
Syngress Media, Syngress, Career Advancement Through Skill Enhancement , Ask the Author UPDATE, and Hack Proofing, are registered trademarks of Elsevier, Inc.Syngress:The Definition of a Serious Security LibraryTM, Mission CriticalTM, and The Only Way to Stop a Hacker is to Think Like OneTM are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
Acknowledgements
In military slang, watching your six literally means keeping a look out behind you. While a patrol leader presses forward in the twelve oclock direction, at least one of his teammates walks backward scouting the six oclock position for dangers that the patrol leader cannot see. When I first approached my mentor about writing a book, he warned me that I could only do this if I had team members committed to watching my six. I pondered about those in my life that this massive endeavor would affect.
Three seconds later, I knew that they were all strong enough. To my technical editor, Mark Baggett, your endless technical revisions protected this book. To Dr. Reeves, Dr. Freeh, Dr. Jacoby, and Dr.
Blairthank you for picking up a young and angry army officer years ago and turning me into a non-traditional academic, capable of writing a book. To Dr. Fanelli, thank you for teaching me not to think outside of the box, but to rather use the box as a stepping stool to crawl out of the basement. To Dr. Conti, thank you for precisely manipulating me into Law 28. To my former students, especially the ninja collective of Alan, Alex, Arod, Chris, Christina, Duncan, Gremlin, Jim, James, Kevin, Rob, Steven, Sal and Topheryour creativity continues to inspire me.
To Rob Frost, thank you for writing a much more powerful chapter on web reconnaissance than I ever could. To Matt, Ryan, Kirk, Mark, Bryan, and Bill thank you for understanding why I didnt sleep the night before, and for watch ing positions 1 through 12. To my loving wife, my monkey and my ninja princessthank you for providing me with your unconditional love, understanding, and support throughout this endeavor. To my parents, thank you for teaching me to value education. And to Dr.
Dedication
For my monkey and my ninja princess: anything is possible if you try hard enough.Lead Author TJ OConnor
TJ OConnor is a Department of Defense expert on information security and a US Army paratrooper.
Dedication
For my monkey and my ninja princess: anything is possible if you try hard enough.Lead Author TJ OConnor
TJ OConnor is a Department of Defense expert on information security and a US Army paratrooper.
While assigned as an assistant professor at the US Military Academy, TJ taught undergraduate courses on forensics, exploitation and information assurance. He twice co-coached the winning team at the National Security Agencys annual Cyber Defense Exercise and won the National Defense Universitys first annual Cyber Challenge. He has served on multiple red teams, including twice on the Northeast Regional Team for the National Collegiate Cyber Defense Competition. TJ holds a Master of Science degree in Computer Science from North Carolina State, a Master of Science degree in Information Security Engineering from the SANS Technical Institute, and a Bachelor of Science degree in Computer Science from the US Military Academy. He has published technical research at USENIX workshops, ACM conferences, security conferences, the SANS Reading Room, the Internet Storm Center, the Army Magazine, and the Armed Forces Journal. He holds expert cyber security credentials, including the prestigious GIAC Security Expert (GSE) and Offensive Security Certified Expert (OSCE).
TJ is a member of the elite SANS Red and Blue Team Cyber Guardians.