del.icio.us

Discuss in Forums (5)

By Chris Gates, CISSP, CPTS, CEH 

If you want to do any MS Terminal Server cracking you basically have your choice of three tools that can do it for you; TSgrinder, TScrack, and a patched version of RDesktop. This article and its companion Video: Terminal Server / RDP Password Cracking, takes you step-by-step through the concepts, tools and usage.

TSGrinder is readily available from http://www.hammerofgod.com/download.html.
TSCrack you’ll have to google for as it is not readily available anymore.
Rdesktop v1.41 can be downloaded from http://www.rdesktop.org/ and you’ll need the patch from foofus.net http://www.foofus.net/jmk/rdesktop.html.

del.icio.us

Discuss in Forums (3)

Your computer seems to be running slower than normal. The router shows that your computer is transmitting data out to the Internet without you knowing it. Friends are complaining about you sending them e-mails you never composed. Determined to see if you have a Trojan running on your computer, you take a look at your process list to see if there is anything out of the ordinary. Much to your dismay, you notice a program running that you have never seen before and didn’t explicitly start. You have been backdoored by malware.

There are many questions you should be asking in these situations. What does the program do? Does it use network resources? Can outside hackers now access my computer? Am I being used as a zombie for DDoS attacks? This chapter will focus on methods and tools you can use to determine what these programs do and how they do them, without having the source code. In the past, reverse engineering was something of a black art. Typically it involved some type of decompilation using a tool such as IDA or GDB to extract the assembly out of the binary, and the best you could hope for was to have that assembly converted into a low-level C code that you could use to understand what was going on. These tools have evolved, however, and you no longer need a PhD in Computer Science to be able to reverse engineer binaries. That being said, however, a brief primer will go miles in helping you understand when to use certain tools and when to use others.

digg this story

Discuss in Forums (10)

By EH-Net Member Negrita

Some of you reading this may be studying for Certified Ethical Hacker (CEH) or perhaps some other certification at the moment. While reading the study material and installing some of the tools on a box may suffice for some, others would prefer to have an actual lab to do their penetration testing. Buying separate boxes for all your Operating Systems (OSs) can be quite expensive, and may deter some people from wanting to do certs in the first place (unless someone else is paying for it). Thankfully there is a cheap solution to all this and you can get to learn some new things on the way.

The Exam Prep CEH book by Michael Gregg (which I'm using) recommends using at least 3 boxes; a Microsoft Windows Server, a Microsoft Windows Client and a Linux Client. After getting into things, Michael Gregg recommends installing a Linux Server too, as these are the systems you'll most probably be working with afterwards.

digg this story

Discuss in Forums (1)

One of the hottest certifications today is the Certified Ethical Hacker (CEH) by EC-Council. Although this cert has been around for several years now, it seems as though 2006 is the year that the IT training industry has caught onto it as well. With numerous books on the general topics of ethical hacking and penetration testing hitting the market in the last 12 months, it was only a matter of time before we started seeing titles for specific certifications in this area.

CBT Nuggets, some of my favorite IT training videos, has added a Certified Ethical Hacker Series to their library of titles. James I. Conrad takes his shot at showing you the ropes in 11 hours of videos broken into 21 nugget-sized chunks. Although this is clearly not enough time to show the viewer everything there is to know about defending your network from hackers, their tools and techniques, it should be plenty of time to get your studies headed in the right direction.

|  del.icio.us

Discuss in Forums (6)

EH-Net Exclusive

This is the only place to offer a full chapter from the yet to be released CEH Exam Prep book from Que Publishing. This book was just awarded to 2 lucky winners as part of CSP Mag's Free Monthly Giveaways. Enjoy! Along with the most current CEH content, the book also contains the elements that make Exam Preps such strong study aides: comprehensive coverage of exam topics, end-of-chapter review, practice questions, Exam Alerts, Fast Facts, plus an entire practice exam to test your understanding of the material. The book also features MeasureUp's innovative testing software, to help you drill and practice your way to higher scores.

| del.icio.us

Discuss in Forums (2)

By Daniel V. Hoffman, CISSP, CWNA, CEH

Anyone interested in gaining a deeper knowledge of wireless security and exploiting vulnerabilities will need a good set of base tools with which to work. Fortunately, there are an abundance of free tools available on the Internet. This list is not meant to be comprehensive in nature but rather to provide some general guidance on recommended tools to build your toolkit.

del.icio.us

Discuss in Forums (1)

By Daniel V. Hoffman, CISSP, CWNA, CEH

Dan is at it again. His very popular column on wireless hacking and how to prevent it is generating a lot of interest with over 125,000 page views and counting. Paraphrased comments on digg.com have ranged from 'Fantastic' and 'Awesome' to 'That's not really hacking' and 'Where's the beef.' Well... just remember that you asked for it!

The Scenario

You go to a coffee shop for a cup of coffee and to utilize the shop’s Wi-Fi HotSpot to surf the web. You connect to the hotspot network and decide to perform some online banking or to purchase something online. By the way, this could happen to you at home, as well. As an end-user, you feel quite secure, as you see the lock in the bottom corner of your Internet browser, symbolizing that the online banking or online credit card transaction is safe from prying eyes. Your data, including username, password, credit card info, etc. will be encrypted with 128-bit encryption. So it's secure, right?