Hackers Beware

hopefully, when you look back over several years, you can say, “Wow what a journey!” Remember not to get overwhelmed—the more knowledge you have, the better off you are.

Good luck and Godspeed with your journey through the ever-changing and wild world of network security.

Appendix A. References

This appendix lists several URLs that contain useful information on hacking and network security. It will also list information on newsgroup mailing lists and various aspects of security

Hacker/Security Related URLs

These sites and information are listed for reference purposes only and the tools should be used at your own risk. One word of caution: Some of these sites contain information that could be offensive.

2600.com

A hacker magazine that gives a good perspective of the hacker mindset.

allhack.com

This Web site features a library and download area. Library features readmes on hacking and learning computer basics for the beginner. Download area contains everything from scanners to flooders to crackers to denial of service (DoS) attacks.

Alw.nih.gov

Security directory that contains a large amount of security tools.

anticode.com

Exploits, DoS attacks, key loggers, mail bombs, mirc scripts, scanners, sniffers, password crackers, trojans, and so on. This site is well maintained and updated often.

auscert.org.au

Australian computer emergency response team that contains a lot of information on exploits and how they work.

Astalavista.com

A great search engine for hacker tools and exploits.

bugtraq.com

A database of useful information on security and exploits.

CERIAS.CS.PURDUE.EDU

This site contains a large amount of information and tools on network security—used to be called coast.

Cert.org

Computer emergency response team’s web site run out of Carnegie Mellon University. It contains useful information on attacks and how to protect against them.

CIAC.LLNL.GOV

A site that contains virus information, up-to-date bulletins, mailing lists, security resources, tools, and operating systems. This is a white hat site, especially considering the government runs it.

cultdeadcow.com

Home page for a hacking group, features their program Back Orifice, which is a remote administrative tool.

ftp.cert.dfn.de

FTP site with tools, cryptography, dictionaries, viruses, and so on.

deny.de

Web page full of hacking utilities, texts, scripts, and programs. This page has many resources and some information for beginners.

elitehackers.com

Message board with knowledgeable hackers—very useful for finding out the latest known exploits and getting advice.

ENSLAVER.COM

Exploits and scripts all listed on FTP site.

firosoft.com/security/philez

Features exploits, tools, and text files, split into directories labeled as such; categories are labeled according to operating system.

First.org

Organization of incident response teams.

ftp.nec.com

Contains a large repository of tools in the /pub/security directory.

ftp.porcupine.org

Lots of security tools, unlabeled and unsorted.

ftp.win.tue.nl

The /pub/security directory contains a large repository of security tools.

geek-speak.net

A site dedicated largely to whitepapers on different computer security topics. Allows you to search the site for what you are looking for.

hack.co.za

Tons of exploits placed under categories by operating system or exploit type. Constantly updated with latest exploits.

Hackernews.com

Daily news about the hacker community.

hackersclub.com

Enormous amount of resources and text files from as far back as 1998, but still kept up-to-date. File area is dedicated to operating systems and types (hacking, cracking, phreaking, and wordlists).

infosyssec.net

Plenty of news resources from viruses to exploits to overall security. There is a search engine for virus, security, and anti-virus products. Includes tons of other search engines—too many to list.

infowar.co.uk

This Web site is dedicated to articles, advisories, and tools.

insecure.org

News, exploits (Win, Linux, Solaris, and so on), security tools, and whitepapers, updated regularly.

L0pht.com

Contains a great deal of useful tools and papers on network security and hacking.

net.tamu.edu

Security tools located in http://net.tamu.edu/network/public.html.

neworder.box.sk

A well maintained site featuring all sorts of computer hacking programs subdivided by area—phreaking, cryptography, operating system, and so on. The searchable database for exploits is constantly updated.

ntobjectives.com

Security tools oriented site with several products for free download.

packetstorm.securify.com

News/exploit site with constantly updated database of exploits. Comes with explanation as well as actual exploit. Searchable database of papers, exploits, and so on.

Phrack.com

An online network security magazine that contains a lot of useful information.

porcupine.org

Tools and papers on auditing the security of a network.

rogenic.com

Very large and frequently updated site with loads of exploits.

rootshell.com

This site features custom made exploits on different systems. The site researches and implements many different exploits. There is also a searchable database and documentation.

SANS.ORG

The SANS Institute home page contains a lot of information on security conferences and certification, and the Global Incident Analysis Center (GIAC) offers a lot of information on exploits and what can be done to prevent against them. It also has an excellent security poster that it updates each year.

securiteam.com

Web site featuring news articles regarding security-related issues. Lists exploits and tools as well of all sorts of different software. Tools include scanners, operating system detects, and DoS tools.

Securityfocus.com

Home of BugTraq and other useful information on exploits.

Securitysearch.net

Useful security portal.

Sysinternals.com

Contains a large repository of tools.

technotronic.com

Contains a large archive on security vulnerabilities and exploits.

torus.ndirect.co.uk

Multiple resource hacking site with information on hacking, encryption, viruses, and even papers.

ussrback.com

Self-discovering exploit site. Offers p-to-date exploits, advisories, library, and cryptography.

warmaster.de

Exploits and hacks divided by operating system. Features text files and interviews. This site has a large selection, some obsolete.

whitehats.com

Contains a large repository of hacking tools.

Wiretrip.net/rfp

Rainforest puppy’s web site that contains CGI vulnerability information and NT exploits.

www-arc.com

System and network scanners available for download. Exploit bulletin board.

xforce.iss.net

Home of security program for ISS offers security alerts, bulletins, mailing lists, and so on.

Hacker/Security Tools

Here are some great tools for the security professional who wants to learn how hackers do it:

•Achilles. Used to edit http sessions: http://www.digizensecurity.com

•Adore. Kernel level rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits

•Back Orifice 2000. Back-door program for Windows: http://www.bo2k.com

•Cheops. Network mapping tool: http://www.marko.net/cheops/

•Covert TCP. Hides data in the TCP protocol: http://packetstorm.securify.com

•CPU Hog. DOS attack: http://206.170.197.5/hacking/DENIALOFSERVICE/

•Crack. Password cracker for UNIX: ftp://cerias.cs.purdue.edu/pub/tools/unix/crack

•Dsniff. Advanced sniffer program: http://www.monkey.org/~dugsong/dsniff

•Dumpsec. Extracts information from NT null sessions: http://www.systemtools.com/somarsoft

•Enum. Extracts information from NT null sessions: http://razor.bindview.com

•Firewalk. Determines a firewall ruleset: http:// packetstorm.securify.com/UNIX/audit/firewalk

•Fragrouter. Used to fragment packets: http://www.anzen.com/research/nidsbench

•Getadmin. Privilege escalation for NT: http://www.infowar.co.uk/mnemonix/utils.htm

•Hunt. Session hijacking tool: http://www.cri.cz/kra/index.html

•IIS Unicode Exploit. Exploits an IIS server: http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2

•Imap Buffer Overflow. Buffer overflow for UNIX: http://packetstorm.securify.com

•IP Watcher. Commercial session hijacking tool: http://www.engarde.com

•ITS4. Security reviewer: http://www.cigital.com/its4/

•Jizz. DNS cache poisoning tool: http://www.rootshell.com

•John the Ripper. Password cracker: http://www.openwall.com/john

•Jolt2. Denial of Service tool: http://razor.bindview.com

•Juggernaut. Session hijacking tool: http://www.rootshell.com

•Knark. Kernel level rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits

•Land. Denial of Service attack: http://packetstorm.securify.com/9901-exploits/eugenics.pl

•Loki. Covert channel for creating a back door: http://www.phrack.com/Archives/phrack51.tgz

•L0phtcrack. Password cracker: http://www.l0pht.com

•Lrk5. Rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits

•Nessus. Free vulnerability scanner: http://www.nessus.org

•NetBus. Back-door program for Windows: http://www.netbus.org

•Netcat. Swiss army knife of security tools: http://www.l0pht.com/

•NetMeeting Buffer Overflow. Buffer overflow: http://packetstorm.securify.com/9905exploits/microsoft.netmeeting.txt

•Nmap. Port scanner: http://www.insecure.org/nmap

•NT Rootkit. Rootkit for NT: http://www.rootkit.com

•Ping of Death. Denial of Service attack: http://packetstorm.securify.com/9901-exploits/eugenics.pl

•Queso. Operating system fingerprinting tool: http://www.apostols.org/projectz/queso

•RDS Exploit. IIS exploit: http://www.wiretrip.net/rfp/p/doc.asp?id=1&iface=2

•RedButton. NT exploit: http://packetstorm.securify.com/NT/audit/redbutton.nt.weakness.sh ower.zip

•Redir. Packet redirector: http://oh.verio.com/~sammy/hacks

•Reverse WWW shell. Back-door program: http://r3wt.base.org

•Rstatd exploit. Buffer overflow: http://packetstorm.securify.com/0008-exploits/rpc.statd.x86.c

•Rootkits. Rootkits for UNIX: http://packetstorm.securify.com/UNIX/penetration/rootkits

•Sam Spade. General tool for Windows: http://www.samspade.org

•Sechole. Privilege escalation exploit: http://www.ntshop.net

•Smurf. Denial of Service exploit: http://packetstorm.securify.com/new-exploits/papasmurf.c

•Sniffit. Sniffer: http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

•Snort. Sniffer IDS: http://www.clark.net/~roesch/security.html

•Solaris LKM Rootkit. Back-door program: http://thc.inferno.tusculum.edu/files/thc/slkm-1.0.html

•SSPing. Denial of Service exploit: http://packetstorm.securify.com/9901-exploits/eugenics.pl

•SYN Flood. Denial of Service exploit: http://packetstorm.securify.com/spoof/unix-spoof-code/synk4.zip

•Targa. Tool for running multiple Denial of Service exploits: http://packetstorm.securify.com

•TBA. War dialer for Palm Pilots: http://www.l0pht.com/~kingpin/pilot.html

•THC Scan. War dialer: http://thc.inferno.tusculum.edu

•Tini. Backdoor for NT: http://ntsecurity.nu/toolbox/tini

•ToolTalk Buffer Overflow. Buffer overflow: http://www.securityfocus.com

•TFN2K. Distributed Denial of Service attack tool: http://packetstorm.securify.com/distributed/

•Trinoo. Distributed denial of service attack tool: http://packetstorm.securify.com/distributed/

•TTY Watcher. Session hijacking tool: ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher

•Whisker. CGI vulnerability scanner: http://www.wiretrip.net/rfp

•WinDump. Sniffer for Windows: http://netgroupserv.polito.it/windump/

•WinNuke. Denial of Service exploit: http://www.anticode.com

•WinZapper. Log cleaner for NT: http://ntsecurity.nu/toolbox/winzapper

General Security Related Sites

This section will cover sites that contain general security information. It's broken down by type of information like newsgroups, mailing lists, or web sites.

Sites and Newsgroups of Interest

This section lists sites that contain security information in a particular area and also lists newsgroups on various areas of security.

•http://www.ciac.org/ciac/CIACHome.html

•http://home.cyberarmy.com/fuzion/index.html

•http://www.cynet1.com/blindsight/

•http://members.aol.com/madzombie/

•http://www.tower.net.au/~hellfire/RTFM/rtfm.html

•http://skynet.ul.ie/~flynng/security/

•http://www.escape.com/~samk/

•http://www.rhino9.org

•http://www.io.com/~ritter/NETLINKS.HTM#CryptoDesigns

•http://www.io.com/~ritter/NETLINKS.HTM

•http://www.ftech.net/~monark/crypto/

•http://www.guninski.com/

•http://page.to/hackzone

•http://icat.nist.gov/icat.taf

•http://www.snort.org

•http://www.techbroker.com/happyhacker.html

•http://www.rootshell.com

•http://www.genocide2600.com

•http://visigoth.isCool.net

•http://www.unitedcouncil.org

•http://www.infowar.com

•http://www.phrack.com

•http://www.cybercom.com/~bsamedi/hack.html

•http://www.hackers.com

•http://www.thtj.com

•http://sun.soci.niu.edu/~cudigest

•http://www3.l0pht.com/~oblivion/blackcrawlarch.html

•http://www.2600.com

•http://www.mit.edu/hacker/hacker.html

•http://www.krew.org/H.html

•http://www.arts.unimelb.edu.au/Dept/Crim/Hack/pap.htm

•http://www.l0pht.com

•http://www.thecodex.com/hacking.html

•ftp://ds.internic.net/rfc/

•http://www.sysone.demon.co.uk/

•http://www.con.wesleyan.edu/~triemer/network/docservs.html

•http://www.jabukie.com/Hacking.html

•http://www.txdirect.net/users/wall/cgisec.htm

•http://www.antionline.com/archives/windows/passwdcrack/

•ftp://ftp.ox.ac.uk/pub/wordlists/

•http://www.7thsphere.com/hpvac/index.html

•http://www.inil.com/users/doug/hold.htm

•http://www2.fwi.com/~rook/

•http://www.pagewerx.com.au/nitroland/

•http://easyweb.easynet.co.uk/~davegraham/ukarena/ukarena.htm

•http://www.phreak.co.uk/datathief/home.html

•http://www.feist.com/~tqdb/

•http://www.hfactorx.org/

•http://www.lordsomer.com/

•http://main.succeed.net/~kill9/hack/

•http://www.xmission.com/~ryder/hack.html

•http://www.clark.net/pub/srokicki/linux/

•http://www.hfactorx.org:80/user_pages/syntaxerror/

•http://l0pht.com/~weld/index.html

•http://www.sonic.net/~group42/

•http://loa.ml.org

•http://thepsyko.home.ml.org

•http://prozac.iscool.net

•http://www.legions.org

•http://www.cotse.com

•http://www.nmrc.org

Mailing Lists

Mailing lists are a great way to keep up on the wide range of security information that is constantly being discovered. You can subscribe to a mailing list and automatically receive information when it is generated.

•http://www.ntsecurity.net/. Subscribe to the NTSecurity list with the online sign-up page.

•Alert. Send an email to mailto:request-alert@iss.net with

Subscribe alert in the body of the message.

•BugTraq. Send an email to mailto:LISTERV@NETSPACE.ORG with

SUBSCRIBE BUGTRAQ in the body of the message.