Hackers the Next Generation – Book review

Posted on by

This hacking book will give you the basics to a number of hacking technics. The book is split in 10 chapters and although each one have a few interresting points. I found the second and third which focus on web and network security to be the most interresting for me, as a web engeneer.

Chapter 1 is about collecting data by using search engines most of the time.

There is so much information available that you can just search google most of the time to get security holes, login and password lists.
Exemple: search: “Unable to jump to row” “on MySQL result index” to get a list of MySQL servers which are vulnerable to sql injections.

You can then find user names by searching the documents which are online:
typedoc:exemple.com in google to get a huge list of docments which have been published without wanting to.

You can also get all the email addresses in a company with a simple python script called theHarvester.py to get all the email addresses found for a domain name on a specific search engine.

XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery) Attacks:
These are clearly the most commun and spread attack which still work today. Since by inserting a specific url, you can grab users cookies which will often include session cookies, and therefore duplicate the session on your own computer.

There is a powerful exemple from Ranger which uses iframes to gain control of the victims browser in a similar way to a VNC with a XSSwave technic.

http://xss-proxy.sourceforge.net/shmoocon-XSS-Proxy.ppt

The cracking passwords using brute force:
1) Cain & Abdel
2) John the Ripper
3) Hydra for brute force attacks on a number of protocols
Burp intruder

Security tools:

You should be able to get an extensive and up to date list on http://sectools.org
But I will only mention the first on the list for the past 10 years:
Nessus

Other interresting sources to harvest data:

Yahoo pipes:
To group source of information together
Sentiment analysis with:
Wefeelfine.org

Tweetstats.com
Namechk.com

Gonzor’s switchblade to extract all information from a usb key.
Switchblade gonzor228.com

Although this book will give you good foundations on hacking technics, it will not be extensive and you should extend the information given with test and trail of the tools given.

There is also very little information on virus and troyen methods which are also most likely a very extensive topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>