spine=.8160”
Start with FREE Cheat Sheets
Cheat Sheets include
• Checklists
• Charts
• Common Instructions
• And Other Good Stuff!
Get Smart at Dummies.com
Dummies.com makes your life easier with 1,000s
of answers on everything from removing wallpaper
to using the latest version of Windows.
Check out our
• Videos
• Illustrated Articles
• Step-by-Step Instructions
Plus, each month you can win valuable prizes by entering
our Dummies.com sweepstakes. *
Want a weekly dose of Dummies? Sign up for Newsletters on
• Digital Photography
• Microsoft Windows & Office
• Personal Finance & Investing
• Health & Wellness
• Computing, iPods & Cell Phones
• eBay
• Internet
• Food, Home & Garden
Find out “HOW” at Dummies.com
*Sweepstakes not currently available in all countries; visit Dummies.com for official rules.
Get More and Do More at Dummies.com
®

Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, Making Everything
Easier,
and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/
or its af liates in the United States and other countries, and may not be used without written permission.
All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated
with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO
REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF
THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITH-
OUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE
CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES
CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE
UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR
OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF
A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE
AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZA-
TION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF
FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE
INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY
MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK
MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT
IS READ. FULFILLMENT OF EACH COUPON OFFER IS THE SOLE RESPONSIBILITY OF THE OFFEROR.
For general information on our other products and services, please contact our Customer Care
Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic books.
Library of Congress Control Number: 2009942371
ISBN: 978-0-470-55093-9
Manufactured in the United States of America

Kevin is the creator and producer of the audio series Security On Wheels
providing security learning for IT professionals on the go (SecurityOn
Wheels.com) and its associated blog (SecurityOnWheels.com/blog). He
also rants about information security on Twitter at
www.twitter.com/
kevinbeaver
. Kevin earned his bachelor’s degree in Computer Engineering
Technology from Southern College of Technology and his master’s degree in
Management of Technology from Georgia Tech. He has been a CISSP since
2001 and also holds MCSE, Master CNE, and IT Project+ certi cations. Kevin
can be reached through his Web sites at
www.principlelogic.com and
.
Dedication
Mom, this one’s for you. You’ve been so strong  ghting your cancer and have
no idea how much of an inspiration you’ve been to me. I love you.
Author’s Acknowledgments
First, I want to thank Amy, Garrett, and Mary Lin for being here for me and
supporting me during the long hours I put into this edition. You all are the
best! I’d like to thank Melody Layne, my original acquisitions editor at Wiley,
for contacting me long ago with this book idea and providing me this great
opportunity. I’d also like to thank my new acquisitions editor, Amy Fandrei,
for continuing this project and presenting me the opportunity to shape this
book into something I’m very proud of.
I’d like to thank my project editor, Jean Nelson. Yet again, you’ve been more
than a pleasure to work with and have added a lot of value to this book.
I’d also like to thank Brian Walls, my copy editor, for keeping my focus
(and English) in line. Also, many thanks to my technical editor, business
colleague, friend, and co-author of Hacking Wireless Networks For Dummies,
Peter T. Davis. Again, I’m honored to be working with you and very much

Publisher’s Acknowledgments
We’re proud of this book; please send us your comments at . For
other comments, please contact our Customer Care Department within the U.S. at 877-762-2974,
outside the U.S. at 317-572-3993, or fax 317-572-4002.
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial
Project Editor: Jean Nelson
Acquisitions Editor: Amy Fandrei
Copy Editor: Brian Walls
Technical Editor: Peter T. Davis
Editorial Manager: Kevin Kirschner
Media Development Project Manager:
Laura Moss-Hollister
Media Development Assistant Project
Manager: Jenny Swisher
Media Development Associate Producers:
Josh Frank, Marilyn Hummel,
Douglas Kuhn, and Shawn Patrick
Editorial Assistant: Amanda Graham
Sr. Editorial Assistant: Cherie Case
Cartoons: Rich Tennant
(
www.the5thwave.com)
Composition Services
Project Coordinator: Sheree Montgomery
Layout and Graphics: Samantha K. Cherolis,
Joyce Haughey, Ronald G. Terry
Proofreaders: Lindsay Littrell, Linda Seifert
Indexer: BIM Indexing & Proofreading Services
Special Help: Beth Stanton

Chapter 14: Web Sites and Applications 277
Chapter 15: Databases and Storage Systems 303
Part VI: Ethical Hacking Aftermath 315
Chapter 16: Reporting Your Results 317
Chapter 17: Plugging Security Holes 323
Chapter 18: Managing Security Changes 329
Part VII: The Part of Tens 335
Chapter 19: Ten Tips for Getting Upper Management Buy-In 337
Chapter 20: Ten Reasons Hacking Is the Only Effective Way to Test 343
Chapter 21: Ten Deadly Mistakes 347
Appendix: Tools and Resources 351
Index 367
Table of Contents
Foreword xix
Introduction 1
Who Should Read This Book? 1
About This Book 2
How to Use This Book 2
What You Don’t Need to Read 3
Foolish Assumptions 3
How This Book Is Organized 3
Part I: Building the Foundation for Ethical Hacking 4
Part II: Putting Ethical Hacking in Motion 4
Part III: Hacking the Network 4
Part IV: Hacking Operating Systems 4
Part V: Hacking Applications 5
Part VI: Ethical Hacking Aftermath 5
Part VII: The Part of Tens 5
Icons Used in This Book 6
Where to Go from Here 6

Why They Do It 29
Planning and Performing Attacks 32
Maintaining Anonymity 34
Chapter 3: Developing Your Ethical Hacking Plan. . . . . . . . . . . . . . . . .35
Establishing Your Goals 36
Determining Which Systems to Hack 37
Creating Testing Standards 40
Timing 40
Speci c tests 41
Blind versus knowledge assessments 42
Location 43
Reacting to vulnerabilities you  nd 43
Silly assumptions 43
Selecting Security Assessment Tools 44
Chapter 4: Hacking Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Setting the Stage for Testing 45
Seeing What Others See 47
Gathering public information 47
Mapping the network 50
Scanning Systems 52
Hosts 52
Open ports 53
Determining What’s Running on Open Ports 53
Assessing Vulnerabilities 55
Penetrating the System 57
Part II: Putting Ethical Hacking in Motion 59
Chapter 5: Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Social Engineering 101 61
Before You Start 62
Why Attackers Use Social Engineering 64

Securing Operating Systems 113
Windows 113
Linux and UNIX 114
Part III: Hacking the Network 115
Chapter 8: Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Network Infrastructure Vulnerabilities 119
Choosing Tools 120
Scanners and analyzers 120
Vulnerability assessment 121
Scanning, Poking, and Prodding 121
Port scanners 122
SNMP scanning 128
Banner grabbing 130
Hacking For Dummies, 3rd Edition
xii
Firewall rules 131
Network analyzers 134
The MAC-daddy attack 140
Denial of service 145
Common Router, Switch, and Firewall Weaknesses 147
Unsecured interfaces 147
IKE weaknesses 148
General Network Defenses 149
Chapter 9: Wireless LANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Understanding the Implications of Wireless
Network Vulnerabilities 152
Choosing Your Tools 154
Wireless LAN Discovery 156
Checking for worldwide recognition 156
Scanning your local airwaves 157

Gleaning information 192
Countermeasures against null session hacks 194
Share Permissions 196
Windows defaults 196
Testing 197
Missing Patch Exploitation 198
Using Metasploit 200
Countermeasures against missing patch vulnerability exploits 205
Authenticated Scans 205
Chapter 11: Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Linux Vulnerabilities 208
Choosing Tools 208
Information Gathering 209
System scanning 209
Countermeasures against system scanning 213
Unneeded and Unsecured Services 213
Searches 213
Countermeasures against attacks on unneeded services 216
.rhosts and hosts.equiv Files 218
Hacks using the .rhosts and hosts.equiv  les 218
Countermeasures against .rhosts and hosts.equiv  le attacks 219
NFS 220
NFS hacks 220
Countermeasures against NFS attacks 221
File Permissions 221
File permission hacks 222
Countermeasures against  le permission attacks 222
Buffer Over ows 223
Attacks 223
Countermeasures against buffer-over ow attacks 223

Chapter 13: Communication and Messaging Systems . . . . . . . . . . . .249
Messaging System Vulnerabilities 249
E-Mail Attacks 252
E-mail bombs 252
Banners 255
SMTP attacks 257
General best practices for minimizing e-mail security risks 266
Instant Messaging 267
IM vulnerabilities 267
Countermeasures against IM vulnerabilities 268
Voice over IP 270
VoIP vulnerabilities 270
Countermeasures against VoIP vulnerabilities 276
Chapter 14: Web Sites and Applications . . . . . . . . . . . . . . . . . . . . . . . .277
Choosing Your Web Application Tools 278
Web Vulnerabilities 280
Directory traversal 280
Countermeasures against directory traversals 282
Input  ltering attacks 283
Countermeasures against input attacks 291
xv
Table of Contents
Default script attacks 292
Countermeasures against default script attacks 294
Unsecured login mechanisms 294
Countermeasures against unsecured login systems 297
General security scans for Web application vulnerabilities 297
Best Practices for Minimizing Web Security Risks 298
Obscurity 299
Firewalls 299

Keeping Up with Other Security Issues 334
Hacking For Dummies, 3rd Edition
xvi
Part VII: The Part of Tens 335
Chapter 19: Ten Tips for Getting Upper Management Buy-In . . . . . .337
Cultivate an Ally and Sponsor 337
Don’t Be a FUDdy Duddy 337
Demonstrate How the Organization Can’t Afford to Be Hacked 338
Outline the General Bene ts of Ethical Hacking 339
Show How Ethical Hacking Speci cally Helps the Organization 339
Get Involved in the Business 339
Establish Your Credibility 340
Speak on Management’s Level 340
Show Value in Your Efforts 340
Be Flexible and Adaptable 341
Chapter 20: Ten Reasons Hacking Is the Only
Effective Way to Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
The Bad Guys Are Thinking Bad Thoughts, Using Good Tools,
and Developing New Attack Methods 343
IT Governance and Compliance Is More Than
High-Level Checklist Audits 343
Ethical Hacking Complements Audits and Security Evaluations 344
Someone’s Going to Ask How Secure Your Systems Are 344
The Law of Averages Is Working Against Businesses 344
Ethical Hacking Creates a Better Understanding of
What the Business Is Up Against 344
If a Breach Occurs, You Have Something to Fall Back On 345
Ethical Hacking Brings Out the Worst in Your Systems 345
Ethical Hacking Combines the Best of Penetration
Testing and Vulnerability Testing 345

NetWare 356
Networks 356
Password Cracking 358
Patch Management 359
Security Education and Learning Resources 360
Security Methods and Models 360
Source Code Analysis 361
Storage 361
System Hardening 361
User Awareness and Training 362
Voice over IP 362
Vulnerability Databases 363
Web Applications 363
Windows 364
Wireless Networks 365
Index 367
Hacking For Dummies, 3rd Edition
xviii
Foreword
Little more than a decade ago, IT security was barely a newborn in diapers.
With only a handful of security professionals in 1994, few practiced security
and even fewer truly understood it. Security technologies amounted to little
more than anti-virus software and packet  ltering routers at that time. And the
concept of a “hacker” came primarily from the Hollywood movie WarGames;
or more often it referred to someone with a low golf score. As a result, just like
Rodney Danger eld, it got “no respect,” and no one took it seriously. IT pro-
fessionals saw it largely as a nuisance, to be ignored — that is until they were
impacted by it.
Today, the number of Certi ed Information Systems Security Professionals
(CISSP) has topped 61,000 (www.isc2.org) worldwide, and there are more

age Nostradamus soothsayers?” The answer I always give is, “Unequivocally,
yes.” The possibility of a digital Pearl Harbor is closer than many think.
Organized terrorist cells like Al Qaeda are raided almost weekly, and when
computers are discovered, their drives are  lled with cyber-hacking plans,
U.S. infrastructure blueprints, and instructions on attacking U.S. computer
and infrastructure targets.
Do you believe the energy commission’s report about the biggest power
outage in U.S history? The one that on August 14, 2003, left one- fth of the
U.S. population without power (about 50 million people) for over 12 hours?
Do you believe that it has to do with untrimmed trees and faulty control pro-
cesses? If you believe in Occam’s Razor, then yes, the simplest explanation is
usually the correct one, but remember this: The power outage hit just three
days after the Microsoft Blaster worm, one of the most vicious computer
worms ever unleashed on the Internet,  rst hit. Coincidence? Perhaps.
Some of you may be skeptical, saying, “Well, if the threat is so real, why
hasn’t something bad happened yet?” I respond simply, “If I had come to you
on September 10, 2001, and said that in the near future people would use
commercial airplanes as bombs to kill over 3,000 people in the matter of 5
hours, would you believe me?” I understand your skepticism. And you should
be skeptical. But we are asking for your trust, and your faith, before some-
thing bad happens. Trust that we know the truth, we know what is possible,
and we know the mind of the enemy. I think we can all agree on at least one
thing, we cannot allow them to succeed.
Every minute of every day there are governments, organized crime, and
hacker groups turning the doorknobs on your house looking for an unlocked
entry. They are rattling the windows and circling your domicile, looking for a
weakness, a vulnerability, or a way into your house. Are you going to let them
in? Are you going to sit idly by and watch as they ransack your belongings,
make use of your facilities, and desecrate your sanctuary? Or are you going
to empower yourself, educate yourself, and prevent them from winning? The

W
elcome to Hacking For Dummies, 3rd Edition. This book outlines —
in plain English — computer hacker tricks and techniques that you
can use to assess the security of your information systems, find the security
vulnerabilities that matter, and fix the weaknesses before criminal hackers
and malicious users take advantage of them. This hacking is the professional,
aboveboard, and legal type of security testing — which I call ethical hacking
throughout the book.
Computer and network security is a complex subject and an ever-moving
target. You must stay on top of it to ensure that your information is pro-
tected from the bad guys. That’s where the tools and techniques outlined in
this book can help.
You can implement all the security technologies and other best practices pos-
sible, and your information systems might be secure — as far as you know.
However, until you understand how malicious attackers think, apply that
knowledge, and use the right tools to assess your systems from their point of
view, you can’t get a true sense of how secure your information really is.
Ethical hacking — which encompasses formal and methodical penetration
testing, white hat hacking, and vulnerability testing — is necessary to find secu-
rity flaws and to help validate that your information systems are truly secure
on an ongoing basis. This book provides you with the knowledge to imple-
ment an ethical hacking program successfully along with countermeasures
that you can put in place to keep external hackers and malicious users out of
your business.
Who Should Read This Book?
Disclaimer: If you choose to use the information in this book to hack or break
into computer systems maliciously and without authorization, you’re on your
own. Neither I (the author) nor anyone else associated with this book shall be
liable or responsible for any unethical or criminal choices that you might
make and execute using the methodologies and tools that I describe. This