Download at WoWeBook.Com
Hacking: The Next Generation
Download at WoWeBook.Com
Download at WoWeBook.Com
Hacking: The Next Generation
Nitesh Dhanjani, Billy Rios, and Brett Hardin
Beijing
•
Cambridge
•
Farnham
•
Köln
•
Sebastopol
•
Taipei
•
Tokyo
Download at WoWeBook.Com
Hacking: The Next Generation
by Nitesh Dhanjani, Billy Rios, and Brett Hardin
Copyright © 2009 Nitesh Dhanjani. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O’Reilly
books
may be purchased for educational, business, or sales promotional use. Online editions
are also available for most titles (http://my.safaribooksonline.com). For more information, contact our
corporate/institutional sales department: (800) 998-9938 or [email protected].

1.
Intelligence Gathering: Peering Through the Windows to Your Organization . . . . . . 1
Physical Security Engineering 1
Dumpster Diving 2
Hanging Out at the Corporate Campus 3
Google Earth 5
Social Engineering Call Centers 6
Search Engine Hacking 7
Google Hacking 7
Automating Google Hacking 8
Extracting Metadata from Online Documents 9
Searching for Source Code 11
Leveraging Social Networks 12
Facebook and MySpace 13
Twitter 15
Tracking Employees 16
Email Harvesting with theHarvester 16
Resumés 18
Job Postings 19
Google Calendar 21
What Information Is Important? 22
Summary 23
2. Inside-Out Attacks: The Attacker Is the Insider . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Man on the Inside 26
Cross-Site Scripting (XSS) 26
Stealing Sessions 27
Injecting Content 28
Stealing Usernames and Passwords 30
Advanced and Automated Attacks 34

Finding Protocol Handlers on Mac OS X 99
Finding Protocol Handlers on Linux 101
Blended Attacks 102
The Classic Blended Attack: Safari’s Carpet Bomb 103
The FireFoxUrl Application Protocol Handler 108
Mailto:// and the Vulnerability in the ShellExecute Windows API 111
The iPhoto Format String Exploit 114
Blended Worms: Conficker/Downadup 115
Finding Blended Threats 118
Summary 119
5. Cloud Insecurity: Sharing the Cloud with Your Enemy . .
. . . . . . . . . . . . . . . . . . . . . 121
What Changes in the Cloud 121
vi | Table of Contents
Download at WoWeBook.Com
Amazon’s Elastic Compute Cloud 122
Google’s App Engine 122
Other Cloud Offerings 123
Attacks Against the Cloud 123
Poisoned Virtual Machines 124
Attacks Against Management Consoles 126
Secure by Default 140
Abusing Cloud Billing Models and Cloud Phishing 141
Googling for Gold in the Cloud 144
Summary 146
6. Abusing Mobile Devices: Targeting Your Mobile Workforce . . . . . . . . . . . . . . . . . . . 149
Targeting Your Mobile Workforce 150
Your Employees Are on My Network 150
Getting on the Network 152
Direct Attacks Against Your Employees and Associates 162

Stealing Social Identities 210
Breaking Authentication 212
Hacking the Psyche 217
Summary 220
9. Hacking Executives: Can Your CEO Spot a Targeted Attack? . . . . . . . . . . . . . . . . . . . 223
Fully Targeted Attacks Versus Opportunistic Attacks 223
Motives 224
Financial Gain 224
Vengeance 225
Benefit and Risk 226
Information Gathering 226
Identifying Executives 226
The Trusted Circle 227
Twitter 230
Other Social Applications 232
Attack Scenarios 232
Email Attack 233
Targeting the Assistant 238
Memory Sticks 239
Summary 240
10. Case Studies: Different Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
The Disgruntled Employee 241
The Performance Review 241
Spoofing into Conference Calls 243
The Win 245
The Silver Bullet 245
The Free Lunch 246
The SSH Server 247
Turning the Network Inside Out 249
A Fool with a Tool Is Still a Fool 252

This book assumes you are familiar with and can graduate beyond elementary attack
and penetration techniques, such as the use of port scanners and network analyzers. A
basic understanding of common web application flaws will be an added plus.
ix
Download at WoWeBook.Com
Contents of This Book
This book is divided into 10 chapters. Here’s a summary of what we cover:
Chapter 1, Intelligence Gathering: Peering Through the Windows to Your Organization
To successfully execute an attack against any given organization, the attacker must
first perform reconnaissance to gather as much intelligence about the organization
as possible. In this chapter, we look at traditional attack methods as well as how
the new generation of attackers is able to leverage new technologies for information
gathering.
Chapter 2, Inside-Out Attacks: The Attacker Is the Insider
Not only does the popular perimeter-based approach to security provide little risk
reduction today, but it is in fact contributing to an increased attack surface that
criminals are using to launch potentially devastating attacks. The impact of the
attacks illustrated in this chapter can be extremely devastating to businesses that
approach security with a perimeter mindset where the insiders are generally trusted
with information that is confidential and critical to the organization.
Chapter 3, The Way It Works: There Is No Patch
The protocols that support network communication, which are relied upon for the
Internet to work, were not specifically designed with security in mind. In this
chapter, we study why these protocols are weak and how attackers have and will
continue to exploit them.
Chapter 4, Blended Threats: When Applications Exploit Each Other
The amount of software installed on a modern computer system is staggering. With
so many different software packages on a single machine, the complexity of man-
aging the interactions between these software packages becomes increasingly com-
plex. Complexity is the friend of the next-generation hacker. This chapter exposes