Kevin Beaver: Hacking For Dummies

Hacking For Dummies®, 7th Edition

Published by: John Wiley & Sons, Inc.,111 River Street, Hoboken, NJ 07030-5774, www.wiley.com

Copyright © 2022 by John Wiley & Sons, Inc., Hoboken, New Jersey

Media and software compilation copyright © 2022 by John Wiley & Sons, Inc. All rights reserved.

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions .

Trademarks:Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHORS HAVE USED THEIR BEST EFFORTS IN PREPARING THIS WORK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES, WRITTEN SALES MATERIALS OR PROMOTIONAL STATEMENTS FOR THIS WORK. THE FACT THAT AN ORGANIZATION, WEBSITE, OR PRODUCT IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE PUBLISHER AND AUTHORS ENDORSE THE INFORMATION OR SERVICES THE ORGANIZATION, WEBSITE, OR PRODUCT MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A SPECIALIST WHERE APPROPRIATE. FURTHER, READERS SHOULD BE AWARE THAT WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. NEITHER THE PUBLISHER NOR AUTHORS SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies .

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com . For more information about Wiley products, visit www.wiley.com .

Library of Congress Control Number: 2022933150

ISBN 978-1-119-87219-1 (pbk); ISBN 978-1-119-87220-7 (ebk); ISBN 978-1-119-87221-4 (ebk)

1 Cover

2 Title Page

3 Copyright

4 Introduction About This Book Foolish Assumptions Icons Used in This Book Beyond the Book Where to Go from Here

5 Part 1: Building the Foundation for Security Testing Chapter 1: Introduction to Vulnerability and Penetration Testing Straightening Out the Terminology Recognizing How Malicious Attackers Beget Ethical Hackers Understanding the Need to Hack Your Own Systems Understanding the Dangers Your Systems Face Following the Security Assessment Principles Using the Vulnerability and Penetration Testing Process Chapter 2: Cracking the Hacker Mindset What You’re Up Against Who Breaks into Computer Systems Why They Do It Planning and Performing Attacks Maintaining Anonymity Chapter 3: Developing Your Security Testing Plan Establishing Your Goals Determining Which Systems to Test Creating Testing Standards Selecting Security Assessment Tools Chapter 4: Hacking Methodology Setting the Stage for Testing Seeing What Others See Scanning Systems Determining What’s Running on Open Ports Assessing Vulnerabilities Penetrating the System

6 Part 2: Putting Security Testing in Motion Chapter 5: Information Gathering Gathering Public Information Mapping the Network Chapter 6: Social Engineering Introducing Social Engineering Starting Your Social Engineering Tests Knowing Why Attackers Use Social Engineering Understanding the Implications Performing Social Engineering Attacks Social Engineering Countermeasures Chapter 7: Physical Security Identifying Basic Physical Security Vulnerabilities Pinpointing Physical Vulnerabilities in Your Office Chapter 8: Passwords Understanding Password Vulnerabilities Cracking Passwords General Password Cracking Countermeasures Securing Operating Systems

7 Part 3: Hacking Network Hosts Chapter 9: Network Infrastructure Systems Understanding Network Infrastructure Vulnerabilities Choosing Tools Scanning, Poking, and Prodding the Network Detecting Common Router, Switch, and Firewall Weaknesses Putting Up General Network Defenses Chapter 10: Wireless Networks Understanding the Implications of Wireless Network Vulnerabilities Choosing Your Tools Discovering Wireless Networks Discovering Wireless Network Attacks and Taking Countermeasures Chapter 11: Mobile Devices Sizing Up Mobile Vulnerabilities Cracking Laptop Passwords Cracking Phones and Tablets

8 Part 4: Hacking Operating Systems Chapter 12: Windows Introducing Windows Vulnerabilities Choosing Tools Gathering Information About Your Windows Vulnerabilities Detecting Null Sessions Checking Share Permissions Exploiting Missing Patches Running Authenticated Scans Chapter 13: Linux and macOS Understanding Linux Vulnerabilities Choosing Tools Gathering Information About Your System Vulnerabilities Finding Unneeded and Unsecured Services Securing the .rhosts and hosts.equiv Files Assessing the Security of NFS Checking File Permissions Finding Buffer Overflow Vulnerabilities Checking Physical Security Performing General Security Tests Patching

9 Part 5: Hacking Applications Chapter 14: Communication and Messaging Systems Introducing Messaging System Vulnerabilities Recognizing and Countering Email Attacks Understanding VoIP Chapter 15: Web Applications and Mobile Apps Choosing Your Web Security Testing Tools Seeking Out Web Vulnerabilities Minimizing Web Security Risks Uncovering Mobile App Flaws Chapter 16: Databases and Storage Systems Diving Into Databases Following Best Practices for Minimizing Database Security Risks Opening Up About Storage Systems Following Best Practices for Minimizing Storage Security Risks

10 Part 6: Security Testing Aftermath Chapter 17: Reporting Your Results Pulling the Results Together Prioritizing Vulnerabilities Creating Reports Chapter 18: Plugging Your Security Holes Turning Your Reports into Action Patching for Perfection Hardening Your Systems Assessing Your Security Infrastructure Chapter 19: Managing Security Processes Automating the Security Assessment Process Monitoring Malicious Use Outsourcing Security Assessments Instilling a Security-Aware Mindset Keeping Up with Other Security Efforts