Attacking a System
This chapter includes questions from the following topics:
• Understand the different types of password, password attacks, and password-cracking techniques
• Understand Microsoft Authentication mechanisms
• Identify various password-cracking tools, keyloggers, and spyware technologies
• Understand privilege escalation
• Describe file-hiding methods, alternate data streams, and evidence erasure
• Identify rootkits
• Understand basic Linux file structure, directories, and commands
• Describe how to install, configure, and compile a Linux kernel, kernel patches, and LKM modules
• Understand GCC compilation commands
• List vulnerabilities and password-cracking techniques in Linux
• Understand password cracking in Linux
• Understand Linux-hardening methods
I think the people involved in remaking the movie Total Recall should be flogged. At the very least, they should be forced to provide an apology for what they’ve done to an American cinematic classic. If you haven’t seen either movie, go rent the 1990 version with Arnold Schwarzenegger, alien artifacts, and that creepy little mutant guy that keeps saying, “Open your mind to me.…” You need to see this movie because it’s integral to what we’re trying to accomplish in this chapter. Feel free to tell your mom, dad, or significant other that you have to watch it—the book guy says it’s study material.
In the movie, Arnold’s character (Douglas Quaid) is a 9-to-5, Joe-lunchbox average guy who one day discovers he’s actually a secret agent spy-type person. He discovers this by taking out six armed spies in a confrontation after work. As he stands there looking at the bodies laid out in a circle all around him, he looks at his fists and asks, “How did I do that?”
Just as Douglas Quaid had no idea he was actually Hauser (the name of his alter-ego super-spy persona), you may be sitting there having no idea what kind of virtual damage you can do with the knowledge you’ve gained so far. Who knows if, put in the right situation, you’d knock out virtual targets with ease? I can see you now, looking down at your keyboard in awe and answering the “How did you do that?” question with, “I don’t know—the training just kicked in.” Granted, we still have a lot of training to do, and I doubt you’ll be punching any virtual targets outside an agreed-upon scope (after all, you are an ethical hacker, right?). However, this chapter will help hone your skills. Here, we’ll talk all about system attacks and putting to use some of the training and knowledge you already have in place.
STUDY TIPS Know your password rules, attacks, and tools very, very well. You will definitely see loads of questions about passwords. Use, storage, hashing of, and attacks against passwords will be covered ad nausea on your exam. Pull some of these tools down and play with them, because you’ll need to know what they look like, how they operate, and what capabilities they have.
Next, when it comes to this chapter, you really need to get to know Linux better. Questions regarding Linux will most likely revolve around kernel modules, file structure, storage locations, and the command-line interface. Again, the easiest way to learn all this is to go download a Linux distro and run it in a VM on your machine. Take advantage of the thousands of Linux how-to videos and articles you can find on the Internet: It’s one thing to read it in a book, but you’ll learn far more if you actually perform it yourself.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.