第1页 / 共187页
第2页 / 共187页
第3页 / 共187页
第4页 / 共187页
第5页 / 共187页
第6页 / 共187页
第7页 / 共187页
第8页 / 共187页
理解网络黑客(Understanding Network Hacks)-Springer原版书,0积分.pdf
Preface
Contents
Introduction
Who Should Read This Book?
The Structure of the Book
The Most Important Security Principles
Chapter
1 Installation
1.1 The Right Operating System
1.2 The Right Python Version
1.3 Development Environment
1.4 Python Modules
Chapter
2 Network 4 Newbies
2.1 Components
2.2 Topologies
2.3 ISO/OSI Layer Model
2.4 Ethernet
2.5 VLAN
2.6 ARP
2.7 IP
2.8 ICMP
2.9 TCP
2.10 UDP
2.11 An Example Network
2.12 Architecture
2.13 Gateway
2.14 Router
2.15 Bridge
2.16 Proxies
2.17 Virtual Private Networks
2.18 Firewalls
2.19 Man-in-the-Middle-Attacks
Chapter
3 Python Basics
3.1 Every Start Is Simple
3.2 The Python Philosophy
3.3 Data Types
3.4 Data Structures
3.5 Functions
3.6 Control Structures
3.7 Modules
3.8 Exceptions
3.9 Regular Expressions
3.10 Sockets
Chapter
4 Layer 2 Attacks
4.1 Required Modules
4.2 ARP-Cache-Poisoning
4.3 ARP-Watcher
4.4 MAC-Flooder
4.5 VLAN Hopping
4.6 Let's Play Switch
4.7 ARP Spoofing Over VLAN Hopping
4.8 DTP Abusing
4.9 Tools
4.9.1 NetCommander
4.9.2 Hacker's Hideaway ARP Attack Tool
4.9.3 Loki
Chapter
5 TCP/IP Tricks
5.1 Required Modules
5.2 A Simple Sniffer
5.3 Reading and Writing PCAP Dump Files
5.4 Password Sniffer
5.5 Sniffer Detection
5.6 IP-Spoofing
5.7 SYN-Flooder
5.8 Port-Scanning
5.9 Port-Scan Detection
5.10 ICMP-Redirection
5.11 RST Daemon
5.12 Automatic Hijack Daemon
5.13 Tools
5.13.1 Scapy
Chapter
6 WHOIS DNS?
6.1 Protocol Overview
6.2 Required Modules
6.3 Questions About Questions
6.4 WHOIS
6.5 DNS Dictionary Mapper
6.6 Reverse DNS Scanner
6.7 DNS-Spoofing
6.8 Tools
6.8.1 Chaosmap
Chapter
7 HTTP Hacks
7.1 Protocol Overview
7.2 Web Services
7.3 Required Modules
7.4 HTTP Header Dumper
7.5 Referer Spoofing
7.6 The Manipulation of Cookies
7.7 HTTP-Auth Sniffing
7.8 Webserver Scanning
7.9 SQL Injection
7.10 Command Injection
7.11 Cross-Site-Scripting
7.12 SSL Sniffing
7.13 Proxy Scanner
7.14 Proxy Port Scanner
7.15 Tools
7.15.1 SSL Strip
7.15.2 Cookie Monster
7.15.3 Sqlmap
7.15.4 W3AF
Chapter
8 Wifi Fun
8.1 Protocol Overview
8.2 Required Modules
8.3 Wifi Scanner
8.4 Wifi Sniffer
8.5 Probe-Request Sniffer
8.6 Hidden SSID
8.7 MAC-Address-Filter
8.8 WEP
8.9 WPA
8.10 WPA2
8.11 Wifi-Packet-Injection
8.12 Playing Wifi Client
8.13 Deauth
8.14 Wifi Man-in-the-Middle
8.15 Wireless Intrusion Detection
8.16 Tools
8.16.1 WiFuzz
8.16.2 Pyrit
8.16.3 AirXploit
Chapter
9 Feeling Bluetooth on the Tooth
9.1 Protocol Overview
9.2 Required Modules
9.3 Bluetooth-Scanner
9.4 SDP-Browser
9.5 RFCOMM-Channel-Scanner
9.6 OBEX
9.7 Blue Snarf Exploit
9.8 Blue Bug Exploit
9.9 Bluetooth-Spoofing
9.10 Sniffing
9.11 Tools
9.11.1 BlueMaho
Chapter
10 Bargain Box Kung Fu
10.1 Required Modules
10.2 Spoofing E-mail Sender
10.3 DHCP Hijack
10.4 IP Brute Forcer
10.5 Google-Hacks-Scanner
10.6 SMB-Share-Scanner
10.7 Login Watcher
Appendix
A Scapy Reference
A.1 Protocols
A.2 Functions
Appendix
B Secondary Links
Index
Bastian�Ballmann
Understanding
Network Hacks
Attack and Defense with Python
Understanding Network Hacks
Bastian Ballmann
Understanding Network
Hacks
Attack and Defense with Python
123
Bastian Ballmann
Uster, Switzerland
Translation from the German language edition “Network Hacks - Intensivkurs”,
c Springer-Verlag, 2012
ISBN 978-3-662-44436-8
DOI 10.1007/978-3-662-44437-5
Springer Heidelberg New York Dordrecht London
ISBN 978-3-662-44437-5 (eBook)
Library of Congress Control Number: 2014960247
© Springer-Verlag Berlin Heidelberg 2015
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection
with reviews or scholarly analysis or material supplied specifically for the purpose of being entered
and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of
this publication or parts thereof is permitted only under the provisions of the Copyright Law of the
Publisher’s location, in its current version, and permission for use must always be obtained from Springer.
Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations
are liable to prosecution under the respective Copyright Law.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of
publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for
any errors or omissions that may be made. The publisher makes no warranty, express or implied, with
respect to the material contained herein.
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
For data travelers, knowledge hungry,
curious, network-loving life-forms who like
to explore and get to the bottom of thing.
Preface
Doesn’t this book explain how to break into a computer system? Isn’t that illegal
and a bad thing at all?
I would like to answer both questions with no (at least the second one).
Knowledge is never illegal nor something bad, but the things you do with it.
You as an admin, programmer, IT manager, or just an interested reader cannot
protect yourself if you don’t know the techniques of the attackers. You cannot test
the effectiveness of your firewalls and intrusion detection systems or other security,
related software if you are not able to see your IT infrastructure through the eyes of
an attacker. You cannot weigh up the danger to costs of possible security solutions
if you don’t know the risks of a successful attack. Therefore, it is necessary to
understand how attacks on computer networks really work.
The book presents a selection of possible attacks with short source code samples
to demonstrate how easy and effectively and maybe undetected a network can be
infiltrated. This way you can not only learn the real techniques but present them to
your manager or employer and help them in the decision if it would make sense to
care a little bit more about IT security. At the end of the book, you should be able
to not only understand how attacks on computer networks really work but also to
modify the examples to your own environment and your own needs.
Sure, the book also tells those bad guys how to crack the net and write their own
tools, but IT security is a sword with two sharp blades. Both sides feed themselves
off the same pot of knowledge, and it is a continuous battle, which the protecting
side can never dream of winning if it censors itself or criminalizes their knowledge!
Uster, Switzerland
Bastian Ballmann
vii
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
