Hackers Desk Reference
.pdfThe MH DeskReference
Version 1.2
Written/Assembled by
The Rhino9 Team
Table of Contents
=Part One=
=Essential background Knowledge=
[0.0.0] Preface
[0.0.1] The Rhino9 Team
[0.0.2] Disclaimer
[0.0.3] Thanks and Greets
[1.0.0] Preface To NetBIOS [1.0.1] What is NetBIOS? [1.0.2] NetBIOS Names [1.0.3] NetBIOS Sessions [1.0.4] NetBIOS Datagrams [1.0.5] NetBEUI Explained
[1.0.6] NetBIOS Scopes
[1.2.0] Preface to SMB's [1.2.1] What are SMB's? [1.2.2] The Redirector
[2.0.0] What is TCP/IP? [2.0.1] FTP Explained [2.0.2] Remote Login [2.0.3] Computer Mail [2.0.4] Network File Systems [2.0.5] Remote Printing [2.0.6] Remote Execution [2.0.7] Name Servers
[2.0.8] Terminal Servers
[2.0.9] Network-Oriented Window Systems [2.1.0] General description of the TCP/IP protocols [2.1.1] The TCP Level
[2.1.2] The IP level [2.1.3] The Ethernet level
[2.1.4] Well-Known Sockets And The Applications Layer [2.1.5] Other IP Protocols
[2.1.6] Domain Name System
[2.1.7] Routing
[2.1.8] Subnets and Broadcasting
[2.1.9] Datagram Fragmentation and Reassembly [2.2.0] Ethernet encapsulation: ARP
[3.0.0] Preface to the WindowsNT Registry [3.0.1] What is the Registry?
[3.0.2] In Depth Key Discussion
[3.0.3] Understanding Hives
[3.0.4] Default Registry Settings
[4.0.0] Introduction to PPTP
[4.0.1] PPTP and Virtual Private Networking
[4.0.2] Standard PPTP Deployment
[4.0.3] PPTP Clients
[4.0.4] PPTP Architecture
[4.0.5] Understanding PPTP Security
[4.0.6] PPTP and the Registry
[4.0.7] Special Security Update
[5.0.0] TCP/IP Commands as Tools
[5.0.1] The Arp Command
[5.0.2] The Traceroute Command
[5.0.3] The Netstat Command
[5.0.4] The Finger Command
[5.0.5] The Ping Command
[5.0.6] The Nbtstat Command
[5.0.7] The IpConfig Command
[5.0.8] The Telnet Command
[6.0.0] NT Security
[6.0.1] The Logon Process
[6.0.2] Security Architecture Components [6.0.3] Introduction to Securing an NT Box [6.0.4] Physical Security Considerations [6.0.5] Backups
[6.0.6] Networks and Security
[6.0.7] Restricting the Boot Process
[6.0.8] Security Steps for an NT Operating System [6.0.9] Install Latest Service Pack and applicable hot-fixes [6.1.0] Display a Legal Notice Before Log On
[6.1.1] Rename Administrative Accounts
[6.1.2] Disable Guest Account
[6.1.3] Logging Off or Locking the Workstation
[6.1.4] Allowing Only Logged-On Users to Shut Down the Computer [6.1.5] Hiding the Last User Name
[6.1.6] Restricting Anonymous network access to Registry
[6.1.7] Restricting Anonymous network access to lookup account names and network shares
[6.1.8] Enforcing strong user passwords
[6.1.9] Disabling LanManager Password Hash Support
[6.2.0] Wiping the System Page File during clean system shutdown [6.2.1] Protecting the Registry
[6.2.2] Secure EventLog Viewing
[6.2.3] Secure Print Driver Installation
[6.2.4] The Schedule Service (AT Command)
[6.2.5] Secure File Sharing
[6.2.6] Auditing
[6.2.7] Threat Action
[6.2.8] Enabling System Auditing
[6.2.9] Auditing Base Objects
[6.3.0] Auditing of Privileges
[6.3.1] Protecting Files and Directories
[6.3.2] Services and NetBios Access From Internet
[6.3.3] Alerter and Messenger Services
[6.3.4] Unbind Unnecessary Services from Your Internet Adapter Cards [6.3.5] Enhanced Protection for Security Accounts Manager Database [6.3.6] Disable Caching of Logon Credentials during interactive logon. [6.3.7] How to secure the %systemroot%\repair\sam._ file
[6.3.8] TCP/IP Security in NT
[6.3.9] Well known TCP/UDP Port numbers
[7.0.0] Preface to Microsoft Proxy Server [7.0.1] What is Microsoft Proxy Server? [7.0.2] Proxy Servers Security Features [7.0.3] Beneficial Features of Proxy
[7.0.4] Hardware and Software Requirements [7.0.5] What is the LAT?
[7.0.6] What is the LAT used for?
[7.0.7] What changes are made when Proxy Server is installed? [7.0.8] Proxy Server Architecture
[7.0.9] Proxy Server Services: An Introduction [7.1.0] Understanding components
[7.1.1] ISAPI Filter
[7.1.2] ISAPI Application
[7.1.3] Proxy Servers Caching Mechanism
[7.1.4] Windows Sockets
[7.1.5] Access Control Using Proxy Server [7.1.6] Controlling Access by Internet Service
[7.1.7] Controlling Access by IP, Subnet, or Domain [7.1.8] Controlling Access by Port
[7.1.9] Controlling Access by Packet Type [7.2.0] Logging and Event Alerts
[7.2.1] Encryption Issues
[7.2.2] Other Benefits of Proxy Server
[7.2.3] RAS
[7.2.4] IPX/SPX
[7.2.5] Firewall Strategies
[7.2.6] Logical Construction
[7.2.7] Exploring Firewall Types
[7.2.3] NT Security Twigs and Ends
=Part Two=
=The Techniques of Survival=
[8.0.0] NetBIOS Attack Methods
[8.0.1] Comparing NAT.EXE to Microsoft's own executables [8.0.2] First, a look at NBTSTAT
[8.0.3] Intro to the NET commands [8.0.4] Net Accounts
[8.0.5] Net Computer
[8.0.6] Net Config Server or Net Config Workstation [8.0.7] Net Continue
[8.0.8] Net File
[8.0.9] Net Group
[8.1.0] Net Help
[8.1.1] Net Helpmsg message# [8.1.2] Net Localgroup [8.1.3] Net Name
[8.1.4] Net Pause
[8.1.5] Net Print
[8.1.6] Net Send
[8.1.7] Net Session
[8.1.8] Net Share
[8.1.9] Net Statistics Server or Workstation [8.2.0] Net Stop
[8.2.1] Net Time
[8.2.2] Net Use
[8.2.3] Net User
[8.2.4] Net View
[8.2.5] Special note on DOS and older Windows Machines
[8.2.6] Actual NET VIEW and NET USE Screen Captures during a hack
[9.0.0] Frontpage Extension Attacks
[9.0.1] For the tech geeks, we give you an actual PWDUMP [9.0.2] The haccess.ctl file
[9.0.3] Side note on using John the Ripper
[10.0.0] WinGate
[10.0.1] What Is WinGate?
[10.0.2] Defaults After a WinGate Install
[10.0.3] Port 23 Telnet Proxy
[10.0.4] Port 1080 SOCKS Proxy
[10.0.5] Port 6667 IRC Proxy
[10.0.6] How Do I Find and Use a WinGate?
[10.0.7] I have found a WinGate telnet proxy now what? [10.0.8] Securing the Proxys
[10.0.9] mIRC 5.x WinGate Detection Script
[10.1.0] Conclusion
[11.0.0] What a security person should know about WinNT [11.0.1] NT Network structures (Standalone/WorkGroups/Domains) [11.0.2] How does the authentication of a user actually work [11.0.3] A word on NT Challenge and Response
[11.0.4] Default NT user groups [11.0.5] Default directory permissions
[11.0.6] Common NT accounts and passwords [11.0.7] How do I get the admin account name? [11.0.8] Accessing the password file in NT [11.0.9] Cracking the NT passwords
[11.1.0] What is 'last login time'?
[11.1.1] Ive got Guest access, can I try for Admin?
[11.1.2] I heard that the %systemroot%\system32 was writeable? [11.1.3] What about spoofin DNS against NT?
[11.1.4] What about default shared folders?
[11.1.5] How do I get around a packet filter-based firewall? [11.1.6] What is NTFS?
[11.1.7] Are there are vulnerabilities to NTFS and access controls? [11.1.8] How is file and directory security enforced?
[11.1.9] Once in, how can I do all that GUI stuff? [11.2.0] How do I bypass the screen saver? [11.2.1] How can tell if its an NT box?
[11.2.2] What exactly does the NetBios Auditing Tool do?
[12.0.0] Cisco Routers and their configuration [12.0.1] User Interface Commands
[12.0.2] disable [12.0.3] editing [12.0.4] enable [12.0.5] end [12.0.6] exit [12.0.7] full-help [12.0.8] help