Third Edition
(more updates coming...)
Chapter 8, Achieving Stealth and Maintaining Presence
F-Secure Blacklight
GMER Rootkit Detection Tool
RKUnhooker Rootkit
Detection Tool created by authors of Unreal.A rootkit
WinObj
v2.15
Streams
v1.56
Using Driver Verifier
to Troubleshoot Windows 2000 Device Drivers
Chapter 9: Hacking SQL Server
Paros Proxy
Absinthe
BobCat
Sqlninja
SQL Power Injector
Achilles
OWASP
WebScarab
Sqlpoke, sqlbf, sqldict, and
assorted dictionaries
SQLPing
Second Edition, Windows Server 2003
Chapter 1: Information Security Basics
Chapter 2: The Windows Server 2003 Security Architecture from the Hacker's Perspective
Chapter 3: Footprinting and Scanning
|
ARIN whois Web interface (also search RIPE and APNIC for non-U.S. Internet information) |
Chapter 4: Enumeration
|
nbtscan by Alla Bezroutchko |
|
Winfo by Arne Vidstrom |
|
nbtdump by David Litchfield |
|
DumpSec by Somarsoft |
|
sid2user/user2sid by Evgenii Rudnyi |
|
GetAcct by Urity |
|
walksam, part of the RPCTools by Todd Sabin |
|
“CIFS: Common Insecurities Fail Scrutiny” by Hobbit, the original SMB hacker's technical reference |
Chapter 5: Hacking Windows-Specific Services
|
DelGuest by Arne Vidstrom |
|
WinPcap, a free packet capture architecture for
Windows by the Politecnico |
|
kerbsniff and kerbcrack by Arne Vidstrom |
|
SMBRelay by Sir Dystic |
|
snarp by Frank Knobbe, ARP cache poisoning utility, works on NT 4 only, not always reliably |
|
Ettercap, a multipurpose sniffer/interceptor/logger for switched LANs |
|
Event Log Monitor (ELM) from TNT Software |
|
EventAdmin from Aelita Software |
|
L0phtcrack with SMB Packet Capture |
Chapter 6: Privilege Escalation
|
PipeUpAdmin by Maceo |
|
netddemsg.cpp, source code for netddemsg by @stake |
|
Debploit by EliCZ |
Chapter 7: Getting Interactive
|
Pipelist from Sysinternals |
|
Netcat for NT |
|
VNC (Virtual Network Computing), the lightweight graphical remote control tool from AT&T Research Laboratories |
|
Windows 2000 Resource Kits, online version of the printed books, tools, and references |
|
WinRoute Professional by Kerio |
|
Personal Firewall by Tiny Software |
|
Vision, the port-to-process mapper from Foundstone |
Chapter 8: Expanding Influence
|
pwdump2 by Todd Sabin |
|
pwdump3 by e-business technology, Inc. |
|
John the Ripper, a great password-cracking tool |
|
NTLM algorithm support for John (this is also available off the main John site)—only for UNIX version of John |
|
Dictionaries
and word lists from |
|
FakeGINA from Arne Vidstrom |
|
Snort, a free packet sniffer and intrusion detection tool |
|
Dsniff, UNIX version |
|
Free SSHD for Windows NT/2000 |
|
puTTY, a free SH client |
|
fpipe from Foundstone, Inc. |
|
Van Dyke Technologies' VShell SS2D server and SecureCRT client |
|
SSH Communications Security's Secure Shell for Windows, server and client |
|
Network Associates' CyberCop Monitor and Sniffer Pro |
Chapter 9: Cleanup
|
BoDetect v2.01 from Chris Benson |
|
elsave from Jesper Lauritsen |
|
WinZapper, selective Event Log entry eraser |
|
Forensic Toolkit, including the afind, hfind, and sfind utilities |
|
Textutils from GNU |
|
DumpSec (formerly DumpACL), DumpReg, and DumpEvt from Somarsoft |
|
HexEdit, by Expert Commercial Software |
|
Network Associates’ Entercept |
Chapter 10: Hacking IIS
|
Main Microsoft Tools and Checklists page; go here if any subsequent links are broken |
|
unicodeloader by Roelof Temmingh |
Chapter 11: Hacking SQL Server
|
Assorted dictionaries for brute-forcing passwords |
Chapter 12: Hacking Terminal Server
|
The Remote Desktop Client (RDC), including information on the Remote Desktop Web Connection |
|
RDC Web Connection (ActiveX control that was formerly called Terminal Server Advanced Client, TSAC) |
|
TSCrack (under “Downloads”) |
|
Selected Windows 2000 Resource Kit tools, including Appsec |
Chapter 13: Hacking Internet Clients
|
mpack, for encoding email attachments to MIME/Base64 format |
|
HTML Help Workshop, a free tool from Microsoft for creating .chm files |
Chapter 14: Physical Attacks
|
dskprobe.exe (from the Windows 2000 Support Tools on the Windows 2000 installation CD-ROM) |
|
ERD Commander, boots dead systems directly from CD into a Windows-like repair environment and can reset admin passwords |
|
Windows PreInstallation Environment (WinPE), essentially a Windows XP boot CD-ROM |
Chapter 15: Denial of Service
|
Zombie Zapper by Bindview's Razor team |
|
DDOSPing, a utility for remotely detecting the most common DDoS programs |
Chapter 16: NT Family Security Features and Tools
Chapter 17: The Future of Windows Security
|
Windows Server 2003 Downloads (includes Tools and Ad-ins) |
|
Patch Management Using Microsoft Systems Management Server - Operations Guide |
|
Shavlik Technologies LLC, makers of HfNetChkPro for patch management |
