Hackers Desk Reference

The MH DeskReference

Version 1.2

Written/Assembled by

The Rhino9 Team

Table of Contents

=Part One=

=Essential background Knowledge=

[0.0.0] Preface

[0.0.1] The Rhino9 Team

[0.0.2] Disclaimer

[0.0.3] Thanks and Greets

[1.0.0] Preface To NetBIOS [1.0.1] What is NetBIOS? [1.0.2] NetBIOS Names [1.0.3] NetBIOS Sessions [1.0.4] NetBIOS Datagrams [1.0.5] NetBEUI Explained

[1.0.6] NetBIOS Scopes

[1.2.0] Preface to SMB's [1.2.1] What are SMB's? [1.2.2] The Redirector

[2.0.0] What is TCP/IP? [2.0.1] FTP Explained [2.0.2] Remote Login [2.0.3] Computer Mail [2.0.4] Network File Systems [2.0.5] Remote Printing [2.0.6] Remote Execution [2.0.7] Name Servers

[2.0.8] Terminal Servers

[2.0.9] Network-Oriented Window Systems [2.1.0] General description of the TCP/IP protocols [2.1.1] The TCP Level

[2.1.2] The IP level [2.1.3] The Ethernet level

[2.1.4] Well-Known Sockets And The Applications Layer [2.1.5] Other IP Protocols

[2.1.6] Domain Name System

[2.1.7] Routing

[2.1.8] Subnets and Broadcasting

[2.1.9] Datagram Fragmentation and Reassembly [2.2.0] Ethernet encapsulation: ARP

[3.0.0] Preface to the WindowsNT Registry [3.0.1] What is the Registry?

[3.0.2] In Depth Key Discussion

[3.0.3] Understanding Hives

[3.0.4] Default Registry Settings

[4.0.0] Introduction to PPTP

[4.0.1] PPTP and Virtual Private Networking

[4.0.2] Standard PPTP Deployment

[4.0.3] PPTP Clients

[4.0.4] PPTP Architecture

[4.0.5] Understanding PPTP Security

[4.0.6] PPTP and the Registry

[4.0.7] Special Security Update

[5.0.0] TCP/IP Commands as Tools

[5.0.1] The Arp Command

[5.0.2] The Traceroute Command

[5.0.3] The Netstat Command

[5.0.4] The Finger Command

[5.0.5] The Ping Command

[5.0.6] The Nbtstat Command

[5.0.7] The IpConfig Command

[5.0.8] The Telnet Command

[6.0.0] NT Security

[6.0.1] The Logon Process

[6.0.2] Security Architecture Components [6.0.3] Introduction to Securing an NT Box [6.0.4] Physical Security Considerations [6.0.5] Backups

[6.0.6] Networks and Security

[6.0.7] Restricting the Boot Process

[6.0.8] Security Steps for an NT Operating System [6.0.9] Install Latest Service Pack and applicable hot-fixes [6.1.0] Display a Legal Notice Before Log On

[6.1.1] Rename Administrative Accounts

[6.1.2] Disable Guest Account

[6.1.3] Logging Off or Locking the Workstation

[6.1.4] Allowing Only Logged-On Users to Shut Down the Computer [6.1.5] Hiding the Last User Name

[6.1.6] Restricting Anonymous network access to Registry

[6.1.7] Restricting Anonymous network access to lookup account names and network shares

[6.1.8] Enforcing strong user passwords

[6.1.9] Disabling LanManager Password Hash Support

[6.2.0] Wiping the System Page File during clean system shutdown [6.2.1] Protecting the Registry

[6.2.2] Secure EventLog Viewing

[6.2.3] Secure Print Driver Installation

[6.2.4] The Schedule Service (AT Command)

[6.2.5] Secure File Sharing

[6.2.6] Auditing

[6.2.7] Threat Action

[6.2.8] Enabling System Auditing

[6.2.9] Auditing Base Objects

[6.3.0] Auditing of Privileges

[6.3.1] Protecting Files and Directories

[6.3.2] Services and NetBios Access From Internet

[6.3.3] Alerter and Messenger Services

[6.3.4] Unbind Unnecessary Services from Your Internet Adapter Cards [6.3.5] Enhanced Protection for Security Accounts Manager Database [6.3.6] Disable Caching of Logon Credentials during interactive logon. [6.3.7] How to secure the %systemroot%\repair\sam._ file

[6.3.8] TCP/IP Security in NT

[6.3.9] Well known TCP/UDP Port numbers

[7.0.0] Preface to Microsoft Proxy Server [7.0.1] What is Microsoft Proxy Server? [7.0.2] Proxy Servers Security Features [7.0.3] Beneficial Features of Proxy

[7.0.4] Hardware and Software Requirements [7.0.5] What is the LAT?

[7.0.6] What is the LAT used for?

[7.0.7] What changes are made when Proxy Server is installed? [7.0.8] Proxy Server Architecture

[7.0.9] Proxy Server Services: An Introduction [7.1.0] Understanding components

[7.1.1] ISAPI Filter

[7.1.2] ISAPI Application

[7.1.3] Proxy Servers Caching Mechanism

[7.1.4] Windows Sockets

[7.1.5] Access Control Using Proxy Server [7.1.6] Controlling Access by Internet Service

[7.1.7] Controlling Access by IP, Subnet, or Domain [7.1.8] Controlling Access by Port

[7.1.9] Controlling Access by Packet Type [7.2.0] Logging and Event Alerts

[7.2.1] Encryption Issues

[7.2.2] Other Benefits of Proxy Server

[7.2.3] RAS

[7.2.4] IPX/SPX

[7.2.5] Firewall Strategies

[7.2.6] Logical Construction

[7.2.7] Exploring Firewall Types

[7.2.3] NT Security Twigs and Ends

=Part Two=

=The Techniques of Survival=

[8.0.0] NetBIOS Attack Methods

[8.0.1] Comparing NAT.EXE to Microsoft's own executables [8.0.2] First, a look at NBTSTAT

[8.0.3] Intro to the NET commands [8.0.4] Net Accounts

[8.0.5] Net Computer

[8.0.6] Net Config Server or Net Config Workstation [8.0.7] Net Continue

[8.0.8] Net File

[8.0.9] Net Group

[8.1.0] Net Help

[8.1.1] Net Helpmsg message# [8.1.2] Net Localgroup [8.1.3] Net Name

[8.1.4] Net Pause

[8.1.5] Net Print

[8.1.6] Net Send

[8.1.7] Net Session

[8.1.8] Net Share

[8.1.9] Net Statistics Server or Workstation [8.2.0] Net Stop

[8.2.1] Net Time

[8.2.2] Net Use

[8.2.3] Net User

[8.2.4] Net View

[8.2.5] Special note on DOS and older Windows Machines

[8.2.6] Actual NET VIEW and NET USE Screen Captures during a hack

[9.0.0] Frontpage Extension Attacks

[9.0.1] For the tech geeks, we give you an actual PWDUMP [9.0.2] The haccess.ctl file

[9.0.3] Side note on using John the Ripper

[10.0.0] WinGate

[10.0.1] What Is WinGate?

[10.0.2] Defaults After a WinGate Install

[10.0.3] Port 23 Telnet Proxy

[10.0.4] Port 1080 SOCKS Proxy

[10.0.5] Port 6667 IRC Proxy

[10.0.6] How Do I Find and Use a WinGate?

[10.0.7] I have found a WinGate telnet proxy now what? [10.0.8] Securing the Proxys

[10.0.9] mIRC 5.x WinGate Detection Script

[10.1.0] Conclusion

[11.0.0] What a security person should know about WinNT [11.0.1] NT Network structures (Standalone/WorkGroups/Domains) [11.0.2] How does the authentication of a user actually work [11.0.3] A word on NT Challenge and Response

[11.0.4] Default NT user groups [11.0.5] Default directory permissions

[11.0.6] Common NT accounts and passwords [11.0.7] How do I get the admin account name? [11.0.8] Accessing the password file in NT [11.0.9] Cracking the NT passwords

[11.1.0] What is 'last login time'?

[11.1.1] Ive got Guest access, can I try for Admin?

[11.1.2] I heard that the %systemroot%\system32 was writeable? [11.1.3] What about spoofin DNS against NT?

[11.1.4] What about default shared folders?

[11.1.5] How do I get around a packet filter-based firewall? [11.1.6] What is NTFS?

[11.1.7] Are there are vulnerabilities to NTFS and access controls? [11.1.8] How is file and directory security enforced?

[11.1.9] Once in, how can I do all that GUI stuff? [11.2.0] How do I bypass the screen saver? [11.2.1] How can tell if its an NT box?

[11.2.2] What exactly does the NetBios Auditing Tool do?

[12.0.0] Cisco Routers and their configuration [12.0.1] User Interface Commands

[12.0.2] disable [12.0.3] editing [12.0.4] enable [12.0.5] end [12.0.6] exit [12.0.7] full-help [12.0.8] help