Hackers Desk Reference

[12.0.9] history

[12.1.0] ip http access-class [12.1.1] ip http port [12.1.2] ip http server [12.1.3] menu (EXEC) [12.1.4] menu (global) [12.1.5] menu command [12.1.6] menu text [12.1.7] menu title [12.1.8] show history [12.1.9] terminal editing

[12.2.0] terminal full-help (EXEC) [12.2.1] terminal history

[12.2.2] Network Access Security Commands [12.2.3] aaa authentication arap

[12.2.4] aaa authentication enable default [12.2.5] aaa authentication local-override [12.2.6] aaa authentication login [12.2.7] aaa authentication nasi

[12.2.8] aaa authentication password-prompt [12.2.9] aaa authentication ppp

[12.3.0] aaa authentication username-prompt [12.3.1] aaa authorization

[12.3.2] aaa authorization config-commands [12.3.3] aaa new-model

[12.3.4] arap authentication [12.3.5] clear kerberos creds [12.3.6] enable last-resort [12.3.7] enable use-tacacs [12.3.8] ip radius source-interface [12.3.9] ip tacacs source-interface

[12.4.0] kerberos clients mandatory [12.4.1] kerberos credentials forward [12.4.2] kerberos instance map [12.4.3] kerberos local-realm [12.4.4] kerberos preauth

[12.4.5] kerberos realm [12.4.6] kerberos server [12.4.7] kerberos srvtab entry [12.4.8] kerberos srvtab remote [12.4.9] key config-key [12.5.0] login tacacs

[12.5.1] nasi authentication [12.5.2] ppp authentication [12.5.3] ppp chap hostname [12.5.4] ppp chap password

[12.5.5] ppp pap sent-username [12.5.6] ppp use-tacacs [12.5.7] radius-server dead-time [12.5.8] radius-server host [12.5.9] radius-server key [12.6.0] radius-server retransmit [12.6.1] show kerberos creds [12.6.2] show privilege [12.6.3] tacacs-server key

[12.6.4] tacacs-server login-timeout [12.6.5] tacacs-server authenticate [12.6.6] tacacs-server directed-request [12.6.7] tacacs-server key

[12.6.8] tacacs-server last-resort [12.6.9] tacacs-server notify

[12.7.0] tacacs-server optional-passwords [12.7.1] tacacs-server retransmit

[12.7.2] tacacs-server timeout [12.7.3] Traffic Filter Commands [12.7.4] access-enable

[12.7.5] access-template [12.7.6] clear access-template [12.7.7] show ip accounting

[12.7.8] Terminal Access Security Commands [12.7.9] enable password

[12.8.0] enable secret [12.8.1] ip identd

[12.8.2] login authentication [12.8.3] privilege level (global) [12.8.4] privilege level (line) [12.8.5] service password-encryption [12.8.6] show privilege

[12.8.7] username

[12.8.8] A Word on Ascend Routers

[13.0.0] Known NT/95/IE Holes [13.0.1] WINS port 84

[13.0.2] WindowsNT and SNMP [13.0.3] Frontpage98 and Unix [13.0.4] TCP/IP Flooding with Smurf [13.0.5] SLMail Security Problem [13.0.6] IE 4.0 and DHTML

[13.0.7] 2 NT Registry Risks

[13.0.8] Wingate Proxy Server

[13.0.9] O'Reilly Website uploader Hole [13.1.0] Exchange 5.0 Password Caching

[13.1.1] Crashing NT using NTFS [13.1.2] The GetAdmin Exploit [13.1.3] Squid Proxy Server Hole

[13.1.4] Internet Information Server DoS attack [13.1.5] Ping Of Death II

[13.1.6] NT Server's DNS DoS Attack

[13.1.7] Index Server Exposes Sensitive Material [13.1.8] The Out Of Band (OOB) Attack [13.1.9] SMB Downgrade Attack

[13.2.0] RedButton

[13.2.1] FrontPage WebBot Holes [13.2.2] IE and NTLM Authentication [13.2.3] Run Local Commands with IE [13.2.4] IE can launch remote apps [13.2.5] Password Grabbing Trojans [13.2.6] Reverting an ISAPI Script [13.2.7] Rollback.exe

[13.2.8] Replacing System .dll's

[13.2.9] Renaming Executables

[13.3.0] Viewing ASP Scripts [13.3.1] .BAT and .CMD Attacks [13.3.2] IIS /..\.. Problem [13.3.3] Truncated Files

[13.3.4] SNA Holes

[13.3.5] SYN Flooding

[13.3.6] Land Attack

[13.3.7] Teardrop

[13.3.8] Pentium Bug

[14.0.0] VAX/VMS Makes a comeback (expired user exploit) [14.0.1] Step 1

[14.0.2] Step 2

[14.0.3] Step 3

[14.0.4] Note

[15.0.0] Linux security 101 [15.0.1] Step 1

[15.0.2] Step 2

[15.0.3] Step 3

[15.0.4] Step 4

[15.0.5] Step 5

[15.0.6] Step 6

[16.0.0] Unix Techniques. New and Old.

[16.0.1] ShowMount Technique

[16.0.2] DEFINITIONS

[16.0.3] COMPARISION TO THE MICROSOFT WINDOWD FILESHARING [16.0.4] SMBXPL.C

[16.0.5] Basic Unix Commands

[16.0.6] Special Chracters in Unix

[16.0.7] File Permissions Etc..

[16.0.8] STATD EXPLOIT TECHNIQUE

[16.0.9] System Probing

[16.1.0] Port scanning

[16.1.1] rusers and finger command

[16.1.2] Mental Hacking, once you know a username

[17.0.0] Making a DDI from a Motorola Brick phone

[18.0.0] Pager Programmer

[19.0.0] The End

==============Part One==============

===================Needed Background Knowledge===================

This ones for you Kevin...

[0.0.0] Preface

This book was written/compiled by The Rhino9 Team as a document for the modern

hacker. We chose to call it the Modern Hackers Desk Reference because it mostly deals with Networking Technologies and Windows NT issues. Which, as everyone knows, is a must knowledge these days. Well, rhino9, as the premiere NT Security source, we have continually given to the security community freely. We continue this tradition now with this extremely useful book. This book covers WindowsNT security issues, Unix, Linux, Irix, Vax, Router configuration, Frontpage, Wingate and much much more.

[0.0.1] The Rhino9 Team

At the time of release, the rhino9 team is:

NeonSurge (neonsurge@hotmail.com) [Security/Technical Research/Senior Member]

Chameleon (chameleon@pemail.com) [Security/Software Developer/Senior Member]

Vacuum (vacuum@technotronic.com) [Security/Software Research/Senior Member]

Rute (banshee@evil-empire.com) [Security/Software Developer/Code Guru]

Syndicate (syndicate@pemail.com) [Security/HTML Operations/Senior Member]

The090000 (090000@intercore.com.ar) [Security]

DemonBytez (root@cybrids.org) [Security]

NetJammer (netjammer@x-treme.org) [Security]

[0.0.2] Disclaimer

This text document is released FREE of charge to EVERYONE. The rhino9 team made NO profits from this text. This text is NOT meant for re-sale, or for trade for any other type of material or monetary possesions. This text is given freely to the Internet community. The authors of this text do not take responsibility for damages incurred during the practice of any of the information contained within this text document.

[0.0.3] Thanks and Greets

Extra special greetings and serious mad ass props to NeonSurge's fiance SisterMoon, and Chameleon's woman, Jayde. Special thanks to the people at ntsecurity.net. Special thanks to Simple Nomad for releasing the NT HACK FAQ which was used in the making of this document. Thanks to Cisco Systems for making such superior equipment. Thanks to the guy from Lucent Technologies, whose text file was used during one of the NT Security sections (if you see this, contact me so I can give you proper credit). Special props go out to Virtual of Cybrids for his information on CellPhones and Pagers. Special props to Phreak-0 for his Unix contributions. Mad props to Hellmaster for the Vax info. Thanks to Rloxley and the rest of X-Treme for helping with the distribution and advertising of this document. Thanks to Merlin45 for being the marketing pimp that he is. Greetings to Cybrids, Intercore, X-Treme, L0pht, CodeZero (grins), 2600 Magazine (thanks for your vigilance on the Mitnick case).

[1.0.0] Preface to NetBIOS

Before you begin reading this section, understand that this section was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your NetBIOS section off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics, thanks.

[1.0.1] Whats is NetBIOS?

NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for acessing networking services.

NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.

It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.

NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN enviroment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.

PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.

All communication in these enviroments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.

NetBIOS is a very common protocol used in todays enviroments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined