CNIT 123
Ethical Hacking and Network Defense

Fall 2015 Sam Bowne

Wardriving Results

Schedule · Lecture Notes · Projects · Links · Forum · Bookshelf · Home Page


Open Lab Hours for Sci 214


Buy for $31    ·    Buy for $29

72250 Thur 6:10 - 9:00 pm SCIE 200

Catalog Description

Students learn how hackers attack computers and networks, and how to protect systems from such attacks, using both Windows and Linux systems. Students will learn legal restrictions and ethical guidelines, and will be required to obey them. Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, exploiting Windows and Linux vulnerabilities, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.

Prerequisites: CNIT 106 and 120 or equivalent familiarity with the fundamentals of networking and security. Upon successful completion of this course, the student will be able to:
  1. Explain what an ethical hacker can and can not do legally, and explain the credentials and roles of penetration testers.
  2. Define the types of malicious software found in modern networks.
  3. Explain the threats and countermeasures for physical security and social engineering.
  4. Perform footprinting to learn about a company and its network.
  5. Perform port scans to locate potential entry points to servers and networks.
  6. Perform enumeration (finding resources, accounts, and passwords) on Microsoft, Netware, and Unix/Linux targets.
  7. Perform very simple programming in C, HTML, and Perl, specifically oriented towards the needs of network security professionals.
  8. Learn how to identify Microsoft Windows vulnerabilities and to harden systems.
  9. Learn how to identify Linux vulnerabilities and to protect servers.
  10. Describe how to take control of Web Servers, and how to protect them.
  11. Locate and hack into wireless networks, and protect them.
  12. Explain how cryptography and hashing work, and perform attacks against them such as password cracking and man-in-the-middle attacks.
  13. Describe and deploy security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.

Student Learning Outcomes (measured to guide course improvements)

Perform port scans to locate potential entry points to servers and networks.
Perform very simple scripting and coding tasks, specifically oriented towards the needs of network security professionals.
Locate and hack into wireless networks, and protect them.


Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613 Buy from Amazon ($29)


Thu 8-20  Ch 1: Ethical Hacking Overview & Stupid Whitehat Tricks
Thu 8-27  Ch 2: TCP/IP Concepts Review
Thu 9-3 Ch 3: Network and Computer Attacks
Fri 9-4 Last Day to Add Classes
Thu 9-10Quiz on Ch 1-3  
Proj 1-3 due *
Ch 4: Footprinting and Social Engineering
Thu 9-17Quiz on Ch 4 
Proj 4 & 5 due
Ch 5: Port Scanning
Thu 9-24Quiz on Ch 5 
Proj 7 due
Ch 6: Enumeration
Thu 10-1Quiz on Ch 6 
Proj 6 & 9 due
Ch 7: Programming for Security Professionals
Thu 10-8Quiz on Ch 7 
Proj 8 & 10
Ch 8: Desktop and Server OS Vulnerabilites
Thu 10-15Quiz on Ch 8
Proj 12
Ch 9: Embedded Operating Systems: The Hidden Threat
Thu 10-22Quiz on Ch 9 
Proj 11 & 13 Due *
Ch 10: Hacking Web Servers
Mon 10-26 Mid-Term Grades Due

Thu 10-29No Quiz
Proj 14 & 15 due
Guest Speaker: Ben Hagen, Netflix Cloud Security  

Thu 11-5Quiz on Ch 10 
Proj 16 & 17 due
Ch 11: Hacking Wireless Networks

Thu 11-12Wardriving
No Quiz, no Proj due

Thu 11-19Quiz on Ch 11 
Proj 18 & 19 due
Ch 12: Cryptography
Thu 11-22 Holiday - No Class
Thu 12-3 Quiz on Ch 12
Proj 20 & 21 due
Ch 13: Network Protection Systems
Thu 12-10 All Extra Credit Proj due
Proj 22 due, No Quiz
Last Class: Intro to Malware Analysis
Thu 12-17 Final Exam
* Project requires DVD--available in S214

Lecture Notes

Student Agreement
Code of Ethics
Stupid Whitehat Tricks in the HOPE X Section Here
The chapter lectures are password-protected because
they are not 100% original content--they are based on
powerpoint files from the textbook publisher.

Contact Sam if you need the credentials.

Ch 1: Ethical Hacking Overview      Powerpoint
Ch 2: TCP/IP Concepts Review      Powerpoint
Ch 3: Network and Computer Attacks      Powerpoint
Ch 4: Footprinting and Social Engineering      Powerpoint
Ch 5: Port Scanning      Powerpoint
Ch 6: Enumeration      Powerpoint
Ch 7: Programming for Security Professionals      Powerpoint
Ch 8: Desktop and Server OS Vulnerabilites      Powerpoint
Ch 9: Embedded Operating Systems: The Hidden Threat      Powerpoint
Ch 10: Hacking Web Servers      Powerpoint
Ch 11: Hacking Wireless Networks      Powerpoint
Ch 12: Cryptography      Powerpoint
Ch 13: Network Protection Systems      Powerpoint

The lectures are inPowerPoint format.
If you do not have PowerPoint you can use

Back to Top


Downloading the Virtual Machines

Download VMware Player

* Project 1: Using Virtual Machines (Requires K13 and S13 DVDs) (revised 8-25-15) (15 pts.)
           Tips for Kali 2
Project 2: Using Armitage to Take Over a Windows 2008 Server (revised 8-25-15) (15 pts.)
Project 3: HTTP Basic Authentication (10 pts.) (rev. 9-1-15)
Project 4: Creating Infectious Media with the Social Engineering Toolkit (15 pts.) (rev 9-11-15)
Project 5: Port Scans and Firewalls (20 pts.) (revised 8-29-13)
Project 6: Analyzing Types of Port Scans (20 pts.) (revised 9-12-13)
Project 7: Windows DoS with IPv6 Router Advertisement Packets (10 pts.) (rev. 9-22-15)
Project 8: Programming in C on Linux (Ch 7, 15 pts.) (revised 8-29-13)
Project 9: Introduction to Scapy (15 pts.) (rev. 10-3-13)
Project 10: TCP Handshake with Scapy (15 pts.) (revised 9-27-13)
Project 11: Cookie Replay (15 pts.) (new 9-9-15)
Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.) (updated 9-28-15)
Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (15 pts.) (Rev. 10-1-15)
Project 14: WebGoat Introduction (20 pts.) (rev. 4-8-13)
Project 15: WebGoat Access Control (15 pts.) (rev. 4-8-13)
Project 16: Attacking Apache with the OWASP HTTP DoS Tool (15 pts.) (rev. 7-3-15)
Project 17: yesman Honeypot with scapy (15 pts.) (rev. 9-16-11)
Project 18: Cracking Windows Passwords with Cain and Abel (15 pts.) (revised 4-19-14)
       Alternate download location for Cain (7-zip archive, password sam)
Project 19: SQL Injection with SQLol (20 pts) (rev. 9-28-15)
Project 20: Exploiting SQLi with Havij and Input Filtering (20 pts) (rev. 10-28-15)
Project 21: Hijacking HTTPS Sessions with SSLstrip (15 pts.) (revised 10-28-15)     sslstrip-0.4.tar.gz
Project 22: Cracking Wired Equivalent Privacy (WEP) in S214 (20 pts.) (rev. 7-27-13)

* Project requires DVD--available in S214

Project X1: Subnet Exercises (10 pts. extra credit)
Project X2: HackThisSite (15 pts. extra credit)
Project X3: Using a Hardware Keylogger (10 pts., now extra credit)
Project X4: Social Engineering DNS Registration (points vary)
Project X5: Encrypted Email (15 pts. extra credit)
Project X6: Reverse-Engineering an Authentication Cookie (15 pts. extra credit)
Project X7: Bypassing Windows Logins with UBCD (2014) (15 pts. extra credit)
Project X8: Password Guessing Games (up to 30 pts.) (URL fixed 4-22-13)
Project X9: Password Brute Force Challenges (up to 30 pts.)

Project X10: IPv6 with scapy (20 pts.)

Project X12: Slow Loris Attack with scapy (20 pts.)
Project X13: ARP Spoofing with scapy (10 pts.)
Project X14: Detecting Promiscuous NICs with scapy (10 pts.)
Project X15: CodeCademy (up to 40 pts.)
Project X16: Cracking Windows Password Hashes with Hashcat (15 pts.) (new 6-16-13)

Proj 21x: PicoCTF (Up to 40 pts.)
Proj 22x: Student Presentation (Usually 15 pts.)

SQL Injection Projects

Proj SQL-X3: Exploiting a SQL Injection with sqlmap (10 pts) N
Proj SQL-X4: Fixing a SQL Injection Vulnerability with Parameterized Queries (15 pts.) N
Back to Top


Links From Lectures

Ch 1a: Robert Bruen's review of the textbook
Ch 1b: Wired News: Ethical Hacking Is No Oxymoron
Ch 1c: EC-Council | Certified Ethical Hacker Certification
Ch 1d: EC-Council | Code of Ethics
Ch 1e: Run Away From The CEH Certification
Ch 1f: ISECOM - OPST Accredited Certification
Ch 1g: Rate My Network Diagram
Ch 1h: RE: OPST and CEH Certifications
Ch 1i: SANS Institute - Network and Computer Security Training
Ch 1j: SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004
Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004
Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004
Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005
Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006
Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006
Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006
Ch 1q: Linux update becomes terminal pain
Ch 1r: Permission Memo for Penentration Testing
Ch 1s: Freed LulzSec hacker banned from contacting Anons, wiping data
Ch 1t: The Secret Anarchy of Science sales rocket after Jake Davis seen clutching a copy
Ch 1u: Leading Member of LulzSec Hacker Squad Arrested in London (from 2011)
Ch 1v: Ryan Cleary: 'Hacker' accused of bringing down 'British FBI' site
Ch 1v: How I Out-Hacked a LulzSec Member
Ch 1w: Stay Out of Anonymous

Ch 2a: Header Format
Ch 2b: List of assigned /8 IP address blocks
Ch 2c: A Binary Primer
Ch 2d: Classful network
Ch 2e: How to Obscure Any URL
Ch 2f: Obscuring a URL (demonstration for lecture)
Ch 2g: Warriors of the Net - The Story
Ch 2h: Statistical Weaknesses in TCP/IP Initial Sequence Numbers
Ch 2i: The Sorceror\'s Apprentice Syndrome in TFTP

Ch 3 Lecture Demo: Companion Trojan 1
Ch 3 Lecture Demo: Companion Trojan 2
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 1
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 2
Ch 3a: Base64 Encoding Explained
Ch 3b: Base64 Online - base64 decode and encode
Ch 3c: Melissa Worm and I Love You Worm Source Codes
Ch 3d: Computer Virus Generator Kits
Ch 3e: Animated GIF of Code Red Spreading (4 MB)
Ch 3f: CAIDA : analysis : security : code-red
Ch 3g: Worm infects ATM machines of two US financial institutions (Nov. 26, 2003)
Ch 3h: Trend brings out ATM Antivirus Product
Ch 3i: ATM Machine and Windows XP Images
Ch 3j: Worm hits Windows-based ATMs
Ch 3k: Shortcut Trojan
Ch 3l: Microsoft takes down barrier in Vista firewall
Ch 3m: Zonelabs ZoneAlarm vs Windows Vista Firewall vs XP SP2
Ch 3n: Ping of death - Wikipedia
Ch 3o: Bump Keys
Ch 3p: IC Card Locks
Ch 3q: How to unlock a car with a tennis ball
Ch 3q: Windows Trojan Vulnerability: MS00-052: Registry-Invoked Programs Use Standard Search Path
Ch 3r: Base64 Explained
Ch 3s: Windows DLL-loading security flaw puts Microsoft in a bind (2010)
Ch 3t: How to use MIcrosoft\'s workaround for the DLL Hijacking vulnerability
Ch 3u: Code Red Animations from CAIDA
Ch 3v: Viruses stole City College of S.F. data for years --FUD
Ch 3w: Microsoft DLL Hijacking Exploit in Action
Ch 3x: The Ping of Death returns, IPv6-style (2013)
Ch 3y: Los Angeles college pays $28,000 in ransomware (1-10-17)
Ch 3z: The Ultimate Guide to Angler Exploit Kit for Non-Technical People

Ch 4a1: Download Java SE Development Kit 6 Update 4
Ch 4a: - Web Application Security
Ch 4b: Bugnosis Web Bug Detector
Ch 4c: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1
Ch 4d: Specification of HTTP/1.1 OPTIONS messages
Ch 4e: Lock IT Down: Block DNS zone transfers to protect your servers
Ch 4f: Web Bugs: Nearly undetectable tracking device raises concern
Ch 4g: The Web Bug FAQ
Ch 4h: Demonstration Page with a Web Bug
Ch 4i: WebGoat Project - OWASP
Ch 4j: Ghostery :: Add-ons for Firefox -- Detects Web Bugs
Ch 4k: Only 5 (all women) of 135 pass Defcon social engineering test
Ch 4l: Ghost in the Wires: My Adventures as the World*quot*s Most Wanted Hacker: Kevin Mitnick
Ch 4m: Mitnick fakes way into LA Telco Central Office - YouTube
Ch 4n: Anonymous speaks: the inside story of the HBGary hack
Ch 4o: Two thirds of San Franciscans gave up password for coffee (from 2005)

Ch 5a: Port scans legal, judge says (12/18/2000)
Ch 5b: Port Scanning and its Legal Implications (2004)
Ch 5c: Nmap Tutorial
Ch 5d: A Simple Guide to Nmap Usage
Ch 5e: YouTube - Trinity Nmap Hack - Matrix Reloaded
Ch 5f: Unicornscan
CH 5g: NetScanTools
Ch 5h: Nessus Vulnerability Scanner
Ch 5i: Nessus Technical Guide
Ch 5j2: A very simple nessus installation [Archive] - Ubuntu Forums
Ch 5j: How to install the vulnerability scanner Nessus | Ubuntu Linux
Ch 5k: fping - a program to ping hosts in parallel
Ch 5m: Hping - Wikipedia, the free encyclopedia
Ch 5n: Tutorial: Hping2 Basics
Ch 5o: Smurf attack - Wikipedia, the free encyclopedia
Ch 5p: Preventing Smurf Attacks
Ch 5q: Advanced Bash-Scripting Guide
Ch 5r: Kon-Boot -- Reset Windows & Linux Passwords

Ch 6a: NetBios Howto
Ch 6b: NetBIOS NULL Sessions: The Good, The Bad, and The Ugly
Ch 6c: Null session attacks: Who's still vulnerable?
Ch 6d: NULL sessions restrictions of server and workstation RPC operations
Ch 6e: Null session in Windows XP
Ch 6f: Listing usernames via a null session on Windows XP
Ch 6g: Download Winfo -- NetBIOS Null Session Enumeration Tool
Ch 6h: NetBIOS Suffixes (16th Character of the NetBIOS Name)
Ch 6i:
Ch 6j: - DumpSec and Hyena
Ch 6k: Description of the Windows File Protection feature
Ch 6l: OpenVAS emerges as free alternative to Nessus
Ch 6m: OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site
Ch 6n: Bill Gates: Trustworthy Computing (from 2002)

Ch 7a: Where are the C libraries? [Archive] - Ubuntu Forums
Ch 7b: Why Windows is less secure then Linux -- system call diagrams (updated link, works in March 2011)
Ch 7c: The Linux Kernel Map
Ch 7d: - Programming Tutorials: C++ Made Easy and C Made Easy
Ch 7e: We Are Morons: a quick look at the Win2k source ||
Ch 7f: Linux: Fewer Bugs Than Rivals
Ch 7g: An IDA Primer--Disassembler
Ch 7h: Ubuntu Software - GHexedit | Hexeditor
Ch 7i: The GNU C Programming Tutorial -- scanf and avoiding buffer overflows
Ch 7j: Robert's Perl Tutorial
Ch 7k: Free Online Web Tutorials - CGI Perl Tutorial - How to use HTML with Perl for Web Data Collection and Processing
Ch 7l: Python On XP: 7 Minutes To 'Hello World!'
Ch 7m: ActiveState - ActivePython free Python open source language distribution
Ch 7n: Python Babysteps Tutorial
Ch 7o: The GNU Netcat -- Official homepage
Ch 7p: Opening TCP Sockets in ActivePython 2.4
Ch 7q: Writing Buffer Overflow Exploits - a Tutorial for Beginners
Ch 7r: Simple Package management with Synaptic Package Manager in Ubuntu -- Debian Admin
Ch 7s: PEBrowse Professional Windows Disassembler
Ch 7t: codepad - Online interpreter for C, Perl, Ruby, and many other languages
Ch 7u: Ruby example--source code for adobe cooltype exploit
Ch 7v: Buffer overflow - Wikipedia
Ch 7w: 5000 Bugs caught in Pentium IV
Ch 7x: LOLCODE - Wikipedia
Ch 7y: Code School - CAN HAS LOLCODE
Ch 7z: Brainfuck - Wikipedia

Ch 8a: Microsoft Baseline Security Analyzer (MBSA)
Ch 8b:
Ch 8c: CVE - Common Vulnerabilities and Exposures
Ch 8d: NetBIOS protocol, netbeui over TCP, server message blocks
Ch 8e: NetBIOS - Wikipedia
Ch 8f: NetBios NetBEUI NBF Networking Introduction
Ch 8g: How To Configure TCP/IP Networking While NetBIOS Is Disabled in Windows 2000 Server
Ch 8h: samba without netbios
Ch 8i: The SMB Man-In-the-Middle Attack -- Example hashes here
Ch 8j: SmbRelay captures NTLM hashes
Ch 8k: L0phtCrack - It's over
Ch 8l: ettercap - man in the middle attacks on LAN
Ch 8l: Irongeek's Wall of Social Science Majors (inspired by the Wall of Shame/Wall of Sheep)
Ch 8m: Ettercap tips and tricks
Ch 8n: CIFS: A Common Internet File System
Ch 8o: CIFS: Common Insecurities Fail Scrutiny
Ch 8o: Winsock - Wikipedia
Ch 8p: Microsoft Security: IIS Lockdown Tool
Ch 8q: Top 10 Vulnerability Scanners
Ch 8r: Wall of Sheep - I see stupid people
Ch 8s: Wall of Sheep at DEFCON illustrates what not to do
Ch 8w: Tripwire Tutorial -- Signature-based intrusion detection
Ch 8x:Null session in Windows XP
Ch 8y: Null session attacks: Who's still vulnerable?
Ch 8z: Server Message Block - Wikipedia, the free encyclopedia
Ch 8za: Full Disclosure: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Ch 8zb: Laurent Gaffié blog: More explication on CVE-2009-3103
Ch 8zc: Laurent Gaffié blog: Windows 7 / Server 2008R2 Remote Kernel Crash
Ch 8zd: Microsoft Security Intelligence Report Volume 8
Ch 8ze: This is how Windows get infected with malware
Ch 8zf: Browser share results (10-3-2011)
Ch 8zg: Windows 8.1 stops pass-the-hash attacks (10-3-13)
Ch 8zh: Pass the Hash Mitigation Slides
Ch 8zj: Selecting all PUPs
Ch 8zk: CVE List Master Copy

Ch 9a: Windows Embedded - Wikipedia
Ch 9b: Windows Embedded Server Products Evaluation Registration Site
Ch 9c: Windows Embedded Server
Ch 9d: Microsoft® Server with Embedded Licensing Product Guide
Ch 9e: Psyb0t - Infected Routers
Ch 9f: Nasty New Worm Targets Home Routers, Cable Modems
Ch 9g: Excuse me while I turn off your pacemaker
Ch 9h: The Router Hacking Contest Results
Ch 9i: Hacking into HP LaserJet Printers
Ch 9j: AURORA test validated fears of Dept. of Homeland Security
Ch 9k: Schneier on Security: Stuxnet
Ch 9l: Was Stuxnet built to attack Iran\\\'s Nuclear Program?
Ch 9m: Iran confirms massive Stuxnet infection of industrial systems
Ch 9m: Iran may have executed nuclear staffers over Stuxnet
Ch 9n: Malicious Software Turns Your Cell Phone Against You
Ch 9o: Protecting the pre-OS environment with UEFI - Building Windows 8
Ch 9o: How the TPM Prevents Rootkits
Ch 9q: Remotely Administer a Server with DRAC - YouTube
Ch 9r: SHODAN finding Dell DRAC systems
Ch 9s: Reverse Engineering a D-Link Backdoor
Ch 9t: OpenWrt in VMware Fusion
Ch 9u: openwrt

Ch_10a: Sam's Feedback Form (HTML)
Ch_10b: Sam's CGI Script in Perl
Ch_10c: Netcraft: Web Server Survey Archives
Ch_10d: ASP Examples
Ch_10e: ASP Basic Example -- Source code for clock
Ch_10f: ASP Clock Running (source code is not visible)
Ch_10g: Apache HTTP Server - Wikipedia, the free encyclopedia
Ch_10h: The Apache Software Foundation
Ch_10i: PHP - Wikipedia, the free encyclopedia
Ch_10j: Recursive acronym
Ch_10k: Hello World in PHP (source code not visible)
Ch_10l: Source Code for Hello World in PHP
Ch_10m: M-049: Multiple PHP Vulnerabilities
Ch_10n: Hardened-PHP Project - PhP Security - Advisory 01/2004
Ch_10o: ColdFusion - Wikipedia
Ch_10p: Macromedia ColdFusion Vulnerabilities
Ch_10q: ColdFusion Error Page Cross-Site Scripting Vulnerability
Ch_10r: VBScript Example -- works in IE, not in Firefox
Ch_10s: Firefox FAQ -- no support for VBScript
Ch_10t: Microsoft Security Bulletin MS02-009 -- Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Ch_10u: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines.
Ch_10v: JavaScript Example -- Works in IE and Firefox
Ch_10w: JavaScript vulnerabilities surface in multiple browsers
Ch_10x: ODBC, OLE DB, and ADO Explained by a Microsoft Developer
Ch_10y: Form Demonstration -- maxlength property and GET method
Ch_10za: Cross-site scripting - Wikipedia
Ch_10zb: How to install Java on Ubuntu Linux
Ch_10zc: Installing Sun Java(TM) JRE 1.6.0 (Mustang) in Ubuntu Edgy and Dapper � Tuxicity%u2019s source
Ch_10zd: Install tomcat 5.5 - Ubuntu Document Storage Facility
Ch_10ze: WebGoat Installation - OWASP
Ch_10zf: Space Program Blog: Installing Java 5 JDK and Tomcat on Ubuntu (using VMWare)
Ch_10zg: Radarhack -- Getting Started with WebGoat
Ch_10zh: IIS Unicode Vulnerability Explained
Ch_10zi: Download cgiscan.c here
Ch_10zj: phfscan.c source code
Ch_10zk: Explanation of the PHF bug
Ch_10zl: HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
Ch_10zm: An example of an overly informative error message on SourceForge
Ch_10 zm2: An overly informative error message I saw on 1-22-08
Ch_10zn: Introduction to Input Validation with Perl
Ch_10zo: The Unexpected SQL Injection
Ch_10zp: Hello PHP page - running PHP code
Ch_10zq: Hello PHP Page - Source Code
Ch 10 zr: Wapiti - Web application security auditor
Ch 10 zr: A Profile of Chicago Hacker Jeremy Hammond, and the Police Work That Captured Him
Ch 10zq: Dissecting the SQL Injection Tools Used By Hackers

Ch_11a: Wlan defaults - Rexploit (archived from 2005)
Ch_11b: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Bypass Vulnerability
Ch_11c: Channel Deployment Issues for 2.4-GHz 802.11 WLANs - Cisco Systems
Ch_11d1: Direct-sequence spread spectrum - Wikipedia
Ch_11d: Spread spectrum - Wikipedia
Ch_11e: Cheating CHAP Authentication -- works like session hijacking
Ch_11f: Point-to-Point Protocol - Wikipedia
Ch_11g: ASLEAP -- Cracks Cisco's LEAP Authentication
Ch_11h: Extensible Authentication Protocol - Wikipedia
Ch_11i: Wireless LAN Security Site -- 802.11 Vulnerabilities
Ch_11j: X.509 - Wikipedia
Ch_11k: IEEE 802.1X - Wikipedia
Ch_11l: Cracking WEP with Windows XP
Ch_11m: How to crack a WEP key using Ubuntu
Ch_11n: New attack cracks WEP in record time
Ch_11p: AirSnort Homepage
Ch_11q: AirSnort
Ch_11r: AirSnort and WEPCrack compared
Ch_11s: fakeAP
Ch_11t: Installing Wireless Cards in Ubuntu
Ch_11u: Orinoco Drivers With Monitor Mode In 6.10 (Edgy Eft) - Ubuntu Forums
Ch_11v: How To Crack WEP - Part 1: Setup & Network Recon
Ch_11w: - Supplying offensive security products to the world
Ch_11x: Aircrack-2.3 Windows (Wireless WEP crack)
Ch_11y: Orinoco Monitor Mode Patch Page -- Shmoo Group
Ch_11z: Red Hat 8.0 Kismet - HOWTO - Includes Orinoco Cards in Monitor Mode
Ch_11za: BackTrack 2 Final : how to make Fake Access Points with
Ch_11zb: Debunking the Myth of SSID Hiding
Ch_11zc: IEEE 802.11 - Wikipedia
Ch_11zd: Aerohive 802.11n Access Point Fastest--264 Mbps
Ch_11ze: Download VistaStumbler 1.10 - A powerful network discovery tool optimized for Windows Vista
Ch_11zf: Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X (Sometimes known as MAC spoofing)
Ch_11zg: Bluetooth - Wikipedia
Ch 11zh: IEEE 802.11n-2009 - Wikipedia
Ch 11zi: CLEAR | High-Speed Mobile 4G Wireless Internet Service with WiMAX
Ch 11zj: Wi-Fi Protected Access - Wikipedia
Ch 11zk: FHSS and DSSS explained: 79 channels v 11 channels
Ch 11zl: Verizon dubs sec researchers \"Narcissistic Vlnerability Pimps\"
Ch 11zm: Reaver cracks WPS in 19 hoursr
Ch 11zn: Sprint raising $2 billion, may throw some dough Clearwire's way -- Moving to LTE
Ch 11 zp: List of NICs that can crack WEP
Ch 11zq: WiGig is great, but it won't replace your Wi-Fi network (2013)
Ch 11zr: Dell D5000 Wireless Dock with WiGig - YouTube
Ch 11zs: 4G me not: WiMax isn\'t LTE and is going away at Sprint resellers (2014)
Ch 11zt: CCSF Wardriving Results

Ch_12a: Enigma machine - Wikipedia
Ch_12b: Enigma Simulator
Ch_12c: First Steganographic Image in the Wild
Ch_12d: A Brute Force Search of DES Keyspace
Ch_12e: DeCSS - Wikipedia
Ch_12f: Why the DVD Hack Was a Cinch -
Ch_12g: Illegal prime - Wikipedia
Ch_12h: EFF: DES Cracker Project
Ch_12i: Triple DES - Wikipedia
Ch_12j: Advanced Encryption Standard - Wikipedia
Ch_12j: Oracle Weblogic Server - Wikipedia
Ch_12k: International Data Encryption Algorithm - Wikipedia
Ch_12l: RC5 - Wikipedia
Ch_12m: RC5-72
Ch_12n: Diffie-Hellman key exchange - Wikipedia
Ch_12o: Digital signature - Wikipedia
Ch_12p: SHA hash functions - Wikipedia
Ch_12q: Cryptographic hash functions Compared
Ch_12r: Birthday attack - Wikipedia
Ch_12s: - Home of Cain & Abel Windows Password Cracker
Ch_12za: LM hash - Wikipedia - Excellent explanation of how Ophcrack works
Ch_12zb: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
Ch_12zc: Ophcrack--Windows password cracker
Ch_12zd: Recover A Password in Linux | Ubuntology
Ch_12ze: 109-bit Elliptic Curve Cryptography knocked over with brute force
Ch_12zf: Pretty animated demonstration of the Rindjael encryption algorithm
Ch_12zg: The Hash Function Lounge
Ch12zh: Explanation of key sizes: 1024 bit RSA is like 80-bit symmetric
Ch 12zi: Moore's Law - Wikipedia
Ch 12zj: SSLSTRIP attack documents (From Sam Bowne's Defcon Presentation 2009)
Ch 12zk: Null Character Hack Allows SSL Spoofing
Ch 12zl: Good explanation of the renegotiation SSL/TLS Vulnerability
Ch 12zm: Apache2 Basic Authentication
Ch 12zn: Basic Authentication
Ch 12zo: Hoping to avert "collision" with disaster, Microsoft retires SHA1
Ch 12zp: TLS / SSL - Google Chrome SHA-1 Deprecation Explained
Ch 12zq: Transition from SHA-1 to SHA-2 Certificates | Symantec
Ch 12zr: SHA-2 Certificate Solutions |
Ch 12zq: SSL Server Test (Powered by Qualys SSL Labs)
Ch 12zs: College SSl Certificates Tested in 2014
Ch 12zt: SSL Certificates at Banks
Ch 12zu: NSA Suite B Cryptography (Aug., 2015)
Ch 12zv: Why Algebraic Eraser may be the riskiest cryptosystem you\'ve never heard of (Nov., 2015)
Ch 12zw: Stop using NSA-influenced code in our products, RSA tells customers (2013)
Ch 12zx: NOBUS - Wikipedia
Ch 12zy: CNSA Suite and Quantum Computing FAQ (2016)
Ch 12zz: Silent Circle ditches NIST cryptographic standards to thwart NSA spying (2013)
Ch 12zz1: RC4 crypto: Get RID of it already, say boffins (2015)
Ch 12zz2: SHA1 algorithm securing e-commerce and software could break by year\'s end (Oct, 2015)
Ch 12zz3: How the NSA can break trillions of encrypted Web and VPN connections (Oct, 2015)

Ch_13a: Router - Wikipedia
Ch_13b: Cisco 2600 Series Multiservice Platforms
Ch_13c: Cisco 2600 Series Security Advisories
Ch_13d: Michael Lynn - Wikipedia
Ch_13e: Michael Lynn's controversial Cisco security presentation
Ch_13f: Schneier on Security: Cisco Harasses Security Researcher
Ch_13g: Michael Lynn's PDF file is linked near the bottom of this page
Ch_13h: Juniper hires Cisco hacker -- fixes flaws in IOS
Ch_13i: Firewall Debate: Hardware vs. Software
Ch_13j: Firewall Access Control List Rules
Ch_13k: Cisco PIX Firewall and VPN Configuration Guide
Ch_13l: Teardrop Attack - Wikipedia
Ch_13m: Microsoft ISA Server: Product Overview
Ch_13n: Application Filters Provided with ISA Server 2006
Ch_13o: Intrusion Detection FAQ: How do you implement IDS (network based) in a heavily switched environment?
Ch_13p: Project Honey Pot
Ch_13q: Capture - The High Interaction Client Honeypot/ Honeyclient
Ch_13r: Open Source Honeypots: Learning with Honeyd
Ch_13s: ISA Server and Forefront Threat Management Gateway Public Beta Available Here (as of 12-4-08)
Ch 13t: Web Application Firewall - OWASP
Ch 13u: Web Application Firewall - The Market Leading Web Application Firewall
Ch 13v: A Chinese ISP momentarily hijacks the Internet (again)
Ch 13w: Cisco ASA 5500 Series Adaptive Security Appliances
Ch 13x: The Center for Internet Security
Ch 13y: RedSeal Systems - Redseal Network Advisor
Ch 13z1: Aurora Attack--Resistance Is Futile, Pretty Much
Ch 13z2: Can Aurora attacks be prevented?
Ch 13z3: Google attack part of widespread spying effort
Ch 13z4: Network Hijackers Exploit Technical Loophole -- IP Hijacking via BGP
Ch 13z5: How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack (2015)
Ch 13z6: DDoS Mitigation Firm Has History of Hijacks (Sept., 2016)

l_14a: compatible_cards [Aircrack-ng]
l_14b: Cant get orinoco into monitor mode with NG
l_14c: Wi-Foo: The Secrets of Wireless Hacking: Books: Andrew Vladimirov,Konstantin V. Gavrilenko,Andrei A. Mikhailovsky
l_14d: PRISM GT Technical Information
l_14e: Injection Test Results: WUSB54Gv4, WT111v2, Edimax EW-7318USG, and Intel IPW2200
l_14f: Question regarding usb adapter and linux
l_14g: Driver found for PrismGT Chipset
l_14h: Host AP Linux driver for Intersil Prism2/2.5/3 wireless LAN cards and WPA Supplicant
l_14i: How to get the TEW424ubv2 Wi-Fi Dongle working in Linux with NDISwrapper
l_14j: Wireless Card Modes Explained: Master, Manager, Ad-hoc, Monitor
l_14l: Orinoco Monitor Mode Patch Page
l_14m: MadWifi - Drivers for many wireless NICs
l_14n: BackTrack from - Supplying offensive security products to the world
l_14n: Linuxant - DriverLoader for Wireless LAN devices
l_14o: NDISwrapper - Use Windows Drivers in Linux
l_14p: How To Crack WEP with Linux and Packet Injection
l_14q: Aircrack-ng -- WEP cracker for Windows or Linux
l_14r: Tutorial - Cracking WEP with Windows XP pro.
l_14s: How to crack WEP with BackTrack 2
l_14t: WLAN Adapter Chipset Directory
l_14u: Yet Another Easier Workaround for Packet Injection with Aireplay in Windows
l_14v: Re: Legality of WEP Cracking
l_14w: E-Mail Privacy in the Workplace
l_15a: About SSL/TLS
l_15b: Huge Collection Of Hack Tutorial Videos
l_15c: dsniff -- Linux Package for Man-in-the-Middle Attacks
l_15d: Old SSL Vulnerability in Internet Explorer - Certificate Chain
l_15e: Circumventing SSL with Ettercap Video

Miscellaneous Links

Robtex - great DNS analysis tool
YouTube - Reset Passwords on Windows XP and Vista using Backtrack 4 - Captions and Voice Included
WebGoat Notes--Learn Web App Security
Ubuntu 10.0.4, VMware and No Keyboard : Solo Technology
Warning about VMWare Player and new Ubuntu 10.04
How to reset domain admin password on Windows Server 2008--Utilman
Exploiting the LNK Vulnerability with Metasploit
Decrypting SSL traffic with Wireshark, and ways to prevent it
Port Scanner Challenge: Nmap, Unicornscan, PortBunny -- UnicornScan is 5x faster than Nmap
Proj 10: ActivePython Downloads - old versions here
Old Version of Adobe Acrobat Reader Download -
Metasploit Unleashed - Mastering the Framework--awesome course
Metasploit Class Videos from Irongeek
Smashing the stack in 2010 (improved)
Great video taking over a domain with Metasploit--Good Pentesting Techniques
Old versions of Adobe Acrobat Reader straight from Adobe
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Penetration Testing and Vulnerability Analysis - WIndows Exploitation 101
How to Break Into a Mac (And Prevent It from Happening to You)
Wardriving FAQ -- Wardriving is not illegal
A SANS article on the legality of wardriving
New Snort rules to stop Rockwell & other SCADA attacks (10-5-110

HUGE list of vulnerable Web apps to use for training
2011-12-26: STRATFOR leaked accounts (10257 passwords recovered) -
Free Online Computer Security Class from Berkeley & Stanford
How to bypass an antivirus --INTERESTING PROJECT IDEA
Download Ez7z for Mac - Easy-to-use p7zip archiver.
List of online hacking games
Nessus 5.0 is Here Tenable Network Security
Enter Bios Settings and Boot from CDROM with VMware Fusion

Windows Credentials Editor (WCE) FAQ
Mapping Defenses Using the Cyber Kill Chain -- COMPARE TO CNIT 123 TEXTBOOK
How to setup Dark Comet RAT (with download and pictures) : hacking
Free CEH Study Guide (v8, from 2014)
DarkComet RAT Flames Out
airdecap-ng Aircrack-ng -Decrypts WEP and WPA packets -- ADD TO PROJECT

Warriors of the Net HD - YouTube - good version as of Jan 2015
How to rekey a lock 101 - YouTube -- IT WORKS!
2012-05-02: Linux Memory Images
KBeast -- New Linux Rootkit (from 12-31-11)
Learn to code Codecademy
Penetration Testing with BackTrack Training - $700 online classes with certification
Scapy cheat sheet
Reset a Windows 8 Password without using any third party software
Cheat Sheet for Pen Testing
Reset Admin Password on Mac OS X
2013-01-27: Cookie Cadger Slides
VulnHub - Vulnerable By Design--VMs to exploit!
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551) -- Another instructor recommends this book
VulnHub - Vulnerable By Design -- Excellent projects here!
illSecure -- Very Easy Hacking Games
BackBox Linux -- Italian security distro
Resources for Aspiring Penetration Testers
HiJetter -- Printer Exploitation Tool
Live BGP Updates
The Bro Network Security Monitor
Teardrop Attack in Scapy
Cracking Linux, Windows, Wordpress, and Drupal Password Hashes with Hashcat and John
Pentest training games--vulnerable systems and Web apps
Scapy explained by its author -- EXCELLENT
Hash Identifier python script
24 Great E-Books On Ethical Hacking
Codebashing SQLi Tutorial
Five-way TCP Handshake defeats firewalls
HacmeBank & HacmeCasino in the Cloud
Learn Python the Hard Way
HTPasswd Tutorial
Notifying Owners of Infected Wordpress Servers -- POTENTIAL PROJECT
The Difference between CIFS and SMB
The story of a pentester recruitment -- SHOW TO CLASS
Download Metasploitable - Intentionally Vulnerable Machine | Rapid7
Cracking WEP with Cain on Windows and an AirPCap Card
Password Cracking Slides by IronGeek
Linux DHCP Configuration--use Debian instructions for Kali
2015-07-10: HttpDosTool 4.01 -- WORKS ON WINDOWS 8.1
OverTheWire: Wargames and Linux Lessons
How Yahoo was forced to give data secretly to the NSA Prism project (from 2014) -- IMPORTANT PRECEDENT
Live BGP Updates over Telnet
The Tricky Encryption That Could Stump Quantum Computers (from Sept., 2015)
Warriors of the Net - TeacherTube
CA Lockpick Law -- Demonstrates that TOOOL is correct
RECOMMENDED LOCKPICK KIT: Ehdching 24pcs Single Hook Locksmith Tools 1pcs Professional Cutaway Practice Padlock - -
Recommended Locks from Deviant Ollam
Lockpicking Legal issues - Lockwiki
Legality of lock picks, possessing burglary tools, lock picks legality
Manual for Kwikset Powerlock in S214
L0phtCrack Password Auditor - Download -- WORKED BETTER THAN JOHN
Lynis - Security auditing tool for Unix/Linux systems Universal TV Stand / Base Mount for 32" - 60" Flat-Screen Televisions -- May be needed for display case
Edit or remove cookies from Firefox's Developer Toolbar
RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark
Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
Lockpicking Plastic Handcuffs -- ADD TO LOCKPICKING PROJECT

New Unsorted Links

Apache .htaccess file - Examples and Common Uses | DigitalOcean -- VERY USEFUL
A tcpdump Tutorial and Primer with Examples
Best tcpdump Tutorial and Primer with Examples
Add/Drop Procedure
virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player
2017-09-27: DHS planning to collect social media info on all immigrants
Ch 8zl: Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live
Ch 9v: Mirai botnet -- Krebs on Security
Ch 9w: The Mirai Botnet Isn't Easy to Defeat
Ch 10zs: TIOBE Index -- popularity of programming languages
Ch 10zt: Serialization and Deserialization in Java
Ch 12-2017-1: 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
Ch 12-2017-2: Google Online Security Blog: Announcing the first SHA1 collision
Ch 12-2017-3: SHAttered
USB LAN7500 Driver for Mac Adapter in S214
Metasploit: Not connecting to database
Ch 3za: NullArray/AutoSploit: Automated Mass Exploiter
Ch 3zb: Threat or menace? "Autosploit" tool sparks fears of empowered "script kiddies"
Fixing a Error in Kali Rolling Repository
AWS Educate -- Free AWS Credit for Students
How to install Kali Linux on Google Cloud
How to install Kali Linux on Google Cloud -- Penetration Testing
Using the gsutil Tool -- Google Cloud
GitHub - Wh1t3Rh1n0/deb2kali: A Script to Convert Debian Linux into Kali Linux
LionSec/katoolin: Automatically install all Kali linux tools
How to Install WAMP

Other Links

Back to Top

Last Updated: 12-10-15 3:49 pm