See assembly language
assembly language
add and sub commands, 134
addressing modes, 135??“136
assembling, 137
AT&T vs. NASM syntax, 133??“135
call and ret commands, 135
file structure, 136??“137
inc and dec commands, 135
int command, 135
jne, je, jz, jnz, and jmp commands,
134??“135
lea command, 135
machine vs. assembly vs. C, 133
mov command, 134
program to establish a socket, 223??“226
push and pop commands, 134
system calls, 213??“214
xor command, 134
attackers??™ goals, 43
attacking services
enumerating DACL of a Windows service,
418??“419
???execute??? disposition permissions of a
Windows service, 420
finding vulnerable services, 420??“422
privilege escalation, 422??“424
???read??? disposition permissions of
a Windows service, 420
???write??? disposition permissions of
a Windows service, 419
Gray Hat Hacking: The Ethical Hacker??™s Handbook
538
auditing tools
source code, 280??“283
See also manual auditing
Authenticated Users group, 406
authentication, 71
authentication SIDs, 406??“408
authorization, 71
AxEnum, 372??“377
AxFuzz, 377
AxMan, 378??“383
B
backdoors, eliminating, 71
BackTrack, 101??“102
automating change preservation from one
session to the next, 109
booting and logging in, 103??“104
cheat codes, 112??“114
creating a directory-based or file-based
module with dir2lzm, 106??“109
creating a module from a SLAX prebuilt
module with mo2lzm, 106??“108
creating a module from an entire session
of changes using dir2lzm, 108??“109
creating a module of directory content
changes since last boot, 110??“112
creating a new base module with all the
desired directory contents, 110??“112
creating the BackTrack CD, 102??“103
environment, 104??“105
saving configurations, 105
selectively loading modules, 112??“114
tools, 118
using Metasploit db_autopwn, 114??“117
writing to your USB memory stick, 105
binaries
stripped, 310??“312
unpacking, 525??“533
binary analysis, 289
automated tools, 304??“307
decompilers, 290??“292
disassemblers, 292??“302
manual auditing of binary code, 289??“304
binary mutation, 490??“495
binary patching, 486??“490
BinDiff, 306??“307
BinNavi, 303??“304
black box testing, 335
Blaster worm attacks, and the CFAA, 27??“28
Blum, Rick, 35
bot herders, 9
botmaster underground, 9
bots, 9
Break-on-Execute breakpoint capability,
528??“529
buffer overflows, 149??“154
local buffer overflow exploits, 154??“162
buffers, 130
buffer orientation problems,
476??“477
exploiting small buffers, 160??“162
BugScam, 305??“306
Bugtraq, 49??“50
Byte function, 531
C
C programming language, 121
comments, 126
compiling with gcc, 127
functions, 122
if/else, 126
linking, 127
for loops, 125??“126
main( ), 122
object code, 127
printf, 123??“124
Index
539
sample program, 126??“127
scanf, 124
strcpy/strncpy, 124??“125
system calls, 213
variables, 123
while loops, 125??“126
C++, quirks of compiled C++ code,
323??“325
Cain, 94??“96, 97
callback shellcode.
Pages:
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932