2.0 Attack Basics

• What are the four steps to hacking?

3.0 Account Basics

• What are accounts?
• What are groups?

4.0 Password Basics

• What are some password basics?
• Why protect the hashes?
• What is a dictionary password cracker?
• What is a brute force password cracker?
• Which method is best for cracking?
• What is a salt?
• What are the dangers of cracking passwords?
• Where are the password hashes stored?
• Are there any password schemes that are safe?
• Is there any way I can open a password-protected Microsoft Office document?

5.0 Denial of Service Basics

• What is Denial of Service?
• What are some DoS scenarios?
• What is the Ping of Death?
• What is a SYN Flood attack?
• What are other popular DoS attacks?
• What are distributed DoS attacks?
• How can I discover new DoS attacks?
• How does one defend against DoS attacks?

6.0 Logging Basics

• Why do I care about auditing, accounting, and logging?
• What are some different logging techniques used by Admins?
• Why should I not just delete the log files?

7.0 Miscellaneous Basics

• What is a backdoor?
• What is a buffer overflow?
• What is "lame"?
• How do I get around censorware like Net Nanny or the Great Firewall of China?
• How can I forge email addresses?
• What's with ICQ?

8.0 Web Browser

• What is unsafe about my browser?
• What is in the history, bookmark, and cache files?
• What other browser files are important?
• Can you tell me more about the cookie file?
• How can I protect my browser files?
• So why all of the paranioa about browsers?

9.0 The Web Browser as an Attack Tool

• What is phf?
• What's the "test" hack?
• What about that "~" character?
• What is the jj.c problem?
• What's the deal with forms?
• What will this look like in the target's log files?
• What's the deal with Server-Side Includes?
• What if SSIs are turned on but includes are stripped from user input?
• What are SSL?
• How can I attack anonymously?
• What is the asp dot attack?
• What is the campas attack?
• What is the count.cgi attack?
• What is the faxsurvey attack?
• What about finger.cgi?
• What is the glimpse exploit?
• What are some other CGI scripts that allow remote command execution?
• What are the MetaInfo attacks?

10.0 The Basic Web Server

• What are the big weak spots on servers?
• What are the critical files?
• What's the difference between httpd running as a daemon vs. running under inetd?
• How does the server resolve paths?
• What log files are used by the server?
• How do access restrictions work?
• How do password restrictions work?
• What is web spoofing?

11.0 NT Basics

• What are the components of NT security?
• How does the authentication of a user actually work?
• What is "standalone" vs. "workgroup" vs. "domain"?
• What is a Service Pack?
• What is a Hot Fix?
• Where are Service Packs and Hot Fixes?
• What's with "C2 certification"?
• Are there are interesting default groups to be aware of?
• What are the default directory permissions?
• Are there any special restrictions surrounding the Administrative Tools group in Presentation Manager?
• What is the Registry?
• What are hives?
• Why is the Registry like this and why do I care?
• What is the deal with Microsoft's implementation of PPTP?

12.0 NT Accounts

• What are common accounts and passwords in NT?
• What if the Sys Admin has renamed the Administrator account?
• How can I figure out valid account names for NT?
• What can null sessions to an NT machine tell me?

13.0 NT Passwords

• How do I access the password file in NT?
• What do I do with a copy of SAM?
• What's the full story with NT passwords?
• How does brute force password cracking work with NT?
• How does dictionary password cracking work with NT?
• I lost the NT Administrator password. What do I do?
• How does a Sys Admin enforce better passwords?
• Can an Sys Admin prevent/stop SAM extraction?
• How is password changing related to "last login time"?

14.0 NT Console Attacks

• What does direct console access for NT get me?
• What about NT's file system?
• What is Netmon and why do I care?

15.0 NT Client Attacks

• What is GetAdmin.exe and Crash4.exe?
• Should I even try for local administrator access?
• I have guest remote access. How can I get administrator access?
• What about %systemroot%\system32 being writeable?
• What if the permissions are restricted on the server?
• What exactly does the NetBios Auditing Tool do?
• What is the "Red Button" bug?
• What about forging DNS packets for subversive purposes?
• What about shares?
• How do I get around a packet filter-based firewall?
• I hack from my Linux box. How can I do all that GUI stuff on remote NT servers?
• What's the story with WinGate?
• How do I find these buggy WinGates I can use?

16.0 NT Denial of Service

• What can telnet give me in the way of denial of service?
• What can I do with Samba?
• What's with ROLLBACK.EXE?
• What is an OOB attack?
• Are there any other Denial of Service attacks?

17.0 NT Logging and Backdoors

• Where are the common log files in NT?
• How do I edit/change NT log files without being detected?
• So how can I view/clear/edit the Security Log?
• How can I turn off auditing in NT?

18.0 NT Misc. Attack Info

• How is file and directory security enforced?
• What is NTFS?
• Are there are vulnerabilities to NTFS and access controls?
• What is Samba and why is it important?
• How do I bypass the screen saver?
• How can I detect that a machine is in fact NT on the network?
• Can I do on-the-fly disk encryption on NT?
• Does the FTP service allow passive connections?
• What is this "port scanning" you are talking about?
• Does NT have bugs like Unix' sendmail?
• How is password changing related to "last login time"?
• Can sessions be hijacked?
• Are "man in the middle" attacks possible?
• What about TCP Sequence Number Prediction?
• What's the story with buffer overflows on NT?

19.0 Netware Accounts

• What are common accounts and passwords for Netware?
• How can I figure out valid account names on Netware?

20.0 Netware Passwords

• How do I access the password file in Netware?
• What's the full story with Netware passwords?
• How does password cracking work with Netware?
• How does password cracking work with Netware?
• Can an Sys Admin prevent/stop Netware password hash extraction?
• Can I reset an NDS password with just limited rights?
• What is OS2NT.NLM?
• How does password encryption work?
• Can I login without a password?
• What's with Windows 95 and Netware passwords?

21.0 Netware Console Attacks

• What's the "secret" way to get Supe access Novell once taught CNE's?
• How do I use SETPWD.NLM?
• I don't have SETPWD.NLM or a disk editor. How can I get Supe access?
• What's the "debug" way to disable passwords?
• How do I defeat console logging?
• Can I set the RCONSOLE password to work for just Supervisor?
• How can I get around a locked MONITOR?
• Where are the Login Scripts stored in Netware 4.x and can I edit them?
• What if I can't see SYS:_NETWARE?
• So how do I access SYS:_NETWARE?
• How can I boot my server without running STARTUP.NCF/AUTOEXEC.NCF?
• What else can be done with console access?

22.0 Netware Client Attacks

• What is the cheesy way to get Supervisor access?
• How can I login without running the System Login Script in Netware 3.x?
• How can I get IP info from a Netware server remotely?
• Does 4.x store the LOGIN password to a temporary file?
• Everyone can make themselves equivalent to anyone including Admin. How?
• Can Windows 95 bypass NetWare user security?
• What is Packet Signature and how do I get around it?

23.0 Netware Denial of Service

• How can I abend a Netware server?
• Will Windows 95 cause server problems for Netware?
• Will Windows 95 cause network problems for Netware?

24.0 Netware Logging and Backdoors

• How do I leave a backdoor for Netware?
• What is the rumored "backdoor" in NDS?
• What is the bindery backdoor in Netware 4.x?
• Where are the common log files in Netware?
• What is Accounting?
• How do I defeat Accounting?
• What is Intruder Detection?
• How do I check for Intruder Detection?
• What are station/time restrictions?
• How can I tell if something is being Audited in Netware 4.x?
• How can I remove Auditing if I lost the Audit password?
• What is interesting about Netware 4.x's licensing?
• What is the Word Perfect 5.1 trick when running Netware 3.x over DOS?

25.0 Netware Misc. Attack Info

• How do I spoof my node or IP address?
• How can I see hidden files and directories?
• How do I defeat the execute-only flag?
• How can I hide my presence after altering files?
• What is a Netware-aware trojan?
• What are Trustee Directory Assignments?
• Are there any default Trustee Assignments that can be exploited?
• What are some general ways to exploit Trustee Rights?
• Can access to .NCF files help me?
• Can someone think they've logged out and I walk up and take over?
• What other Novell and third party programs have holes that give "too much access"?
• How can I get around disk space requirements?
• How do I remotely reboot a Netware 3.x file server?
• What is Netware NFS and is it secure?
• Can sniffing packets help me break into Netware servers?
• What else can sniffing around Netware get me?
• Do any Netware utilities have holes like Unix utilities?
• Where can I get the Netware APIs?
• Are there alternatives to Netware's APIs?
• How can I remove NDS?
• What are security considerations regarding partitions of the tree?
• Can a department "Supe" become a regular Admin to the entire tree?
• Are there products to help improve Netware's security?
• Is Netware's Web server secure?
• What's the story with Netware's FTP NLM?
• Can an IntranetWare server be compromised from the Internet?
• Are there any problems with Novell's Groupwise?
• Are there any problems with Netware's Macintosh namespace?
• What's the story with buffer overflows on Netware?

26.0 Netware Mathematical/Theoretical Info

• How does the whole password/login/encryption thing work?
• Are "man in the middle" attacks possible?
• Are Netware-aware viruses possible?
• Can a trojaned LOGIN.EXE be inserted during the login process?
• Is anything "vulnerable" during a password change?
• Is "data diddling" possible?

27.0 Unix Accounts

• What are common accounts and passwords for Unix?
• How can I figure out valid account names for Unix?

28.0 Unix Passwords

• How do I access the password file in Unix?
• What's the full story with Unix passwords?
• How does brute force password cracking work with Unix?
• How does dictionary password cracking work with Unix?
• How does a Sys Admin enforce better passwords and password management?
• So how do I get to those shadowed passwords?
• So what can I learn with a password file from a heavily secured system?
• What's the story with SRP?

29.0 Unix Local Attacks

• Why attack locally?
• How do most exploits work?
• So how does a buffer overflow work?

30.0 Unix Remote Attacks

• What are remote hacks?

31.0 Unix Logging

• Where are the common log files in Unix?
• How do I edit/change the log files for Unix?

32.0 Hacker Resources

• What are some security-related WWW locations?
• What are some security-related USENET groups?
• What are some security-related mailing lists?
• What are some other FAQs?