Pervec njohjes se programimit per te qene nje hacker duhet pasur njohje per subjektet e meposhtme te ndara ne kategori Cfare eshte me e ekeqjave e gjithe te keqiave 1 Exploit? trekendeshi funksional i sigurise procesi i nje sulmi Passive reconnaissance Active reconnaissance llojet e sulmeve kategorite e exploits qellimet qe nje sulmus kerkon te arrije 2: Footprinting cfare eshte Footprinting Whois Sam Spade Analyze i rezultateve Whois NSLookup gjetja e grupeve ne seri ( address range)te rrjetit ARIN Traceroute NeoTrace Visual Route Visual Lookout Smart Whois eMailTracking Pro MailTracking.com 3: Skanim eshte serveri gjalle? Active stack fingerprinting Passive stack fingerprinting Pinger Friendly Pinger WS_Ping_Pro Netscan Tools Pro 2000 Hping2 KingPing icmpenum SNMP Scanner Detecting Ping sweeps ICMP Queries netcraft.com Port Skanim TCPs 3-way handshake TCP Scan tipet IPEye IPSECSCAN nmap Port Scan countermeasures Hacker Tool: HTTrack Web Copier Network Management Tools SolarWinds Toolset NeoWatch War Dialing THC-Scan PhoneSweep War Dialer Telesweep Queso Cheops Proxy Servers Hacker Tool: SocksChain Surf the web anonim TCP/IP qe deperton neper HTTP Tunneling HTTPort Tunneld BackStealth 4: Enumeration What is Enumeration NetBios Null Sessions Null Sesion Countermeasures NetBIOS Enumeration DumpSec Hyena NAT SNMP Enumertion SNMPUtil Hacker Tool: IP Network Browser SNMP Enumeration Countermeasures Windows 2000 DNS Zone transfer Identifying Win2000 Accounts mjet hackimi: User2SID SID2User Enum UserInfo GetAcct smbbf SMB Auditing Tools Active Directory Enumeration W2K Active Directory attack 5. hack sistemesh Administrator Password Guessing Performing Automated Password Guessing Legion NTInfoScan Defending Against Password Guessing Monitoring Event Viewer Logs VisualLast Eavesdroppin on Network Password Exchange L0phtCrack KerbCrack Privilege Escalation GetAdmin mjet hakimi: hk Manual Password Cracking Algorithm Automatic Password Cracking Algorithm Password Tipet Types of Password Attacks Dictionary Attack Brute Force Attack Distributed Brute Force Attack Password Change Interval Hybrid Attack Cracking Windows 2000 Passwords Retrieving the SAM file Redirecting SMB Logon to the Attacker SMB Redirection SMBRelay SMBRelay2 pwdump2 SAMdump C2MYAZZ Win32 Create Local Admin User Offline NT Password Resetter psexec remoxec SMBRelay Man-in-the-Middle (MITM) SMBRelay MITM Countermeasures SMBGrinder SMBDie NBTDeputy NetBIOS DoS Attack nbname John the Ripper LanManager Hash Password Cracking Countermeasures Keystroke Logger Spector AntiSpector eBlaster SpyAnywhere IKS Software Logger Fearless Key Logger E-mail Keylogger Hardware Key Logger Rootkit Planting Rootkit on Windows 2000 Machine _rootkit_ embedded TCP/IP Stack Rootkit Countermeasures MD5 Checksum utility Tripwire mbulues gjurmesh(covering Tracks ) Caktivizimi i Auditing Auditpol Pastrimi i ditarit te ngjarjeve Elslave Winzapper Evidence Eliminator fshehje skedaresh NTFS File Streaming makestrm NTFS Streams Countermeasures LNS Steganography mjete hakimi ImageHide BlindSide MP3Stego Snow Camera/Shy Steganography Detection StegDetect Stealth Files Encrypted File System dskprobe EFSView Buffer Overflows krijimi i Buffer Overflow Exploit Outlook Buffer Overflow : Outoutlook 6: Trojan dhe Backdoors Overt and Covert QAZ Tini Netcat Donald Dick SubSeven BackOrifice 2000 Back Oriffice Plug-ins BoSniffer NetBus ComputerSpy Key Logger Beast Trojan CyberSpy Telnet Trojan SubRoot Telnet Trojan LetMeRule Wrappers Graffiti Silk Rope 2000 EliteWrap IconPlus Packaging Tool: Microsoft WordPad Whack a Mole Trojan Construction Kit si te shkruash Trojans ne Java Hacker Tool: FireKiller 2000 Covert Channels ICMP Tunneling Hacker Tool: Loki Reverse WWW Shell Backdoor Countermeasures BO Startup and Registry Entries NetBus Startup and Registry Keys Port Monitoring Tools fPort TCPView Process Viewer Inzider - Tracks Processes and Ports Trojan Maker Hard Disk Killer Man-in-the-Middle Attack dsniffer Verifikues i System File TripWire 7.Sniffers Cfare eshte Sniffer/si funksionon Ethereal Snort WinDump EtherPeek Passive Sniffing Active Sniffing EtherFlood Si funksionon ARP ArpSpoof DSniff Macof mailsnarf URLsnarf Webspy Ettercap WebMiTM IP Restrictions Scanner sTerm Cain and Abel Packet Crafter SMAC MAC Changer ARP Spoofing Countermeasures WinDNSSpoof Distributed DNS Flooder WinSniffer IRIS NetInterceptor SniffDet WinTCPKill 8.(DOS) Denial of Service Attack Typet e DoS Attacks si funksionon DoS Cfare eshte DDoS dhe funksionimi i tij Mjete hakimi Ping of Death SSPing Land Smurf SYN Flood CPU Hog Win Nuke RPC Locator Jolt2 Bubonic Targa Mjete per DDoS Attacks Trinoo WinTrinoo TFN TFN2K Stacheldraht Shaft mstream DDoS Attack Sequence Preventing DoS Attack DoS Scanning Tools Find_ddos SARA DDoSPing RID Zombie Zapper 9.Inxhinjeria sociale Art of Manipulation Human Weakness Common Types of Social Engineering Human Based Impersonation Important User Tech Support Third Party Authorization In Person Dumpster Diving Shoulder Surfing Computer Impersonation Mail Attachments Popup Windows Website Faking Reverse Social Engineering Policies and Procedures Social Engineering Security Policies 10 Session Hijacking Cfare eshte Session Hijacking Session Hijacking Steps Spoofing Vs Hijacking Active Session Hijacking Passive Session Hijacking TCP Concepts - 3 way Handshake Sequence Numbers Sequence Number Example Guessing the Sequence Numbers Juggernaut Hunt TTYWatcher IP Watcher T-Sight Remote TCP Session Reset Utility Rreziqet e Session Hijacking mbrojtje kunder Session Hijacking 11: Hack Web Serverat Apache Vulnerability sulm kunder IIS IIS Components ISAPI DLL Buffer Overflows IPP Printer Overflow msw3prt.dll Oversized Print Requests Jill32 IIS5-Koei IIS5Hack IPP Buffer Overflow Countermeasures ISAPI DLL expozim i kodit burim ISAPI.DLL Exploit Defacing (ndryshim i pamjes se Websajteve IIS Directory Traversal Unicode Directory Listing pastrimi i ditareve te programeve server IIS LogAnalyzer Attack Signature krijimi i nje trojani ne Internet Explorer (IE) IISExploit UnicodeUploader.pl cmdasp.asp rritja e Privilegjeve ne programet server IIS IISCrack.dll ispc.exe IIS WebDav Vulnerability WB RPC Exploit-GUI DComExpl_UnixWin32 Plonk Unspecified Executable Path Vulnerability CleanIISLog File System Traversal Countermeasures problemet me HotFix te microsoftit UpdateExpert Cacls Whisker N-Stealth Scanner WebInspect Mjet skanimi serveri ne rrjet: Shadow Security Scanner 12:Aplikacionet ne websajte dhe Vulnerabilities Documentimi dhe struktura e aplikacioneve Inspectim manual i Applikacioneve perdorimi i googles per te inspektuar aplikacionet Directori Strukture Instant Source Java klasat dhe miniprogramet( Applets ) Jad HTML komente dhe permbajtje Lynx Wget Black Widow WebSleuth Cross Side Scripting Sesion Hijacking using XSS Cookie Stealing IEEN IEflaw Gjetja e informacioneve sensitive nepermjet Google 13 Teknika krakimi paswordesh ne websajte Bazat e besushmerise se origjinales( Authentication ) Message Digest Authentication NTLM Authentication Certifikata te bazuara ne verifikime krahasime me origjinalen( Authentication) Certifikata dixhitale Microsoft Passport Authentication Verifikim i origjinalit(Authentication) mbeshtetur ne forms/formulare krijim Certifikatash fallco WinSSLMiM Password Guessing Default Account Database WebCracker Brutus ObiWan Munga Bunga Password dictionary Files Attack Time Variant PassList Query Strings Post data Mjete hakimi: cURL Stealing Cookies CookieSpy ReadCookies SnadBoy 14: SQL Injection Cfare eshte SQL Injection Vulnerability SQL Insertion Discovery Blank sa Password Simple Input Validation SQL Injection OLE DB Errors 1=1 blah' or 1=1 Parandalimi SQL Injeksion Databaze Specific SQL Injeksion Mjete hakimi databazeSQL SQLDict SQLExec SQLbf SQLSmack SQL2.exe Oracle password buster 15: Wireless rrjetet wireless standarti kryesor 802.11 Cfare eshte WEP? gjetja e WLAN-eve Krackim i celesaveWEP Sniffing Trafikut Wireless DoS Attacks WLAN Scanners WLAN Sniffers MAC Sniffing Access Point Spoofing Siguria e rrjeteve wireless Mjete hackimi NetTumbler AirSnort AirSnarf AiroPeek WEP Cracker Kismet AirSnarf WIDZ- Wireless IDS 16 Viruset, Worms Njohje e plote e virusave si jane krijuar dhe si funksionojne Cherobyl ExploreZip I Love You Melissa Pretty Park Code Red Worm W32/Klez BugBear W32/Opaserv Worm Nimda Code Red SQL Slammer krijim virusi si nje batch skedar si te shkruash nje virus Worms,kodet/instruksionet ndertimi i 1 wormi 17: Novell Hacker llogarite dhe passwords aksesimi i skedareve te passwordeve crackimi passwordeve Mjete hackimi per sistemet e serverave Novell Chknull NOVELBFH NWPCRACK Bindery BinCrack SETPWD.NLM Kock userdump Burglar Getit Spooflog Gobbler Novelffs Pandora 18 Linux Linux Basics Compiling Programs in Linux Scanning Networks Mapping Networks Password Cracking in Linux Linux Vulnerabilities SARA TARA Sniffing A Pinger in Disguise Session Hijacking Linux Rootkits Linux Security Countermeasures Zinxhirat dhe tabelat e IP-ve 19. IDS,Firewalls honeypotsIntrusion Detection System Verifikues te integritetit te sistemit Si diktohen nderhyrjet e paautorizuara(intrusions) Diktim anomalish njohja aprovimi i firmave Si IDS krahason firmat (Signatures) e aplikacioneve/serviseve qe futen Verifikim i nje staku te protokollit Verifikim i protokollit te nje aplikacioni rrjeti Cndodh pasi nje sistem IDS dikton nje sulm/nderhyrje te paautorizuar Njohja e llojeve te ndryshme te sistemeve IDS Njohja e sistemeve detektore ndaj nderhyrjeveSNORT EvaZion komplet i IDS dhe teknikat Mjete hacking: fragrouter TCPReplay SideStep NIDSbench ADMutate Diktimi i sistemeve detectore te mbrojtjes nga nderhyrjet(IDS) Mjete per te diktuar Packet Sniffers Mjete per te injektuar packeta te formatizuara ne rrjet Hack duke depertuar firewallet vendosja e Backdoors duke care Firewallet Fshehja mbrapa Covert Channels Mjet hacking: Ncovert Cfare eshte 1 Honeypot? Honeypots Evasion Honeypots vendor mjet hacking: Honeyd ==== 20.Buffer overflow Njohje e plote e buffer overflow si funksionon pasojat teknikat etj Buffer Buffer Eksploits Bazat e gjuhes assemby Si te diktosh Buffer Overflows ne 1 Program aftesite qe kerkohen Varesia CPU me OS Cfare jane Stacks Buffer Overflows me baze Stack Teknikat per ta realizuar sic duhet 1 Buffer Overflow Te shkruash vete ne C/C++ Eksploits Buffer Overflow Mbrojtje kunder Buffer Overflows Mjete kontrolli per tipin e Programeve perpilues(compiling) StackGuard Immunix ==== 21.Kriptografia Cfare eshte PKI? Certifikatat digitale RSA MD-5 RC-5 SHA SSL PGP SSH Teknika te krakimit te encripsionit '' happy hacking ''