List of Figures

Chapter 3: Virtual Machines & Emulators

Figure 3-1: VMware welcome screen

Figure 3-2: VMware network options

Figure 3-3: Virtual disk management options

Figure 3-4: VMware virtual machine fully configured

Figure 3-5: Virtual PC configuration wizard

Figure 3-6: Virtual PC device management

Figure 3-7: Using a floppy image with Virtual PC

Figure 3-8: Gnoppix welcome screen

Figure 3-9: Cygwin setup

Figure 3-10: Cygwin setup full view

Chapter 4: Port Scanners

Figure 4-1: NmapFE on X Window System

Figure 4-2: NmapFE on Mac OS X

Figure 4-3: WUPS port scanner in action

Chapter 6: Windows Enumeration Tools

Figure 6-1: Winfingerprint default settings

Figure 6-2: Winfingerprint scan

Figure 6-3: GUI interface

Figure 6-4: Example output

Chapter 7: Web Hacking Tools

Figure 7-1: Paros tracks the directory structure of each web site.

Figure 7-2: Apply filters to save specific data.

Figure 7-3: Enable specific vulnerability scans.

Figure 7-4: View the vulnerability alerts from a scan.

Figure 7-5: Trap and modify a URL request.

Figure 7-6: Trap the HTTP Headers and Body of a request.

Figure 7-7: Configure advanced options.

Figure 7-8: Launch Burp Proxy.

Figure 7-9: Configure intercept options.

Figure 7-10: Capture and modify a browser request.

Figure 7-11: Examine the server's response.

Chapter 10: Backdoors and Remote Access Tools

Figure 10-1: A victim machine listening

Figure 10-2: Use File/Directory to access files on the victim machine.

Figure 10-3: Sub7 opening screen

Figure 10-4: Managing files, Windows, and processes from the Miscellaneous folder

Figure 10-5: Having fun with the Fun Manager and Extra Fun folders

Figure 10-6: Loki and traffic captured with Ethereal

Figure 10-7: Stcpshell and traffic captured by Ethereal

Chapter 12: Combination System Auditing Tools

Figure 12-1: Nessus client authentication schemes

Figure 12-2: Nessus Plugin selection

Figure 12-3: Detail information about a single check

Figure 12-4: Prevent Nessus from executing potentially dangerous checks.

Figure 12-5: Customize scan behavior.

Figure 12-6: Nessus Report window

Figure 12-7: Configure Cain's sniffing features.

Figure 12-8: Sniffing password hashes with Cain

Figure 12-9: Enumerate listening services with Cain.

Figure 12-10: Manage multiple agents.

Figure 12-11: Modify policies.

Figure 12-12: Schedule checks.

Chapter 13: Firewalls

Figure 13-1: Setting up outgoing filters

Figure 13-2: Setting up port forwards

Figure 13-3: SonicWALL Access List

Figure 13-4: SonicWALL One-to-One NAT

Chapter 14: Network Reconnaissance Tools

Figure 14-1: Traceroute diagram

Chapter 16: Sniffers

Figure 16-1: View network traffic with Ethereal.

Figure 16-2: Create a display filter.

Figure 16-3: Following a TCP stream

Figure 16-4: Time/sequence number graph

Figure 16-5: Throughput graph

Figure 16-6: The Summary dialog box

Figure 16-7: SSH session details

Figure 16-8: View local hosts.

Figure 16-9: Find active network connections.

Figure 16-10: Extracting specific values with filters

Figure 16-11: Attacking active connections

Figure 16-12: More ettercap capabilities

Chapter 17: Wireless Tools

Figure 17-1: Detecting wireless networks

Figure 17-2: Select a wireless adapter.

Figure 17-3: Capture wireless traffic.

Figure 17-4: Wellenreiter in action

Figure 17-5: Linux kismet_client

Figure 17-6: OS X kismet client

Figure 17-7: Press i on a highlighted SSID to view network information.

Figure 17-8: Press i on a highlighted network to view client information.

Chapter 18: War Dialers

Figure 18-1: ToneLoc's configuration utility, tlcfg.exe

Figure 18-2: ToneLoc custom file locations

Figure 18-3: Modem commands

Figure 18-4: Modem options

Figure 18-5: ScanOptions menu options

Figure 18-6: ToneLoc in action

Figure 18-7: A sample ToneMap

Figure 18-8: Configuring THC-Scan

Figure 18-9: Modem configuration options

Figure 18-10: Modem responses

Figure 18-11: Logfiles

Chapter 20: Creating a Bootable Environment and Live Response Tool Kit

Figure 20-1: The System Event Log from dumpel

Figure 20-2: The Application Event Log from dumpel

Figure 20-3: The Security Event Log from dumpel

Chapter 23: Tool Kits to Aid in Forensic Analysis

Figure 23-1: Use this screen in AccessData's Forensic Toolkit to enter specific information about your case.

Figure 23-2: The Overview tab

Figure 23-3: Click the Graphics button to see any images that exist in a document that you select.

Figure 23-4: Notice how the user of this computer was apparently reading stories about creating bombs.

Figure 23-5: The Explore tab has a Windows Explorer–like interface to browse evidence contents.

Figure 23-6: Devices are loaded and ready for the examination.

Figure 23-7: SweepCase options

Figure 23-8: Timeline view of several files on a suspect's computer

Figure 23-9: Search hit results for the word "nuclear"

Chapter 25: Generalized Editors and Viewers

Figure 25-1: The output of hexdump for suspiciousfile.bin

Figure 25-2: Frhed's suspiciousfile.bin representation

Figure 25-3: WinHex reading drive C:

Figure 25-4: Quick View's Explorer-like interface

Figure 25-5: Quick View's display pane

Figure 25-6: Quick View can display files in native format.

Figure 25-7: Quick View can display files such as hexdump.

Figure 25-8: The main screen of Midnight Commander

Figure 25-9: Midnight Commander's ability to view files

Figure 25-10: Midnight Commander can view files in hexadecimal mode.