Includes index.

1 Preparation
Installing VM ware Workstation..
Configuring Virtual Machines....
Installing a Virtual Windows 2000 Workstation..
Installing VMware Tools for Windows 2000 Virtual Machines.
Installing a Red Hat Version 8 Virtual Machine
Installing VMware Tools for Red Hat Virtual Machines
What Is on the CD?.
Restrict Anonymous.
To Restrict Anonymous
In Windows NT
For Windows XP, 2003-.
For Windows 2000
What Is the Difference?
2 Banner Identification
Lab 1: Banner Identification
Lab 2: Banner Identification
Lab 3: Banner Identification
Lab 4: Operating System Identification.
Detect Operating System of Target: Xprobe2
Lab 5: Banner Identification
Lab 6: Banner Identification
Lab 7: Personal Social Engineering
Social Engineering Techniques: Dumpster Diving/Personnel
Target Enumeration
Lab 8: Establish a NULL Session
Establish a NULL Session: NULL Session
Lab 9: Enumerate Target MAC Address
Enumerate MAC Address and Total NICs: GETMAC
Lab 10: Enumerate SID from User ID
Enumerate the SID from the Username: USER2SID
Lab 11: Enumerate User ID from SID
Enumerate the Username from the Known SID. SID2USER
Lab 12: Enumerate User Information
Enumerate User Information from Target: USERDUMP
Lab 13: Enumerate User Information
Exploit Data from Target Computer: USERINFO
Lab 14: Enumerate User Information
Exploit User Information from Target: DUMPSEC
Lab 15: Host/Domain Enumeration
Enumerate Hosts and Domains of LAN: Net Commands
Lab 16: Target Connectivity/Route
Detect Target Connectivity: PingG
Lab 17: Target Connectivity/Route
Connectivity/Routing Test: Pathping
Lab IB: Operating System Identification
Identify Target Operating System: Nmap/nmapFE
Lab 19: Operating System Identification
Identify Target Operating System: NmapNT
Lab 20: IP/Hostname Enumeration
Enumerate IP or Hostname: Nslookup
Lab 21: IP/Hostname Enumeration
Enumerate IP or Hostname: Nmblookup
Lab 22: RPC Reporting
Report the RPC of Target: Rpcinfo
Lab 23: Location/Registrant Identification
Gather Registration Info/Trace Visual Route: Visual Route
Lab 24: Registrant Identification
Gather IP or Hostname: Sam Spade
Lab 25: Operating System Identification
Gather OS Runtime and Registered IPs: Netcraft
Lab 26: Operating System Identification
Scan Open Ports of Target: Sprint
Lab 27: Default Shares
Disable Default Shares: Windows Operating System
Lab 28: Host Enumeration
Scan Open Ports of Target: WinFingerprint
Scanning
Lab 29: Target Scan/Share Enumeration
Scan Open Ports of Target: Angry IP
Lab 30; Target Scan/Penetration
Scan Open Ports/Penetration Testing: LANguard
Lab 31:Target Scan through Firewall
Scan Open Ports of Target: Fscan
Lab 32: Passive Network Discovery
Passively Identify Target Information on the LAN: Passifist
Lab 33: Network Discovery
Identify Target Information: LanSpy
Lab 34: Open Ports/Services
Scan Open Ports/Services of Target: Netcat
Lab 35: Port Scan/Service Identification
Scan Open Ports of Target: SuperScan
Lab 36: Port Scanner
Identify Ports Open: Strobe
Lab 37: Anonymous FTP Locator
Locate Anonymous FTP Servers: FTPScanner
Lab 38: CGI Vulnerability Scanner
Identify CGI Vulnerabilities: TCS CGI Scanner
Lab 39: Shared Resources Locator
Identify Open Shared Resources: Hydra
Lab 40: Locate Wingate Proxy Servers
Locate Wingate Proxy Servers: WGateScan/ADM Gates
5 Sniffing Traffic
Lab 41: Packet Capture — Sniffer
Exploit Data from Network Traffic: Ethereal
To Install Ethereal on a Red Hat Linux Computer
To Install Ethereal on Microsoft Windows
Lab 42: Packet Capture — Sniffer
Exploit Data from Network Traffic: Ngrep
For Linux
For Windows
Lab 43: Packet Capture — Sniffer
Exploit Data from Network Traffic: TcpDump
Lab 44: Packet Capture — Sniffer
Exploit Data from Network Traffic: WinDump
Lab 45: Packet Capture — Sniffer
Monitor IP Network Traffic Plow: IPDump2
For Linux
For Windows
Lab 46: Password Capture — Sniffer
Exploit Passwords and Sniff the Network: ZxSniffer
Lab 47: Exploit Data from Target Computer — Sniffit
6 Spoofing
Lab 48: Spoofing IP Addresses
Send Packets via False IP Address: RafaleX
Lab 49: Spoofing MAC Addresses
Send Packets via a False MAC Address: SMAC
Lab 50: Spoofing MAC Addresses
Send Packets via a False MAC Address: Liniix
Lab 51: Packet Injection/Capture/Trace
Send Packets via a False IP/MAC Address: Packit
Lab 52: Spoof MAC Address
Altering the MAC Address: VMivare Workstation
7 Brute Force
Lab 53: Brute-Force FTP Server
Crack an FTP Password: NFTWOX/NETWAG
Lab 54: Retrieve Password Hashes
Extract Password Flashes: FGDiimp
Lab 55: Crack Password Hashes
Crack and Capture Password Flashes: LC5
Lab 56: Overwrite Administrator Password
Change the Administrator Password: CHNTPW
Lab 57: Brute-Force Passwords
Brute-Force Passwords for a Hashed File: John the Ripper
Lab 58: Brute-Force FTP Password
Brute-Force an FTP Password Connection: BruteFTP
Lab 59: Brute-Force Terminal Server
Brute-Force Terminal Server Passwords: TSGrinder II
8 Vulnerability Scanning
Lab 60: Vulnerability Scanner
Perform Vulnerability Assessment: SAINT
Lab 6l:SNMPWalk
Exploit Data via SNMP Wcdk: NETWOX/NETWAG
Lab 62: Brute-Force Community Strings
Exploit the SNMP Community Strings: Solar Winds
Lab 63: Target Assessment
Assessment of Target Security: Retina
Lab 64:Target Assessment
Assessment of Target Security: X-Scan
Lab 65: Vulnerability Scanner
Perform Vulnerability Assessment: SARA
Lab 66: Web Server Target Assessment
Assessment of Web Server Security: N-Stealth
Lab 67: Vulnerability Scanner
Exploit Data from Target Computer: Pluto
Lab 68: Vulnerability Assessment
Perform Vulnerability Assessment: Metasploit
On Windows
On Linux
Lab 69: Web Server Target Assessment
Assessment of Web Server Security: Nikto
Lab 70: Vulnerability Scanner
Assessment of Target Security: Shadow Scanner
Lab 71; Internet Vulnerability Scanner
Assessment of Target Security: Cerberus
Lab 72: WHAX — Auto Exploit Reverse Shell
Automatically Exploit the Target:AutoScan
Lab 73: Unique Fake Lock Screen XP
Grab the Administrator Password: Fake Lock Screen XP
Lab 74: Bypassing Microsoft Serial Numbers
Bypassing Serial Number Protection: RockXP/Custom Script
Lab 75: Vulnerability Exploit
Assessment of Target Security: Web Hack Control Center
9 Wireless
Lab 76: Locate Unsecured Wireless
Locate Unsecured Wireless: NetStumbler/Mini-Stumbler
Lab 77: Trojan
Unauthorized Access and Control: Back Orifice
Lab 78: Trojan
On the Target Computer
On the Attacker's Computer
Unauthorized Access and Control: NetBus
On the Target (Server)
On the Attacker's Computer
Lab 79: ICMP Tunnel Backdoor
Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky
On the Target (Server)
On the Attacker's Machine
Lab 80: Hiding Tools on the Target
Hiding Files on the Target: CP
Scenario: Hiding Netcat inside the Calculator Application
To Verify
Lab 81: Capturing Switched Network Traffic
Intercept/Exploit Traffic: Ettercap
Lab 82: Password Capture
Capture Passwords Traversing the Network: Dsniff
Lab 83: Data Manipulation
Manipulate the Live Data Stream:Achilles
Lab 84: Covert Reverse Telnet Session
Create a Reverse Telnet Session: Netcat
Lab 85: Covert Channel — Reverse Shell
Exploit Data from Target Computer: Reverse Shell
10 Redirection
Lab 86: PortMapper
Traffic Redirection: PortMapper
Lab 87: Executing Applications — Elitewrap
Executing Hidden Applications: Elitewrap
Lab 88: TCP Relay — Bypass Firewalls
Traffic Redirection: Fpipe
Lab 89: Remote Execution
Remote Execution on Target: FsExec
Lab 90: TCP Relay — Bypass Firewalls
Traffic Redirection: NETWOX/NETWAG
11 Denial-of-Service (DoS)
Lab 91: Denial-of-Service — Land Attack
DoS Land Attack: Land Attack
Lab 92: Denial-of-Service — Smurf Attack
DoS Smurf Attack: Smurf Attack
Lab 93: Denial-of-Servicc — SYN Attack
DoS Land Attack: SYN Attack
Lab 94: Denial-of-Service — IJDP Flood
DoS UDP Flood Attack: UDP Flood Attack
Lab 95: Denial-of-Service —Trash2.c
Create Denial-of-Service Traffic: Trash2.c