https://www.cfreds.nist.gov/Hacking_Case.html

#16. Find 6 installed programs that may be used for hacking.

이전 글 data leakage case #10, 11 application installed/execution logs 의 Registry 부분 참고.

REGA 를 통한 분석.

[설치된 응용 프로그램]

2004-08-20 이후에 설치된 프로그램을 조사한다.

Anonymizer Bar :  a tool that attempts to make activity on the Internet untraceable.

Cain & Abel : a password testing & recovery and intrusion testing tool for Microsoft Windows

Faber Toys : a system utility, mainly developed for power users who want to know what's going on in their Personal Computer. It may also be used by programmers as a tool for tracking their applications.

Forte Agent : a multi-server newsreader. Agent is also an excellent multiple POP and SMTP e-mail client.

CuteFTP :  a series of FTP (file transfer protocol) client applications 

CuteHTML : a special program for editing and building web pages. It also supports the creation of webpages in visual mode.

mIRC : a popular Internet Relay Chat client used by individuals and organizations to communicate, share, play and work with each other on IRC networks around the world.

Powertoys For Windows XP : a set of freeware system utilities for power users, developed by Microsoft for its flagship operating system, Windows. PowerToys do not undergo the same rigorous testing that the operating system components do and are published without technical support.

123 Write All Stored Passwords : WASP will display all passwords of the currently logged on user that are stored in the Microsoft PWL file.

PWL 파일이란? 윈도의 네트워크 암호 설정 정보 파일. 사용자가 네트워크에 접속하기 위해 로그온 암호를 설정하면 윈도는 사용자 이름과 동일한 파일명에 확장자가 PWL인 파일을 생성하게 된다. 또한 로그온 암호 외에도 네트워크 상의 공유 자원을 지정할 때 사용할 수 있는 암호도 PWL 파일에서 관여하게 된다

Look@LAN : users can use to keep track of network activity.

Network Stumbler : A reliable software that helps you to quickly detect wireless local area networks (WLANs) and search for locations with poor coverage in your WLAN

WinPcap : WinPcap has been recognized as the industry-standard tool for link-layer network access in Windows environments, allowing applications to capture and transmit network packets bypassing the protocol stack, and including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Ethereal : This network protocol analyzer allows you to examine data from a live network or from a captured file on disk.

[공격 시나리오]

가. 공격자 IP 은닉

Anonymizer (hides IP tracks when browsing)

나. Wifi 탐색

NetStumbler (wireless access point discovery tool) 

다. Network 정보 수집

Look&LAN_1.0 (network discovery tool) 

Ethereal (packet sniffer) 

라. Password Cracking

Cain & Abel v2.5 beta45 (password sniffer & cracker) 

123 Write All Stored Passwords (finds passwords in registry) 

[응용프로그램 사용 로그]