Certified Ethical Hacker (CEH) Preparation Guide
Home » Uncategorized  »  Certified Ethical Hacker (CEH) Preparation Guide
Certified Ethical Hacker (CEH) Preparation Guide
All rights reserved. No a part of this CEH test book shall be reproduced, saved in a retrieval device, or transmitted via any means, digital, mechanical, photocopying, recording, or otherwise, with out written permission from the writer. No patent liability is thought with appreciate to the usage of the facts contained herein. Although each precaution has been taken in the guidance of this ebook, the writer and creator anticipate no duty for errors or omissions. Nor is any liability assumed for damages due to the use of the information contained herein. ISBN-thirteen: 978-zero-7897-5127-0 ISBN-10: zero-7897-5127-five Library of Congress Control Number: 2013953303 Printed inside the United States of America Second Printing: May 2014 Trademarks All phrases cited in this book that are recognized to be emblems or carrier marks have been accurately capitalized. Pearson IT Certifi cation can't attest to the accuracy of this information. Use of a time period in this e-book ought to no longer be regarded as affecting the validity of any trademark or carrier mark. Warning and Disclaimer Every attempt has been made to make this e-book as whole and as accurate as possible, but no warranty or fi tness is implied. The records supplied is on an “as is” foundation. The creator and the publisher shall have neither liability nor duty to any individual or entity with respect to any loss or damages bobbing up from the statistics contained on this e book or from the use of the CD or programs accompanying it. Bulk Sales Pearson IT Certifi cation offers amazing discounts in this ebook whilst ordered in amount for bulk purchases or special income. For more data, please touch U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.Com For sales outdoor of the U.S., please touch International Sales worldwide@pearsoned.Com Associate Publisher Dave Dusthimer Acquisitions Editor Betsy Brown Development Editor Ellie C. Bru Managing Editor Sandra Schroeder Senior Project Editor Tonya Simpson Copy Editor Keith Cline Indexer Tim Wright Proofreader Kathy Ruiz Technical Editors Brock Pearson Tatyana Zidarov Publishing Coordinator Vanessa Evans Media Producer Lisa Matthews Book Designer Alan Clements Compositor Jake McFarland Contents at a Glance Introduction xxiii CHAPTER 1 Ethical Hacking Basics3 CHAPTER 2 The Technical Foundations of Hacking39 CHAPTER three Footprinting and Scanning77 CHAPTER 4 Enumeration and System Hacking137 CHAPTER five Linux and Automated Assessment Tools 173 CHAPTER 6 Trojans and Backdoors213 CHAPTER 7 Sniffers, Session Hijacking, and Denial of Service251 CHAPTER eight Web Server Hacking, Web Applications, and Database Attacks297 CHAPTER nine Wireless Technologies, Mobile Security, and Attacks341 CHAPTER 10 IDS, Firewalls, and Honeypots381 CHAPTER 11 Buffer Overfl ows, Viruses, and Worms417 CHAPTER 12 Cryptographic Attacks and Defenses453 CHAPTER 13 Physical Security and Social Engineering493 CHAPTER 14 Final Preparation527 Glossary535 Practice Exam I561 Practice Exam II603 Index 646 APPENDIX A Answers to the “Do I Know This Already?” Quizzes and Review Questions (CD only) APPENDIX B Memory Tables (CD most effective) APPENDIX C Memory Table Answer Key (CD best) iv Certified Ethical Hacker (CEH) Cert Guide Table of Contents Introduction xxiii Chapter 1 Ethical Hacking Basics 3 “Do I Know This Already?” Quiz three Foundation Topics 6 Security Fundamentals 6 Goals of Security 7 Risk, Assets, Threats, and Vulnerabilities eight Defining an Exploit 10 Security Testing 10 No-Knowledge Tests (Black Box) eleven Full-Knowledge Testing (White Box) eleven Partial-Knowledge Testing (Gray Box) eleven Types of Security Tests 12 Hacker and Cracker Descriptions 13 Who Attackers Are 15 Hacker and Cracker History 16 Ethical Hackers 17 Required Skills of an Ethical Hacker 18 Modes of Ethical Hacking 19 Test Plans—Keeping It Legal 21 Test Phases 23 Establishing Goals 24 Getting Approval 25 Ethical Hacking Report 25 Vulnerability Research—Keeping Up with Changes 26 Ethics and Legality 27 Overview of U.S. Federal Laws 28 Compliance Regulations 30 Chapter Summary 31 Exam Preparation Tasks 32 Review All Key Topics 32 Hands-On Labs 32 Lab 1-1 Examining Security Policies 32 Table of Contents v Review Questions 33 Define Key Terms 36 View Recommended Resources 36 Chapter 2 The Technical Foundations of Hacking 39 “Do I Know This Already?” Quiz 39 Foundation Topics 42 The Attacker’s Process forty two Performing Reconnaissance and Footprinting 42 Scanning and Enumeration forty three Gaining Access 44 Escalation of Privilege forty five Maintaining Access 45 Covering Tracks and Planting Backdoors forty five The Ethical Hacker’s Process forty six National Institute of Standards and Technology forty seven Operational Critical Threat, Asset, and Vulnerability Evaluation 47 Open Source Security Testing Methodology Manual 48 Security and the Stack 48 The OSI Model forty eight Anatomy of TCP/IP Protocols 51 The Application Layer 53 The Transport Layer 57 The Internet Layer 60 The Network Access Layer 65 Chapter Summary 67 Exam Preparation Tasks 67 Review All Key Topics 67 Define Key Terms 68 Exercises sixty eight 2.1 Install a Sniffer and Perform Packet Captures 68 2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 70 Review Questions seventy one Suggested Reading and Resources seventy five vi Certified Ethical Hacker (CEH) Cert Guide Chapter 3 Footprinting and Scanning 77 “Do I Know This Already?” Quiz seventy seven Foundation Topics eighty The Seven-Step Information-Gathering Process 80 Information Gathering 80 Documentation eighty The Organization’s Website 81 Job Boards 83 Employee and People Searches eighty four EDGAR Database 87 Google Hacking 88 Usenet 92 Registrar Query 93 DNS Enumeration 96 Determine the Network Range one hundred and one Traceroute 101 Identifying Active Machines 104 Finding Open Ports and Access Points one hundred and five Nmap 112 SuperScan one hundred fifteen THC-Amap 115 Scanrand 116 Hping 116 Port Knocking 117 War Dialers 117 War Driving 118 OS Fingerprinting 118 Active Fingerprinting Tools 120 Fingerprinting Services 122 Default Ports and Services 122 Finding Open Services 123 Mapping the Network Attack Surface one hundred twenty five Manual Mapping 125 Automated Mapping one hundred twenty five Table of Contents vii Chapter Summary 127 Exam Preparation Tasks 127 Review All Key Topics 127 Define Key Terms 128 Command Reference to Check Your Memory 128 Exercises 129 3.1 Performing Passive Reconnaissance 129 three.2 Performing Active Reconnaissance a hundred thirty Review Questions 131 Suggested Reading and Resources 134 Chapter four Enumeration and System Hacking 137 “Do I Know This Already?” Quiz 137 Foundation Topics a hundred and forty Enumeration a hundred and forty Windows Enumeration a hundred and forty Windows Security 142 NetBIOS and LDAP Enumeration 143 NetBIOS Enumeration Tools one hundred forty five SNMP Enumeration 148 Linux/UNIX Enumeration 149 NTP Enumeration a hundred and fifty SMTP Enumeration one hundred fifty DNS Enumeration 151 System Hacking 151 Nontechnical Password Attacks 151 Technical Password Attacks 152 Password Guessing 152 Automated Password Guessing 153 Password Sniffing 154 Keystroke Loggers a hundred and fifty five Privilege Escalation and Exploiting Vulnerabilities 155 Exploiting an Application 156 Exploiting a Buffer Overflow 156 Owning the Box 157 viii Certified Ethical Hacker (CEH) Cert Guide Authentication Types 158 Cracking the Passwords 159 Hiding Files and Covering Tracks 162 File Hiding 163 Chapter Summary a hundred sixty five Exam Preparation Tasks 165 Review All Key Topics a hundred sixty five Define Key Terms 166 Command Reference to Check Your Memory 166 Exercise 166 4.1 NTFS File Streaming 166 Review Questions 167 Suggested Reading and Resources 171 Chapter 5 Linux and Automated Assessment Tools 173 “Do I Know This Already?” Quiz 173 Foundation Topics 176 Linux 176 Linux or Windows? Picking the Right Platform 176 Linux File Structure 177 Linux Basics 179 Passwords and the Shadow File 182 Linux Passwords 183 Compressing, Installing, and Compiling Linux 185 Hacking Linux 186 Reconnaissance 186 Scanning 186 Enumeration 188 Gaining Access 188 Privilege Escalation one hundred ninety Maintaining Access and Covering Tracks 191 Hardening Linux 194 Automated Assessment Tools 196 Automated Assessment Tools 196 Source Code Scanners 197 Table of Contents ix Application-Level Scanners 197 System-Level Scanners 198 Automated Exploit Tools 201 Chapter Summary 203 Exam Preparation Tasks 204 Review All Key Topics 204 Define Key Terms 204 Command Reference to Check Your Memory 205 Exercises 205 five.1 Downloading and Running Backtrack 205 5.2 Using Backtrack to Perform a Port Scan 206 five.Three Creating a Virtual Machine 206 5.Four Cracking Passwords with John the Ripper 207 Review Questions 208 Suggested Reading and Resources 210 Chapter 6 Trojans and Backdoors 213 “Do I Know This Already?” Quiz 213 Foundation Topics 216 Trojans 216 Trojan Types 216 Trojan Ports and Communication Methods 217 Trojan Goals 219 Trojan Infection Mechanisms 219 Effects of Trojans 220 Trojan Tools 221 Distributing Trojans 225 Trojan Tool Kits 226 Covert Communication 227 Covert Communication Tools 231 Port Redirection 232 Other Redirection and Covert Tools 234 Keystroke Logging and Spyware 235 Hardware 236 Software 236 Spyware 237 x Certified Ethical Hacker (CEH) Cert Guide Trojan and Backdoor Countermeasures 238 Chapter Summary 240 Exam Preparation Tasks 241 Review All Key Topics 241 Define Key Terms 242 Command Reference to Check Your Memory 242 Exercises 243 6.1 Finding Malicious Programs 243 6.2 Using a Scrap Document to Hide Malicious Code 244 6.Three Using Process Explorer 244 Review Questions 246 Suggested Reading and Resources 248 Chapter 7 Sniffers, Session Hijacking, and Denial of Service 251 “Do I Know This Already?” Quiz 251 Foundation Topics 254 Sniffers 254 Passive Sniffing 254 Active Sniffing 255 Address Resolution Protocol 255 ARP Poisoning and Flooding 256 Tools for Sniffing 260 Wireshark 260 Other Sniffing Tools 262 Sniffing and Spoofing Countermeasures 263 Session Hijacking 264 Transport Layer Hijacking 264 Predict the Sequence Number 265 Take One of the Parties Offline 267 Take Control of the Session 267 Application Layer Hijacking 267 Session Sniffing 267 Predictable Session Token ID 268 Man-in-the-Middle Attacks 268 Man-in-the-Browser Attacks 269 Table of Contents xi Client-Side Attacks 269 Session-Hijacking Tools 271 Preventing Session Hijacking 273 Denial of Service, Distributed Denial of Service, and Botnets 274 Types of DoS 275 Bandwidth Attacks 276 SYN Flood Attacks 277 Program and Application Attacks 277 Distributed Denial of Service 278 DDoS Tools 280 Botnets 282 DoS, DDOS, and Botnet Countermeasures 285 Summary 288 Exam Preparation Tasks 289 Review All Key Topics 289 Define Key Terms 290 Exercises 290 7.1 Scanning for DDoS Programs 290 7.2 Using SMAC to Spoof Your MAC Address 291 Review Questions 291 Suggested Reading and Resources 294 Chapter eight Web Server Hacking, Web Applications, and Database Attacks 297 “Do I Know This Already?” Quiz 297 Foundation Topics three hundred Web Server Hacking three hundred Scanning Web Servers 302 Banner Grabbing and Enumeration 302 Web Server Vulnerability Identification 306 Attacks Against Web Servers 307 IIS Vulnerabilities 308 Securing IIS and Apache Web Servers 312 Web Application Hacking 314 Unvalidated Input 315 Parameter/Form Tampering 315 xii Certified Ethical Hacker (CEH) Cert Guide Injection Flaws 315 Cross-Site Scripting and Cross-Site Request Forgery Attacks 316 Hidden Field Attacks 317 Other Web Application Attacks 318 Web-Based Authentication 319 Web-Based Password Cracking and Authentication Attacks 320 Cookies 324 URL Obfuscation 324 Intercepting Web Traffic 326 Database Hacking 329 Identifying SQL Servers 330 SQL Injection Vulnerabilities 331 SQL Injection Hacking Tools 333 Summary 334 Exam Preparation Tasks 335 Review All Key Topics 335 Define Key Terms 336 Exercise 336 8.1 Hack the Bank 336 Review Questions 337 Suggested Reading and Resources 339 Chapter nine Wireless Technologies, Mobile Security, and Attacks 341 “Do I Know This Already?” Quiz 341 Foundation Topics 344 Wireless Technologies 344 Wireless History 344 Satellite TV 344 Cordless Phones 346 Cell Phones and Mobile Devices 346 Mobile Devices 348 Smartphone Vulnerabilities and Attack Vectors 349 Android 350 iOS 352 Windows Phone 8 352 Table of Contents xiii BlackBerry 353 Mobile Device Management and Protection 353 Bluetooth 354 Wireless LANs 355 Wireless LAN Basics 355 Wireless LAN Frequencies and Signaling 357 Wireless LAN Security 358 Wireless LAN Threats 361 Eavesdropping 362 Configured as Open Authentication 363 Rogue and Unauthorized Access Points 363 Denial of Service (DoS) 365 Wireless Hack  

Leave a Reply

Your email address will not be published. Required fields are marked *