CEH : Certified Ethical Hacker study guide ; [exam 312-50, exam ...

CEH Certified Ethical Hacker Study Guide Kimberly Graves

WILEY

Wiley Publishing, Inc.

Contents Introduction

xxi

Assessment Test

Chapter

1

%xx

Introduction to Ethical Hacking, Ethics, and Legality

1

Defining Ethical Hacking

2

Understanding the Purpose of Ethical Hacking

6

Ethical

7

Hacking Terminology The Phases of Ethical Hacking Identifying Types of Hacking Technologies Identifying Types of Ethical Hacks Understanding Testing Types

12 13

16

Performing a Penetration Test Keeping It Legal Cyber Security Enhancement Act

17

§1029 and

18 and SPY ACT

1030

19 20

U.S. State Laws

20

Federal Managers Financial Integrity Act Freedom of Information Act (FOIA)

20

Federal Information Security Management Act (FISMA) Privacy Act of 1974

21

USA PATRIOT Act

22

Government

22

Cyber Laws

Paperwork Elimination Act (GPEA) in Other Countries

21 22

23

Summary

23

Exam Essentials

23

Review

25

Questions

Answers to Review 2

8 11

How to Be Ethical

18 USC

Chapter

3

An Ethical Hacker's Skill Set

29

Questions

Gathering Target Information: Reconnaissance, Footprinting,

and Social

Engineering

31

Reconnaissance

33

Understanding Competitive Intelligence Information-Gathering Methodology

34

Footprinting Using Google to Gather Information Understanding DNS Enumeration Understanding Whois and ARIN Lookups Identifying Types of DNS Records

37 38 39 40 42 46

xii

Contents

Using Traceroute in Footprinting Understanding Email Tracking Understanding Web Spiders Social Engineering The Art of Manipulation

3

48 50 50 54

Countermeasures

Summary

54

Exam Essentials

55

Review

56

Questions to

Review Questions

60

Network and Host Information:

Gathering

and Enumeration

63

64

Scanning Scanning Methodology Ping Sweep Techniques

67

nmap Command Switches

70

Scan

73

The CEH

Types

TCP Communication

Flag Types War-Dialing Techniques Banner Grabbing and OS Fingerprinting Techniques Scanning Anonymously

68

73 76 77 79 81

Enumeration Null Sessions

82

SNMP Enumeration

84

Windows 2000 DNS Zone Transfer

85

Summary

86

Exam Essentials

87

Review

89

Questions

Answers to Review 4

48

Social-Engineering

Scanning

Chapter

48

Types of Social Engineering-Attacks

Answers

Chapter

46

Questions

93

System Hacking: Password Cracking, Escalating Privileges,

and

The

Simplest Way to Types of Passwords Passive Online

Files

Hiding Get

a

Password

Attacks

Active Online Attacks Offline Attacks Nonelectronic Attacks

95 96 96 97 98 99 101

Contents

Cracking a Password Understanding the LAN Manager Hash Cracking Windows 2000 Passwords Redirecting the SMB Logon to the Attacker SMB Relay MITM Attacks and Countermeasures NetBIOS DoS Attacks

103

103 105 106

107 109 110

Executing Applications

111

Buffer Overflows

111

Understanding Rootkits Planting Rootkits on Windows

112 2000 and XP Machines

112

Rootkit Embedded TCP/IP Stack

112

Rootkit Countermeasures

113

Hiding

Files

113 114

NTFS File Streaming NTFS Stream Countermeasures

114

Understanding Steganography Technologies Covering Your Tracks and Erasing Evidence

115

Summary

117

Exam Essentials

118

Answers to Review

116

119

Review Questions

5

102

107

Password-Cracking Countermeasures Understanding Keyloggers and Other Spyware Technologies Escalating Privileges

Chapter

xiii

123

Questions

Trojans, Backdoors, Viruses,

and Worms

Trojans and Backdoors

125 126

Overt and Covert Channels

128

Types of Trojans How Reverse-Connecting Trojans Work How the Netcat Trojan Works Trojan Construction Kit and Trojan Makers Trojan Countermeasures Checking a System with System File Verification

130

Viruses and Worms

130 132 135 135 138 141

Types of Viruses

142

Virus Detection Methods

145

Summary

146

Exam Essentials

146

Review Questions

147

Answers

151

to

Review Questions

xiv

Chapter

Contents

6

Gathering Data

from Networks: Sniffers

Understanding Host-to-Host Communication How

a

Sniffer Works

Sniffing

158

Limitations of Switches

159

How ARP Works ARP

Spoofing

and

159

Poisoning Countermeasures

Wireshark Filters and DNS

Spoofing

166

Exam Essentials

167

Review

168

Denial of Service and Session

171

Hijacking

Denial of Service

173 174

How DDoS Attacks Work

177

How BOTs/BOTNETs Work

179

Smurf and SYN Flood Attacks

180

DoS/DDoS Countermeasures

182

Session

Hijacking

183

Sequence Prediction Dangers Posed by Session Hijacking Preventing Session Hijacking

184 186

186

Summary

187

Exam Essentials

188

Review

Questions

Answers

Chapter 8

164

Summary Questions Answers to Review Questions 7

160 161

Understanding MAC Flooding

Chapter

154

158

Countermeasures

Bypassing the

153

Web

to Review

189

Questions

193

Hacking: Google, Web Servers,

Web Application Vulnerabilities, and Web-Based Password

Cracking Techniques

195

How Web Servers Work

197

Types of Web Server Vulnerabilities Attacking a Web Server

201

Patch-Management Techniques Web Server Hardening Methods Web Application Vulnerabilities Web Application Threats and Countermeasures Google Hacking Web-Based Password-Cracking Techniques Authentication Types Password Attacks and Password Cracking

198

207

208 209 210 211 212 212 213

Contents

Chapter

9

Summary

215

Exam Essentials

215

Review Questions Answers to Review Questions

216

SQL Injection

Buffer Overflows Overflows and Methods of Detection

Buffer Overflow Countermeasures

225 226 228

229 231

Summary

232

Exam Essentials

232

Review

Questions

Answers

to Review

233

Questions

Wireless Network Hacking Wi-Fi and Ethernet

Authentication and

to

MAC Filters and MAC

Spoofing

Locate SSIDs

Access Points

Evil Twin Wireless

or

237 239 240

Cracking Techniques

Using Wireless Sniffers Rogue

11

224

229

Types of Buffer

Chapter

221 222

Finding a SQL Injection Vulnerability The Purpose of SQL Injection SQL Injection Using Dynamic Strings SQL Injection Countermeasures

10

219

Attacking Applications: SQL Injection and Buffer Overflows

Chapter

xv

AP

242 246 248 250

Masquerading

Hacking Techniques

250 251

Securing Wireless Networks Summary

254

Exam Essentials

254

Review Questions

255

Answers

259

to

Review Questions

Physical Site Security

251

261

Components of Physical Security Understanding Physical Security Physical Site Security Countermeasures What to Do After a Security Breach Occurs Summary

262

Exam Essentials

274

Review

275

Questions

Answers

to

Review Questions

264 266

274 274

279

xvi

Chapter

Contents

12

Hacking Linux Systems Linux Basics

285

Summary

293

Exam Essentials

294

Review

295

Questions

Answers 13

282 Linux Kernel

Compiling GCC Compilation Commands Installing Linux Kernel Modules Linux Hardening Methods a

Chapter

to

Review

289

299

301

Exam Essentials

316

308 316

317

Questions Questions

322 323

Cryptography

Cryptography and Encryption Techniques Types of Encryption Stream Ciphers vs. Block Ciphers Generating Public and Private Keys Other Uses for Encryption Cryptography Algorithms Cryptography Attacks Summary

324

Exam Essentials

338

Questions

Answers 15

289

302

Review

Chapter

288

Types of IDSs and Evasion Techniques Firewall Types and Honeypot Evasion Techniques Summary

Answers to Review 14

Questions

Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls

Review

Chapter

281

to

a

Questions

Penetration Test

Defining Security

Assessments

Penetration Testing Penetration

328 329 333 335 337 337

339

Review

Performing

326

Testing Steps

The Pen Test Legal Framework Automated Penetration Testing Tools Pen Test Deliverables

342 343 344 345

346 349 349 350

Contents

Summary

352

Exam Essentials

352

Review

Questions

Answers

Appendix

353

to Review

Sybex

Test

PDF of

on

the CD

Engine

Glossary of Terms

357 359

360 360 360

Adobe Reader

360

Electronic Flashcards

360

System Requirements Using the CD

361

Troubleshooting

361

Customer Care

Index

Questions

About the Companion CD What You'll Find

Glossary

xvii

361

362

363 375