ebook img

CEH Certified Ethical Hacker Exam Guide 2nd Edition All-in-One PDF

436 Pages·2014·16.34 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CEH Certified Ethical Hacker Exam Guide 2nd Edition All-in-One

All-In-One / CEH™ Certifed Ethical Hacker All-in-One Exam Guide / Matt Walker / 648-9/ FM ALL IN ONE ™ HEC eC e�itr d lacihtE ekcaH r E X A M G U I D E eS noc noitidE d 00-FM.indd 1 14/03/14 5:17 PM Infocomm AIO / CTS® Certifed Technology Specialist Exam Guide, Second Edition / Grimes / 796-9 / FM ABOUT THE AUTHOR Matt Walker is currently an IT security architect working for Hewlett-Packard on NASA’s desktop support contract. An IT security and education professional for more than 20 years, he has served as the director of the Network Training Center and a curriculum lead/senior instructor for Cisco Networking Academy on Ramstein AB, Germany, and as a network engineer for NASA’s Secure Network Systems (NSS), designing and main- taining secured data, voice, and video networking for the agency. Matt also worked as an instructor supervisor and senior instructor at Dynetics, Inc., in Huntsville, Alabama, providing on-site certification awarding classes for ISC2, Cisco, and CompTIA, and after two years he came right back to NASA as an IT security manager for UNITeS, SAIC, at Marshall Space Flight Center. He has written and contributed to numerous techni- cal training books for NASA, Air Education and Training Command, and the U.S. Air Force, as well as commercially, and he continues to train and write certification and college-level IT and IA security courses. Matt holds numerous commercial certifica- tions, including CEHv7, CPTS, CNDA, CCNA, and MCSE. About the Technical Editor Brad Horton currently works as an information security specialist with the U.S. Depart- ment of Defense. Brad has worked as a security engineer, commercial security consul- tant, penetration tester, and information systems researcher in both the private and public sectors. This has included work with several defense contractors, including General Dynamics C4S, SAIC, and Dynetics, Inc. Brad currently holds the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA), and the recently expired Cisco Certified Network Associate (CCNA) trade certifications. Brad holds a bachelor’s degree in Commerce and Business Administration from the University of Alabama, a master’s degree in Management of Information Systems from the University of Alabama in Huntsville (UAH), and a graduate certificate in Information Assurance from UAH. When not hacking, Brad can be found at home with his family or on a local golf course. The views and opinions expressed in all portions of this publication belong solely to the author and/or editor and do not necessarily state or reflect those of the Department of Defense or the United States Government. References within this publication to any specific commercial product, process, or service by trade name, trademark, manufac- turer, or otherwise, do not necessarily constitute or imply its endorsement, recommen- dation, or favoring by the United States Government. 00-FM.indd 2 14/03/14 3:08 PM AI-l O-n en / CEH™ Certifed Ethical Hacker All-in-One Exam Guide / Matt Walker / 648-9/ FM ALL IN ONE ™ CEH Certifed Ethical Hacker E X A M G U I D E Second Edition Matt Walker New York • Chicago • San Francisco Athens • London • Madrid • Mexico City Milan • New Delhi • Singapore • Sydney • Toronto McGraw-Hill Education is an independent entity from the International Council of E-Commerce Consultants® (EC-Council) and is not affliated with EC-Council in any manner. This study/training guide and/or material is not sponsored by, endorsed by, or affliated with EC-Council in any manner. This publication and CD-ROM may be used in assisting students to prepare for The Certifed Ethical Hacker (CEH™) exam. Neither EC-Council nor McGraw-Hill Education warrant that use of this publication and CD-ROM will ensure passing any exam. CEH is a trademark or registered trademark of EC-Council in the United States and certain other countries. All other trademarks are trademarks of their respective owners. 00-FM.indd 3 14/03/14 5:22 PM All-In-One / CEH™ Certifed Ethical Hacker All-in-One Exam Guide / Matt Walker / 648-9/ FM lataC nigo -g ni -lbuP noitaci no si ataD l� eeht htiw noC fo yrarbiL erg s McGra-w Hill Educatino ko o b s are aav ilalb e at eps cial uq antit y dics uo nt s t o ues a s rp emium s and as le s rp mo to ino , s ro ro f ues in cro ro p ate trainin g rp rg o am . s o T cno tact a rerp ees ntatiev , lp eaes iv is t the Cno tact s U ap eg s at m. w w w hrp ef o is s no alc. mo . eC ™HEC e�itr lacihtE d ekcaH A r ll-ni -OneediuG maxE eS , noc noitidE d Crypo ihg t © 41 0 2 y b McGra-w Hill Educatino . All rihg t s rees rev d . rP inted in the nU ited tS ate s fo America . Excetp a s ep rmitted under the Crypo ihg t Act fo 91 67 , n o ap rt fo thi s up lb icatino ma y eb rerp do uced ro dits riub ted in an y rof m ro yb an y mean ,s ro ts ro ed in a dataab es ro retrieav l tsy s em , iw thuo t the rp iro rw itten ep rmiis no fo up lb ihs er , iw th the excetp ino that the rp rgo am lits in sg ma y eb entered , ts ro ed , and executed in a cmo up ter tsy s em , ub t the y ma y nto eb rerp do uced rof up lb icatino . All trademark s ro crypo ihg t s mentino ed herein are the esop is no fo their reeps ctiev nwo er s and McGra-w Hill Educatino make s n o claim fo nwo erhs i p y b the mentino fo rp do uct s that cno tain thees mark.s :NBSI koB /p n 987 --0 -7 0 81 63 4-5 6 and C D /p n 987 --0 -7 0 81 63 46-3 fo es t 987 --0 -7 0 81 63 48-7 MH :DI koB /p n -0 -7 0 81 63 4-5 4 and C D /p n -0 -7 0 81 63 46-2 fo es t -0 -7 0 81 63 48-9 nopS niros rotidE g eT nhc laci rotidE noitcudorP epuS rosivr iT mto h y Green rB ad Hro tno Gero eg Andernos lairotidE epuS rosivr rotidE y poC noitisopmoC doJ y MceK niz e iK m Wimesp tt Cenev o uP lb ihs er eS riv ces ejorP rotidE tc erforP eda r Illnoitartsu hS eena rpU et , y Cenev o uP lb ihs er eS riv ces aP ul ly T er Cenev ®o uP lb ihs er eS riv ces AeriD tr evoC , rotc r Ined ex r Anoitisiuqc nidroC s rota eJ f Weeks aK rin Arrinog i Mar y eD mery nI rof matino ha s eb en tbo ained yb McGra-w Hill Educatino rf mo uos rce s eb lieev d t o eb relialb e . Hewo ev r , eb caues fo the isop ib lit y fo human ro mechanical errro y b uo r uos rce , s McGra-w Hill Educatino , ro to her , s McGra-w Hill deo s nto ug arantee the accurac , y adeuq ac , y ro cmo lp etene s f o an y inrof matino and i s nto renops is lb e rof an y errro s ro mo iis no s ro the reus lt s tbo ained rf mo the ues fo us ch inrof matino . hT e iv e sw and ipo nino s exrp ees d in all rop tino s fo thi s up lb icatino eb lno g los el y t o the authro and/ro editro and d o nto neceas ril y ts ate ro refect theso fo the eD ap rtment fo eD ef nes ro the nU ited tS ate s Gevo rnment . eR ef rence s iw thin thi s up lb icatino t o an y eps cic� cmo mercial rp do uct , rp co e ,s ro es riv ce yb trade name , trademark , manuaf cturer , ro to heriw es , d o nto neceas ril y cno ts itute ro imlp y it s endro es ment , recmo mendatino , ro af rov in g y b the nU ited tS ate s Gevo rnment. moS e lg aso r y term s included in thi s kob ma y eb cno is dered up lb ic inrof matino a s deis ng ated yb hT e aN tino al nI ts itute fo tS andard s and eT chnlo ygo .)TSIN( TSIN i s an aeg nc y fo the .S.U eD ap rtment fo Cmo merce . lP eaes iv is t n. w its v og. rof mro e inrof matino . 00-FM.indd 4 14/03/14 3:03 PM All-In-One / CSSLP Certifcation All-in-One Exam Guide / Conklin /026-1 / FM ed si k o o b s i h T etaci d ehtom y m o t d eH , r lenla W h t u R ek . r Il evo eh la h t i w r leh y m . t r a 00-FMi. ndd 5 10/0/3 1 4 84:5 PM All-In-One / CEH™ Certifed Ethical Hacker All-in-One Exam Guide / Matt Walker / 648-9/ FM 00-FM.indd 6 10/03/14 5:48 PM This page is intentionally left blank to match the printed book. Al-nI In-O-Onnee / /C CEEHH™™ C Ceerrtitfifeedd E Eththicicaal lH Haacckkeer rA Al-li-nin-O-Onnee E Exxaamm G Guuididee / /M Maatt tW Waalklkeer r/ /6 64488-9-9/ /F FMM CONTENTS AT A GLANCE Chatp er 1 Getting Started: Essential Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chatp er 2 Reconnaissance: Information Gathering for the Ethical Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Chatp er 3 Scanning and Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Chatp er 4 Sniffng and Evasion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Chatp er 5 Attacking a System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Chatp er 6 Web-Based Hacking: Servers and Applications . . . . . . . . . . . . . . . . . . 199 Chatp er 7 Wireless Network Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Chatp er 8 Trojans and Other Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Chatp er 9 Cryptography 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Chatp er 01 Low Tech: Social Engineering and Physical Security . . . . . . . . . . . . . . 321 Chatp er 1 The Pen Test: Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Aep ndix A Tool, Sites, and References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Aep ndix B About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 vii 00-FM.indd 7 10/03/14 5:48 PM All-In-One / CEH™ Certifed Ethical Hacker Al-in-One Exam Guide / Matt Walker / 648-9/ FM 00-FM.indd 8 10/03/14 5:48 PM This page is intentionally left blank to match the printed book. Al-nI In-O-Onnee / /C CEEHH™™ C Ceerrtitfifeedd E Eththicicaal lH Haacckkeer rA Al-li-nin-O-Onnee E Exxaamm G Guuididee / /M Maatt tW Waalklkeer r/ /6 64488-9-9/ /F FMM CONTENTS Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Chatp er 1 Getting Started: Essential Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Security 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Basic Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Security Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Introduction to Ethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Hacking Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 The Ethical Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Chatp er 2 Reconnaissance: Information Gathering for the Ethical Hacker . . 35 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Vulnerability Research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Passive Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Active Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 DNS Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Determining Network Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Google Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Footprinting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Chatp er 3 Scanning and Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Scanning Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Scanning Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 The TCP Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Identifying Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Port Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Windows System Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Enumeration Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 ix 00-FM.indd 9 10/03/14 5:48 PM All-In-One / CEH™ Certifed Ethical Hacker All-in-One Exam Guide / Matt Walker / 648-9/ FM CEH Certified Ethical Hacker All-in-One Exam Guide x Chapter 4 Sniffng and Evasion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 How It All Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Passive and Active Sniffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Sniffing Tools and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Wireshark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Other Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Evasion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Chapter 5 Attacking a System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Windows Security Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Linux Security Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Password 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Privilege Escalation and Executing Applications . . . . . . . . . . . . . . . . . . . 179 Privilege Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Executing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Stealth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Hiding Files and Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Covering Your Tracks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Chapter 6 Web-Based Hacking: Servers and Applications . . . . . . . . . . . . . . . . . . 199 Attacking Web Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Web Server Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Attack Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Web Server Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Attacking Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Web Application Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Application Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 00-FM.indd 10 10/03/14 5:48 PM

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.