Covers all Exam Objectives for CEHv6
Includes Real-World Scenarios, Hands-On Exercises, and
Leading-Edge Exam Prep Software Featuring:
•Custom Test Engine
•Hundreds of Sample Questions
•Electronic Flashcards
•Entire Book in PDF
CEH™
Certified
Ethical Hacker
STUDY GUIDE
Exam 312-50
Exam EC0-350
Kimberly Graves
SERIOUS SKILLS.
CEH: Certified Ethical Hacker Study Guide
CEH (312-50) Objectives
Objective |
Chapter |
Ethics and Legality |
|
Understand ethical hacking terminology |
1 |
Define the job role of an ethical hacker |
1 |
Understand the different phases involved in ethical hacking |
1 |
Identify different types of hacking technologies |
1 |
List the 5 stages of ethical hacking |
1 |
What is hacktivism? |
1 |
List different types of hacker classes |
1 |
Define the skills required to become an ethical hacker |
1 |
What is vulnerability research? |
1 |
Describe the ways of conducting ethical hacking |
1 |
Understand the legal implications of hacking |
1 |
Understand 18 U.S.C. § 1030 US Federal Law |
1 |
Footprinting |
|
Define the term footprinting |
2 |
Describe information gathering methodology |
2 |
Describe competitive intelligence |
2 |
Understand DNS enumeration |
2 |
Understand Whois, ARIN lookup |
2 |
Identify different types of DNS records |
2 |
Understand how traceroute is used in footprinting |
2 |
Understand how email tracking works |
2 |
Understand how web spiders work |
2 |
Scanning |
|
Define the terms port scanning, network scanning, and vulnerability scanning |
3 |
Understand the CEH scanning methodology |
3 |
Understand Ping Sweep techniques |
3 |
Understand nmap command switches |
3 |
Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN scans |
3 |
List TCP communication flag types |
3 |
Understand war dialing techniques |
3 |
Understand banner grabbing and OF fingerprinting techniques |
3 |
Understand how proxy servers are used in launching an attack |
3 |
How do anonymizers work? |
3 |
Understand HTTP tunneling techniques |
3 |
Understand IP spoofing techniques |
3 |
Objective |
Chapter |
Enumeration |
|
What is enumeration? |
3 |
What is meant by null sessions? |
3 |
What is SNMP enumeration? |
3 |
What are the steps involved in performing enumeration? |
3 |
System Hacking |
|
Understanding password cracking techniques |
4 |
Understanding different types of passwords |
4 |
Identifying various password cracking tools |
4 |
Understand escalating privileges |
4 |
Understanding keyloggers and other spyware technologies |
4 |
Understand how to hide files |
4 |
Understanding rootkits |
4 |
Understand steganography technologies |
4 |
Understand how to cover your tracks and erase evidence |
4 |
Trojans and Backdoors |
|
What is a Trojan? |
5 |
What is meant by overt and covert channels? |
5 |
List the different types of Trojans |
5 |
What are the indications of a Trojan attack? |
5 |
Understand how “Netcat” Trojan works |
5 |
What is meant by “wrapping”? |
5 |
How do reverse connecting Trojans work? |
5 |
What are the countermeasure techniques in preventing Trojans? |
5 |
Understand Trojan evading techniques |
5 |
Sniffers |
|
Understand the protocol susceptible to sniffing |
6 |
Understand active and passive sniffing |
6 |
Understand ARP poisoning |
6 |
Understand Ethereal capture and display filters |
6 |
Understand MAC flooding |
6 |
Understand DNS spoofing techniques |
6 |
Describe sniffing countermeasures |
6 |
Denial of Service |
|
Understand the types of DoS Attacks |
7 |
Understand how DDoS attack works |
7 |
Understand how BOTs/BOTNETs work |
7 |
What is a “Smurf” attack? |
7 |
What is “SYN” flooding? |
7 |
Describe the DoS/DDoS countermeasures |
7 |
Exam specifications and content are subject to change at any time without prior notice and at the EC-Council’s sole discretion. Please visit EC-Council’s website (www.eccouncil.org) for the most current information on their exam content.
Objective |
Chapter |
Social Engineering |
|
What is social engineering? |
2 |
What are the common types of attacks? |
2 |
Understand dumpster diving |
2 |
Understand reverse social engineering |
2 |
Understand insider attacks |
2 |
Understand identity theft |
2 |
Describe phishing attacks |
2 |
Understand online scams |
2 |
Understand URL obfuscation |
2 |
Social engineering countermeasures |
2 |
Session Hijacking |
|
Understand spoofing vs. hijacking |
7 |
List the types of session hijacking |
7 |
Understand sequence prediction |
7 |
What are the steps in performing session hijacking? |
7 |
Describe how you would prevent session hijacking |
7 |
Hacking Web Servers |
|
List the types of web server vulnerabilities |
8 |
Understand the attacks against web servers |
8 |
Understand IIS Unicode exploits |
8 |
Understand patch management techniques |
8 |
Understand Web Application Scanner |
8 |
What is the Metasploit Framework? |
8 |
Describe web server hardening methods |
8 |
Web Application Vulnerabilities |
|
Understanding how a web application works |
8 |
Objectives of web application hacking |
8 |
Anatomy of an attack |
8 |
Web application threats |
8 |
Understand Google hacking |
8 |
Understand web application countermeasures |
8 |
Web-Based Password Cracking Techniques |
|
List the authentication types |
8 |
What is a password cracker? |
8 |
How does a password cracker work? |
8 |
Understand password attacks – classification |
8 |
Understand password cracking countermeasures |
8 |
SQL Injection |
|
What is SQL injection? |
9 |
Understand the steps to conduct SQL injection |
9 |
Understand SQL Server vulnerabilities |
9 |
Describe SQL injection countermeasures |
9 |
Objective |
Chapter |
Wireless Hacking |
|
Overview of WEP, WPA authentication systems, and cracking techniques |
10 |
Overview of wireless sniffers and SSID, MAC spoofing |
10 |
Understand rogue access points |
10 |
Understand wireless hacking techniques |
10 |
Describe the methods of securing wireless networks |
10 |
Virus and Worms |
|
Understand the difference between a virus and a worm |
5 |
Understand the types of viruses |
5 |
How a virus spreads and infects the system |
5 |
Understand antivirus evasion techniques |
5 |
Understand virus detection methods |
5 |
Physical Security |
|
Physical security breach incidents |
11 |
Understanding physical security |
11 |
What is the need for physical security? |
11 |
Who is accountable for physical security? |
11 |
Factors affecting physical security |
11 |
Linux Hacking |
|
Understand how to compile a Linux kernel |
12 |
Understand GCC compilation commands |
12 |
Understand how to install LKM modules |
12 |
Understand Linux hardening methods |
12 |
Evading IDS, Honeypots, and Firewalls |
|
List the types of intrusion detection systems and evasion techniques |
13 |
List firewall and honeypot evasion techniques |
13 |
Buffer Overflows |
|
Overview of stack-based buffer overflows |
9 |
Identify the different types of buffer overflows and methods of detection |
9 |
Overview of buffer overflow mutation techniques |
9 |
Cryptography |
|
Overview of cryptography and encryption techniques |
14 |
Describe how public and private keys are generated |
14 |
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms |
14 |
Penetration Testing Methodologies |
|
Overview of penetration testing methodologies |
15 |
List the penetration testing steps |
15 |
Overview of the pen-test legal framework |
15 |
Overview of the pen-test deliverables |
15 |
List the automated penetration testing tools |
15 |
Exam specifications and content are subject to change at any time without prior notice and at the EC-Council’s sole discretion. Please visit EC-Council’s website (www.eccouncil.org) for the most current information on their exam content.
CEH™
Certified Ethical Hacker
Study Guide
CEH™
Certified Ethical Hacker
Study Guide
Kimberly Graves
Disclaimer: This eBook does not include ancillary media that was packaged with the printed version of the book.
Acquisitions Editor: Jeff Kellum Development Editor: Pete Gaughan
Technical Editors: Keith Parsons, Chris Carson Production Editor: Angela Smith
Copy Editor: Liz Welch
Editorial Manager: Pete Gaughan Production Manager: Tim Tate
Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde
Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Josh Frank
Media Quality Assurance: Shawn Patrick
Book Designers: Judy Fung and Bill Gibson
Compositor: Craig Johnson, Happenstance Type-O-Rama Proofreader: Publication Services, Inc.
Indexer: Ted Laux
Project Coordinator, Cover: Lynsey Stanford Cover Designer: Ryan Sneed
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada
ISBN: 978-0-470-52520-3
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data
Graves, Kimberly, 1974-
CEH : certified ethical hacker study guide / Kimberly Graves. — 1st ed. p. cm.
Includes bibliographical references and index.
ISBN 978-0-470-52520-3 (paper/cd-rom : alk. paper)
1. Electronic data processing personnel—Certification. 2. Computer security—Examinations—Study guides.
3. Computer hackers—Examinations—Study guides. 4. Computer networks—Examinations—Study guides. I. Title. QA76.3.G6875 2010
005.8—dc22
2010003135
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CEH Certified Ethical Hacker is a trademark of EC-Council. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
Dear Reader,
Thank you for choosing CEH: Certified Ethical Hacker Study Guide. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.
I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at nedde@wiley.com. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.
Vice President and Publisher
Sybex, an Imprint of Wiley
To all my former and future students who have embarked on the path to greater knowledge. Remember the ethical hacker motto is to do no harm and leave no tracks.
Acknowledgments
To my family and friends, who have been so supportive through countless hours spent writing and editing this book. All your comments and critiques were invaluable and I appreciate your efforts. Most importantly, I want to thank my husband Ed for his support in this endeavor. It has been no small task and I appreciate his understanding every step of the way. I want to thank my technical editor, Keith Parsons, for his attention to detail and contin-
ual quest for excellence from himself and everyone he works with, this book being no exception. Thanks, Keith, I know it was a long road and you stuck with it until the very end.
Also thanks to the team at Sybex: Jeff Kellum, Pete Gaughan, and Angela Smith. Thank you for following through on this book and keeping me motivated.
About the Author
Graduating in 1995 from American University, with a major in political science and a minor in computer information technology, Kimberly Graves quickly learned that the technical side of her degree was going to be a far more interesting and challenging career path than something that kept her “inside the Beltway.”
Starting with a technical instructor position at a computer training company in Arlington, Virginia, Kimberly used the experience and credentials gained from that position to begin the steady accumulation of the other certifications that she now uses in her day-to-day interactions with clients and students. Since gaining her Certified Novell Engineer Certification (CNE) in a matter of a few months at her first job, Kimberly’s expertise in networking
and security has grown to encompass certifications by Microsoft, Intel, Aruba Networks, EC-Council, Cisco Systems, and CompTIA.
With over 15 cumulative years invested in the IT industry, Kimberly has amassed more than 25 instructor grade networking and security certifications. She has served various educational institutions in Washington, DC, as an adjunct professor while simultaneously serving as a subject matter expert for several security certification programs. Recently Kimberly
has been utilizing her Security+, Certified Wireless Network Associate (CWNA), Certified Wireless Security Professional (CWSP), Certified Ethical Hacker (CEH), and Certified Information Systems Security Professional (CISSP) certificates to teach and develop course material for the Department of Veterans Affairs, U.S. Air Force, and the NSA. Kimberly currently works with leading wireless vendors across the country to train the next generation of wireless security professionals. In 2007, Kimberly founded Techsource Network Solutions to better serve the needs of her clients and offer additional network and security consulting services.
Contents at a Glance
Introduction |
|
xxi |
|
Assessment Test |
|
xxx |
|
Chapter |
1 |
Introduction to Ethical Hacking, Ethics, and Legality |
1 |
Chapter |
2 |
Gathering Target Information: Reconnaissance, |
|
|
|
Footprinting, and Social Engineering |
31 |
Chapter |
3 |
Gathering Network and Host Information: Scanning |
|
|
|
and Enumeration |
63 |
Chapter |
4 |
System Hacking: Password Cracking, Escalating |
|
|
|
Privileges, and Hiding Files |
95 |
Chapter |
5 |
Trojans, Backdoors, Viruses, and Worms |
125 |
Chapter |
6 |
Gathering Data from Networks: Sniffers |
153 |
Chapter |
7 |
Denial of Service and Session Hijacking |
173 |
Chapter |
8 |
Web Hacking: Google, Web Servers, Web Application |
|
|
|
Vulnerabilities, and Web-Based Password |
|
|
|
Cracking Techniques |
195 |
Chapter |
9 |
Attacking Applications: SQL Injection and Buffer Overflows |
221 |
Chapter |
10 |
Wireless Network Hacking |
239 |
Chapter |
11 |
Physical Site Security |
261 |
Chapter |
12 |
Hacking Linux Systems |
281 |
Chapter |
13 |
Bypassing Network Security: Evading IDSs, Honeypots, |
|
|
|
and Firewalls |
301 |
Chapter |
14 |
Cryptography |
323 |
Chapter |
15 |
Performing a Penetration Test |
343 |
Appendix |
|
About the Companion CD |
359 |
Glossary |
|
|
363 |
Index |
375 |
