CEH Certified Ethical Hacker Study Guide Kimberly Graves
WILEY
Wiley Publishing, Inc.
Contents Introduction
xxi
Assessment Test
Chapter
1
%xx
Introduction to Ethical Hacking, Ethics, and Legality
1
Defining Ethical Hacking
2
Understanding the Purpose of Ethical Hacking
6
Ethical
7
Hacking Terminology The Phases of Ethical Hacking Identifying Types of Hacking Technologies Identifying Types of Ethical Hacks Understanding Testing Types
12 13
16
Performing a Penetration Test Keeping It Legal Cyber Security Enhancement Act
17
Ā§1029 and
18 and SPY ACT
1030
19 20
U.S. State Laws
20
Federal Managers Financial Integrity Act Freedom of Information Act (FOIA)
20
Federal Information Security Management Act (FISMA) Privacy Act of 1974
21
USA PATRIOT Act
22
Government
22
Cyber Laws
Paperwork Elimination Act (GPEA) in Other Countries
Flag Types War-Dialing Techniques Banner Grabbing and OS Fingerprinting Techniques Scanning Anonymously
68
73 76 77 79 81
Enumeration Null Sessions
82
SNMP Enumeration
84
Windows 2000 DNS Zone Transfer
85
Summary
86
Exam Essentials
87
Review
89
Questions
Answers to Review 4
48
Social-Engineering
Scanning
Chapter
48
Types of Social Engineering-Attacks
Answers
Chapter
46
Questions
93
System Hacking: Password Cracking, Escalating Privileges,
and
The
Simplest Way to Types of Passwords Passive Online
Files
Hiding Get
a
Password
Attacks
Active Online Attacks Offline Attacks Nonelectronic Attacks
95 96 96 97 98 99 101
Contents
Cracking a Password Understanding the LAN Manager Hash Cracking Windows 2000 Passwords Redirecting the SMB Logon to the Attacker SMB Relay MITM Attacks and Countermeasures NetBIOS DoS Attacks
103
103 105 106
107 109 110
Executing Applications
111
Buffer Overflows
111
Understanding Rootkits Planting Rootkits on Windows
112 2000 and XP Machines
112
Rootkit Embedded TCP/IP Stack
112
Rootkit Countermeasures
113
Hiding
Files
113 114
NTFS File Streaming NTFS Stream Countermeasures
114
Understanding Steganography Technologies Covering Your Tracks and Erasing Evidence
115
Summary
117
Exam Essentials
118
Answers to Review
116
119
Review Questions
5
102
107
Password-Cracking Countermeasures Understanding Keyloggers and Other Spyware Technologies Escalating Privileges
Chapter
xiii
123
Questions
Trojans, Backdoors, Viruses,
and Worms
Trojans and Backdoors
125 126
Overt and Covert Channels
128
Types of Trojans How Reverse-Connecting Trojans Work How the Netcat Trojan Works Trojan Construction Kit and Trojan Makers Trojan Countermeasures Checking a System with System File Verification
130
Viruses and Worms
130 132 135 135 138 141
Types of Viruses
142
Virus Detection Methods
145
Summary
146
Exam Essentials
146
Review Questions
147
Answers
151
to
Review Questions
xiv
Chapter
Contents
6
Gathering Data
from Networks: Sniffers
Understanding Host-to-Host Communication How
a
Sniffer Works
Sniffing
158
Limitations of Switches
159
How ARP Works ARP
Spoofing
and
159
Poisoning Countermeasures
Wireshark Filters and DNS
Spoofing
166
Exam Essentials
167
Review
168
Denial of Service and Session
171
Hijacking
Denial of Service
173 174
How DDoS Attacks Work
177
How BOTs/BOTNETs Work
179
Smurf and SYN Flood Attacks
180
DoS/DDoS Countermeasures
182
Session
Hijacking
183
Sequence Prediction Dangers Posed by Session Hijacking Preventing Session Hijacking
184 186
186
Summary
187
Exam Essentials
188
Review
Questions
Answers
Chapter 8
164
Summary Questions Answers to Review Questions 7
160 161
Understanding MAC Flooding
Chapter
154
158
Countermeasures
Bypassing the
153
Web
to Review
189
Questions
193
Hacking: Google, Web Servers,
Web Application Vulnerabilities, and Web-Based Password
Cracking Techniques
195
How Web Servers Work
197
Types of Web Server Vulnerabilities Attacking a Web Server
201
Patch-Management Techniques Web Server Hardening Methods Web Application Vulnerabilities Web Application Threats and Countermeasures Google Hacking Web-Based Password-Cracking Techniques Authentication Types Password Attacks and Password Cracking
198
207
208 209 210 211 212 212 213
Contents
Chapter
9
Summary
215
Exam Essentials
215
Review Questions Answers to Review Questions
216
SQL Injection
Buffer Overflows Overflows and Methods of Detection
Buffer Overflow Countermeasures
225 226 228
229 231
Summary
232
Exam Essentials
232
Review
Questions
Answers
to Review
233
Questions
Wireless Network Hacking Wi-Fi and Ethernet
Authentication and
to
MAC Filters and MAC
Spoofing
Locate SSIDs
Access Points
Evil Twin Wireless
or
237 239 240
Cracking Techniques
Using Wireless Sniffers Rogue
11
224
229
Types of Buffer
Chapter
221 222
Finding a SQL Injection Vulnerability The Purpose of SQL Injection SQL Injection Using Dynamic Strings SQL Injection Countermeasures
10
219
Attacking Applications: SQL Injection and Buffer Overflows
Chapter
xv
AP
242 246 248 250
Masquerading
Hacking Techniques
250 251
Securing Wireless Networks Summary
254
Exam Essentials
254
Review Questions
255
Answers
259
to
Review Questions
Physical Site Security
251
261
Components of Physical Security Understanding Physical Security Physical Site Security Countermeasures What to Do After a Security Breach Occurs Summary
262
Exam Essentials
274
Review
275
Questions
Answers
to
Review Questions
264 266
274 274
279
xvi
Chapter
Contents
12
Hacking Linux Systems Linux Basics
285
Summary
293
Exam Essentials
294
Review
295
Questions
Answers 13
282 Linux Kernel
Compiling GCC Compilation Commands Installing Linux Kernel Modules Linux Hardening Methods a
Chapter
to
Review
289
299
301
Exam Essentials
316
308 316
317
Questions Questions
322 323
Cryptography
Cryptography and Encryption Techniques Types of Encryption Stream Ciphers vs. Block Ciphers Generating Public and Private Keys Other Uses for Encryption Cryptography Algorithms Cryptography Attacks Summary
324
Exam Essentials
338
Questions
Answers 15
289
302
Review
Chapter
288
Types of IDSs and Evasion Techniques Firewall Types and Honeypot Evasion Techniques Summary
Answers to Review 14
Questions
Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls
Review
Chapter
281
to
a
Questions
Penetration Test
Defining Security
Assessments
Penetration Testing Penetration
328 329 333 335 337 337
339
Review
Performing
326
Testing Steps
The Pen Test Legal Framework Automated Penetration Testing Tools Pen Test Deliverables
