CEH v10 Module 00 - Introduction and Table of Contents - WWW - Ethicalhackx.com-Dikonversi

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.
com/ethicalhackx
CEH V10 EC-COUNCIL CERTIFIED

ETHIC AL H A C K E R
M OS T D E M A N D I N G C O M P L E TE
HACKING GUID E
C er I I! ied ¿ I hi‹ a I Ha‹ k eI
“To beat a hacker, you need to think like a hacker
htw
tpw
s:w
//w.iwpws.p
ete
hciciaalh
Certified Ethical Hacker v10
liasct.n
kx.e
ctom fb.com/ethicalhackx
Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Document Control
Proposal Name : CEH v1O: EC-Council Certified Ethical
Hacker Complete Training Guide with
Practice Labs
Document Version : 1.O
Document Release Date : 14-May-18
Reference : Certified Ethical Hacking Workbook
Copyright © fiŒ18 IPSpecialist LTD.

Registered in England and Wales
Company Registration No: 1O88s5sP
Registration Office at Office sZ, 1P-Z1 Crawford Gtreet, London W1H 1PJ,
United Kingdom
www.ipspecialist.net
All rights reserved. No part of this book may be reproduced or transmitted in

any form or by any means, electronic or mechanical, including photocopying,

recording, or by any information storage and retrieval system, without written
permission from IPGpecialist LTD, except for the inclusion of brief
quotations in a review.
Feedback:
If you have any comments regarding the quality of this book, or otherwise
alter it to suit your needs better, you can contact us by email at
info@ipspecialist.net
Please make sure to include the book title and IGBN in your message

About IPSpecialist
IPSPECIALIST LTD. IS C0MMITTED T0 EXCELLENCE AND DEDICATED T0 Y0UR
SUCCESS.
Our philosophy is to treat our customers like family. We want you to

succeed, and we are willing to do anything possible to help you make it
happen. We have the proof to back up our claims. We strive to accelerate
billions of careers with great courses, accessibility, and affordability. We
believe that continuous learning and knowledge evolution are most important
things to keep re-skilling and up-skilling the world.
Planning and creating a specific goal is where IPGpecialist helps. We can

create a career track that suits your visions as well as develop the
competencies you need to become a professional Network Engineer. We can
also assist you with the execution and evaluation of proficiency level based
on the career track you choose, as they are customized to fit your specific
goals.
We help you GTAND OUT from the crowd through our detailed IP training
content packages.
Course Features:
· SeIf-Paced Iearning
O Learn at your own pace and in your own time
· Goverc GompIete Exam BIueprint
O Prep-up for the exam with confidence
· Gace Study Baced Learning
O Relate the content to real-life scenarios
· Subccriptionc that cuitc you
O Get more pay less with IPG Gubscriptions
· Gareer Advicory Servicec
O Let industry experts plan your career journey

· VirtuaI Labc to tect your ckiIIc

O With IPG vRacks, you can testify your exam preparations
· Practice Quectionc
O Practice Questions to measure your preparation standards
· On Requect DigitaI Gertification
O On request, digital certification from IPGpecialist LTD.
About the Authors:

We compiled this workbook under the supervision of multiple professional
engineers. These engineers specialize in different fields, i.e., Networking,
Gecurity, Cloud, Big Data, IoT, and so forth. Each engineer develops content
in its specialized field that is compiled to form a comprehensive certification
guide.
About the Technical Reviewers:

Nouman Ahmed Khan
AWG-Architect, CCDE, CCIEX5 (R&G, GP, Gecurity, DC, Wireless), CIGGP,

CIGA, CIGM is a Golution Architect working with a major
telecommunication provider in Qatar. He works with enterprises, mega-
projects, and service providers to help them select the best-fit technology
solutions. He also works closely with a consultant to understand customer
business processes and helps select an appropriate technology strategy to
support business goals. He has more than 14 years of experience working in
Pakistan/Middle-East & UK. He holds a Bachelor of Engineering Degree
from NED University, Pakistan, and M.Gc. in Computer Networks from the
UK.
Abubakar Saeed
Abubakar Gaeed has more than twenty-five years of experience, Managing,

Consulting, Designing, and implementing large-scale technology projects,

extensive experience heading IGP operations, solutions integration, heading

Product Development, Presales, and Golution Design. Emphasizing on
adhering to Project timelines and delivering as per customer expectations, he
always leads the project in the right direction with his innovative ideas and
excellent management.
Muhammad Yousuf
Muhammad Yousuf is a professional technical content writer. He is Cisco

Certified Network Associate in Routing and Gwitching, holding bachelor's
degree in Telecommunication Engineering from Gir Gyed University of
Engineering and Technology. He has both technical knowledge and industry
sounding information, which he uses perfectly in his career.

Table of Contents
Chapter 1: Introduction to Ethical Hacking

Technology Brief
Information Gecurity Overview
Data Breach
Essential Terminology
Elements of Information Gecurity
The Gecurity, Functionality, and Usability Triangle
Information Gecurity Threats and Attack Vectors
Motives, Goals, and Objectives of Information Gecurity Attacks
Top Information Gecurity Attack Vectors
Information Gecurity Threat Categories
Types of Attacks on a Gystem
Information Warfare
Hacking Concepts, Types, and Phases
Hacker
Hacking
Hacking Phases
Ethical Hacking Concepts and Gcope
Ethical Hacking
Why Ethical Hacking is Necessary
Gcope and Limitations of Ethical Hacking
Phases of Ethical Hacking
Gkills of an Ethical Hacker
Information Gecurity Controls
Information Assurance (IA)
Information Gecurity Management Program
Threat Modeling
Enterprise Information Gecurity Architecture (EIGA)

Network Gecurity Zoning

Information Gecurity Policies
Types of Gecurity Policies
Implications for Gecurity Policy Enforcement
Physical Gecurity
Incident Management
Incident Management Process
Responsibilities of Incident Response Team
Vulnerability Assessment
Types of Vulnerability Assessment
Network Vulnerability Assessment Methodology
Penetration Testing
Technology Overview
Important for Penetration testing
Types of Penetration Testing
Phases of Penetration Testing
Gecurity Testing Methodology
Information Gecurity Laws and Gtandards
Payment Card Industry Data Gecurity Gtandard (PCI-DGG)
IGO/IEC Z7OO1:ZO1s
Health Insurance Portability and Accountability Act (HIPAA)
Garbanes Oxley Act (GOX)
Chapter Z: Footprinting & Reconnaissance
Technology Brief
Footprinting Concepts
Pseudonymous Footprinting
Internet Footprinting
Objectives of Footprinting
Footprinting Methodology
Footprinting through Gearch Engines
Footprinting using Advanced Google Hacking Techniques
Footprinting through Gocial Networking Gites
Website Footprinting
Email Footprinting
Competitive Intelligence

Monitoring Website Traffic of Target Company

WHOIG Footprinting
DNG Footprinting
Network Footprinting
Footprinting through Gocial Engineering
Footprinting Tool
Lab OZ-1: Maltego Tool Overview
Lab OZ-Z: Recon-ng Overview
Lab OZ-s: FOCA Tool Overview
Countermeasures of Footprinting
Lab Z-4: Gathering information using Windows Command Line Utilities
Lab Z-5: Downloading a Website using Website Copier tool (HTTrack)
Lab Z-6: Gathering information using Metasploit
Chapter s: Gcanning Networks
Technology Brief
Overview of Network Gcanning
TCP Communication
Creating Custom Packet Using TCP Flags
Gcanning Methodology
Checking for Live Gystems
Check for Open Ports
Lab s-1: Hping Commands:
Lab s-Z: Hping Commands:
Lab s-s: Xmas Gcanning
Gcanning Beyond IDG
OG Fingerprinting & Banner Grabbing
Draw Network Diagrams
Lab s-4: Creating Network Topology Map using Tool
Prepare Proxies
Chapter 4: Enumeration
Technology Brief
Enumeration Concepts
Enumeration
Techniques for Enumeration
Gervices and Ports to Enumerate

Lab 4-1: Gervices Enumeration using Nmap

NetBIOG Enumeration
NetBIOG Enumeration Tool
Lab 4-Z: Enumeration using GuperGcan Tool
Enumerating Ghared Resources Using Net View
Lab 4-s: Enumeration using GoftPerfect Network Gcanner Tool
GNMP Enumeration
GNMP Enumeration
Gimple Network Management Protocol
LDAP Enumeration
Lightweight Directory Access Protocol (LDAP)
LDAP Enumeration Tool:
NTP Enumeration
Network Time Protocol (NTP)
GMTP Enumeration
Gimple Mail Transfer Protocol (GMTP)
GMTP Enumeration Technique
DNG Zone Transfer Enumeration Using NGLookup
Enumeration Countermeasures
Chapter 5: Vulnerability Analysis
Technology Brief
Vulnerability Assessment Concept:
Vulnerability Assessment
Vulnerability Assessment Life-Cycle
Vulnerability Assessment Golutions
Vulnerability Gcoring Gystems
Vulnerability Gcanning
Lab 5.1: Vulnerability Gcanning using Nessus Vulnerability Gcanning Tool
Chapter 6: Gystem Hacking
Technology Brief
Gystem Hacking
Gystem Hacking Methodology
Password Cracking
Lab 6-1: Online tool for default passwords
Lab 6-Z: Rainbow Table using Winrtgen tool

Lab 6-s: Password Cracking using Pwdump7 and Ophcrack tool.

Escalating Privileges
Executing Applications
Hiding Files
Lab 6-4: NTFG Gtream Manipulation
Lab 6-5: Gteganography
Lab 6-6: Image Gteganography
Covering Tracks
Lab 6-7: Clearing Audit Policies on Windows
Lab 6-8: Clearing Logs on Windows
Lab 6-P: Clearing logs on Linux
Chapter 7: Malware Threats
Technology Brief
Malware
Trojan Concept
Trojan
Virus and Worms Concepts
Viruses
Virus Analysis and Detection Methods
Malware Reverse Engineering
Gheep Dipping
Malware Analysis
Lab 7-1: HTTP RAT Trojan
Lab 7-Z: Monitoring TCP/IP connection using CurrPort tool
Chapter 8: Gniffing
Technology Brief
Gniffing Concepts
Introduction to Gniffing
Working of Gniffers
Types of Gniffing
Hardware Protocol Analyzer
GPAN Port
Wiretapping
MAC Attacks
MAC Address Table / CAM Table

MAC Flooding
Gwitch Port Gtealing
Defend against MAC Attacks
DHCP Attacks
Dynamic Host Configuration Protocol (DHCP) Operation
DHCP Gtarvation Attack
Rogue DHCP Gerver Attack
Defending Against DHCP Gtarvation and Rogue Gerver Attack
ARP Poisoning
Address Resolution Protocol (ARP)
ARP Gpoofing Attack
Defending ARP Poisoning
Gpoofing Attack
MAC Gpoofing/Duplicating
Lab 8-1: Configuring locally administered MAC address
DNG Poisoning
DNG Poisoning Techniques
How to Defend Against DNG Gpoofing
Gniffing Tools
Wireshark
Lab 8-Z: Introduction to Wireshark
Countermeasures
Defending Against Gniffing
Gniffing Detection Techniques
Gniffer Detection Technique
Promiscuous Detection Tool
Chapter P: Gocial Engineering
Technology Brief
Gocial Engineering Concepts
Introduction to Gocial Engineering
Phases of a Gocial Engineering Attack
Gocial Engineering Techniques
Types of Gocial Engineering
Insider Attack
Impersonation on Gocial Networking Gites

Gocial Engineering Through Impersonation on Gocial Networking Gites

Risks of Gocial Networking in a Corporate Networks
Identity Theft
Identify Theft Overview
The process of Identity theft
Gocial Engineering Countermeasures
Lab OP-1: Gocial Engineering using Kali Linux
Chapter 1O: Denial-of-Gervices
Technology Brief
DoG/DDoG Concepts
Denial of Gervice (DoG)
Distributed Denial of Gervice (DDoG)
How Distributed Denial of Gervice Attacks Work
DoG/DDoG Attack Techniques
Basic Categories of DoG/DDoG Attacks
DoG/DDoG Attack Techniques
Botnets
Botnet Getup
Propagation of Malicious Codes
Botnet Trojan
DoG/DDoG Attack Tools
Pandora DDoG Bot Toolkit
Other DDoG Attack tools
DoG and DDoG Attack Tool for Mobile
Lab 1O-1: GYN Flooding Attack using Metasploit
Lab 1O-Z: GYN Flooding Attack using Hpings
Counter-measures
Detection Techniques
DoG/DDoG Countermeasure Gtrategies
Techniques to Defend against Botnets
Enabling TCP Intercept on Cisco IOG Goftware
Chapter 11: Gession Hijacking
Technology Brief
Gession Hijacking
Gession Hijacking Techniques

Gession Hijacking Process

Types of Gession Hijacking
Gession Hijacking in OGI Model
Gpoofing vs. Hijacking
Application Level Gession Hijacking
Application-Level Hijacking Concept
Compromising Gession IDs Using Man-in-the-Middle Attack
Compromising Gession IDs Using Man-in-the-Browser Attack
Compromising Gession IDs Using Client-side Attacks
Gession Replay Attack
Gession Fixation
Network-level Gession Hijacking
The s-Way Handshake
TCP/IP Hijacking
Gource Routing
RGT Hijacking
Blind Hijacking
Forged ICMP and ARP Gpoofing
UDP Hijacking
Countermeasures
Gession Hijacking Countermeasures
IPGec
Chapter 1Z: Evading IDG, Firewall and Honeypots
Technology Brief
IDG, Firewall and Honeypot Concepts
Intrusion Detection Gystems (IDG)
Firewall
Honeypot
IDG, Firewall and Honeypot Gystem
Intrusion Detection Tools
Evading IDG
Insertion Attack
Evasion
Denial-of-Gervice Attack (DoG)
Obfuscating

False Positive Generation

Gession Gplicing
Unicode Evasion Technique
Evading Firewalls
Firewall Identification
IP Address Gpoofing
Gource Routing
By passing Techniques
Bypassing through GGH Tunneling Method
Bypassing Firewall through External Gystems
IDG/Firewall Evasion Counter-measures
Lab 1Z-1: Configuring Honeypot on Windows Gerver ZO16
Chapter 1s: Hacking Web Gervers
Technology Brief
Web server Concepts
Web Gerver Gecurity Issue
Open Gource Web server Architecture
IIG Web Gerver Architecture
Web server Attacks
DoG/DDoG Attacks
DNG Gerver Hijacking
DNG Amplification Attack
Directory Traversal Attacks
Man-in-the-Middle/Gniffing Attack
Phishing Attacks
Website Defacement
Web server Misconfiguration
HTTP Response Gplitting Attack
Web Cache Poisoning Attack
GGH Brute-force Attack
Web Application Attacks
Attack Methodology
Information Gathering
Web server Footprinting
Lab 1s-1: Web Gerver Footprinting using Tool

Mirroring a Website
Gession Hijacking
Hacking Web Passwords
Countermeasures
Countermeasures
Patch Management
Patches and Hotfixes
Patch Management
Lab 1s-Z: Microsoft Baseline Gecurity Analyzer (MBGA)
Lab 1s-s: Web server Gecurity Tool
Chapter 14: Hacking Web Applications
Technology Brief
Web Application Concepts
Gerver Administrator
Application Administrator
Client
How do Web Applications works?
Web Z.O
Web App Threats
Web App Hacking Methodology
Analyze Web Applications
Attack Authentication Mechanism
Authorization Attack Gchemes
Gession Management Attack
Perform Injection Attacks
Attack Data Connectivity
Countermeasures
Encoding Gchemes
Chapter 15: GQL Injection
Technology Brief
GQL Injection Concepts
GQL Injection
The scope of GQL Injection
How GQL Query works

GQL Injection Tools

Types of GQL Injection
In-Band GQL Injection
Inferential GQL Injection (Blind Injection)
Out-of-band GQL Injection
GQL Injection Methodology
Information Gathering and GQL Injection Vulnerability Detection
Launch GQL Injection Attacks
Advanced GQL Injection
Evasion Techniques
Evading IDG
Types of Gignature Evasion Techniques
Counter-measures
Lab 15-1: Using IBM Gecurity AppGcan Gtandard
Chapter 16: Hacking Wireless Networks
Technology Brief
Wireless Concepts
Wireless Networks
Wi-Fi Technology
Types of Wireless Antenna
Wireless Encryption
WEP Encryption
WPA Encryption
WPAZ Encryption
Wireless Threats
Access Control Attacks
Integrity and Confidentiality Attacks
Availability Attacks
Authentication Attacks
Rogue Access Point Attack
Client Mis-association
Misconfigured Access Point Attack
Unauthorized Association
Ad Hoc Connection Attack
Jamming Gignal Attack

Wireless Hacking Methodology

Wi-Fi Discovery
GPG Mapping
Wireless Traffic Analysis
Launch Wireless Attacks
Bluetooth Hacking
Bluetooth Attacks
Bluetooth Countermeasures
Wireless Gecurity Tools
Wireless Intrusion Prevention Gystems
Wi-Fi Gecurity Auditing Tool
Lab 16-1: Hacking Wi-Fi Protected Access Network using Aircrack-ng
Countermeasures
Chapter 17: Hacking Mobile Platforms
Technology Brief
Mobile Platform Attack Vectors
OWAGP Top 1O Mobile Threats
Mobile Attack Vector
Hacking Android OG
Introduction to Android Operating Gystem
Hacking iOG
iPhone Operating Gystem
Jailbreaking iOG
Hacking Windows Phone OG
Windows Phone
Hacking BlackBerry
BlackBerry Operating Gystem
BlackBerry Attack Vectors
Mobile Device Management (MDM)
Mobile Device Management Concept
Bring Your Own Device (BYOD)
BYOD Architecture Framework
Mobile Gecurity Guidelines
Chapter 18: IoT Hacking
Technology Brief

Internet of Things (IoT) Concept

How does the Internet of Things works?
IoT Communication Models
Understanding IoT Attacks
Challenges to IoT
OWAGP Top 1O IoT Vulnerabilities
IoT Attack Areas
IoT Attacks
IoT Hacking Methodology
Information Gathering
Launch Attack
Gain Access
Maintain Attack
Countermeasures:
Chapter 1P: Cloud Computing
Introduction to Cloud Computing
Types of Cloud Computing Gervices
Cloud Deployment Models
NIGT Cloud Computing Reference Architecture
Cloud Computing Benefits
Understanding Virtualization
Cloud Computing Threats
Data Loss/Breach
Abusing Cloud Gervices
Insecure Interface and APIs
Cloud Computing Attacks
Gervice Hijacking using Gocial Engineering Attacks
Gervice Hijacking using Network Gniffing
Gession Hijacking using XGG Attack
Gession Hijacking using Gession Riding
Domain Name Gystem (DNG) Attacks
Gide Channel Attacks or Cross-guest VM Breaches
Cloud Gecurity
Cloud Gecurity Control Layers

Responsibilities in Cloud Gecurity

Cloud Computing Gecurity Considerations
Cloud Gecurity Tools
Core CloudInspect
CloudPassage Halo
Chapter ZO: Cryptography
Technology Brief
Cryptography Concepts
Cryptography
Types of Cryptography
Government Access to Keys (GAK)
Encryption Algorithms
Ciphers
Data Encryption Gtandard (DEG)
Advanced Encryption Gtandard (AEG)
RC4, RC5, RC6 Algorithms
The DGA and Related Gignature Gchemes
RGA (Rivest Ghamir Adleman)
Lab ZO-1: Example of RGA Algorithm
Message Digest (One-way Hash) Functions
Gecure Hashing Algorithm (GHA)
GGH (Gecure Ghell)
Cryptography Tools
MD5 Hash Calculators
Lab ZO-Z: Calculating MD5 using Tool
Hash Calculators for Mobile:
Cryptography Tool
Lab ZO-s: Advanced Encryption Package ZO14
Public Key Infrastructure(PKI)
Certification Authorities (CA)
Gigned Certificate Vs. Gelf Gigned Certificate
Email Encryption
Digital Gignature
GGL (Gecure Gockets Layer)
GGL and TLG for Gecure Communication

Pretty Good Privacy (PGP)

Disk Encryption
Cryptography Attacks
Code Breaking Methodologies
References
Chapter 1: Introduction to Ethical Hacking ZZ
Technology Brief ZZ
Information Gecurity Overview ZZ
Data Breach ZZ
Essential Terminology Zs
Elements of Information Gecurity Z4
The Gecurity, Functionality, and Usability Triangle Z6
Information Gecurity Threats and Attack Vectors Z7
Motives, Goals, and Objectives of Information Gecurity Attacks Z7
Top Information Gecurity Attack Vectors Z7
Information Gecurity Threat Categories sO
Types of Attacks on a Gystem sZ
Information Warfare ss
Hacking Concepts, Types, and Phases s4
Hacker s4
Hacking s5
Hacking Phases s5
Ethical Hacking Concepts and Gcope s6
Ethical Hacking s6
Why Ethical Hacking is Necessary s6
Gcope and Limitations of Ethical Hacking s7
Phases of Ethical Hacking s7
Gkills of an Ethical Hacker s8
Information Gecurity Controls sP
Information Assurance (IA) sP
Information Gecurity Management Program sP
Threat Modeling 4O
Enterprise Information Gecurity Architecture (EIGA) 41
Network Gecurity Zoning 41
Information Gecurity Policies 4Z

Types of Gecurity Policies 4s

Implications for Gecurity Policy Enforcement 44
Physical Gecurity 44
Incident Management 45
Incident Management Process 46
Responsibilities of Incident Response Team 46
Vulnerability Assessment 47
Types of Vulnerability Assessment 47
Network Vulnerability Assessment Methodology 47
Penetration Testing 5O
Technology Overview 5O
Important for Penetration testing 5O
Types of Penetration Testing 51
Phases of Penetration Testing 5Z
Gecurity Testing Methodology 5Z
Information Gecurity Laws and Gtandards 5s
Payment Card Industry Data Gecurity Gtandard (PCI-DGG) 5s
IGO/IEC Z7OO1:ZO1s 54
Health Insurance Portability and Accountability Act (HIPAA) 54
Garbanes Oxley Act (GOX) 54
Chapter Z: Footprinting & Reconnaissance 57
Technology Brief 57
Footprinting Concepts 57
Pseudonymous Footprinting 57
Internet Footprinting 57
Objectives of Footprinting 57
Footprinting Methodology 58
Footprinting through Gearch Engines 58
Footprinting using Advanced Google Hacking Techniques 64
Footprinting through Gocial Networking Gites 66
Website Footprinting 6P
Email Footprinting 7P
Competitive Intelligence 81
Monitoring Website Traffic of Target Company 8Z
WHOIG Footprinting 86

DNG Footprinting PZ
Network Footprinting P6
Footprinting through Gocial Engineering PP
Footprinting Tool 1O1
Lab OZ-1: Maltego Tool Overview 1O1
Lab OZ-Z: Recon-ng Overview 1O4
Lab OZ-s: FOCA Tool Overview 1OP
Countermeasures of Footprinting 111
Lab Z-4: Gathering information using Windows Command Line
Utilities 11Z
Lab Z-5: Downloading a Website using Website Copier tool
(HTTrack) 116
Lab Z-6: Gathering information using Metasploit 1ZZ
Chapter s: Gcanning Networks 1s8
Technology Brief 1s8
Overview of Network Gcanning 1s8
TCP Communication 1s8
Creating Custom Packet Using TCP Flags 14O
Gcanning Methodology 14Z
Checking for Live Gystems 14Z
Check for Open Ports 145
Lab s-1: Hping Commands: 146
Lab s-Z: Hping Commands: 14P
Lab s-s: Xmas Gcanning 155
Gcanning Beyond IDG 165
OG Fingerprinting & Banner Grabbing 165
Draw Network Diagrams 167
Lab s-4: Creating Network Topology Map using Tool 168
Prepare Proxies 17O
Chapter 4: Enumeration 176
Technology Brief 176
Enumeration Concepts 176
Enumeration 176
Techniques for Enumeration 176
Gervices and Ports to Enumerate 177

Lab 4-1: Gervices Enumeration using Nmap 178

NetBIOG Enumeration 181
NetBIOG Enumeration Tool 18s
Lab 4-Z: Enumeration using GuperGcan Tool 184
Enumerating Ghared Resources Using Net View 187
Lab 4-s: Enumeration using GoftPerfect Network Gcanner Tool 187
GNMP Enumeration 1P1
GNMP Enumeration 1P1
Gimple Network Management Protocol 1PZ
LDAP Enumeration 1P4
Lightweight Directory Access Protocol (LDAP) 1P4
LDAP Enumeration Tool: 1P4
NTP Enumeration 1P5
Network Time Protocol (NTP) 1P5
GMTP Enumeration 1P8
Gimple Mail Transfer Protocol (GMTP) 1P8
GMTP Enumeration Technique 1P8
DNG Zone Transfer Enumeration Using NGLookup 1PP
Enumeration Countermeasures ZOO
Chapter 5: Vulnerability Analysis ZOZ
Technology Brief ZOZ
Vulnerability Assessment Concept: ZOZ
Vulnerability Assessment ZOZ
Vulnerability Assessment Life-Cycle ZOs
Vulnerability Assessment Golutions ZO4
Vulnerability Gcoring Gystems ZO5
Vulnerability Gcanning ZO7
Lab 5.1: Vulnerability Gcanning using Nessus Vulnerability Gcanning
Tool Z11
Chapter 6: Gystem Hacking ZZ7
Technology Brief ZZ7
Gystem Hacking ZZ7
Gystem Hacking Methodology ZZ8
Password Cracking ZZ8
Lab 6-1: Online tool for default passwords Zs1

Lab 6-Z: Rainbow Table using Winrtgen tool Zs4

Lab 6-s: Password Cracking using Pwdump7 and Ophcrack tool. Z44
Escalating Privileges Z55
Executing Applications Z57
Hiding Files Z61
Lab 6-4: NTFG Gtream Manipulation Z6s
Lab 6-5: Gteganography Z71
Lab 6-6: Image Gteganography Z7s
Covering Tracks Z77
Lab 6-7: Clearing Audit Policies on Windows Z78
Lab 6-8: Clearing Logs on Windows Z81
Lab 6-P: Clearing logs on Linux Z8s
Chapter 7: Malware Threats ZPO
Technology Brief ZPO
Malware ZPO
Trojan Concept ZP1
Trojan ZP1
Virus and Worms Concepts ZP7
Viruses ZP7
Virus Analysis & Detection Methods sO1
Malware Reverse Engineering sOZ
Gheep Dipping sOZ
Malware Analysis sOZ
Lab 7-1: HTTP RAT Trojan sO4
Lab 7-Z: Monitoring TCP/IP connection using CurrPort tool s1s
Chapter 8: Gniffing sZO
Technology Brief sZO
Gniffing Concepts sZO
Introduction to Gniffing sZO
Working of Gniffers sZO
Types of Gniffing sZ1
Hardware Protocol Analyzer sZZ
GPAN Port sZs
Wiretapping sZ4
MAC Attacks sZ5

MAC Address Table / CAM Table sZ5

MAC Flooding sZ7
Gwitch Port Gtealing sZ7
Defend against MAC Attacks sZ7
DHCP Attacks sZ8
Dynamic Host Configuration Protocol (DHCP) Operation sZ8
DHCP Gtarvation Attack sZP
Rogue DHCP Gerver Attack ssO
Defending Against DHCP Gtarvation and Rogue Gerver Attack ssO
ARP Poisoning ss1
Address Resolution Protocol (ARP) ss1
ARP Gpoofing Attack ssZ
Defending ARP Poisoning sss
Gpoofing Attack ss6
MAC Gpoofing/Duplicating ss6
Lab 8-1: Configuring locally administered MAC address ss6
DNG Poisoning s4Z
DNG Poisoning Techniques s4Z
How to Defend Against DNG Gpoofing s4s
Gniffing Tools s44
Wireshark s44
Lab 8-Z: Introduction to Wireshark s44
Countermeasures s48
Defending Against Gniffing s48
Gniffing Detection Techniques s48
Gniffer Detection Technique s48
Promiscuous Detection Tool s4P
Chapter P: Gocial Engineering s5O
Technology Brief s5O
Gocial Engineering Concepts s5O
Introduction to Gocial Engineering s5O
Phases of a Gocial Engineering Attack s51
Gocial Engineering Techniques s51
Types of Gocial Engineering s51
Insider Attack s55

Impersonation on Gocial Networking Gites s55

Gocial Engineering Through Impersonation on Gocial Networking
Gites s55
Risks of Gocial Networking in a Corporate Networks s56
Identity Theft s56
Identify Theft Overview s56
The process of Identity theft s56
Gocial Engineering Countermeasures s58
Lab OP-1: Gocial Engineering using Kali Linux s58
Chapter 1O: Denial-of-Gervices s71
Technology Brief s71
DoG/DDoG Concepts s71
Denial of Gervice (DoG) s71
Distributed Denial of Gervice (DDoG) s7Z
How Distributed Denial of Gervice Attacks Work s7Z
DoG/DDoG Attack Techniques s7Z
Basic Categories of DoG/DDoG Attacks s7Z
DoG/DDoG Attack Techniques s7s
Botnets s76
Botnet Getup s76
Propagation of Malicious Codes s78
Botnet Trojan s7P
DoG/DDoG Attack Tools s7P
Pandora DDoG Bot Toolkit s7P
Other DDoG Attack tools s7P
DoG and DDoG Attack Tool for Mobile s8O
Lab 1O-1: GYN Flooding Attack using Metasploit s8O
Lab 1O-Z: GYN Flooding Attack using Hpings s86
Counter-measures s88
Detection Techniques s88
DoG/DDoG Countermeasure Gtrategies s88
Techniques to Defend against Botnets s88
Enabling TCP Intercept on Cisco IOG Goftware s8P
Chapter 11: Gession Hijacking sP1
Technology Brief sP1

Gession Hijacking sP1

Gession Hijacking Techniques sP1
Gession Hijacking Process sPZ
Types of Gession Hijacking sPs
Gession Hijacking in OGI Model sPs
Gpoofing vs. Hijacking sP4
Application Level Gession Hijacking sP4
Application-Level Hijacking Concept sP4
Compromising Gession IDs Using Man-in-the-Middle Attack sP5
Compromising Gession IDs Using Man-in-the-Browser Attack sP5
Compromising Gession IDs Using Client-side Attacks sP6
Gession Replay Attack sP6
Gession Fixation sP6
Network-level Gession Hijacking sP7
The s-Way Handshake sP7
TCP/IP Hijacking sP7
Gource Routing sP8
RGT Hijacking sP8
Blind Hijacking sP8
Forged ICMP and ARP Gpoofing sP8
UDP Hijacking sP8
Countermeasures sP8
Gession Hijacking Countermeasures sP8
IPGec sPP
Chapter 1Z: Evading IDG, Firewall & Honeypots 4Os
Technology Brief 4Os
IDG, Firewall and Honeypot Concepts 4Os
Intrusion Detection Gystems (IDG) 4Os
Firewall 4O8
Honeypot 416
IDG, Firewall and Honeypot Gystem 416
Intrusion Detection Tools 416
Evading IDG 418
Insertion Attack 418
Evasion 41P

Denial-of-Gervice Attack (DoG) 4ZO

Obfuscating 4ZO
False Positive Generation 4ZO
Gession Gplicing 4ZO
Unicode Evasion Technique 4ZO
Evading Firewalls 4Z1
Firewall Identification 4Z1
IP Address Gpoofing 4ZZ
Gource Routing 4ZZ
By passing Techniques 4ZZ
Bypassing through GGH Tunneling Method 4Zs
Bypassing Firewall through External Gystems 4Zs
IDG/Firewall Evasion Counter-measures 4Zs
Lab 1Z-1: Configuring Honeypot on Windows Gerver ZO16 4Z4
Chapter 1s: Hacking Web Gervers 4sZ
Technology Brief 4sZ
Web server Concepts 4sZ
Web Gerver Gecurity Issue 4sZ
Open Gource Web server Architecture 4sZ
IIG Web Gerver Architecture 4ss
Web server Attacks 4s4
DoG/DDoG Attacks 4s4
DNG Gerver Hijacking 4s5
DNG Amplification Attack 4s5
Directory Traversal Attacks 4s5
Man-in-the-Middle/Gniffing Attack 4s5
Phishing Attacks 4s5
Website Defacement 4s5
Web server Misconfiguration 4s5
HTTP Response Gplitting Attack 4s6
Web Cache Poisoning Attack 4s6
GGH Brute-force Attack 4s6
Web Application Attacks 4s6
Attack Methodology 4s6
Information Gathering 4s6

Web server Footprinting 4s7

Lab 1s-1: Web Gerver Footprinting using Tool 4s7
Mirroring a Website 4s8
Vulnerability Gcanning 4sP
Gession Hijacking 4sP
Hacking Web Passwords 4sP
Countermeasures 4sP
Countermeasures 44O
Patch Management 44O
Patches and Hotfixes 44O
Patch Management 441
Lab 1s-Z: Microsoft Baseline Gecurity Analyzer (MBGA) 441
Lab 1s-s: Web server Gecurity Tool 448
Chapter 14: Hacking Web Applications 45Z
Technology Brief 45Z
Web Application Concepts 45Z
Gerver Administrator 45Z
Application Administrator 45s
Client 45s
How Web Applications works? 45s
Web Z.O 454
Web App Threats 454
Web App Hacking Methodology 456
Analyze Web Applications 456
Attack Authentication Mechanism 456
Authorization Attack Gchemes 456
Gession Management Attack 456
Perform Injection Attacks 456
Attack Data Connectivity 457
Countermeasures 458
Encoding Gchemes 458
Chapter 15: GQL Injection 46O
Technology Brief 46O
GQL Injection Concepts 46O
GQL Injection 46O

The scope of GQL Injection 46O

How GQL Query works 46O
GQL Injection Tools 46Z
Types of GQL Injection 46Z
In-Band GQL Injection 46Z
Inferential GQL Injection (Blind Injection) 46s
Out-of-band GQL Injection 46s
GQL Injection Methodology 46s
Information Gathering and GQL Injection Vulnerability
Detection 46s
Launch GQL Injection Attacks 464
Advanced GQL Injection 464
Evasion Techniques 464
Evading IDG 464
Types of Gignature Evasion Techniques 464
Counter-measures 465
Lab 15-1: Using IBM Gecurity AppGcan Gtandard 465
Chapter 16: Hacking Wireless Networks 47Z
Technology Brief 47Z
Wireless Concepts 47Z
Wireless Networks 47Z
Wi-Fi Technology 475
Types of Wireless Antenna 48O
Wireless Encryption 481
WEP Encryption 481
WPA Encryption 48Z
WPAZ Encryption 48s
Wireless Threats 484
Access Control Attacks 484
Integrity & Confidentiality Attacks 484
Availability Attacks 484
Authentication Attacks 485
Rogue Access Point Attack 485
Client Mis-association 485
Misconfigured Access Point Attack 485

Unauthorized Association 485

Ad Hoc Connection Attack 485
Jamming Gignal Attack 485
Wireless Hacking Methodology 486
Wi-Fi Discovery 486
GPG Mapping 486
Wireless Traffic Analysis 486
Launch Wireless Attacks 486
Bluetooth Hacking 487
Bluetooth Attacks 487
Bluetooth Countermeasures 487
Wireless Gecurity Tools 488
Wireless Intrusion Prevention Gystems 488
Wi-Fi Gecurity Auditing Tool 488
Lab 16-1: Hacking Wi-Fi Protected Access Network using Aircrack-
ng 48P
Countermeasures 4P7
Chapter 17: Hacking Mobile Platforms 4PP
Technology Brief 4PP
Mobile Platform Attack Vectors 4PP
OWAGP Top 1O Mobile Threats 4PP
Mobile Attack Vector 5OO
Hacking Android OG 5O1
Introduction to Android Operating Gystem 5O1
Hacking iOG 5O4
iPhone Operating Gystem 5O4
Jailbreaking iOG 5O4
Hacking Windows Phone OG 5O6
Windows Phone 5O6
Hacking BlackBerry 5O7
BlackBerry Operating Gystem 5O7
BlackBerry Attack Vectors 5O7
Mobile Device Management (MDM) 5O8
Mobile Device Management Concept 5O8
Bring Your Own Device (BYOD) 511

BYOD Architecture Framework 51Z

Mobile Gecurity Guidelines 515
Chapter 18: IoT Hacking 516
Technology Brief 516
Internet of Things (IoT) Concept 516
How the Internet of Things works? 517
IoT Communication Models 51P
Understanding IoT Attacks 5ZZ
Challenges to IoT 5ZZ
OWAGP Top 1O IoT Vulnerabilities 5ZZ
IoT Attack Areas 5Zs
IoT Attacks 5Zs
IoT Hacking Methodology 5Z4
Information Gathering 5Z4
Vulnerability Gcanning 5Z5
Launch Attack 5Z5
Gain Access 5Z5
Maintain Attack 5Z6
Countermeasures: 5Z6
Chapter 1P: Cloud Computing 5Z7
Introduction to Cloud Computing 5Z7
Types of Cloud Computing Gervices 5Z7
Cloud Deployment Models 5Z8
NIGT Cloud Computing Reference Architecture 5Z8
Cloud Computing Benefits 5ZP
Understanding Virtualization 5sO
Cloud Computing Threats 5s1
Data Loss/Breach 5s1
Abusing Cloud Gervices 5s1
Insecure Interface and APIs 5s1
Cloud Computing Attacks 5sZ
Gervice Hijacking using Gocial Engineering Attacks 5sZ
Gervice Hijacking using Network Gniffing 5ss
Gession Hijacking using XGG Attack 5ss
Gession Hijacking using Gession Riding 5ss

Domain Name Gystem (DNG) Attacks 5ss

Gide Channel Attacks or Cross-guest VM Breaches 5ss
Cloud Gecurity 5s4
Cloud Gecurity Control Layers 5s4
Responsibilities in Cloud Gecurity 5s5
Cloud Computing Gecurity Considerations 5s6
Cloud Gecurity Tools 5s7
Core CloudInspect 5s7
CloudPassage Halo 5s7
Chapter ZO: Cryptography 54O
Technology Brief 54O
Cryptography Concepts 54O
Cryptography 54O
Types of Cryptography 54O
Government Access to Keys (GAK) 541
Encryption Algorithms 541
Ciphers 541
Data Encryption Gtandard (DEG) 54Z
Advanced Encryption Gtandard (AEG) 54s
RC4, RC5, RC6 Algorithms 545
The DGA and Related Gignature Gchemes 546
RGA (Rivest Ghamir Adleman) 546
Lab ZO-1: Example of RGA Algorithm 547
Message Digest (One-way Hash) Functions 548
Gecure Hashing Algorithm (GHA) 54P
GGH (Gecure Ghell) 55O
Cryptography Tools 55O
MD5 Hash Calculators 55O
Lab ZO-Z: Calculating MD5 using Tool 551
Hash Calculators for Mobile: 556
Cryptography Tool 557
Lab ZO-s: Advanced Encryption Package ZO14 557
Public Key Infrastructure(PKI) 56Z
Certification Authorities (CA) 56Z
Gigned Certificate Vs. Gelf Gigned Certificate 56s

Email Encryption 564

Digital Gignature 564
GGL (Gecure Gockets Layer) 564
GGL and TLG for Gecure Communication 564
Pretty Good Privacy (PGP) 566
Disk Encryption 566
Cryptography Attacks 567
Code Breaking Methodologies 568
References 56P

About this Morkbook

This workbook covers all the information you need to pass the EC-Council's
Certified Ethical Hacking s1Z-5O exam. The workbook is designed to take a
practical approach to learning with real-life examples and case studies.
N Covers complete CEH blueprint
N Gummarized content
N Case Gtudy based approach
N Ready to practice labs on VM
N Pass guarantee
N Mind maps
CEHv1Œ Update
CEH v1O covers new modules for the security of IoT devices, vulnerability
analysis, focus on emerging attack vectors on the cloud, artificial intelligence,
and machine learning including a complete malware analysis process. Our
CEH workbook delivers a deep understanding of applications of the
vulnerability analysis in a real-world environment.
EC-Council Certifications
The International Council of E-Commerce Consultants (EC-Council) is a
member-based organization that certifies individuals in various e-business
and information security skills. It is the owner and creator of the world
famous Certified Ethical Hacker (CEH), Computer Hacking Forensics
Investigator (CHFI) and EC-Council Certified Gecurity Analyst
(ECGA)/License Penetration Tester (LPT) certification, and as well as many
others certification schemes, that are offered in over 87 countries globally.

Figure 1 EC-COUNGIL CERTIFIGATIONC Ckill Matrix
EC-Council mission is to validate information security professionals having

necessary skills and knowledge required in a specialized information security
domain that helps them avert a cyber-war, should the need ever arise”. EC-
Council is committed to withholding the highest level of impartiality and
objectivity in its practices, decision making, and authority in all matters
related to certification.

EC-Council Certification Tracks
Figure £ CICGO CERTIFIGATIONC TRAGK

How does CEH certification help?

The purpose of the CEH credential is to:
N Establish and govern minimum standards for credentialing
professional information security specialists in ethical hacking measures.
N Inform the public that credentialed individuals meet or exceed the
minimum standards.
N Reinforce ethical hacking as a unique and self-regulating profession.
About the CEH Exam

N Number of Questions: 1Z5
N Test Duration: 4 Hours
N Test Format: Multiple Choice
N Test Delivery: ECC EXAM, VUE
N Exam Prefix: s1Z-5O (ECC EXAM), s1Z-5O (VUE)
A Certified Ethical Hacker is a skilled professional who understands and
knows how to look for weaknesses and vulnerabilities in target systems and
uses the same knowledge and tools as a malicious hacker, but lawfully and
legitimately to assess the security posture of a target system(s). The CEH
credential certifies individuals in the specific network security discipline of
Ethical Hacking from a vendor-neutral perspective.
N Background O4%
N Analysis/Assessments 1s%
N Gecurity Z5%
N Tools/Gystems/Programs sZ%
N Procedures/Methodology ZO%
N Regulation/Policy O4%
N Ethics OZ%
Prerequicitec
All the three programs, CEH, CHFI, and ECGA, require the candidate to have
two years of work experience in the Information Gecurity domain and should

be able to provide proof of the same as validated through the application

process unless the candidate attends official training.

CEH v10 Module 00 - Introduction and Table of Contents - WWW - Ethicalhackx.com-Dikonversi

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CEH v10 Module 00 - Introduction and Table of Contents - WWW - Ethicalhackx.com-Dikonversi

Uploaded by

Copyright:

Available Formats

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.

CEH V10 EC-COUNCIL CERTIFIED

C er I I! ied ¿ I hi‹ a I Ha‹ k eI

“To beat a hacker, you need to think like a hacker

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Copyright © fiŒ18 IPSpecialist LTD.

All rights reserved. No part of this book may be reproduced or transmitted in

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

any form or by any means, electronic or mechanical, including photocopying,

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Our philosophy is to treat our customers like family. We want you to

Planning and creating a specific goal is where IPGpecialist helps. We can

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

· VirtuaI Labc to tect your ckiIIc

About the Authors:

About the Technical Reviewers:

AWG-Architect, CCDE, CCIEX5 (R&G, GP, Gecurity, DC, Wireless), CIGGP,

Abubakar Gaeed has more than twenty-five years of experience, Managing,

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

extensive experience heading IGP operations, solutions integration, heading

Muhammad Yousuf is a professional technical content writer. He is Cisco

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Chapter 1: Introduction to Ethical Hacking

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Network Gecurity Zoning

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Monitoring Website Traffic of Target Company

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Lab 4-1: Gervices Enumeration using Nmap

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Lab 6-s: Password Cracking using Pwdump7 and Ophcrack tool.

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Gocial Engineering Through Impersonation on Gocial Networking Gites

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Gession Hijacking Process

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

False Positive Generation

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

GQL Injection Tools

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Wireless Hacking Methodology

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Internet of Things (IoT) Concept

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Responsibilities in Cloud Gecurity

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Pretty Good Privacy (PGP)

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Types of Gecurity Policies 4s

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Lab 4-1: Gervices Enumeration using Nmap 178

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Lab 6-Z: Rainbow Table using Winrtgen tool Zs4

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

MAC Address Table / CAM Table sZ5

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Impersonation on Gocial Networking Gites s55

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Gession Hijacking sP1