Professional Documents
Culture Documents
CEHv8 Module 00 PDF
CEHv8 Module 00 PDF
T A W c D 0 lU n
w w w .ta k e d o w n c o n .c o m
T A K E D 0 1 U I1 is a h a c k in g c o n fe re n c e th a t w a s co n c e iv e d by o u r m e m b e rs !
EC -C ouncil h a s b e e n flo o d e d w ith re q u e s ts to ta k e o u r w o rld -c la s s c o u rs e s o n th e ro a d !
W e have a n s w e re d th e c a ll a n d c re a te d T a keD ow nC on!
T h is c o n fe re n c e w ill be fo c u s e d on th e le a rn e r a n d w ill fe a tu re
s e v e ra l C e rtific a tio n & C e rtific a te T ra in in g c o u rs e s fo r A d va n ce d P ra c titio n e rs !
TTAKEDC
A K O O U JH w ill h o s t E C -C ouncil's s o u g h t a fte r H a ckin g , F o ren sics a n d Pen T est c o u rs e s ,
C e rtifie d W ire le s s S e c u rity P ro fe ssio n a l, a n d s e v e ra l h ig h ly te c h n ic a l a n d a d v a n c e d w o rk s h o p s
w h ic h w ill c o v e r c u r re n t a n d im p o rta n t s e c u rity to p ic s s u c h a s a d v a n c e d p e n e tra tio n te s tin g ,
c ry p to g ra p h y , n e tw o rk d e fe n s e , a p p lic a tio n s e c u rity a n d m o b ile fo re n s ic s .
H acker H alted
w w w .h a c k e rh a lte d .c o m
. 1 i * I i *•־
S ince 2 0 0 4 EC-Council ha s ho ste d 2 0 H acker H alted e ve n ts a cro ss fo u r c o n tin e n ts and
in c itie s s u c h as M y rtle B each, M ia m i, D ubai, S ingap ore , H ong Kong, M exico City,
Tokyo, K uala Lum pur, G uangzhou, Taiper a n d Cairo.
H acker H alted is m o re th a n ju s t a c o n fe re n c e eve nt; p ra c titio n e rs tra v e l fro m all over th e w orld
to a tte n d o u r w o rld -c la s s tra in in g , ga in p ra c tic a l k n o w le d g e fro m o u r e x p e rt p re s e n te rs and
g e t a preview o f th e la te s t te c h n o lo g ie s an d In fo rm a tio n S e c u rity to o ls
w h ic h w ill be sh o w ca se d by o u r e x h ib ito rs an d p a rtn e rs .
V A M P IR E
w w w .v a m p ire te c h .c o m
Is yo u r w ebsite vulne rab ly to an attack? Could hackers e xp lo it a small weakness in you r w ebsite and o b tain access
to sensitive com pany info rm atio n?
VampireScan allow s users to test th e ir ow n Cloud and W eb ap plication s against advanced attacks and receive
actionable results all w ith in th e ir ow n Web portal. O ur easy to use on lin e p o rta l w ill sim ply ask you fo r th e URL o f
your w e b application, fro m there, o u r Services d o th e rest.
For a lim ite d tim e, VampireTech is offering its Baseline Scan free o f charge to q u alified custom ers. This en titles you
to one Free H ealth Check fo r one do m a in u tiliz in g o u r Baseline Scan. This Scan w ill test fo r Cross-site S cripting
V ulnerabilities, Non-SSL Passwords, and Password A utoco m plete.
f c
Be on th e fo re fro n t o f a ne w g lo b a l in itia tiv e w here today's w orld-class leaders in in fo rm a tio n security w ill g a th e r to
na vig ate th ro u g h in te rn a tio n a l waters. Join these leaders as th e y fo llo w th e w in d o f change th a t is sw eeping th ro u g h
th e IS c o m m u n ity m o tiv a tin g today's in fo rm a tio n guardians to d e velop a new w ay o f th in k in g to ensure success in
p ro te c tin g th e ir respective organizations.
The goal o f EC-Council's Global CISO Forum is to create an op en p la tfo rm fo r to p in fo rm a tio n security executives to
discuss th e ir successes, failures, obstacles, and challenges. The open conversation w ill lead to th e creation o f
a c tio n a b le item s th a t can be discussed and ap p lie d to th e organiza tion.
For M o re Inform ation A b o u t CISO Executive S u m m it Please Visit: w w w .e cco u n c il.o rg /re so u rce s/ciso -e xe cu tlv e -su m m it.a sp x
H o w to D o w n lo a d M y C E H v 8 E - C o u r s e w a r e a n d A d d itio n a l
L a b M a n u a ls ?
P le a s e f o l l o w t h e s t e p s b e l o w to d o w n l o a d y o u r C EH v8 e - c o u r s e w a r e a n d
a d d i t i o n a l la b m a n u a l.
S t e p 1:
Visit: https://academ ia.eccouncil.org. If you have an account already, skip to Step 4.
S t e p 2:
Click Register and fill out the registration form.
S te p 3:
Using the email you provided in step 2, follow the instructions in the auto-generated
email to activate your Academ ia Portal account.
S t e p 4:
Login using your Username and Password.
S t e p 5:
Once successfully logged in, expand the About A cadem ia navigation menu and select
A ccess Code.
S t e p 6:
Enter the access code provided to you to redeem access to the CEH V8 e-Courseware
and Lab Manuals.
S u p p o rt:
E-mail support is available from academia(5>eccouncil.org.
S y s te m R e q u ire m e n ts :
Visit https://academ ia.eccouncil.ore/AboutAcadem ia/W hatisiLearn.aspx to view the
system requirements.
D o w n lo a d C la s s C e r t if ic a t e o f A t t e n d a n c e
IC -C o u n c il
T H I S IS T O A C K N O W L E D G E T H A T
H A S SUCCESSFULLY C O M P L E T E D A C O U K S E O N
A T A N E C - C O U N C IL A C C R E D IT E D T R A IN IN G CENTER
I n s tru c to r D ate
T R A IN IN G C E N T E R :
Please fo llo w the below stated steps to dow nload digital copy (PDF format) of your class
certificate of attendance.
Step 3: Com plete the course evaluation form (please com plete all the fields in the form -
correct e-mail address is required).
Step 4: Evaluation code is required to subm it the form. See the attached code.
Step 6: A w eb link will be sent to you to dow nload your PDF copy of the certificate.
C o u r s e E v a l u a t i o n C o d e : ** ״CEH” ” ”* ” ־
C o u n t e r m e a s u r e s
Version 8
E thical H acking and C o u n te rm e a su re s Exam 3 1 2 -5 0 C e rtifie d E thical H acker
W e lc o m e t o C e rtifie d E th ica l H a cke r Class
E C -C o u n c il
Copyright © 2013 by EC-Council. All rights reserved. Except as permitted under the Copyright Act
o f 1976, no part o f this publication may be reproduced or distributed 111 any form or by any means,
or stored 111 a database or retrieval system, without the prior written permission o f the publisher,
with the exception that the program listings may be entered, stored, and executed 111 a computer
system, but they may not be reproduced for publication.
Inform ation has been obtained by EC-Council from sources believed to be reliable. EC-Council
uses reasonable endeavors to ensure that the content is current and accurate, however, because of
the possibility ot human or mechanical error we do not guarantee the accuracy, adequacy, or
completeness ot any information and are not responsible for any errors or omissions or the accuracy
o f the results obtained from use o f such information.
The courseware is a result o f extensive research and contributions from subject matter experts from
the field from all over the world. Due credits for all such contributions and references are given in
the courseware in the research endnotes. We are committed towards protecting intellectual
property. If you are a copyright owner (an exclusive licensee or their agent), and if vou believe
that any part o f the courseware constitutes an infringement o f copyright, or a breach o f an agreed
licence or contract, you may notify us at legal@ eccouncil.org. 111 the event o f a justified complaint,
EC-Council will remove the material 111 question and make necessary rectifications.
The courseware may contain references to other information resources and security solutions, but
such references should not be considered as an endorsement o f or recommendation by EC-Council.
Readers are encouraged to report errors, omissions and inaccuracies to EC-Council
at legal@ eccouncil.org.
If vou have any issues, please contact support@ eccouncil.org.
F o r e w o r d
Since you are reading this CEHv8 courseware, you most likely realize the im portance of
inform ation systems security. However, we would like to put forth our motive behind compiling
a resource such as this one and w hat you can gain from this course.
You might find yourself asking w hat sets this course apart from the others out there. The truth
is that no single courseware can address all the issues of inform ation security in a detailed
manner. M oreover, the rate at which exploits, tools, and m ethods are being discovered by the
security c om m un ity makes it difficult for one program to cover all the necessary facets of
inform ation security. This doesn't mean that this course is inadequate in any way as we have
worked to cover all major dom ains in such a m anner that the reader will be able to appreciate
the way security has evolved over tim e as well as gain insight in to the fundam ental workings
relevant to each domain. It is a blend of academ ic and practical w isdom supplem ented with
tools that the reader can readily access in order to obtain a hands-on experience.
The emphasis through out the courseware is on gaining practical know-how, which explains the
stress on free and accessible tools. You will read about some of the most widespread attacks
seen, the popular tools used by attackers, and how attacks have been carried out using
ordinary resources.
You may also w ant to know w hat to expect once you have com pleted the course. This
coursew are is a resource material. Any penetration tester can tell you that there is no one
straight m ethodology or sequence of steps that you can follow w hile auditing a client site.
There is no one tem plate that will meet all your needs. Your testing strategy will vary with the
client, the basic inform ation about the system or situation, and the resources at your disposal.
However, for each stage you choose - be it enumeration, firewall, penetration of other
dom ains - you will find som ething in this coursew are that you can definitely use.
Finally this is not the end! This courseware is to be considered a constant work-in-progress
because we will be adding value to this courseware over time. You may find some aspects
extrem ely detailed, w hile others may have less detail. W e are constantly asking ourselves if the
content helps explain the core point of the lesson, and w e constant calibrate our material with
that in mind. W e w ould love to hear your view points and suggestions so please send us your
feedback to help in our quest to constantly im prove our courseware.
T a b le o f C o n te n ts
M odule N u m b e r M odule N a m e P ag e N o.
00 S tu d en t In tro d u ctio n I
04 E n u m e ra tio n 434
05 System H a c k in g 517
08 Sniffing 1112
12 H a c k in g W ebservers 1600
13 H a c k in g W eb A pplications 1723
14 SQ L In jectio n 1986
19 C ryptography 2782
R eferences 2976
W e lc o m e to C e r t if ie d E t h ic a l
H a c k e r C la s s !
S tu d e n t I n tr o d u c tio n
CEH
Q
E th ic a l H a c k in g a n d C o u n te r m e a s u r e s
M o d u le 0 0 : W e l c o m e to C e r t i f i e d E th ic a l H a c k e r C la s s
E x a m 3 1 2 -5 0
C o u rs e M a te r ia ls CEH
/
Identity
^ 1 Card
־i ׳
־V Student Lab M a n u a l/
ע־ CEH
עין BOOK
Courseware W orkbook
&
Compact Course
Disc Evaluation
ץ־
Reference
Materials
V
C E H v 8 C o u rs e O u tlin e CEH
In t r o d u c t io n t o E th ic a l
T r o ja n s a n d B a c k d o o rs
1 1 1 H a c k in g [ 6 1
F o o tp r in tin g a n d
V iru s e s a n d W o r m s
2 R e c o n n a is s a n c e [ 7 ]
S c a n n in g N e tw o r k s S n iffin g
[ 3 ] [ 8 ]
E n u m e r a tio n S o c ia l E n g in e e rin g
[ 4 ] 9
S y s te m H a c k in g D e n ia l-o f- S e rv ic e
5 י 1 0 ]
C E H v 8 C o u rs e O u tlin e CEH
E v a d in g IDS, F ir e w a lls a n d
H a c k in g W e b s e rv e rs
1 2 H o n e y p o ts 1 7
L___ ___J
r יי r י־ r ר r יי
SQL In je c tio n C r y p to g r a p h y
1 . ו 1 9
L j L A J
r די
T h e r e a r e s e v e ra l le v e ls o f c e r t if ic a t io n tr a c k s u n d e r t h e E C -C o u n c il A c c r e d it a t i o n b o d y :
C e rtifie d E th ic al H a c k e r T ra c k C EH
UrtifM Etbitji IU(h«
CEH C e r t if ic a t io n T ra c k
Com plete th e fo llo w in g steps:
Certification
Cortifiad
EH
Ethiol H i.U .
Achieved
C E H v 8 E x a m In fo r m a tio n CEH
N u m b e r o f Q u e s tio n s : 125
D u ra tio n : 4 h o u rs
T h e in s tru c to r w ill te ll y o u a b o u t th e e x a m s c h e d u le / e x a m v o u c h e r
d e ta ils fo r y o u r tra in in g
T h is is a d iffic u lt e x a m a n d re q u ire s e x te n s iv e k n o w le d g e o f
CEH C o re M o d u le s
J
Copyright © by IG-Gouncil. All Rights Reserved. Reproduction is Strictly Prohibited.
S tu d e n t F a c ilitie s CEH
L a b S e s s io n s
Lab S essions a re d e s ig n e d to
r e in fo r c e th e c la s s ro o m sessio n s
T h e ses s io n s a re in te n d e d to
g iv e a h a n d s o n e x p e r ie n c e o n ly
a n d d o e s n o t g u a ra n te e
p ro fic ie n c y
T h e re a re to n s o f la b s in th e la b
m a n u a l. P lease p r a c tic e th e s e
la b s b a c k a t h o m e .
Ethical Hacking
Bad G uy
W h a t C E H is N O T ? CEH
CEH
UrtifWJ Etkwjl IUcW*
C E H C la s s S p e e d ™
CEH
C*rt׳fW< Itkitjl lUckM
T h e CEH class is e x tr e m e ly fa s t p a c e d
T h e re a re to n s o f h a c k in g to o ls a n d h a c k in g te c h n o lo g ie s c o v e re d in th e
c u r r ic u lu m
T h e in s tr u c to r W IL L N O T b e a b le to d e m o n s tra te A LL th e to o ls in th is class
H e w ill s h o w c a s e o n ly s e le c te d to o ls
L iv e H a c k in g W e b s ite CEH
J T h is w e b s ite is m e a n t f o r th e s tu d e n ts to t r y th e to o ls o n liv e ta r g e t
C e rtifie d H a c k e r
CEH C la s s ro o m
A tta c k Lab
W e b s ite
N D A D o cu m en t CEH
P le a s e re a d th e
S ign th is
c o n te n ts o f th e
d o cu m e n t and
p r o v id e d EC-
h a n d i t o v e r to
C o u n c il's CEH
t h e in s t r u c t o r
NDA d o cu m e n t
W e w i l l N O T s ta r t P le a s e a p p ro a c h
t h e class u n le s s t h e in s t r u c t o r if
y o u s ig n th is y o u a re n o t
docum ent p r e s e n te d w i t h
th is d o c u m e n t
A d v a n c e d L a b E n v ir o n m e n t CEH
W in d o w s S e rv e r
W in d o w s 8 W in d o w s 7 B a ck Tra ck S
2 00 8 (64 Bit)
V irtu a l P la tfo rm
I n s t r u c t o r M a c h in e S t u d e n t M a c h in e s
I n s tr u c to r a n d S t u d e n t M a c h in e O p e r a t in g S y s te m : W in d o w s S e r v e r 2 0 1 2 ( F u lly P a tc h e d )
S tu d e n t C o m p u te r C h e c k lis t CEH
W in d o w s 8 a s V M
W in d o w s 7 as V M
M l
B a c k T ra c k 5 R3 as V M
S tu d e n t C o m p u te r C h e c k lis t CEH
tortifM Etkkjl bito
Administrator: C:\W11xlows\systefr132yc1rxl.exe
=151 * I
3
: b y te s -3 2 t . M - l m IT L-128
Reply fr o n t : bytes —32 t in e < ln s IT L-128
Reply fro w i : b yt« fv 3 2 ־t i f w d n s IT L -1 2 *
Reply from 1 : b y te s -32 tifw C in s IT L-128
Plus u t a t l s t i c v f u r
Pac)<otc: Sont 4 ־. R«<
1
Approxim ate round c r i p t i l
Min inum ־One. flax imui
C iM la e r * s n d n in is tr A to r > _ C :\W in dow s\system 32\cm d.exe j'-"• —
1 11
■ \AH in > p in g 1
le u ly f r a r t I
1
: bu t 32• יt in e -1 fi* TTL-12R
: b y t u - 3 2 tin » < 1 fix 11I.-12N
1
le p ly fra*> I : byt» « -3 2 t >.«e<1..x TTL-12N
tv p ly f m m 1 : b y t•6 •3 2 t i w < in v 11L-12H
111
, H c ta tlv tic w f o r i
P a ckotc: Sont - 4 . Rocolvod 4 ־. Loot 0> 0 ־X 1000).
ip p ro x ln a to round t r i p tin o a in n i lli- o o c o n d o :
tlln in u n ־One. tfa xinu n - in o . flvoraqo ■ Ono
:1N4U«rs\Hd1»in>_
1 )V Fivcrittc
■ D«*ktap
4■ Download)
, [ עRecent place *
Computer
i i . Local Disk (G)
1 j New Volume (D:)
£* II
*
*■I Network
?item s
M a p p e d N e tw o rk D riv e (Z:) in
CEH
W indow s Server 2008 V M
-Jnl*J
o o * * Computer - vn |sedl(J to
F!c 1
£d t View Jo®1® d*P
orgarize ▼ jjj views ־׳יy f Properties <! ט,fste^pr0pe» ׳ t)es urrstai or :range a prog'a* *jt viap nerA-ork drive
Favonte bn<s
Mamt
H ard D isk D riv es ( 1 )
1*1* ״י!־ |.|T 0 U I 5 H « I . I f t m Sm m
Docurrentt
Pictures &.ocal Disk (Cl)
J ±J
M a p p e d N e tw o rk D riv e (Z:) in
CEH
W indow s 7 V M tlfcxjl Mm M*
G Z IC lL lI^
Organize▼ Properties System properties Uninstall or charge a program Map net A/ork drive » [j|p ▼ (Jjj O
^ Music
B Pictures ' Network Location (1)
Q Videos CEH-Tools <\\ (Z:)
* j f jB tree of 269 OB
: ■ Computer
*'p Network
L a u n c h in g C o m m a n d S h e ll CEH
(•rtifwd Ethical >U(hM
*I
lnrlud*<nMx*ry
] *Jdlsmlw•.
'M AddM'CEHTootuar'
'3 C»mpn*»•nj «mtJ_
9 CompmstoCERToofc-rjr* ־
S n a p s h o ts o f V i r t u a l M a c h in e s CEH tlfcxjl Mm M*
H y p er-V M a n a g e r I I —
File Action View Help
* * I 8 1! 0 1
j j Hyper-V Manager
^3 WIN-ROPCM8VKVOQ V i r tu a l M a c h i n e s
WIN-ROPCM8VKVOQ
CPU Usage Assigned Memory Up*
New
=j B32k Track 6
Import Virtual Machine...
Q H«p
Rename..
Enable Replication .. Windows 7
□ Help Connect...
Ch^lrrrtt 10י fr l Sfttingc..
hedrtbedt: D K fS b /tu k
(•) Turn Off...
0 Shut Down...
Q Save
Sumrray M oray Nfcsvwxtjng [ Rcpkdton || Paute
Reset
A ir P c a p CEH
(•rtifwd Ethical >U(hM
P o w e r g y m a n d R e a lH o m e . . . .
w v
W eb s i• t?e s C E H
LOGIN
L iv e H a c k W e b s ite CEH
http://www.certifiedhacker. com
JuGGY B0V
״u n it e
N i fc t i
CEH
L e t ’s S t a r t H a c k i n g