Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Ethical Hacking

Introduction

Ethical Hacking (EH)

Introduction

Exam 312-50 Ethical Hacking and Countermeasures

Introduction Page 1 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Introductions

~ Name

~ Company Affiliation

~ Title / Function

~ Job Responsibility

~ System security related experience

~Expectations

EC-Council 2

Introduction Page 2 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Materials

~ Identity Card
~ Student Courseware
~ Lab Manual / Workbook
~ Compact Disc
~ Course Evaluation
~ Reference Materials

EC-Council 3

The following materials will be included in your kit:

¾ Name Card. Write your name on both sides of the name card.
¾ Student Courseware. The Student Courseware contains the material covered in the course
¾ The Lab manual contains the hands-on lab exercises used during the course. It also
contains review questions and multiple-choice questions to supplement the student
courseware
¾ Student Materials Compact Disc. The Student Materials compact disc contains
multimedia presentations; course related case studies, web links and additional readings.
¾ Course Evaluations. At the conclusion of this course, please complete the course
evaluation to provide feedback on the instructor, course, and lab sessions. Your
comments will help us improve future courses.

Introduction Page 3 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Outline

~ Module I : Introduction to Ethical Hacking

~ Module II: Footprinting

~ Module III: Scanning

~ Module IV: Enumeration

~ Module V: System Hacking

EC-Council 4

Module I: Introduction to Ethical Hacking

This module introduces you to the subject of ethical hacking. This module intends to give the
reader a feel of the subject ethical hacking. It is important to bear in mind that hackers break into
a system for various reasons and purposes. It is therefore critical to understand how malicious
hackers exploit systems and the probable reasons behind the attacks. As Sun Tzu says in the ‘Art
of War’, “If you know yourself but not the enemy, for every victory gained, you will also suffer a
defeat.” It is the duty of system administrators and network security professionals to guard their
infrastructure against exploits by knowing the enemy (-the malicious hacker(s) who seek to use
the very infrastructure for illegal activities).

Module II: Foot Printing

This module introduces the reconnaissance phase of hacking to the reader. It details the aspect of
footprinting. The reader is urged to note that there is no ‘one way’ for hackers to approach a
system. This is the basis behind stating that while countermeasures are suggested here, they are
proposed in the light of the generic approach of hackers towards a system.

There are several tools available to the hacker and this list is ever evolving. This may range from
simple code compilation software to source code text files available on the Internet. The point of
emphasis is that it is in the interest of the organization to defend itself against vulnerabilities -
known and unknown by adopting suitable methodology, tools and techniques to safeguard its
assets.

Introduction Page 4 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Module III: Scanning

On completion of this module you will gain an in-depth understanding of the hacking techniques
involved in scanning and subsequent fingerprinting. The learning objectives of this module are to
present the reader with the ability to : Detect active systems on a target network; Discover
services running / listening on the target system; Understand the techniques of port scanning;
Identify TCP and UDP services running on the target network; Discover the operating system
running on the target host; Understand active and passive fingerprinting techniques; Know more
about automated discovery tools.

Once an attacker has identified his target system and does the initial reconnaissance as discussed
in the previous module on footprinting, he concentrates on getting a mode of entry into the target
system. It should be noted that scanning is not limited to intrusion alone. It can be an extended
form of reconnaissance where the attacker learns more about his target, such as what operating
system is used, the services that are being run on the systems and whether any configuration
lapses can be identified. The attacker can then strategize his attack factoring these aspects.

Module IV: Enumeration

This module introduces the enumeration phase of hacking to the reader. It details different
aspects of enumeration. On completing this module, you will be familiar with the following topics:
Understanding Windows 2000 enumeration; How to Connect via Null Session; How to disguise
NetBIOS Enumeration; Disguise using SNMP enumeration; How to steal Windows 2000 DNS
information using zone transfers; Learn to enumerate users via CIFS/SMB; Active Directory
enumerations.

The reader is urged to note that there is no ‘one sure shot way’ for hackers to approach a system.
This is the basis behind stating that while countermeasures are suggested here, they are proposed
in the light of the generic approach of hackers towards a system.

Module V: System Hacking

In this module we will explore the various means with which an attacker penetrates the system.
Readers should bear in mind that this does not indicate a culmination of the attack. In the
following modules we will be exploring certain means and methods of attack in greater detail.

On completion of this module, the reader will be familiar with: aspects of remote password
guessing, role of eavesdropping, overview of denial of service, buffer overflows, implications of
privilege escalation, various methods of password cracking, role of keystroke loggers, use of
sniffers, deployment of remote control and backdoors, re direction of ports, methods used by
attackers to cover their tracks on the target system and how they use the compromised system to
hide sensitive information files.

Introduction Page 5 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Outline (Continued)

~ Module VI: Trojans and Backdoors

~ Module VII: Sniffers

~ Module VIII: Denial of Service

~ Module IX: Social Engineering

~ Module X: Session Hijacking

EC-Council 5

Module VI: Trojans and Backdoors

On completion of this module you will be familiar in dealing with malicious code in the form of
Trojans and backdoors. The topics of discussion include: Terms of reference for various malicious
code, Defining Trojans and Backdoors, Understanding the various backdoor genre, Overview of
various Trojan tools, Learning effective prevention methods and countermeasures, Overview of
Anti-Trojan software, learning to generate a Trojan program.

Module VII: Sniffers

On completion of this module you will be able to understand the fundamental concepts of sniffing
and its use in hacking activities. It must be remembered that sniffers can be of great help to a
network administrator as well and can aid in securing the network by detecting abnormal traffic.

In this module you will be presented with an overview of sniffers (also known as network protocol
analyzers), A cracker’s perspective in using tools such as sniffers, Basic distinctions between
active and passive sniffing, Understanding attack methodology such as ARP Spoofing and
redirection, DNS and IP Sniffing and Spoofing, HTTPs Sniffing and Illustrations of various tools
that are used in the above context.

Introduction Page 6 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Module VIII: Denial of Service

In this module we will look at various aspects of Denial of Service attacks. The discussion will
include topics such as what is a Denial of Service Attack? What is a Distributed Denial of Service
Attack? Why are they difficult to protect against? Types of denial of service attacks, Tools for
running DOS attacks, Tools for running DDOS attacks and Denial of Service Countermeasures.

Module IX: Social Engineering

This module will get you an understanding of: What Social Engineering is, The Common Types of
Attack, Social Engineering by Phone, Dumpster Diving, Online Social Engineering, Reverse Social
Engineering as well as Policies and Procedures and Educating Employees.

It must be pointed out that the information contained in this chapter is for the purpose of
overview alone. While it points out fallacies and advocates effective countermeasures, the
possible ways to extract information from another human being is only restricted by the
ingenuity of the cracker’s mind. While this aspect makes it an ‘art’ and the psychological nature
of some of these techniques make it a ‘science’, the bottom line is that there is no one defense
against social engineering and only constant vigil can circumvent some of these overtures.

Module X: Session hijacking

This module covers various techniques, tools and tackles used for Session Hijacking, a rather
common hacker activity. On completion of this module you will be familiar with the following
areas: Spoofing Vs Hijacking; Types of session hijacking; TCP/IP concepts; Performing Sequence
prediction; ACK Storms and Session Hijacking Tools.

Introduction Page 7 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Outline (Continued)

~ Module XI: Hacking Web Servers

~ Module XII: Web Application Vulnerabilities

~ Module XIII: Web Based Password Cracking Techniques

~ Module XIV: SQL Injection

~ Module XV: Hacking Wireless Networks

EC-Council 5

Module XI: Hacking Web Servers

The Internet is probably where security or the lack of it is seen the most. Often, a breach in
security causes more damage in terms of goodwill than the actual quantifiable loss. This makes
the security of web servers assume critical importance. Most organizations consider their Internet
presence as an extension of themselves. In this module, we will explore: The basic function of a
web server, popular web servers and common vulnerabilities, Apache Web Server and known
vulnerabilities. IIS Server vulnerabilities, Attacks against web servers, Tools used in Attack
against web servers and Countermeasures that can be adopted

This module attempts to highlight the various security concerns in the context of a web server. It
must be remembered that this is a vast domain and to delve into the finer details of the discussion
is beyond the scope of the module. Readers are encouraged to supplement this module by
following vulnerability discussions on various mailing lists such as bugtraq and security bulletins
issued by third party vendors for various integrated components.

Module XI: Web application Vulnerabilities

This module examines some of the vulnerabilities that have security implications in the context of
web applications. The objective is to emphasize on the need to secure the applications as they
permit an attacker to compromise a web server or network over the legitimate port of entry. As
more businesses are hosting web based applications as a natural extension of themselves, the
damage that can result as a result of compromise assumes significant proportions. After
completing this module you will be familiar with the following aspects: Understanding Web
Application Security, Common Web Application Security Vulnerabilities, Web Application

Introduction Page 8 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Penetration Methodologies, Input Manipulation, Authentication And Session Management,

Tools: Lynx, Teleport Pro, Black Widow, Web Sleuth as well as Countermeasures.

Module XIII: Web Based Password Cracking Techniques

Authentication is any process by which one verifies that someone is who they claim they are.
Typically, this involves a username and a password. It can also include any other method of
demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints.

In this module we will discuss the following topics in the context of web based authentication. The
objective is to familiarize the reader with commonly used authentication methods and how some
these methods can be worked around, under certain circumstances. Topics: HTTP Authentication
Basic & Digest, NTLM Authentication, Certificate Based Authentication, Forms Based
Authentication, Microsoft Passport, Password Guessing, WebCracker, Brutus, WWWHACK,
ObiWan Password Cracker

Module XIV: SQL Injection

In this module, the reader will be introduced to the concept of SQL injection and how an attacker
can exploit this attack methodology on the Internet. On completion of this module you will be
familiar with topics like: What is SQL Injection? Exploiting the weakness of Server Side Scripting,
Using SQL Injection techniques to gain access to a system, SQL Injection Scripts, Attacking
Microsoft SQL Servers, MSSQL Password Crackers as well as Prevention and Countermeasures.

Module XV: Hacking Wireless Networks

Wireless enables better communication, enhances productivity and enables better customer
service. A Wireless LAN allows users to access information beyond their desk, and conduct
business anywhere within their offices. But with this comes several security concerns that must be
addressed. On completion of this module you will be familiar with the following topics:
Introduction to 802.11, what is WEP? Finding WLANs, Cracking WEP Keys, Sniffing Traffic,
Wireless DoS attacks, WLAN Scanners, WLAN Sniffers, Securing Wireless Networks, Hacking
Tools.

Introduction Page 9 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Outline (Continued)

~ Module XVI: Viruses

~ Module XVII: Novell Hacking

~ Module XVIII: Linux Hacking

~ Module XIX: Evading IDS, Firewalls and Honey pots

~ Module XX: Buffer Overflows

~ Module XXI: Cryptography

EC-Council 5

Module XVI: Viruses

This module deals with Viruses. The scope of discussions here is to look at some of those viruses
that widely infected computer systems across the globe. This is taken up in order to have an
insight into the workings of various viruses. After the completion of this module you will be
familiar with the following topics: Chernobyl, ExploreZip, I Love You, Melissa, Pretty Park, Code
Red Worm, W32/Klez, BugBear, W32/Opaserv Worm and Anti-Virus Software,

Module XVII: Novell Hacking

In this module we will be looking at the security concerns one must address in the context of
Novell Netware. At the time of writing this document, the newest version is 6.5. However, we
address hacking Novell NetWare from its earlier versions such as version 4. The idea behind
including the legacy versions is to give the reader a wide perspective of how Netware has evolved.
In this module we will cover: Common Accounts and passwords, Accessing password files,
Password crackers and Netware hacking tools.

Module XIII: Linux Hacking

In this module we will be looking at hacking Linux systems. Linux is fast emerging as an
affordable yet available operating system. As the popularity is growing so is the attention of
players with malicious intent to break in to the systems. There fore we intent to discuss various
aspects dealing with hacking the Linux systems in this module. BY the completion of this module,
Introduction Page 10 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council
All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

you will be familiar with the following aspects: Why Linux?, Compiling Programs in Linux,
Scanning Networks and Mapping Networks, Password Cracking in Linux, SARA, TARA, Sniffing,
Pinger in disguise, Session Hijacking, Linux Rootkits, IP Chains and IP Tables, Linux Security as
well as Countermeasures.

Module XIX: Evading IDS, Firewalls and Honey pots

In today’s context where hacking and computer system attacks are common the importance of
intrusion detection and active protection is all the more relevant. This module takes up a
discussion on IDSs, Firewalls and Honey pots. After the completion of this module, you will be
familiar with the following topics: Intrusion Detection System, System Integrity Verifiers, How is
Intrusions Detected? Anomaly Detection, Signature Recognition, How does IDS match Signatures
with incoming Traffic? Protocol Stack Verification, Application Protocol Verification, Hacking
Through Firewalls, IDS Software Vendors and Honey Pots
Module XX: Buffer Overflows

We have dealt with various security concerns, attack methods and countermeasures in the
preceding modules. Buffer Overflow attacks had been a constant source of worry from time to
time. This module looks at different aspects of buffer overflow exploits. After completing this
module, you will be familiar with the following topics: What is a Buffer Overflow? Exploitation,
How to detect Buffer Overflows in a program? Skills required, CPU / OS Dependency,
Understanding Stacks, Stack Based Buffer Overflows, Technical details, Writing your own
exploits, Defense against Buffer Overflows

Module XXI: Cryptography

Having dealt with various security concerns and countermeasures in the preceding modules, it is
obvious that cryptography as a security measure is here to stay. In this module we will try to
understand the use of cryptography over the Internet through topics like: Public Key
Infrastructure (PKI), RSA, MD-5, Secure Hash Algorithm (SHA), Secure Socket Layer (SSL),
Pretty Good Privacy (PGP), SSH, We will also be looking at the effort required to crack these
encryption techniques and explore attacker methodologies if any that are relevant to the
discussion.

It is to be noted that encryption is no longer an exemptible option when conducting ecommerce.

Given the importance it bears on ecommerce, it is one area that will have its share of security
concerns as well. Encryption on its own cannot guarantee foolproof security. It must be combined
with good security policies and practices if an organization needs to protect its information assets
and extend it to its stakeholders.

Introduction Page 11 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

EC-Council Certified e- business

Certification Program
~ There are five e-Business certification tracks
under EC-Council Accreditation body:
1. Certified e-Business Associate
2. Certified e-Business Professional
3. Certified e-Business Consultant
4. E++ Certified Technical Consultant
5. Certified Ethical Hacker

EC-Council 6

The International Council of Electronic Commerce Consultants (EC-Council) is a professional

organization established in USA, with headquarters in New York hosting members and affiliates
worldwide.
The EC-Council certification is based on definitions of job functions and skill sets in the three key
areas: technical, content management, and business management. These definitions have been
developed by a broad coalition of industry and academic experts, and the skill set definitions have
been adopted by the U.S. Department of Labor. In the technical area, skill sets include such topics
as Customer Relationship Management, e-Procurement, Supply Chain Management, Business
Process Re-engineering. Web business management includes principles of finance, legal issues,
project management, and cyber marketing as they apply to E-Commerce web-related activities.

Introduction Page 12 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

EC-Council Certified Ethical Hacker

EC-Council 7

Introduction Page 13 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Student Facilities

Class Hours

Building Hours Phones

Parking Messages

Restrooms Smoking

Meals Recycling

EC-Council 8

Introduction Page 14 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Lab Sessions

~ Lab Sessions are designed

to reinforce the classroom
sessions
~ The sessions are intended
to give a hands on experience
only and does not guarantee
proficiency.

EC-Council 9

Introduction Page 15 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All rights reserved. Reproduction is strictly prohibited