Académique Documents
Professionnel Documents
Culture Documents
Ethical Hacking
Introduction
Introduction
Introductions
~ Name
~ Company Affiliation
~ Title / Function
~ Job Responsibility
~Expectations
EC-Council 2
Course Materials
~ Identity Card
~ Student Courseware
~ Lab Manual / Workbook
~ Compact Disc
~ Course Evaluation
~ Reference Materials
EC-Council 3
Course Outline
EC-Council 4
There are several tools available to the hacker and this list is ever evolving. This may range from
simple code compilation software to source code text files available on the Internet. The point of
emphasis is that it is in the interest of the organization to defend itself against vulnerabilities -
known and unknown by adopting suitable methodology, tools and techniques to safeguard its
assets.
Once an attacker has identified his target system and does the initial reconnaissance as discussed
in the previous module on footprinting, he concentrates on getting a mode of entry into the target
system. It should be noted that scanning is not limited to intrusion alone. It can be an extended
form of reconnaissance where the attacker learns more about his target, such as what operating
system is used, the services that are being run on the systems and whether any configuration
lapses can be identified. The attacker can then strategize his attack factoring these aspects.
The reader is urged to note that there is no ‘one sure shot way’ for hackers to approach a system.
This is the basis behind stating that while countermeasures are suggested here, they are proposed
in the light of the generic approach of hackers towards a system.
In this module we will explore the various means with which an attacker penetrates the system.
Readers should bear in mind that this does not indicate a culmination of the attack. In the
following modules we will be exploring certain means and methods of attack in greater detail.
On completion of this module, the reader will be familiar with: aspects of remote password
guessing, role of eavesdropping, overview of denial of service, buffer overflows, implications of
privilege escalation, various methods of password cracking, role of keystroke loggers, use of
sniffers, deployment of remote control and backdoors, re direction of ports, methods used by
attackers to cover their tracks on the target system and how they use the compromised system to
hide sensitive information files.
EC-Council 5
On completion of this module you will be familiar in dealing with malicious code in the form of
Trojans and backdoors. The topics of discussion include: Terms of reference for various malicious
code, Defining Trojans and Backdoors, Understanding the various backdoor genre, Overview of
various Trojan tools, Learning effective prevention methods and countermeasures, Overview of
Anti-Trojan software, learning to generate a Trojan program.
On completion of this module you will be able to understand the fundamental concepts of sniffing
and its use in hacking activities. It must be remembered that sniffers can be of great help to a
network administrator as well and can aid in securing the network by detecting abnormal traffic.
In this module you will be presented with an overview of sniffers (also known as network protocol
analyzers), A cracker’s perspective in using tools such as sniffers, Basic distinctions between
active and passive sniffing, Understanding attack methodology such as ARP Spoofing and
redirection, DNS and IP Sniffing and Spoofing, HTTPs Sniffing and Illustrations of various tools
that are used in the above context.
In this module we will look at various aspects of Denial of Service attacks. The discussion will
include topics such as what is a Denial of Service Attack? What is a Distributed Denial of Service
Attack? Why are they difficult to protect against? Types of denial of service attacks, Tools for
running DOS attacks, Tools for running DDOS attacks and Denial of Service Countermeasures.
This module will get you an understanding of: What Social Engineering is, The Common Types of
Attack, Social Engineering by Phone, Dumpster Diving, Online Social Engineering, Reverse Social
Engineering as well as Policies and Procedures and Educating Employees.
It must be pointed out that the information contained in this chapter is for the purpose of
overview alone. While it points out fallacies and advocates effective countermeasures, the
possible ways to extract information from another human being is only restricted by the
ingenuity of the cracker’s mind. While this aspect makes it an ‘art’ and the psychological nature
of some of these techniques make it a ‘science’, the bottom line is that there is no one defense
against social engineering and only constant vigil can circumvent some of these overtures.
This module covers various techniques, tools and tackles used for Session Hijacking, a rather
common hacker activity. On completion of this module you will be familiar with the following
areas: Spoofing Vs Hijacking; Types of session hijacking; TCP/IP concepts; Performing Sequence
prediction; ACK Storms and Session Hijacking Tools.
EC-Council 5
The Internet is probably where security or the lack of it is seen the most. Often, a breach in
security causes more damage in terms of goodwill than the actual quantifiable loss. This makes
the security of web servers assume critical importance. Most organizations consider their Internet
presence as an extension of themselves. In this module, we will explore: The basic function of a
web server, popular web servers and common vulnerabilities, Apache Web Server and known
vulnerabilities. IIS Server vulnerabilities, Attacks against web servers, Tools used in Attack
against web servers and Countermeasures that can be adopted
This module attempts to highlight the various security concerns in the context of a web server. It
must be remembered that this is a vast domain and to delve into the finer details of the discussion
is beyond the scope of the module. Readers are encouraged to supplement this module by
following vulnerability discussions on various mailing lists such as bugtraq and security bulletins
issued by third party vendors for various integrated components.
This module examines some of the vulnerabilities that have security implications in the context of
web applications. The objective is to emphasize on the need to secure the applications as they
permit an attacker to compromise a web server or network over the legitimate port of entry. As
more businesses are hosting web based applications as a natural extension of themselves, the
damage that can result as a result of compromise assumes significant proportions. After
completing this module you will be familiar with the following aspects: Understanding Web
Application Security, Common Web Application Security Vulnerabilities, Web Application
Authentication is any process by which one verifies that someone is who they claim they are.
Typically, this involves a username and a password. It can also include any other method of
demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints.
In this module we will discuss the following topics in the context of web based authentication. The
objective is to familiarize the reader with commonly used authentication methods and how some
these methods can be worked around, under certain circumstances. Topics: HTTP Authentication
Basic & Digest, NTLM Authentication, Certificate Based Authentication, Forms Based
Authentication, Microsoft Passport, Password Guessing, WebCracker, Brutus, WWWHACK,
ObiWan Password Cracker
In this module, the reader will be introduced to the concept of SQL injection and how an attacker
can exploit this attack methodology on the Internet. On completion of this module you will be
familiar with topics like: What is SQL Injection? Exploiting the weakness of Server Side Scripting,
Using SQL Injection techniques to gain access to a system, SQL Injection Scripts, Attacking
Microsoft SQL Servers, MSSQL Password Crackers as well as Prevention and Countermeasures.
Wireless enables better communication, enhances productivity and enables better customer
service. A Wireless LAN allows users to access information beyond their desk, and conduct
business anywhere within their offices. But with this comes several security concerns that must be
addressed. On completion of this module you will be familiar with the following topics:
Introduction to 802.11, what is WEP? Finding WLANs, Cracking WEP Keys, Sniffing Traffic,
Wireless DoS attacks, WLAN Scanners, WLAN Sniffers, Securing Wireless Networks, Hacking
Tools.
EC-Council 5
This module deals with Viruses. The scope of discussions here is to look at some of those viruses
that widely infected computer systems across the globe. This is taken up in order to have an
insight into the workings of various viruses. After the completion of this module you will be
familiar with the following topics: Chernobyl, ExploreZip, I Love You, Melissa, Pretty Park, Code
Red Worm, W32/Klez, BugBear, W32/Opaserv Worm and Anti-Virus Software,
In this module we will be looking at the security concerns one must address in the context of
Novell Netware. At the time of writing this document, the newest version is 6.5. However, we
address hacking Novell NetWare from its earlier versions such as version 4. The idea behind
including the legacy versions is to give the reader a wide perspective of how Netware has evolved.
In this module we will cover: Common Accounts and passwords, Accessing password files,
Password crackers and Netware hacking tools.
In this module we will be looking at hacking Linux systems. Linux is fast emerging as an
affordable yet available operating system. As the popularity is growing so is the attention of
players with malicious intent to break in to the systems. There fore we intent to discuss various
aspects dealing with hacking the Linux systems in this module. BY the completion of this module,
Introduction Page 10 of 15 Ethical Hacking and Countermeasures Copyright © by EC-Council
All rights reserved. Reproduction is strictly prohibited
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
you will be familiar with the following aspects: Why Linux?, Compiling Programs in Linux,
Scanning Networks and Mapping Networks, Password Cracking in Linux, SARA, TARA, Sniffing,
Pinger in disguise, Session Hijacking, Linux Rootkits, IP Chains and IP Tables, Linux Security as
well as Countermeasures.
In today’s context where hacking and computer system attacks are common the importance of
intrusion detection and active protection is all the more relevant. This module takes up a
discussion on IDSs, Firewalls and Honey pots. After the completion of this module, you will be
familiar with the following topics: Intrusion Detection System, System Integrity Verifiers, How is
Intrusions Detected? Anomaly Detection, Signature Recognition, How does IDS match Signatures
with incoming Traffic? Protocol Stack Verification, Application Protocol Verification, Hacking
Through Firewalls, IDS Software Vendors and Honey Pots
Module XX: Buffer Overflows
We have dealt with various security concerns, attack methods and countermeasures in the
preceding modules. Buffer Overflow attacks had been a constant source of worry from time to
time. This module looks at different aspects of buffer overflow exploits. After completing this
module, you will be familiar with the following topics: What is a Buffer Overflow? Exploitation,
How to detect Buffer Overflows in a program? Skills required, CPU / OS Dependency,
Understanding Stacks, Stack Based Buffer Overflows, Technical details, Writing your own
exploits, Defense against Buffer Overflows
Having dealt with various security concerns and countermeasures in the preceding modules, it is
obvious that cryptography as a security measure is here to stay. In this module we will try to
understand the use of cryptography over the Internet through topics like: Public Key
Infrastructure (PKI), RSA, MD-5, Secure Hash Algorithm (SHA), Secure Socket Layer (SSL),
Pretty Good Privacy (PGP), SSH, We will also be looking at the effort required to crack these
encryption techniques and explore attacker methodologies if any that are relevant to the
discussion.
EC-Council 6
EC-Council 7
Student Facilities
Class Hours
Parking Messages
Restrooms Smoking
Meals Recycling
EC-Council 8
Lab Sessions
EC-Council 9