WIXLIB

CEH Certified Ethical Hacker

Study GuideVersion 9Sean-Philip Oriyano

Development Editor: Kim WimpsettTechnical Editors: Raymond Blockmon, Jason McDowell, Tom UpdegroveProduction Editor: Rebecca AndersonCopy Editor: Linda RecktenwaldEditorial Manager: Mary Beth WakefieldProduction Manager: Kathleen WisorExecutive Editor: Jim MinatelMedia Supervising Producer: Rich GravesBook Designers: Judy Fung and Bill GibsonProofreader: Nancy CarrascoIndexer: J & J IndexingProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: Getty Images Inc./Jeremy WoodhouseCopyright 2016 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-1-119-25224-5ISBN: 978-1-119-25227-6 (ebk.)ISBN: 978-1-119-25225-2 (ebk.)Manufactured in the United States of AmericaNo part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 ofthe 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorizationthrough payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to thePermissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 7486008, or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties withrespect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, includingwithout limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable for every situation. This work issold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professionalservices. If professional assistance is required, the services of a competent professional person should be sought. Neitherthe publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site isreferred to in this work as a citation and/or a potential source of further information does not mean that the author orthe publisher endorses the information the organization or Web site may provide or recommendations it may make.Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared betweenwhen this work was written and when it is read.For general information on our other products and services or to obtain technical support, please contact our CustomerCare Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included withstandard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to mediasuch as a CD or DVD that is not included in the version you purchased, you may download this material athttp://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.Library of Congress Control Number: 2016934529TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley &Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission.CEH is a trademark of EC-Council. All other trademarks are the property of their respective owners. John Wiley & Sons,Inc. is not associated with any product or vendor mentioned in this book.

I would like to dedicate this book to Medal of Honor recipient (and personal hero) Sgt.Maj. (USA) Jon R. Cavaiani, who passed away some time before this book was written.Thank you for giving me the honor to shake your hand.

AcknowledgmentsWriting acknowledgements is probably the toughest part of writing a book in my opinionas I always feel that I have forgotten someone who had to deal with my hijinks over thepast few months. Anyway, here goes.First of all, I want to thank my Mom and Dad for all of your support over the years as wellas being your favorite son. That’s right, I said it.I would also like to take a moment to thank all the men and women I have served withover the years. It is an honor for this Chief Warrant Officer to serve with each of you. Iwould also like to extend a special thanks to my own unit for all the work you do, you areeach a credit to the uniform. Finally, thanks to my Commander for your mentorship,support, and faith in my abilities.To my friends I want to say thanks for tearing me away from my computer now and thenwhen you knew I needed to let my brain cool off a bit. Mark, Jason, Jennifer, Fred, Misty,Arnold, Shelly, and especially Lisa, you all helped me put my focus elsewhere for a whilebefore I went crazy(er).I would also like to thank Shigeru Miyamoto for bringing the Legend of Zelda into reality.Finally, on a more serious note, I would like to dedicate this book to Medal of Honorrecipient (and personal hero) Sgt. Maj. (USA) Jon R. Cavaiani who passed away sometime before this book was written. Thank you for giving me the honor to shake your hand.—Sean-Philip OriyanoDuty, Service, Honor

About the AuthorSean Oriyano (www.oriyano.com) is a seasoned security professional and entrepreneur.Over the past 25 years he has split his time among writing, researching, consulting, andtraining various people and organizations on a wide range of topics relating to both IT andsecurity. As an instructor and consultant, Sean has traveled all over the world, sharing hisknowledge as well as gaining exposure to many different environments and culturesalong the way. His broad knowledge and easy-to-understand manner, along with a healthydose of humor, have led to Sean being a regularly requested instructor.Outside of training and consulting, Sean is also a best-selling author with many years ofexperience in both digital and print media. Sean has published books for McGraw-Hill,Wiley, Sybex, O’Reilly Media, and Jones & Bartlett. Over the last decade Sean hasexpanded his reach even further by appearing in shows on both TV and radio. To date,Sean has appeared in over a dozen TV programs and radio shows discussing variouscybersecurity topics and technologies. When in front of the camera, Sean has been notedfor his casual demeanor and praised for his ability to explain complex topics in an easy-tounderstand manner.Outside his own business activities, Sean is a member of the military as a chief warrantofficer specializing in infrastructure and security as well as the development ofnew troops. In addition, as a CWO he is recognized as a subject matter expert in his fieldand is frequently called upon to provide expertise, training, and mentoring whereverneeded.When not working, Sean is an avid obstacle course racer, having completed numerousraces, including a world championship race and a Spartan Trifecta. He also enjoystraveling, bodybuilding, training, and developing his mixed martial arts skills plus takingsurvival courses.Sean holds many certifications and qualifications that demonstrate his knowledge andexperience in the IT field, such as the CISSP, CNDA, and Security .

CONTENTSIntroductionExam 312-50 Exam ObjectivesAssessment TestAnswers to Assessment TestChapter 1: Introduction to Ethical HackingHacking: the EvolutionSo, What Is an Ethical Hacker?SummaryExam EssentialsReview QuestionsChapter 2: System FundamentalsExploring Network TopologiesWorking with the Open Systems Interconnection ModelDissecting the TCP/IP SuiteIP SubnettingHexadecimal vs. BinaryExploring TCP/IP PortsUnderstanding Network DevicesWorking with MAC AddressesIntrusion Prevention and Intrusion Detection SystemsNetwork SecurityKnowing Operating SystemsBackups and ArchivingSummaryExam EssentialsReview QuestionsChapter 3: CryptographyCryptography: Early Applications and ExamplesCryptography in ActionUnderstanding HashingIssues with CryptographyApplications of CryptographySummary

Exam EssentialsReview QuestionsChapter 4: FootprintingUnderstanding the Steps of Ethical HackingWhat Is Footprinting?Terminology in FootprintingThreats Introduced by FootprintingThe Footprinting ProcessSummaryExam EssentialsReview QuestionsChapter 5: ScanningWhat Is Scanning?Checking for Live SystemsChecking the Status of PortsThe Family Tree of ScansOS FingerprintingCountermeasuresVulnerability ScanningMapping the NetworkUsing ProxiesSummaryExam EssentialsReview QuestionsChapter 6: EnumerationA Quick ReviewWhat Is Enumeration?About Windows EnumerationLinux BasicEnumeration with SNMPUnix and Linux EnumerationLDAP and Directory Service EnumerationEnumeration Using NTPSMTP Enumeration

SummaryExam EssentialsReview QuestionsChapter 7: System HackingUp to This PointSystem HackingSummaryExam EssentialsReview QuestionsChapter 8: MalwareMalwareOvert and Covert ChannelsSummaryExam EssentialsReview QuestionsChapter 9: SniffersUnderstanding SniffersUsing a SnifferSwitched Network SniffingSummaryExam EssentialsReview QuestionsChapter 10: Social EngineeringWhat Is Social Engineering?Social Networking to Gather Information?Commonly Employed ThreatsIdentity TheftSummaryExam EssentialsReview QuestionsChapter 11: Denial of ServiceUnderstanding DoSUnderstanding DDoSDoS Tools

DDoS ToolsDoS Defensive StrategiesDoS Pen-Testing ConsiderationsSummaryExam EssentialsReview QuestionsChapter 12: Session HijackingUnderstanding Session HijackingExploring Defensive StrategiesSummaryExam EssentialsReview QuestionsChapter 13: Web Servers and ApplicationsExploring the Client-Server RelationshipSummaryExam EssentialsReview QuestionsChapter 14: SQL InjectionIntroducing SQL InjectionSummaryExam EssentialsReview QuestionsChapter 15: Hacking Wi-Fi and BluetoothWhat Is a Wireless Network?SummaryExam EssentialsReview QuestionsChapter 16: Mobile Device SecurityMobile OS Models and ArchitecturesGoals of Mobile SecurityDevice Security ModelsCountermeasuresSummaryExam Essentials

Review QuestionsChapter 17: EvasionHoneypots, IDSs, and FirewallsSummaryExam EssentialsReview QuestionsChapter 18: Cloud Technologies and SecurityWhat Is the Cloud?SummaryExam EssentialsReview QuestionsChapter 19: Physical SecurityIntroducing Physical SecuritySummaryExam EssentialsReview QuestionsAppendix A: Answers to Review QuestionsChapter 1: Introduction to Ethical HackingChapter 2: System FundamentalsChapter 3: CryptographyChapter 4: FootprintingChapter 5: ScanningChapter 6: EnumerationChapter 7: System HackingChapter 8: MalwareChapter 9: SniffersChapter 10: Social EngineeringChapter 11: Denial of ServiceChapter 12: Session HijackingChapter 13: Web Servers and ApplicationsChapter 14: SQL InjectionChapter 15: Hacking Wi-Fi and BluetoothChapter 16: Mobile Device SecurityChapter 17: Evasion

Chapter 18: Cloud Technologies and SecurityChapter 19: Physical SecurityAppendix B: Penetration Testing FrameworksOverview of Alternative MethodsPenetration Testing Execution StandardSummaryAppendix C: Building a LabWhy Build a Lab?Creating a Test SetupThe Installation ProcessSummaryAdvertEULA

List of TablesChapter 1Table 1.1Table 1.2Table 1.3Chapter 2Table 2.1Table 2.2Table 2.3Chapter 3Table 3.1Chapter 5Table 5.1Table 5.2Table 5.3Table 5.4Chapter 9Table 9.1Table 9.2Table 9.3Chapter 12Table 12.1Chapter 15Table 15.1Table 15.2