WIXLIB

ffirs.indd 222-07-2014 17:23:44

CEHv8Certified EthicalHacker Version 8Study Guideffirs.indd 122-07-2014 17:23:44

ffirs.indd 222-07-2014 17:23:44

CEHv8Certified EthicalHacker Version 8Study GuideSean-Philip Oriyanoffirs.indd 322-07-2014 17:23:44

Senior Acquisitions Editor: Jeff KellumDevelopment Editor: Richard MateosianTechnical Editors: Albert Whale and Robert BurkeProduction Editor: Dassi ZeidelCopy Editors: Liz Welch and Tiffany TaylorEditorial Manager: Pete GaughanVice President and Executive Group Publisher: Richard SwadleyAssociate Publisher: Chris WebbMedia Project Manager I: Laura Moss-HollisterMedia Associate Producer: Marilyn HummelMedia Quality Assurance: Doug KuhnBook Designer: Judy FungProofreader: Sarah Kaikini, Word One New YorkIndexer: Ted LauxProject Coordinator, Cover: Patrick RedmondCover Designer: WileyCover Image: Getty Images Inc./Jeremy WoodhouseCopyright 2014 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-1-118-64767-7ISBN: 978-1-118-76332-2 (ebk.)ISBN: 978-1-118-98928-9 (ebk.)No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by anymeans, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, orauthorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission shouldbe addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201)748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warrantieswith respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created orextended by sales or promotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged in rendering legal,accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the information the organization orWeb site may provide or recommendations it may make. Further, readers should be aware that Internet Web siteslisted in this work may have changed or disappeared between when this work was written and when it is read.For general information on our other products and services or to obtain technical support, please contactour Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax(317) 572-4002.Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included withstandard print versions of this book may not be included in e-books or in print-on-demand. If this book refers tomedia such as a CD or DVD that is not included in the version you purchased, you may download this material athttp://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.Library of Congress Control Number: 2014931949.TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of JohnWiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used withoutwritten permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. isnot associated with any product or vendor mentioned in this book.10 9 8 7 6 5 4 3 2 1ffirs.indd 422-07-2014 17:23:44

Dear Reader,Thank you for choosing CEHv8: Certified Ethical Hacker Version 8 Study Guide. Thisbook is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.Sybex was founded in 1976. More than 30 years later, we’re still committed to producingconsistently exceptional books. With each of our titles, we’re working hard to set a newstandard for the industry. From the paper we print on, to the authors we work with, ourgoal is to bring you the best books available.I hope you see all that reflected in these pages. I’d be very interested to hear yourcomments and get your feedback on how we’re doing. Feel free to let me know what youthink about this or any other Sybex book by sending me an e-mail at contactus@sybex.com. If you think you’ve found a technical error in this book, please visit http:sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.Best regards,Chris WebbAssociate PublisherSybex, an Imprint of Wileyffirs.indd 522-07-2014 17:23:44

ffirs.indd 622-07-2014 17:23:44

AcknowledgmentsFirst, I would like to send a big thanks out to my mom for all her support over the years aswithout her I would not be where I am today. Thank you, Mom, and I love you.Second, thanks to my support network back in Alpha Company and my classmates. All ofyou will eternally be my brothers and sisters, and it’s this man’s honor to serve with you.Next, thanks to my friend Jason McDowell. Your advice and input on some of the delicatetopics of this book was a big help.Thanks to the copy editors, Liz Welch and Tiffany Taylor, and to the proofreader SarahKaikini at Word One, for all their hard work.Finally, thanks to Jeff Kellum for your support and assistance in the making of this PZOCTQDOZHZROQOHWZKNPRLIDFLZARDOLRTD.Duty, Service, Honorffirs.indd 722-07-2014 17:23:44

About the AuthorSean-Philip Oriyano   is the owner of oriyano.com and a veteran of the IT field who hasexperience in the aerospace, defense, and cybersecurity industries. During his time in theindustry, he has consulted and instructed on topics across the IT and cybersecurity fieldsfor small clients up to the enterprise level. Over the course of his career, he has worked withthe U.S. military and Canadian armed forces and has taught at locations such as the U.S.Air Force Academy and the U.S. Naval War College.In addition to his civilian career, Sean is a member of the California State Military Reserve,where he serves as a warrant officer specializing in networking and security. In this role, heworks to support the U.S. Army and National Guard on technology issues and training.When not working, he enjoys flying, traveling, skydiving, competing in obstacle races, andcosplaying.ffirs.indd 822-07-2014 17:23:44

Contents at a GlanceIntroductionxxiAssessment TestxxxChapter 1Getting Started with Ethical HackingChapter 2System Fundamentals25Chapter 3Cryptography55Chapter 4Footprinting and Reconnaissance81Chapter 5Scanning Networks103Chapter 6Enumeration of Services127Chapter 7Gaining Access to a System151Chapter 8Trojans, Viruses, Worms, and Covert Channels179Chapter 9Sniffers209Chapter 10Social Engineering235Chapter 11Denial of Service259Chapter 12Session Hijacking283Chapter 13Web Servers and Web Applications309Chapter 14SQL Injection329Chapter 15Wireless Networking349Chapter 16Evading IDSs, Firewalls, and Honeypots373Chapter 17Physical Security393Appendix AAnswers to Review Questions415Appendix BAbout the Additional Study Tools437Indexffirs.indd 9144122-07-2014 17:23:44

ffirs.indd 1022-07-2014 17:23:44

ContentsIntroductionxxiAssessment TestxxxChapterChapterftoc.indd 1112Getting Started with Ethical Hacking1Hacking: A Short HistoryThe Early Days of HackingCurrent DevelopmentsHacking: Fun or Criminal Activity?The Evolution and Growth of HackingWhat Is an Ethical Hacker?Ethical Hacking and Penetration TestingHacking MethodologiesVulnerability Research and ToolsEthics and the LawSummaryExam EssentialsReview Questions22346710151818202021System Fundamentals25Exploring Network TopologiesWorking with the Open Systems Interconnection ModelDissecting the TCP/IP SuiteIP SubnettingHexadecimal vs. BinaryExploring TCP/IP PortsDomain Name SystemUnderstanding Network DevicesRouters and SwitchesWorking with MAC AddressesProxies and FirewallsIntrusion Prevention and Intrusion Detection SystemsNetwork SecurityKnowing Operating SystemsWindowsMac OSLinuxBackups and ArchivingSummaryExam EssentialsReview 122-07-2014 16:58:40

xiiChapterChapterftoc.indd 12Contents34Cryptography55Cryptography: Early Applications and ExamplesHistory of CryptographyTracing the EvolutionCryptography in ActionSo How Does It Work?Symmetric CryptographyAsymmetric, or Public Key, CryptographyUnderstanding HashingIssues with CryptographyApplications of CryptographyIPSecPretty Good PrivacySecure Sockets Layer (SSL)SummaryExam EssentialsReview ing and Reconnaissance81Understanding the Steps ofEthical HackingPhase 1: FootprintingPhase 2: ScanningPhase 3: EnumerationPhase 4: System HackingWhat Is Footprinting?Why Perform Footprinting?Goals of the Footprinting ProcessTerminology in FootprintingOpen Source and Passive Information GatheringActive Information GatheringPseudonymous FootprintingInternet FootprintingThreats Introduced by FootprintingThe Footprinting ProcessUsing Search EnginesLocation and GeographySocial Networking and Information GatheringFinancial Services and Information GatheringThe Value of Job SitesWorking with E-mailCompetitive AnalysisGoogle 49522-07-2014 16:58:40

ContentsGaining Network InformationSocial Engineering: The Art of Hacking HumansSummaryExam EssentialsReview QuestionsChapterChapterftoc.indd 1356xiii9696979798Scanning Networks103What Is Network Scanning?Checking for Live SystemsWardialingWardrivingPingingPort ScanningChecking for Open PortsTypes of ScansFull Open ScanStealth Scan, or Half-open ScanXmas Tree ScanFIN ScanNULL ScanACK ScanningUDP ScanningOS FingerprintingBanner GrabbingCountermeasuresVulnerability ScanningDrawing Network DiagramsUsing ProxiesSetting a Web Browser to Use a ProxySummaryExam EssentialsReview 5115116117118119119120121122122123Enumeration of Services127A Quick ReviewFootprintingScanningWhat Is Enumeration?Windows BasicsUsersGroupsSecurity IdentifiersServices and Ports of Interest12812812812913013013113213222-07-2014 16:58:40

xivChapterChapterftoc.indd 14Contents78Commonly Exploited ServicesNULL SessionsSuperScanThe PsTools SuiteEnumeration with SNMPManagement Information BaseSNScanUnix and Linux EnumerationfingerrpcinfoshowmountEnum4linuxLDAP and Directory Service EnumerationEnumeration Using NTPSMTP EnumerationUsing VRFYUsing EXPNUsing RCPT TOSMTP RelaySummaryExam EssentialsReview 2143143144144145145146147Gaining Access to a System151Up to This PointSystem HackingAuthentication on Microsoft PlatformsExecuting ApplicationsCovering Your TracksSummaryExam EssentialsReview Questions152154165169170172173174Trojans, Viruses, Worms, and Covert Channels179MalwareMalware and the LawCategories of 018218318419019219319319422-07-2014 16:58:40