Ethical Hacking & Countermeasures
.pdf
Ethical Hacking &
Countermeasures
EC-Council
EthicalHacking
WhatisEthicalHacking?
With the growth of the Internet, computer secu- rity has become a major concern for businesses
t
i t
I
l
i
s
c
i
v
e
t
WhoareEthicalHackers?
“One of the best ways to evaluate an
kills. rust- 
sys- 
ation 
many 
ad to 
sibly 
, the 
any,” 
con- 
ould 
gath- 
mea- 
tems 
lves: 
ction 
nter- 
enta-
tion from clients, strong cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for
3
several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and
tha alw im on ma ner pre
Giv
go 
eth
full
W
An
cur
•W
•W
•D
te
•
•What are you trying to protect against?
•How much time, effort, and money are you willing to expend to obtain adequate protection?
Once answers to these questions have been de-
termined, a security evaluation plan is drawn up that identifi es the systems to be tested, how they should be tested, and any limitations on that testing.
“What can be the best way to help s
ing red pite -in ues hat to? ers, ack ure ills sts an eal
the security architecture is constructed, the organization does not know the real potential for external intrusion until its defenses are realistically tested.
Though companies hire specialist security fi rms
to protect their domains, the fact remains that security breaches happen due to a company’s lack of knowledge about its system. What can be the best way to help organizations or even individuals tackle hackers? The solution is students trained in the art of ethical hacking, which simply means a way of crippling the hacker’s plans by knowing the ways one can hack or break into a system. But a key impediment is the shortage of skill sets. Though you would fi nd thousands of security consultants from various companies, very few of them are actually aware of measures to counter hacker threats.
How much do Ethical Hackers get Paid?
Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting fi rms. In the United States, an ethical hacker can make upwards of $120,000 per annum. Freelance ethical hackers can expect to make $10,000 per assignment. For example, the contract amount for IBM’sEthicalHackingtypicallyrangesfrom$15,000 to $45,000 for a standalone ethical hack. Taxes and applicable travel and living expenses are extra.
Note: Excerpts taken from Ethical Hacking by C.C Palmer.
5
Certifi ed Ethical Hacker
Certifi cation
If you want to stop hackers from invading your network, fi rst you’ve got to invade
their minds.
The CEH Program certifi es individuals in the specifi c network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certifi ed Ethical Hacker certifi cation will signifi cantly benefi t security offi cers, auditors, security professionals, site administrators, and
anyone who is concerned about the integrity of the network infrastructure.
To achieve CEH certifi cation, you must pass exam 312-50 that covers the standards and language involved in common exploits, vulnerabilities and countermeasures. You must also show knowledge of the tools used by hackers in exposing common vulnerabilities as well as the tools used by security
professionals for implementing countermeasures.
To achieve the Certifi ed Ethical Hacker
Certifi cation, you must pass the following exam:
Ethical Hacking and Countermeasures (312-50)
Legal Agreement
Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misu
Not 
Trai 
appli
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only.
Course Objectives
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with
the current essential security systems. Students will begin by understanding how perimeter
work and then be lead into scanning an their own networks, no real network is h Students then learn how intruders escal es and what steps can be taken to secure Students will also learn about Intrusion Policy Creation, Social Engineering, Op Intelligence, Incident Handling and Log tation. When a student leaves this inten
class they will have hands on understan
experience in internet security.
Who should attend?
This class is a must for networking prof 
IT managers and decision-makers that 
understand the security solutions that e
Companies and organizations interested
oping greater e-commerce capability ne
that know information security. This cla
a solid foundation in the security techno
will pave the way for organizations that 
interested in reaping the benefi ts and ta
the potential of the Internet.
Prerequisites
Working knowledge of TCP/IP, Linux and Windows 2000.
Duration
5 Days
7
Course Outline
v2.3
Module 1: Ethics and
Legality
§What is an Exploit?
§The security functionality triangle
§The attacker’s process
§Passive reconnaissance
§Active reconnaissance
§Types of attacks
§Categories of exploits
§Goals attackers try to achieve
§Ethical hackers and crackers - who are they
§Self proclaimed ethical hacking
§Hacking for a cause (Hacktivism)
§Skills required for ethical hacking
§Categories of Ethical
|
Hackers |
§ |
http://tucows.com |
§ What do Ethical Hackers |
§ |
Hacking Tool: Sam |
|
|
do? |
|
Spade |
§ |
Security evaluation plan |
§ |
Analyzing Whois output |
§ Types of Ethical Hacks |
§ |
NSLookup |
|
§ |
Testing Types |
§ |
Finding the address |
|
|
|
range of the network |
§Ethical Hacking Report
§ |
Cyber Security |
§ |
ARIN |
|
|
||
|
Enhancement Act of |
§ |
Traceroute |
|
2002 |
§ |
Hacking Tool: NeoTrace |
|
|
||
§ |
Computer Crimes |
§ |
Visual Route |
|
|
||
§ Overview of US Federal |
§ |
Visual Lookout |
|
|
Laws |
||
§ |
Section 1029 |
§ |
Hacking Tool: Smart |
|
|
|
Whois |
§Section 1030
|
|
§ |
Hacking Tool: |
§ |
Hacking Punishment |
|
eMailTracking Pro |
Module 2: Footprinting |
§ |
Hacking Tool: |
|
|
MailTracking.com |
||
§ |
What is Footprinting |
Module 3: Scanning |
|
§ |
Steps for gathering |
§ |
Determining if the |
|
information |
|
system is alive? |
§ |
Whois |
§ |
Active stack |
|
|
|
fingerprinting |
8 EC-Council
§ |
Passive stack |
§ |
Hacking Tool: HTTrack |
§ |
NetBios Null Sessions |
|
|
fingerprinting |
|
Web Copier |
§ |
Null Session |
|
|
|
|
|
|||
§ |
Hacking Tool: Pinger |
§ |
Network Management |
|
Countermeasures |
|
§ |
Hacking Tool: WS_Ping_ |
|
Tools |
§ |
NetBIOS Enumeration |
|
|
|
|||||
|
Pro |
§ |
SolarWinds Toolset |
§ |
Hacking Tool: DumpSec |
|
|
|
|
|
|||
§ |
Hacking Tool: Netscan |
§ |
NeoWatch |
§ |
Hacking Tool: NAT |
|
|
Tools Pro 2000 |
§ |
War Dialing |
|||
|
|
§ |
SNMP Enumertion |
|||
§ |
Hacking Tool: Hping2 |
§ Hacking Tool: THC-Scan |
||||
|
|
§ |
SNMPUtil |
|||
§ |
Hacking Tool: icmpenum |
§ |
Hacking Tool: |
|||
|
|
§ |
Hacking Tool: IP |
|||
§ |
Detecting Ping sweeps |
|
PhoneSweep War Dialer |
|||
|
|
|
|
|
Network Browser |
|
§ |
ICMP Queries |
§ |
Hacking Tool: Queso |
§ |
SNMP Enumeration |
|
|
|
|
|
|||
§ |
Hacking Tool: |
§ |
Hacking Tool: Cheops |
|
Countermeasures |
|
|
netcraft.com |
§ |
Proxy Servers |
§ |
Windows 2000 DNS |
|
|
|
|||||
§ |
Port Scanning |
§ |
Hacking Tool: |
|
Zone transfer |
|
|
|
|
|
|||
§ |
TCPs 3-way handshake |
|
SocksChain |
§ |
Identifying Win2000 |
|
§ |
TCP Scan types |
§ |
Surf the web |
|
Accounts |
|
|
|
|||||
§ |
Hacking Tool: IPEye |
|
anonymously |
§ |
Hacking Tool: User2SID |
|
|
|
|
|
|||
§ |
Hacking Tool: |
§ |
TCP/IP through HTTP |
§ |
Hacking Tool: SID2User |
|
|
Tunneling |
|
|
|||
|
IPSECSCAN |
|
|
§ |
Hacking Tool: Enum |
|
§ |
Hacking Tool: nmap |
§ |
Hacking Tool: HTTPort |
§ |
Hacking Tool: UserInfo |
|
Module 4: Enumeration |
||||||
§ |
Port Scan |
§ |
Hacking Tool: GetAcct |
|||
|
|
|||||
|
countermeasures |
§ |
What is Enumeration |
§ |
Active Directory |
|
|
|
|
|
|||
9 EC-Council
Enumeration |
§ |
Manual Password |
§ |
SMBRelay Man-in-the- |
Module 5: System |
|
Cracking Algorithm |
|
Middle (MITM) |
|
|
|
|
|
Hacking |
§ |
Automatic Password |
§ |
SMBRelay MITM |
|
|
Cracking Algorithm |
|
Countermeasures |
§Administrator Password
|
Guessing |
§ |
Password Types |
§ |
Hacking Tool: |
§ |
Performing Automated |
§ |
Types of Password |
|
SMBGrinder |
|
|
||||
|
Password Guessing |
|
Attacks |
§ |
Hacking Tool: SMBDie |
§ |
Legion |
§ |
Dictionary Attack |
§ |
Hacking Tool: |
§ |
NTInfoScan |
§ |
Brute Force Attack |
|
NBTDeputy |
|
|
||||
§ |
Defending Against |
§ |
Distributed Brute Force |
§ |
NetBIOS DoS Attack |
|
|
||||
|
Password Guessing |
|
Attack |
§ |
Hacking Tool: nbname |
§ |
Monitoring Event Viewer |
§ |
Password Change |
§ |
Hacking Tool: John the |
|
Logs |
|
Interval |
|
Ripper |
§ |
VisualLast |
§ |
Hybrid Attack |
§ |
LanManager Hash |
§ |
Eavesdroppin on |
§ |
Cracking Windows 2000 |
§ |
Password Cracking |
|
Network Password |
|
Passwords |
|
Countermeasures |
|
Exchange |
§ |
Retrieving the SAM file |
§ |
Keystroke Logger |
|
|
||||
§ |
Hacking Tool: |
§ |
Redirecting SMB Logon |
§ |
Hacking Tool: Spector |
|
L0phtCrack |
||||
|
|
|
to the Attacker |
§ |
AntiSpector |
§ |
Hacking Tool: KerbCrack |
§ |
SMB Redirection |
||
|
|
§ |
Hacking Tool: eBlaster |
||
§ |
Privilege Escalation |
§ |
Hacking Tool: SMBRelay |
||
|
|
§ |
Hacking Tool: |
||
§ |
Hacking Tool: GetAdmin |
|
|
||
|
|
§ |
Hacking Tool: |
|
SpyAnywhere |
§ |
Hacking Tool: hk |
|
SMBRelay2 |
§ |
Hacking Tool: IKS |
|
|
|
|
10 EC-Council