Wiley Publishing, Inc. CEH ™ Official Certified Ethical Hacker Review Guide Kimberly Graves 44373.book Page iii Thursday, January 18, 2007 9:18 AM 44373.book Page ii Thursday, January 18, 2007 9:18 AM CEH ™ Official Certified Ethical Hacker Review Guide 44373.book Page i Thursday, January 18, 2007 9:18 AM 44373.book Page ii Thursday, January 18, 2007 9:18 AM Wiley Publishing, Inc. CEH ™ Official Certified Ethical Hacker Review Guide Kimberly Graves 44373.book Page iii Thursday, January 18, 2007 9:18 AM Acquisitions and Development Editor: Jeff Kellum Technical Editor: Sondra Schneider Production Editor: Rachel Meyers Copy Editor: Tiffany Taylor Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Executive Publisher: Joseph B. Wikert Vice President and Publisher: Neil Edde Media Project Supervisor: Laura Atkinson Media Development Specialist: Steve Kudirka Media Quality Assurance: Angie Denny Book Designers: Judy Fung and Bill Gibson Compositor: Craig Woods, Happenstance Type-O-Rama Proofreader: Nancy Riddiough Indexer: Ted Laux Anniversary Logo Design: Richard Pacifico Cover Designer: Ryan Sneed Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN-13: 978-0-7821-4437-6 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other pro- fessional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organi- zation or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recom- mendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data is available from the publisher. TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. EC-Council, the EC-Council logo, and CEH are trademarks or registered trademarks of EC-Council. All rights reserved. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. 10 9 8 7 6 5 4 3 2 1 44373.book Page iv Thursday, January 18, 2007 9:18 AM Contents at a Glance Introduction xv Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality 1 Chapter 2 Footprinting and Social Engineering 19 Chapter 3 Scanning and Enumeration 41 Chapter 4 System Hacking 67 Chapter 5 Trojans, Backdoors, Viruses, and Worms 91 Chapter 6 Sniffers 107 Chapter 7 Denial of Service and Session Hijacking 119 Chapter 8 Hacking Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques 137 Chapter 9 SQL Injection and Buffer Overflows 151 Chapter 10 Wireless Hacking 159 Chapter 11 Physical Security 169 Chapter 12 Linux Hacking 177 Chapter 13 Evading IDSs, Honeypots, and Firewalls 187 Chapter 14 Cryptography 195 Chapter 15 Penetration Testing Methodologies 203 Glossary 213 Index 225 44373.book Page v Thursday, January 18, 2007 9:18 AM 44373.book Page vi Thursday, January 18, 2007 9:18 AM Contents Introduction xv Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality 1 Understanding Ethical Hacking Terminology 2 Identifying Different Types of Hacking Technologies 3 Understanding the Different Phases Involved in Ethical Hacking and Listing the Five Stages of Ethical Hacking 4 Phase 1: Passive and Active Reconnaissance 5 Phase 2: Scanning 5 Phase 3: Gaining Access 5 Phase 4: Maintaining Access 6 Phase 5: Covering Tracks 6 What Is Hacktivism? 6 Listing Different Types of Hacker Classes 6 Ethical Hackers and Crackers—Who Are They? 7 What Do Ethical Hackers Do? 8 Goals Attackers Try to Achieve 8 Security, Functionality, and Ease of Use Triangle 9 Defining the Skills Required to Become an Ethical Hacker 10 What Is Vulnerability Research? 10 Describing the Ways to Conduct Ethical Hacking 11 Creating a Security Evaluation Plan 11 Types of Ethical Hacks 12 Testing Types 12 Ethical Hacking Report 13 Understanding the Legal Implications of Hacking 13 Understanding 18 U.S.C. § 1029 and 1030 U.S. Federal Law 14 Exam Essentials 14 Review Questions 16 Answers to Review Questions 18 Chapter 2 Footprinting and Social Engineering 19 Footprinting 20 Define the Term Footprinting 20 Describe the Information Gathering Methodology 21 Describe Competitive Intelligence 22 Understand DNS Enumeration 23 Understand Whois and ARIN Lookups 24 Identify Different Types of DNS Records 27 Understand How Traceroute Is Used in Footprinting 28 44373.book Page vii Thursday, January 18, 2007 9:18 AM [...]... scope of the exams or related EC-Council programs, refer to the EC-Council website at www.eccouncil.org Who Should Buy This Book? CEH: Official Certified Ethical Hacker Review Guide is designed to be a succinct, portable exam review guide that can be used either in conjunction with a more complete study program, computer-based training courseware, or classroom/lab environment, or as an exam review tool... Hacker Classes Hackers can be divided into three groups: white hats, black hats, and grey hats Ethical hackers usually fall into the white-hat category, but sometimes they’re former grey hats who have become security professionals and who use their skills in an ethical manner White hats White Hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes White-hat hackers... problem” to calling the police to arrest the selfproclaimed ethical hacker Being able to identify the types of hackers is important, but determining the differences is equally—if not more—important We’ll look at this in the following sections Ethical Hackers and Crackers—Who Are They? Many people ask, “Can hacking be ethical? ” Yes! Ethical hackers are usually security professionals or network penetration... the hacker and to define the terms that will be tested on the Certified Ethical Hacker (CEH) exam Understanding Ethical Hacking Terminology Being able to understand and define terminology is an important part of a CEH’s responsibility In this section, we’ll discuss a number of terms you need to be familiar with A threat is an environment or situation that could lead to a potential breach of security Ethical. .. objectives Exam objectives are subject to change at any time without prior notice and at EC-Council’s sole discretion Please visit the CEH Certification page of EC-Council’s website ( www.eccouncil.org /312-50. htm) for the most current listing of exam objectives Ethics and Legality Understand ethical hacking terminology Define the job role of an ethical hacker Understand the different phases involved in ethical. .. Certified Ethical Hacker Review Guide 44373.book Page xxiv Thursday, January 18, 2007 9:18 AM 44373.book Page 1 Friday, January 12, 2007 6:58 PM Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER: Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the Different Phases Involved in Ethical. .. is a malicious hacker What Do Ethical Hackers Do? Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers: They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker can do with that information This process of testing the security of a system or network is known as a penetration test Hackers break into... Modules Understand Linux Hardening Methods Exam Essentials Review Questions Answers to Review Questions Chapter 13 178 179 180 180 181 182 183 185 Evading IDSs, Honeypots, and Firewalls 187 List the Types of Intrusion Detection Systems and Evasion Techniques List the Firewall Types and Honeypot Evasion Techniques Exam Essentials Review Questions Answers to Review Questions Chapter 14 Cryptography Overview... Stages of Ethical Hacking What Is Hacktivism? Listing Different Types of Hacker Classes Defining the Skills Required to Become an Ethical Hacker What Is Vulnerability Research? Describing the Ways to Conduct Ethical Hacking Understanding the Legal Implications of Hacking Understanding 18 U.S.C § 1029 and 1030 U.S Federal Law 44373.book Page 2 Friday, January 12, 2007 6:58 PM Most people think hackers... Algorithms Exam Essentials Review Questions Answers to Review Questions Chapter 15 Penetration Testing Methodologies Defining Security Assessments Overview of Penetration Testing Methodologies List the Penetration Testing Steps Overview of the Pen-Test Legal Framework List the Automated Penetration Testing Tools Overview of the Pen-Test Deliverables Exam Essentials Review Questions Answers to Review Questions . Hacktivism? 6 Listing Different Types of Hacker Classes 6 Ethical Hackers and Crackers—Who Are They? 7 What Do Ethical Hackers Do? 8 Goals Attackers Try to. the exams or related EC-Council programs, refer to the EC-Council website at www.eccouncil.org . Who Should Buy This Book? CEH: Official Certified Ethical