snmp
Inhoud
Module 2: Footprinting and Reconnaissance .......................................................................................... 4
Information obtained in footprinting .............................................................................................. 4
Footprinting objectives & threats ................................................................................................... 5
Footprinting methodology .............................................................................................................. 6
Module 3: Scanning networks ............................................................................................................... 10
Network scanning concepts .............................................................................................................. 10
Scanning tools ................................................................................................................................... 11
Host discovery ................................................................................................................................... 12
Port and service discovery................................................................................................................. 16
OS discovery ...................................................................................................................................... 20
Scanning beyond IDS and Firewall..................................................................................................... 21
Draw network diagrams .................................................................................................................... 21
Module 04: Enumeration ...................................................................................................................... 22
Enumeration concepts ...................................................................................................................... 22
NetBIOS enumeration ....................................................................................................................... 23
Sami El Farj &
CEH SAMENVATTING
SNMP enumeration ........................................................................................................................... 24
Stan van der veen
LDAP enumeration ............................................................................................................................ 25
NTP and NFS enumeration ................................................................................................................ 26
SMTP and DNS enumeration ............................................................................................................. 27
Other enumeration techniques ......................................................................................................... 29
Enumeration countermeasures......................................................................................................... 31
Module 5: vulnerability analysis............................................................................................................ 32
Module 6: System hacking .................................................................................................................... 33
CEH Hacking Methodology (CHM)..................................................................................................... 33
System Hacking Goals........................................................................................................................ 34
Gaining Access ................................................................................................................................... 34
Password Cracking............................................................................................................................. 35
Password Recovery Tools .................................................................................................................. 37
Buffer Overflow ................................................................................................................................. 37
Escalating Privileges .......................................................................................................................... 37
Maintaining Access ............................................................................................................................ 38
Module 7: Malware threats................................................................................................................... 39
Malware concepts ............................................................................................................................. 39
, APT Concepts ..................................................................................................................................... 40
Trojan Concepts................................................................................................................................. 41
Virus and Worm Concepts................................................................................................................. 45
Filless Malware Concepts .................................................................................................................. 52
Malware analysis ............................................................................................................................... 55
Module 8: Sniffing ................................................................................................................................. 58
Sniffing Concepts ............................................................................................................................... 58
Network Sniffing ............................................................................................................................ 58
Types of Sniffing ............................................................................................................................ 58
SPAN Port ...................................................................................................................................... 60
Wiretapping ................................................................................................................................... 61
Sniffing Technique: MAC Attacks ...................................................................................................... 61
MAC Address ................................................................................................................................. 62
CAM Table ..................................................................................................................................... 62
How CAM Works ............................................................................................................................... 62
What Happens when a CAM Table is Full? ........................................................................................ 62
MAC Flooding ................................................................................................................................ 63
Switch Port Stealing........................................................................................................................... 63
Sniffing Technique: DHCP Attacks ..................................................................................................... 64
DHCP Starvation Attack ................................................................................................................. 64
Rogue DHCP Server Attack ............................................................................................................ 64
Sniffing Technique: ARP Poisoning .................................................................................................... 64
What Is Address Resolution Protocol (ARP)? ................................................................................ 65
ARP Spoofing Attack ...................................................................................................................... 65
Sniffing Technique: Spoofing Attacks ................................................................................................ 66
MAC Spoofing/Duplicating ............................................................................................................ 66
IRDP Spoofing ................................................................................................................................ 66
VLAN Hopping................................................................................................................................ 67
STP Attack .......................................................................................................................................... 67
Sniffing Technique: DNS Poisoning ................................................................................................... 68
DNS Poisoning Techniques ............................................................................................................ 68
Sniffing Tools ..................................................................................................................................... 69
Module 9: Social engineering ................................................................................................................ 70
Social engineering concepts .............................................................................................................. 70
Social engineering techniques ........................................................................................................... 71
Insider threats/attacks ...................................................................................................................... 74
, Impersonation on social networking sites ........................................................................................ 74
Identify theft...................................................................................................................................... 74
Countermeasures .............................................................................................................................. 75
Module 10: denial of service ................................................................................................................. 77
DoS/DDoS Concepts .......................................................................................................................... 77
What is a DoS Attack? ................................................................................................................... 77
What is a DDoS Attack? ................................................................................................................. 77
How do DDoS Attacks Work? ........................................................................................................ 77
DoS/DDoS Attack Techniques ........................................................................................................... 78
Basic Categories of DoS/DDoS ....................................................................................................... 78
UDP Flood Attack........................................................................................................................... 78
Ping of Death Attack ...................................................................................................................... 79
Smurf Attack .................................................................................................................................. 79
Pulse Wave .................................................................................................................................... 79
Zero-Day DDoS Attack ................................................................................................................... 79
SYN Flood Attack ........................................................................................................................... 79
Fragmentation Attack .................................................................................................................... 80
Spoofed Session Flood Attack ....................................................................................................... 81
HTTP GET/POST Attack ...................................................................................................................... 81
Slowloris Attack ............................................................................................................................. 81
UDP Application Layer Flood Attack.............................................................................................. 82
Multi-Vector Attack ....................................................................................................................... 82
Peer-to-Peer Attack ....................................................................................................................... 82
Permanent Denial-of-Service Attack ............................................................................................. 83
Distributed Reflection Denial-of-Service (DRDoS) Attack ............................................................. 83
Botnets .............................................................................................................................................. 84
Botnets .......................................................................................................................................... 84
How Does Malicious Code Propagate? ......................................................................................... 85
DoS/DDoS Attack Tools ..................................................................................................................... 86
Module 11: Session Hijacking ................................................................................................................ 87
Session hijacking concepts ................................................................................................................ 87
Application-level session Hijacking ................................................................................................... 89
Network level session hijacking......................................................................................................... 94
Countermeasures .............................................................................................................................. 96
Module 12: evading IDS, firewalls & honeypots ................................................................................. 100
Module 13: hacking web servers......................................................................................................... 112
, Module 14: hacking web applications ................................................................................................. 113
Module 15: SQL Injection .................................................................................................................... 114
SQL injection concepts .................................................................................................................... 114
Types of SQL Injection ..................................................................................................................... 117
SQL Injection Methodology ............................................................................................................. 121
SQL injection tools ........................................................................................................................... 126
Evasion techniques .......................................................................................................................... 126
Module 16: Hacking Wireless Networks ............................................................................................. 128
Wireless concepts............................................................................................................................ 128
Wireless encryption......................................................................................................................... 129
Wireless threats............................................................................................................................... 129
Wireless hacking methodology ....................................................................................................... 129
Wireless hacking tools ..................................................................................................................... 129
Bluetooth hacking ........................................................................................................................... 129
Countermeasures ............................................................................................................................ 129
Wireless security tools .................................................................................................................... 129
Module 17: hacking mobile platforms ................................................................................................ 130
Module 18: IoT hacking ....................................................................................................................... 131
Module 20: Cryptograhpy ................................................................................................................... 132
Inhoud
Module 2: Footprinting and Reconnaissance .......................................................................................... 4
Information obtained in footprinting .............................................................................................. 4
Footprinting objectives & threats ................................................................................................... 5
Footprinting methodology .............................................................................................................. 6
Module 3: Scanning networks ............................................................................................................... 10
Network scanning concepts .............................................................................................................. 10
Scanning tools ................................................................................................................................... 11
Host discovery ................................................................................................................................... 12
Port and service discovery................................................................................................................. 16
OS discovery ...................................................................................................................................... 20
Scanning beyond IDS and Firewall..................................................................................................... 21
Draw network diagrams .................................................................................................................... 21
Module 04: Enumeration ...................................................................................................................... 22
Enumeration concepts ...................................................................................................................... 22
NetBIOS enumeration ....................................................................................................................... 23
Sami El Farj &
CEH SAMENVATTING
SNMP enumeration ........................................................................................................................... 24
Stan van der veen
LDAP enumeration ............................................................................................................................ 25
NTP and NFS enumeration ................................................................................................................ 26
SMTP and DNS enumeration ............................................................................................................. 27
Other enumeration techniques ......................................................................................................... 29
Enumeration countermeasures......................................................................................................... 31
Module 5: vulnerability analysis............................................................................................................ 32
Module 6: System hacking .................................................................................................................... 33
CEH Hacking Methodology (CHM)..................................................................................................... 33
System Hacking Goals........................................................................................................................ 34
Gaining Access ................................................................................................................................... 34
Password Cracking............................................................................................................................. 35
Password Recovery Tools .................................................................................................................. 37
Buffer Overflow ................................................................................................................................. 37
Escalating Privileges .......................................................................................................................... 37
Maintaining Access ............................................................................................................................ 38
Module 7: Malware threats................................................................................................................... 39
Malware concepts ............................................................................................................................. 39
, APT Concepts ..................................................................................................................................... 40
Trojan Concepts................................................................................................................................. 41
Virus and Worm Concepts................................................................................................................. 45
Filless Malware Concepts .................................................................................................................. 52
Malware analysis ............................................................................................................................... 55
Module 8: Sniffing ................................................................................................................................. 58
Sniffing Concepts ............................................................................................................................... 58
Network Sniffing ............................................................................................................................ 58
Types of Sniffing ............................................................................................................................ 58
SPAN Port ...................................................................................................................................... 60
Wiretapping ................................................................................................................................... 61
Sniffing Technique: MAC Attacks ...................................................................................................... 61
MAC Address ................................................................................................................................. 62
CAM Table ..................................................................................................................................... 62
How CAM Works ............................................................................................................................... 62
What Happens when a CAM Table is Full? ........................................................................................ 62
MAC Flooding ................................................................................................................................ 63
Switch Port Stealing........................................................................................................................... 63
Sniffing Technique: DHCP Attacks ..................................................................................................... 64
DHCP Starvation Attack ................................................................................................................. 64
Rogue DHCP Server Attack ............................................................................................................ 64
Sniffing Technique: ARP Poisoning .................................................................................................... 64
What Is Address Resolution Protocol (ARP)? ................................................................................ 65
ARP Spoofing Attack ...................................................................................................................... 65
Sniffing Technique: Spoofing Attacks ................................................................................................ 66
MAC Spoofing/Duplicating ............................................................................................................ 66
IRDP Spoofing ................................................................................................................................ 66
VLAN Hopping................................................................................................................................ 67
STP Attack .......................................................................................................................................... 67
Sniffing Technique: DNS Poisoning ................................................................................................... 68
DNS Poisoning Techniques ............................................................................................................ 68
Sniffing Tools ..................................................................................................................................... 69
Module 9: Social engineering ................................................................................................................ 70
Social engineering concepts .............................................................................................................. 70
Social engineering techniques ........................................................................................................... 71
Insider threats/attacks ...................................................................................................................... 74
, Impersonation on social networking sites ........................................................................................ 74
Identify theft...................................................................................................................................... 74
Countermeasures .............................................................................................................................. 75
Module 10: denial of service ................................................................................................................. 77
DoS/DDoS Concepts .......................................................................................................................... 77
What is a DoS Attack? ................................................................................................................... 77
What is a DDoS Attack? ................................................................................................................. 77
How do DDoS Attacks Work? ........................................................................................................ 77
DoS/DDoS Attack Techniques ........................................................................................................... 78
Basic Categories of DoS/DDoS ....................................................................................................... 78
UDP Flood Attack........................................................................................................................... 78
Ping of Death Attack ...................................................................................................................... 79
Smurf Attack .................................................................................................................................. 79
Pulse Wave .................................................................................................................................... 79
Zero-Day DDoS Attack ................................................................................................................... 79
SYN Flood Attack ........................................................................................................................... 79
Fragmentation Attack .................................................................................................................... 80
Spoofed Session Flood Attack ....................................................................................................... 81
HTTP GET/POST Attack ...................................................................................................................... 81
Slowloris Attack ............................................................................................................................. 81
UDP Application Layer Flood Attack.............................................................................................. 82
Multi-Vector Attack ....................................................................................................................... 82
Peer-to-Peer Attack ....................................................................................................................... 82
Permanent Denial-of-Service Attack ............................................................................................. 83
Distributed Reflection Denial-of-Service (DRDoS) Attack ............................................................. 83
Botnets .............................................................................................................................................. 84
Botnets .......................................................................................................................................... 84
How Does Malicious Code Propagate? ......................................................................................... 85
DoS/DDoS Attack Tools ..................................................................................................................... 86
Module 11: Session Hijacking ................................................................................................................ 87
Session hijacking concepts ................................................................................................................ 87
Application-level session Hijacking ................................................................................................... 89
Network level session hijacking......................................................................................................... 94
Countermeasures .............................................................................................................................. 96
Module 12: evading IDS, firewalls & honeypots ................................................................................. 100
Module 13: hacking web servers......................................................................................................... 112
, Module 14: hacking web applications ................................................................................................. 113
Module 15: SQL Injection .................................................................................................................... 114
SQL injection concepts .................................................................................................................... 114
Types of SQL Injection ..................................................................................................................... 117
SQL Injection Methodology ............................................................................................................. 121
SQL injection tools ........................................................................................................................... 126
Evasion techniques .......................................................................................................................... 126
Module 16: Hacking Wireless Networks ............................................................................................. 128
Wireless concepts............................................................................................................................ 128
Wireless encryption......................................................................................................................... 129
Wireless threats............................................................................................................................... 129
Wireless hacking methodology ....................................................................................................... 129
Wireless hacking tools ..................................................................................................................... 129
Bluetooth hacking ........................................................................................................................... 129
Countermeasures ............................................................................................................................ 129
Wireless security tools .................................................................................................................... 129
Module 17: hacking mobile platforms ................................................................................................ 130
Module 18: IoT hacking ....................................................................................................................... 131
Module 20: Cryptograhpy ................................................................................................................... 132
