List of Sidebars
Module 1:
Introduction to Ethical Hacking
Module Objective
Problem Definition - Why Security?
Can Hacking Be Ethical?
Essential Terminology
Elements of Security
What Does a Malicious Hacker Do?
Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
Hacker Classes
Hacktivism
What do Ethical Hackers do?
Skill Profile of an Ethical Hacker
How do they go about it?
Modes of Ethical Hacking
Security Testing
Deliverables
Computer Crimes and Implications
Legal Perspective (US Federal Law)
Section 1029
Penalties
Section 1030 - (a) (1) (2) (A) (B) (C) (3) (4) (5) (A) (B) (6) (7)
Penalties
Summary
Module 2:
Footprinting
Scenario
Module Objectives
Revisiting Reconnaissance
Defining Footprinting
Information Gathering Methodology
Unearthing Initial Information
Whois
Nslookup
Scenario
Locate the Network Range
ARIN
Screenshot: ARIN Whois Output
Traceroute
Tool: NeoTrace (Now McAfee Visual Trace)
Tool: VisualRoute Trace
Tool: SmartWhois
Scenario
Tool: VisualLookout
Tool: VisualRoute Mail Tracker
Screenshot: VisualRoute Mail Tracker
Tool: eMailTrackerPro
Summary
Module 3:
Scanning
Scenario
Module Objectives
Detecting 'Live' Systems On Target Network
War Dialers
War Dialer
Tool: THC Scan
Ping
Tool: Pinger
Detecting Ping Sweeps
Discovering services running/ listening on target systems.
TCP three-way handshake
Understanding Port Scanning Techniques
Port Scanning Techniques
Tool: ipEye, IPSecScan
Tool: NetScan Tools Pro 2003
Tool: Super Scan
Tool: NMap (Network Mapper)
Active Stack Fingerprinting
Passive Fingerprinting
Cheops
SocksChain
Proxy Servers
Anonymizers
Bypassing Firewall using Httptunnel
HTTPort
Summary
Module 4:
Enumeration
Module Objective
What is Enumeration
Net Bios Null Sessions
So What's the Big Deal?
Null Session Countermeasure
NetBIOS Enumeration
Hacking Tool:DumpSec
Hacking Tool: NAT
SNMP Enumeration
SNMPutil example
Tool: IP Network Browser
SNMP Enumeration Countermeasures
Windows 2000 DNS Zone transfer
Blocking Win 2k DNS Zone transfer
Identifying Accounts
Hacking Tool: Enum
Hacking tool: Userinfo
Hacking Tool: GetAcct
Active Directory Enumeration
AD Enumeration countermeasures
Summary
Module 5:
System Hacking
Module Objective
Administrator Password Guessing
Performing automated password guessing
Tool: Legion
Hacking tool: NTInfoScan (now CIS)
Password guessing Countermeasures
Monitoring Event Viewer Logs
Password Sniffing
Hacking Tool: LOphtcrack
Hacking Tool: KerbCrack
Privilege Escalation
Tool: GetAdmin
Tool: hk.exe
Manual Password Cracking Algorithm
Automatic Password Cracking Algorithm
Password Types
Types of Password Attacks
Cracking NT/2000 passwords
Redirecting SMB Logon to the Attacker
Hacking Tool: SMB Relay
SMBRelay man-in-the-middle Scenario
SMBRelay Weakness & Countermeasures
Hacking Tool: SMB Grind
Hacking Tool: SMBDie
Hacking Tool: NBTDeputy
NetBIOS DoS Attack
Hacking Tool: John the Ripper
What is LanManager Hash?
Password Cracking Countermeasures
Keystroke Loggers
Spy ware: Spector (www.spector.com)
Hacking Tool: eBlaster (www.spector.com)
IKS Software Keylogger
Hacking Tool: Hardware Key Logger (www.keyghost.com)
Anti Spector (www.antispector.de)
Hacking Tool: RootKit
Planting the NT/2000 Rootkit
Rootkit Countermeasures
Covering Tracks
Disabling Auditing
Clearing the Event log
Tool: elsave.exe
Hacking Tool: WinZapper
Evidence Eliminator
Hiding Files
Creating Alternate Data Streams
Tools: ADS creation and detection
NTFS Streams countermeasures
Stealing Files using Word Documents
Field Code Counter measures
What is Steganography?
Tool: Image Hide
Tool: Mp3Stego
Tool: Snow.exe
Tool: Camera/Shy
Steganography Detection
Tool: dskprobe.exe
Buffer overflows
Outlook Buffer Overflow
List of Buffer Overflow Cases
Protection against Buffer Overflows
Summary
Module 6:
Trojans and Backdoors
Cheat Sheets
Module Objectives
Trojans and Backdoors
Working of Trojans
Various Trojan Genre
Modes of Transmission
Tool: QAZ
Hacking Tool:Tini
Tool: Netcat
Tool: Donald Dick
Tool: SubSeven
Tool: Back Oriffice 2000
Back Oriffice Plug-ins
Tool: NetBus
Wrappers
Tool: Graffiti.exe
Tool: EliteWrap
Tool: IconPlus
Tool: Restorator
Packaging Tool: WordPad
Infecting via CD-ROM
Hacking Tool: Whack-A-Mole
BoSniffer
Hacking Tool: Firekiller 2000
ICMP Tunneling
Hacking Tool: Loki
Loki Countermeasures
Reverse WWW Shell - Covert channels using HTTP
Backdoor Countermeasures
Tool: fPort
Tool: TCPView
Process Viewer
Inzider - Tracks Processes and Ports
Hacking Tool: Senna Spy
Hacking Tool: Hard Disk Killer (HDKP4.0)
System File Verification
Tool: Tripwire
Tool: Beast
Summary
Module 7:
Sniffers
Module Objectives
Sniffers - An Introduction
Security Concern
Tool: Ethereal
Tool: Snort
Tool: Windump
Tool: Etherpeek
Passive Sniffing
Active Sniffing
EtherFlood
dsniff
ARP Spoofing
Sniffing HTTPS and SSH
Man in the Middle Attack
Macof, MailSnarf, URLSnarf, WebSpy
Ettercap
SMAC
Mac Changer
Iris
NetIntercept
DNS Sniffing and Spoofing
WinDNSSpoof
Summary
Module 8:
Denial of Service
Module Objective
It's Real
What is a Denial Of Service Attack?
Types of denial of service attacks
What is Distributed Denial of Service Attacks
Ping of Death
Hacking Tool: SSPing
Hacking Tool: Land Exploit
Hacking Tool: Smurf
SYN Flood
Hacking Tool: WinNuke
Hacking Tool: Jolt2
Hacking Tool: Bubonic.c
Hacking Tool: Targa
Tools for running DDOS Attacks
DDOS - Attack Sequence
Trinoo
Hacking Tool: Trinoo
TFN
Hacking Tool: TFN2K
Hacking Tool: Stacheldraht
Preventing DoS Attacks
Preventing the DDoS
Common IDS systems
Use Scanning Tools
Summary
Module 9:
Social Engineering
Module Objective
What is Social Engineering?
Art of Manipulation.
Human Weakness
Common Types of Social Engineering
Human based - Impersonation
Example
Example
Computer Based Social Engineering
Reverse Social Engineering
Policies and Procedures
Security Policies - Checklist
Summary
Module 10:
Session Hijacking
Module Objective
Understanding session hijacking
Spoofing Vs Hijacking
Spoofing Vs Hijacking
Steps in Session Hijacking
Types of session Hijacking
Sequence Numbers
Programs that perform Session Hijacking
Hacking Tool: Juggernaut
Hacking Tool: Hunt
Hacking Tool: TTY Watcher
Hacking Tool: IP watcher
T-Sight
Remote TCP Session Reset Utility
Protecting against Session Hijacking
Summary
Module 11:
Hacking Web Servers
Module Objective
How Web Servers Work
Popular Web Servers and Common Security Threats
Apache Vulnerability
Attacks against IIS
IIS Components
ISAPI DLL Buffer Overflows
IPP Printer Overflow
Hacking Tool: IISHack.exe
IPP Buffer Overflow Countermeasures
ISAPI DLL Source disclosures
ISAPI.DLL Exploit
IIS Directory Traversal
Unicode
IIS Logs
Hacking Tool: IISxploit.exe
Hacking Tool: execiis-win32.exe
Hacking Tool: Unicodeuploader.pl
Hacking Tool: cmdasp.asp
Escalating Privileges on IIS
Hacking Tool: iiscrack.dll
Hacking Tool: ispc.exe
Unspecified Executable Path Vulnerability
Hacking Tool: CleanIISLog
File System Traversal Counter measures
Solution: UpdateExpert
cacls.exe utility
Network Tool: Whisker
Network Tool: Stealth HTTP Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
Countermeasures
Summary
Module 12:
Web Application Vulnerabilities
Module Objectives
Understanding Web Application Security
Common Web Application Vulnerabilities
Web Application Penetration Methodologies
Hacking Tool: Instant Source
Hacking Tool: Lynx
Hacking Tool: Wget
Hacking Tool: Black Widow
Hacking Tool: WebSleuth
Hidden Field Manipulation
Input Manipulation
What is Cross Side Scripting (XSS)?
XSS Countermeasures
Authentication And Session Management
Traditional XSS Web Application Hijack Scenario - Cookie stealing
Hacking Tool: Helpme2.pl
Hacking Tool: WindowBomb
Hacking Tool: IEEN
Summary
Module 13:
Web Based Password Cracking Techniques
Module Objective
Basic Authentication
Digest Authentication
NTLM Authentication
Certificate Based Authentication
Microsoft Passport Authentication
Forms-Based Authentication
Hacking Tool: WinSSLMiM
Password Guessing
Hacking Tool: WebCracker
Hacking Tool: Brutus
Hacking Tool: ObiWan
Hacking Tool: Munga Bunga
Dictionary Maker
Hacking Tool: PassList
Query String
Hacking Tool: cURL
Cookies
Hacking Tool: ReadCookies.html
Hacking Tool: Revelation
Summary
Module 14:
SQL Injection
Module Objective
Introduction - SQL Injection
OLE DB Errors
Input Validation attack
Login Guessing & Insertion
Shutting Down SQL Server
Extended Stored Porcedures
SQL Server Talks!
Hacking Tool: SQLDict
Hacking Tool: SQLExec
Hacking Tool: sqlbf
Hacking Tool: SQLSmack
Hacking Tool: SQL2.exe
Preventive Measures
Summary
Module 15:
Hacking Wireless Networks
Module Objective
Introduction to Wireless Networking
What is 802.11X ?
Setting Up WLAN
SSIDs
What is WEP?
MAC Sniffing & AP Spoofing
Denial of Service attacks
Hacking Tool: NetStumbler
Hacking Tool: AiroPeek
Hacking Tool: Airsnort
Hacking Tool: Kismet
WEPCrack
Other Tools
WIDZ, Wireless Intrusion Detection System
Securing Wireless Networks
Out of the box security
Radius: used as additional layer in the security
Maximum Security: Add VPN to Wireless LAN
Summary
Module 16:
Viruses
Module Objective
W32.CIH.Spacefiller (a.k.a chernobyl)
Win32/Explore.Zip Worm
I Love You Virus
What is SQL Insertion Vulnerability?
Melissa Virus
Pretty Park
BugBear Virus
Klez
SirCam Worm
Nimda Virus
Code Red Worm
Writing your own simple virus
Hacking Tool: Senna Spy Internet Worm Generator 2000
MS Blaster
Anti-Virus Software
Summary
Module 17:
Novell Hacking
Module Objectives
Novell Netware Basics
Default Accounts and Settings
Valid Account names on Novell Netware
Hacking Tool: Chknull.exe
Access the password file in Novell Netware
Tool: NOVELBFH.EXE & NWPCRACK.EXE
Hacking Tool: Bindery.exe & BinCrack.exe
Hacking Tool: SETPWD.NLM
Other Tools
Hacking Tool: Getit
Hacking Tool: Burglar, SetPass
Hacking Tool: Spooflog, Novelffs
Hacking Tool: Gobbler
Hacking Tool: Pandora
Pandora Countermeasure
Summary
Module 18:
Linux Hacking
Module Objectives
Why Linux?
Compiling Programs in Linux
Scanning Networks
Hacking Tool: Nmap
Scanning Networks
Cheops
Port scan detection tools
Password Cracking in Linux
Hacking Tool: John the Ripper
SARA (Security Auditor's Research Assistant)
Sniffit
Hacking Tool: HPing2
Session Hijacking
Hacking Tool: Hunt
Linux Rootkits
Linux Rootkit v4 (LR4)
Rootkit Countermeasures
chkrootkit detects the following rootkits
Linux Firewall: IPChains
IPTables
Linux Tools: Application Security
Linux Tools: Intrusion Detection Systems
Linux Tools: Security Testing Tools
Linux Tools: Encryption
Linux Tools: Log and Traffic Monitors
Linux Tools: Log and Traffic Monitors
Linux Security Countermeasures
Summary
Module 19:
Evading IDS, Firewalls and Honeypots
Module Objectives
Intrusion Detection Systems (IDS)
System Integrity Verifiers (SIV)
Intrusion Detection
How does an IDS match signatures with incoming traffic?
Protocol Stack Verification
Application Protocol Verification
What happens after an IDS detects an attack?
IDS Software Vendors
Snort (http://www.snort.org)
Evading IDS Systems
Complex IDS Evasion
Hacking Tool: fragrouter
Hacking Tool: Tcpreplay
Hacking Tool: SideStep.exe
Hacking Tool: Anzen NIDSbench
Hacking Tool: ADMutate
Tools to inject strangely formatted packets on to the wire
What do I do when I have been hacked?
Hacking through firewalls
Bypassing Firewall using Httptunnel
Placing Backdoors through Firewalls
Hiding Behind Covert Channel: Loki
Hacking Tool: 007 Shell
Hacking Tool: ICMP Shell
ACK Tunneling
Hacking Tool: AckCmd
Honey pots
Honeypot Software Vendors
Honeypot-KFSensor
Summary
Module 20:
Buffer Overflows
Module Objective
Buffer Overflows
Exploitation
Stack based Buffer Overflow
Knowledge required to Program Buffer Overflow Exploits
Understanding Stacks
Understanding Assembly Language
A Normal Stack
How to detect Buffer Overflows in a program
Attacking a real Program
NOPS
How to mutate a Buffer Overflow Exploit
Once the stack is smashed..
Defense against Buffer Overflows
StackGuard
Immunix System
Vulnerability Search - ICAT
Summary
Module 21:
Cryptography
Module Objective
Public-key Cryptography
Working of Encryption
Digital Signature
RSA (Rivest Shamir Adleman)
Example of RSA algorithm
RSA Attacks
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Socket Layer)
RC5
What is SSH?
Government Access to Keys(GAK)
RSA Challenge
distributed.net
PGP Pretty Good Privacy
Hacking Tool: PGP Crack
Summary
