Table of Contents

Introduction xxi Assessment Test xxx Chapter 1 Getting Started with Ethical Hacking 1 Hacking: A Short History 2 The Early Days of Hacking 2 Current Developments 3 Hacking: Fun or Criminal Activity? 4 The Evolution and Growth of Hacking 6 What Is an Ethical Hacker? 7 Ethical Hacking and Penetration Testing 10 Hacking Methodologies 15 Vulnerability Research and Tools 18 Ethics and the Law 18 Summary 20 Exam Essentials 20 Review Questions 21 Chapter 2 System Fundamentals 25 Exploring Network Topologies 26 Working with the Open Systems Interconnection Model 30 Dissecting the TCP/IP Suite 33 IP Subnetting 35 Hexadecimal vs. Binary 35 Exploring TCP/IP Ports 37 Domain Name System 39 Understanding Network Devices 39 Routers and Switches 39 Working with MAC Addresses 41 Proxies and Firewalls 42 Intrusion Prevention and Intrusion Detection Systems 43 Network Security 44 Knowing Operating Systems 46 Windows 46 Mac OS 47 Linux 48 Backups and Archiving 49 Summary 49 Exam Essentials 50 Review Questions 51 Chapter 3 Cryptography 55 Cryptography: Early Applications and Examples 56 History of Cryptography 57 Tracing the Evolution 58 Cryptography in Action 59 So How Does It Work? 60 Symmetric Cryptography 61 Asymmetric, or Public Key, Cryptography 62 Understanding Hashing 68 Issues with Cryptography 69 Applications of Cryptography 71 IPSec 71 Pretty Good Privacy 73 Secure Sockets Layer (SSL) 74 Summary 75 Exam Essentials 75 Review Questions 76 Chapter 4 Footprinting and Reconnaissance 81 Understanding the Steps of Ethical Hacking 82 Phase 1: Footprinting 82 Phase 2: Scanning 83 Phase 3: Enumeration 83 Phase 4: System Hacking 83 What Is Footprinting? 84 Why Perform Footprinting? 84 Goals of the Footprinting Process 85 Terminology in Footprinting 87 Open Source and Passive Information Gathering 87 Active Information Gathering 87 Pseudonymous Footprinting 88 Internet Footprinting 88 Threats Introduced by Footprinting 88 The Footprinting Process 88 Using Search Engines 89 Location and Geography 91 Social Networking and Information Gathering 91 Financial Services and Information Gathering 92 The Value of Job Sites 92 Working with E-mail 93 Competitive Analysis 94 Google Hacking 95 Gaining Network Information 96 Social Engineering: The Art of Hacking Humans 96 Summary 97 Exam Essentials 97 Review Questions 98 Chapter 5 Scanning Networks 103 What Is Network Scanning? 104 Checking for Live Systems 106 Wardialing 106 Wardriving 108 Pinging 108 Port Scanning 110 Checking for Open Ports 110 Types of Scans 112 Full Open Scan 112 Stealth Scan, or Half-open Scan 112 Xmas Tree Scan 113 FIN Scan 114 NULL Scan 114 ACK Scanning 115 UDP Scanning 115 OS Fingerprinting 116 Banner Grabbing 117 Countermeasures 118 Vulnerability Scanning 119 Drawing Network Diagrams 119 Using Proxies 120 Setting a Web Browser to Use a Proxy 121 Summary 122 Exam Essentials 122 Review Questions 123 Chapter 6 Enumeration of Services 127 A Quick Review 128 Footprinting 128 Scanning 128 What Is Enumeration? 129 Windows Basics 130 Users 130 Groups 131 Security Identifiers 132 Services and Ports of Interest 132 Commonly Exploited Services 133 NULL Sessions 135 SuperScan 136 The PsTools Suite 137 Enumeration with SNMP 137 Management Information Base 138 SNScan 139 Unix and Linux Enumeration 139 finger 140 rpcinfo 140 showmount 140 Enum4linux 141 LDAP and Directory Service Enumeration 141 Enumeration Using NTP 142 SMTP Enumeration 143 Using VRFY 143 Using EXPN 144 Using RCPT TO 144 SMTP Relay 145 Summary 145 Exam Essentials 146 Review Questions 147 Chapter 7 Gaining Access to a System 151 Up to This Point 152 System Hacking 154 Authentication on Microsoft Platforms 165 Executing Applications 169 Covering Your Tracks 170 Summary 172 Exam Essentials 173 Review Questions 174 Chapter 8 Trojans, Viruses, Worms, and Covert Channels 179 Malware 180 Malware and the Law 182 Categories of Malware 183 Viruses 184 Worms 190 Spyware 192 Adware 193 Scareware 193 Trojans 194 Overt and Covert Channels 203 Summary 205 Exam Essentials 205 Review Questions 206 Chapter 9 Sniffers 209 Understanding Sniffers 210 Using a Sniffer 212 Sniffing Tools 213 Wireshark 214 TCPdump 218 Reading Sniffer Output 221 Switched Network Sniffing 224 MAC Flooding 224 ARP Poisoning 225 MAC Spoofing 226 Port Mirror or SPAN Port 227 On the Defensive 227 Mitigating MAC Flooding 228 Detecting Sniffing Attacks 230 Exam Essentials 230 Summary 230 Review Questions 231 Chapter 10 Social Engineering 235 What Is Social Engineering? 236 Why Does Social Engineering Work? 237 Why is Social Engineering Successful? 238 Social-Engineering Phases 239 What Is the Impact of Social Engineering? 239 Common Targets of Social Engineering 240 What Is Social Networking? 241 Mistakes in Social Media and Social Networking 243 Countermeasures for Social Networking 245 Commonly Employed Threats 246 Identity Theft 250 Protective Measures 250 Know What Information Is Available 251 Summary 252 Exam Essentials 252 Review Questions 254 Chapter 11 Denial of Service 259 Understanding DoS 260 DoS Targets 262 Types of Attacks 262 Buffer Overflow 267 Understanding DDoS 271 DDoS Attacks 271 DoS Tools 273 DDoS Tools 273 DoS Defensive Strategies 276 Botnet-Specific Defenses 277 DoS Pen Testing Considerations 277 Summary 277 Exam Essentials 278 Review Questions 279 Chapter 12 Session Hijacking 283 Understanding Session Hijacking 284 Spoofing vs. Hijacking 286 Active and Passive Attacks 287 Session Hijacking and Web Apps 288 Types of Application-Level Session Hijacking 289 A Few Key Concepts 292 Network Session Hijacking 294 Exploring Defensive Strategies 302 Summary 302 Exam Essentials 303 Review Questions 304 Chapter 13 Web Servers and Web Applications 309 Exploring the Client-Server Relationship 310 The Client and the Server 311 Closer Inspection of a Web Application 311 Vulnerabilities of Web Servers and Applications 313 Common Flaws and Attack Methods 316 Summary 323 Exam Essentials 323 Review Questions 324 Chapter 14 SQL Injection 329 Introducing SQL Injection 330 Results of SQL Injection 332 The Anatomy of a Web Application 333 Databases and Their Vulnerabilities 334 Anatomy of a SQL Injection Attack 336 Altering Data with a SQL Injection Attack 339 Injecting Blind 341 Information Gathering 342 Evading Detection Mechanisms 342 SQL Injection Countermeasures 343 Summary 344 Exam Essentials 344 Review Questions 345 Chapter 15 Wireless Networking 349 What Is a Wireless Network? 350 Wi-Fi: An Overview 350 The Fine Print 351 Wireless Vocabulary 353 A Close Examination of Threats 360 Ways to Locate Wireless Networks 364 Choosing the Right Wireless Card 365 Hacking Bluetooth 365 Summary 367 Exam Essentials 368 Review Questions 369 Chapter 16 Evading IDSs, Firewalls, and Honeypots 373 Honeypots, IDSs, and Firewalls 374 The Role of Intrusion Detection Systems 374 Firewalls 379 What s That Firewall Running? 382 Honeypots 383 Run Silent, Run Deep: Evasion Techniques 383 Evading Firewalls 385 Summary 388 Exam Essentials 388 Review Questions 389 Chapter 17 Physical Security 393 Introducing Physical Security 394 Simple Controls 394 Dealing with Mobile Device Issues 397 Securing the Physical Area 401 Defense in Depth 408 Summary 409 Exam Essentials 409 Review Questions 410 Appendix A Answers to Review Questions 415 Appendix B About the Additional Study Tools 437 Index 441

About the Author

Sean-Philip Oriyano CEH, CEI, CISSP, is cofounder and vice president of Sonwell & Oriyano, LLC, an IT security consulting and training company based in Las Vegas. Oriyano is a 20-year veteran of the IT industry and is currently an instructor who specializes in infrastructure and security topics for various public and private entities. Sean has served as an IT security instructor for the US Air Force, Navy, and Army at locations both in North America and internationally.