Skip to content
Search
Generic filters
Exact matches only

Ethical Hacking Tutorial

Course Overview

Learn everything you need to know to pass the Certified Ethical Hacker exam in under 10 hours. Understand the basics of network and Internet accessible application technologies, common discovery, and analysis techniques as well as more advanced security concepts such as malware and cryptography.

Description

The Certified Ethical Hacker (CEH) Course provides a complete overview of the topics contained in the IIEC Blueprint for the CEH exam. With 5 modules containing more than 10 hours of training, this course covers all concepts in the objectives so you can master the knowledge you need to pass the exam. The course begins with a general overview of security essentials. You then explore system, network, and web services security before diving into wireless and Internet security. This course provides the breadth of coverage necessary to learn the full security concepts behind the CEH exam. It also helps prepare you for a career as a security professional.

Topics include

Module:

  1. Ethical Hacking Foundations
  2. Systems Security
  3. Network Security
  4. Web Services Security
  5. Wireless and Internet Security

Course Requirements

Anyone interested in earning a Certified Ethical Hacker (CEH) certification.

Introduction to Ethical Hacking

Watch this hacker break into a company

Ethical  Hacking

Hacking  is illegally exploiting vulnerabilities to gather  information for  whatever reason.

Ethical  Hacking: use the  same  tools to validate the system security.

Confidentiality Integrity Availability Authenticity Non-Repudiation
The data is only readable by those authorized. The data has not changed. Data is accessible when needed. The data source is valid. The data source cannot deny its creation.

Attack vectors

Attack vectors: path by which a hacker can gain access to a host in order to deliver a payload or malicious malware.

Ethical Hacking: Attack Phases

Attack Types

Classified into 4 buckets:

  • Operating System: access exploiting a flaw in the operating system
  • Application Attacks: access exploiting a flaw in an application on a
  • Shrinkwrap Code: attack a system by using a vulnerability in a product directly after the it’s been
  • Misconfiguration: gaining access to a system by exploiting a misconfiguration.
Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

Footprinting and Recon

The goal of footprinting is gathering information about:

  • Network (DNS, IP, systems, IDS, protocols)
  • Organization (structure, websites, names)
  • Hosts (ports, using OS)

How to gather information:

Search engines

  • google, use google search operators, wikipedia, google maps for geo-info

Finding people

  • LinkedIn is an excellent tool for finding people in a company; from the name you can then find phone-numbers, websites, addresses, social network pages

Competitive intelligence

  • Gain info from victim competitors

Websites analysis

  • Using packet sniffer and developer tools, hacker can gain info about content types, OS, software version and cookies

Email tracking

  • Tools: YesWare, HubSpot, BananaTag, GetNotify, ReadNotify, WhoReadMe, MsgTag, DidTheyReadIt

Network discovery

Items to discover:

  • IP addresses → discover the IPs of an organization
    • In Kali: host apple.com
    • Then more info on the RIR (ARIN for North America, RIPE NCC for Europe)
  • Host OS → info about host Operating System using:
    • Netcraft (app online)
    • Shodan (app online)
    • Nmap (to scan yourself)
      • in Kali: nmap -A -TS scanme.nmap.org
  • Routing Paths → to know the packet route through a network
    • UDP trace route (*nix systems): traceroute 8.8.8
    • ICMP trace route (windows): tracert 8.8.8.8
    • TCP trace route: tctrace
    • Graphical Applications: OPEN VISUAL TRACE ROUTE, VISUAL ROUTE

DNS/Whois

  • Info about a domain: dig ANY google.com
  • More domain info: whois google.com

Social engineering

  • Gather info from a target through the act of physical or verbal interaction: e.g using trick questions

Employees online activities

  • Analysis of social networks: employees love sharing & analysis of online company info: open positions, services, …

Footprinting tools

Tools Website
Maltego https://www.maltego.com
Domain Name Analyzer Pro https://domainpunch.com
Web Extractor http://www.webextractor.com
dig / whois Shell
tctrace Shell
Robtex https://www.robtex.com
DNS Digger https://www.epideme.com/digger/
Sam Spade https://www.majorgeeks.com
Spiderzilla http://spiderzilla.mozdev.org
Binging https://blueinfy.com
Netmask Autonomous System Scanner (ASS) http://www.phenoelit.org/irpas/docu.html
Dig Web Interface https://www.digwebinterface.com

Footprinting countermeasures

  • Disable unnecessary services
  • Approach the system(s) as an attacker to determine what info in exposed
  • Consider using a Host Intrusion Prevention System
  • Use IPSec VPN when outside enterprise network
  • Have a security policy
  • Audit yourself
  • Educate employees

Footprinting steps

Tutorial Series: Ethical Hacking Practical - Footprinting

Scanning Networks

Network scanning is the use of a computer system to systematically probe a target network to gather information regarding system.

Port scanning: search for available services

Vulnerability scanning: check if the system is actually vulnerable

Network scanning techniques

 There are 2 main scanning techniques:

Discover Live Systems

To discover an alive host: ping 10.1.1.1

Not only ping, also ECHO REQUEST & ECHO REPLY PING SWEEP to ping an entire network, using nmap command:

nmap -sP IP NET ADDRESS /NETMASK

Discover Open Ports

In order to establish a connection and exchange data using TCP, host must first complete a three-way handshake (to synchronize sequence numbers): SYN/SYN- ACK/ACK

TCP scan techniques

Network scanning -- tools:

Network Tools Pro                           Netifera

Nmap                                                 SoftPerfect Network Scanner PRTG Network Monitor                               Advanced port Scanner

NMAP (scanning tool)

nmap -sT IP-ADDRESS → -sT stays for TCP-Connect Scan

nmap -sT -p 1-2000 -P0 IP-ADDRESS → -p 1-2000 to scan only this range of ports

-- P0 to not ping each address (by default it does ping)

nmap -V -A IP-ADDRESS → -A for OS detection

e.g. try: nmap -V -A scanme.nmap.org

Countermeasures

  • Use stateful firewalls
  • Update Intrusion Detection Systems/ Intrusion Prevention Systems
  • Scan your assets, from inside and outside
  • Filter ICMP
  • Employ HIPS with behaviour monitoring

IDS Evasion

  • Packet fragmentation
  • IP spoofing (e.g. IDLE scan)
  • Use proxy server → still detected, source concealed
  • Source Routing → still detected, source concealed

Active → probe the system (nmap, telnet, netcat) Passive → find info from other source (netcraft)

Vulnerability Scanning

Checking for the existence of vulnerabilities in a system. Several tools:

  • Saint (comercial)
  • Nessus (comercial)
  • GFI LanGuard (comercial) Other tools:

In the exam you don’t have to use them but you must be aware of they exist and their names.

Network diagramming

Drawing the network is a crucial step for understanding deeply the target.

Tools:

Tool Website
Solarwinds (comercial) https://www.solarwinds.com
ManageEngine (comercial) https://www.manageengine.com
NetBrain https://www.netbraintech.com
LANState https://www.10-strike.com/lanstate/
Spiceworks https://www.spiceworks.com
NetMapper https://support.riverbed.com/content/support/software/steelcentral-npm/it-netmapper.html
Microfocus Network Node Manager (formerly HP NNM) https://www.microfocus.com/en-us/products/network-node-manager-i-network-management-software/overview
IPsonar https://www.firemon.com/products/lumeta/

Proxies

A proxy is someone who is forwarding for you. Proxies are used to hide the source IP. Chaining proxies consists on using several successive proxies in order to obfuscate more the source.

Tools:

  • Proxy Workbench
  • Proxifier
  • Proxy Switcher
  • TOR project (onion routing)
  • The Dude (free)

TOR project (onion routing)

 

In kali: ssh -L 5900:10.1.1.20:5900 [email protected]
In Windows: Bitvise, Putty

Anonymizers

For hiding SRC traffic

For the exam, you should just be aware that they exist (you don’t have to use them).

Tools:

Tools Website
Psiphon http://www.psiphon3.com  https://s3.amazonaws.com/0ubz-2q11-gi9y/en.html
Your Freedom http://www.your-freedom.net
Privacy Pro http://privacy-pro.com
Hide My Ass! https://hidemyass.com
Zenmate https://zenmate.com
Anonymizer Universal https://anonymizer.com
Tor https://torproject.org
I2P https://geti2p.net

IP Spoofing

IP Spoofing is the technique of modifying the source IP address of a packet to appear to be a different host.
Spoofing source IPs is easy, getting a response is hard..

How to detect spoofing:

  • Time To Live (TTL) check
  • IP ID check
  • TCP flow control

Scanning steps