EC-Council’s Certified Ethical Hacker (CEH)
description
Transcript of EC-Council’s Certified Ethical Hacker (CEH)
![Page 1: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/1.jpg)
EC-Council’sCertified Ethical Hacker (CEH)
Richard Henson
May 2012
![Page 2: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/2.jpg)
Session 1
This will cover: Structure of the course Principles of hacking ethically CEH ethical hackers toolkit and dummy
client site “Footprinting” and reconnaissance Scanning networks
![Page 3: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/3.jpg)
Certificate of Attendance
Certificate achieved through: attending the
seminars doing the “lab”
exercises
![Page 4: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/4.jpg)
CEH qualification
Achieved through: certificate of attendance passing the examination (take any time at
recognised Pearson or Vue centres) can retake… cost: approx £120
![Page 5: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/5.jpg)
Ethical Hacking Principles
Hacking is a criminal offence in the UK covered through The Computer Misuse
Act (1990) tightened by further legislation (2006)
It can only be done ”legally” by a trained (or trainee) professional a computing student would be
considered in this context under the law
![Page 6: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/6.jpg)
Ethical Hacking principles
Even if it legal, doesn’t mean it is ethical!
Professionals only hack without permission if there is reason to believe a law is being broken if not… they must ask permission otherwise definitely unethical (and
possibly illegal)
![Page 7: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/7.jpg)
Ethical Hacking Principles
What is “hacking”? breaching a computer system without
permission How is it done?
using software tools to get through the security of the system
also called penetration testing (if done with permission…)
![Page 8: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/8.jpg)
Course Toolkit
This course provides access to penetration testing tools
Also a body of knowledge that shows how to use them… theory: covered by these slides practical: exercises provided; up to you to
work through them Together, provide the expertise to
penetration test a client’s site Dummy site: http://www.certifiedhacker.com
![Page 9: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/9.jpg)
Preparing to use the Toolkit
You’ll need to install the following on a computer to do the exercises: Windows 2008 Server (basic os) running Hyper-V Windows 7 (as VM – Virtual Machine) Windows XP (as VM) Windows 2003 Server (as VM) Backtrack and Linux (as VM)
All the Windows versions and virtual machine platform are available to download using MSDN
Guidance in CEHintro.pdf file
![Page 10: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/10.jpg)
Virtualisation (Hyper-V on Windows 2008 Server, Citrix, VMware, etc.)
The use of software to allow a piece of hardware to run multiple operating system images at the same time
Possible to run Windows OS under Mac OS
run multiple versions of Windows OS on the same PC
Enables the creation of a “virtual” (rather than actual) version of any software environment on the desktop, e.g. Operating Systems, a server, a storage device or networks, an application
![Page 11: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/11.jpg)
What and Why of Footprinting
Definition: “Gathering information about a “target” system”
Could be Passive (non-penetrative) or active Find out as much information about the digital and
physical evidence of the target’s existence as possible
need to use multiple sources… may (“black hat” hacking) need to be done secretly
![Page 12: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/12.jpg)
What to Gather
Domain Names User/Group names System Names IP addresses Employee Details/Company Directory Network protocols used & VPN start/finish Company documents Intrusion detection system used
![Page 13: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/13.jpg)
Rationale for “passive” Footprinting Real hacker may be able to gather
what they need from public sources organisation needs to know what is “out
there” Methodology:
start by finding the URL (search engine) e.g. www.worc.ac.uk
from main website, find other external-facing names
e.g. staffweb.worc.ac.uk
![Page 14: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/14.jpg)
Website Connections & History
History: use www.archive.org: The Wayback Machine
Connections: use robtex.com Business Intelligence:
sites that reveal company details e.g. www.companieshouse.co.uk
![Page 15: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/15.jpg)
More Company Information…
“Whois” & CheckDNS.com: lookups of IP/DNS combinations details of who owns a domain
name details of DNS Zones & subdomains
Job hunters websites: e.g. www.reed.co.uk www.jobsite.co.uk www.totaljobs.com
![Page 16: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/16.jpg)
People Information
Company information will reveal names
Use names in search engines Facebook LinkedIn
Google Earth reveals: company location(s)
![Page 17: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/17.jpg)
Physical Network Information (“active” footprinting or phishing)
External “probing” should be detectable by a good defence
system… (could be embarrassing!) e.g. Traceroute:
Uses ICMP protocol “echo” no TCP or UDP port
reveals names/IP addresses of intelligent hardware:
e.g. Routers, Gateways, DMZs
![Page 18: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/18.jpg)
Email Footprinting
Using the email system to find the organisation’s email names structure “passive” monitor emails sent
IP source address structure of name
“active” email sending programs : test whether email addresses actually exist test restrictions on attachments
![Page 19: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/19.jpg)
Utilizing Google etc. (“passive”)
Google: Advanced Search options: Uses [site:] [intitle:] [allintitle:]
[inurl:] In each case a search string should
follow e.g. “password”
Maltego graphical representations of data
![Page 20: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/20.jpg)
Network Layers and Hacking Schematic TCP/IP stack interacting at three of
the 7 OSI levels (network, transport, application):
TELNET FTP NFS DNS SNMP
TCP UDP
IP
SMTP
X X X X X Xports
![Page 21: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/21.jpg)
TCP & UDP ports
Hackers use these to get inside firewalls etc. Essential to know the important ones:
20, 21 ftp 80 http 389 Ldap 22 ssh 88 Kerberos 443 https 23 telnet 110 pop3 636 Ldap/SSL 25 smtp 135 smb 53 dns 137-9 NetBIOS 60 tftp 161 snmp
![Page 22: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/22.jpg)
Reconnaissance/Scanning
Three types of scan: Network (already mentioned)
identifies active hosts
Port send client requests until a suitable active port has been
found…
Vulnerability assessment of devices for weaknesses that can be exploited
![Page 23: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/23.jpg)
Scanning Methodology
Check for Live Systems Check for open ports “Banner Grabbing” Scan for vulnerabilities Draw Network diagram(s) Prepare proxies…
![Page 24: EC-Council’s Certified Ethical Hacker (CEH)](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813ac7550346895da2dc7a/html5/thumbnails/24.jpg)
Now you try it!
Download software through MSDN Set up your ethical hacking toolkit Go through lab 1 Gather evidence that you’ve done the lab Bring evidence to the June meeting…