CEH (Certified Ethical Hacker)
Published in Arna, 2020
| Information Book | |
|---|---|
| Book Name | CEH(Certified Ethical Hacker) |
| Authors | M.H.Mohammadi, S.Y.Moradi, M.Siampour |
| language | Persian |
| Printed in the | IRAN |
| Publisher | Arna |
| First Printing Edition | Jun 2021 |
| Print Length | 271 |
| ISBN | 978-622-291-040-2 |
Introduction:
One of the most famous and practical security documents is the CEH certificate or the specialized certificate of legal hackers. The CEH certification is a security certification to assess individuals’ skills in securing enterprise systems and networks and help them counter hacker attacks and intrusions. In this course, people will become familiar with hacking techniques and methods and security checklists. They will be able to check systems and networks’ security status to identify and eliminate their weaknesses.
The book in front of you is a translation of the official CEH book and educational slides related to this degree and some personal experiences of the authors. Efforts have been made to make the text of the book as fluent as possible so that its primary purpose, which is to convey the message, is adequately fulfilled.
Contents
- Chapter 1: Introduction to Legal Hacking
- Chapter 2: Information gathering and social engineering
- Chapter 3: Scanning and enumeration
- Chapter 4: Hack system
- Chapter 5: Worm, Virus, Backdoor, Trojan
- Chapter 6: Sniffers
- Chapter 7: Denial of Service and Session hijacking
- Chapter 8: Hacking web servers, vulnerabilities in web applications, web-based password cracking techniques
- Chapter 9: SQL Injection and Buffer Overflo
- Chapter 10: Hack wireless networks
- Chapter 11: Physical security
- Chapter 12: Hack Linux
- Chapter 13: Avoiding IDSs, Honeypots and Firewalls
- Chapter 14: Cryptography
- Chapter 15: Penetration testing methods
Chapter 1
Introduction to Legal Hacking
Most people think that hackers have high skills and knowledge that can hack computer systems and find vulnerabilities. A good hacker only needs to know how a computer system works and what tools are used to find security vulnerabilities.
This chapter introduces the world of legitimate hackers. Legal hacking is a type of hacking that is done with an organizational license and to increase security.
🔹 Topics in this chapter include
| Chapter 1 | ||
|---|---|---|
| 1-1 Introduction | 1-7 Who are the legitimate hackers and crackers? | 1-13 Types of lawful attacks |
| 1-2 Technical vocabulary | 1-8 Attacker targets | 1-14 Types of tests |
| 1-3 Different types of hacking technologies | 1-9 Triangle of safety, performance and ease of use | 1-15 Test without knowledge (Black box) |
| 1-4 Five different stages of legal hacking | 1-10 What is vulnerability research? | 1-16 Test with full knowledge (White box) |
| 1-5 What is Hacktivism? | 1-11 Legitimate hacking methods | 1-17 Test with partial knowledge (Gray box) |
| 1-6 Types of hackers | 1-12 Security Assessment Program | 1-18 Report a legitimate hack |
Chapter 2
Information gathering and social engineering
This chapter discusses the first part of the hacking process, which is footprinting. Footprinting is the process of gathering all the information available about an organization. This information can be used for the hacking process. Sometimes, this information is also used for social engineering.
In this chapter, we will explain both hacking methods in detail.
🔹 Topics in this chapter include
| Chapter 2 | ||
|---|---|---|
| 2-1 Introduction | 2-9 Find the network address range | 2-17 What are the common types of attacks? |
| 2-2 Footprinting | 2-10 Identify types of DNS records | 2-18 Human-based social engineering |
| 2-3 Definition of Footprinting | 2-11 How traceroute works in footprinting | 2-19 Computer-based social engineering |
| 2-4 Data collection methodologies | 2-12 Use Email Tracking | 2-20 Internal attacks |
| 2-5 DNS Enumeration | 2-13 How Web Spiders work | 2-21 Phishing attacks |
| 2-6 DNSstuff and Nslookup | 2-14 Steps to do Footprinting | 2-22 URL obfuscation |
| 2-7 The concept of ARIN Lookup and Whois | 2-15 Social Engineering | 2-23 Prevention of social engineering |
| 2-8 Whois output analysis | 2-16 What is social engineering? |
Chapter 3
Scanning and enumeration
Scanning and enumeration are the first steps in hacking. After the scan, the enumeration phase begins, which involves identifying computers, user accounts, and shared resources.
Scanning and enumeration are discussed together because many hacking tools do both.
🔹 Topics in this chapter include
| Chapter 3 | ||
|---|---|---|
| 3-1 Introduction | 3-11 Scans FIN, IDLE, NULL, XMAS, Stealth, SYN | 3-21 IP Spoofing Techniques |
| 3-2 Scan | 3-12 Types of TCP communication flags | 3-22 Enumeration |
| 3-3 Port scan, network scan, vulnerability scan | 3-13 Floppy Scan | 3-23 Null Session |
| 3-4 Scan methodology | 3-14 War-Dialing Techniques | 3-24 Counter Null Session |
| 3-5 Ping Sweep Techniques | 3-15 Banner Grabbing and OS Identification Techniques | 3-25 What is SNMP Enumeration? |
| 3-6 Detect Ping Sweeps | 3-16 Draw a network diagram of vulnerable devices | 3-26 Dealing with SNMP enumeration |
| 3-7 Scan ports and identify services | 3-17 How are proxy servers used in an attack? | 3-27 DNS Zone Transfer in Windows 2000 |
| 3-8 Deal with port scanning | 3-18 How do anonymizers work? | 3-28 What are the steps in enumeration? |
| 3-9 Nmap command switch | 3-19 HTTP Tunneling Techniques | |
| 3-10 HPING2 | 3-20 Httptunnel tool for Windows |
Chapter 4
Hack system
In this chapter, we will discuss the various aspects of system hacking. Recall that the hacking cycle consists of six stages. This chapter will discuss the other five steps of the hacking wheel, which include breaking the password, increasing the access level, running programs, hiding files, and clearing traces.
🔹 Topics in this chapter include
| Chapter 4 | ||
|---|---|---|
| 4-1 Introduction | 4-12 Types of passwords | 4-23 Buffer Overflows |
| 4-2 Password breaking techniques | 4-13 Passive Online Attacks | 4-24 Rootkits |
| 4-3 LanManager Hash | 4-14 Active Online Attacks | 4-25 Install Rootkit on Windows 2000 and xp |
| 4-4 LanManager Hash | 4-15 Guess the password automatically | 4-26 Dealing with Rootkits |
| 4-5 Comparison of LM, NTLM v1 & NTLM v2 LM protocols | 4-16 Deal with password guessing | 4-27 Hide files |
| 4-6 Break Windows 2000 passwords | 4-17 Offline attacks | 4-28 NTFS File Streaming |
| 4-7 Navigate the SMB Logon to the attacker | 4-18 Pre-Computed Hashes | 4-29 Counter NTFS Stream |
| 4-8 SMB Relay MITM attacks and counter | 4-19 Nonelectronic attacks | 4-30 Steganography technologies |
| 4-9 Dealing with password breaking | 4-20 Spyware & keyloggers techniques | 4-31 Clear footprints and documents |
| 4-10 Password change interval | 4-21 Necessary accesses | 4-32 Disable Auditing |
| 4-11 Check Event Viewer Logs | 4-22 Performances | 4-33 Clear Event Log |
Chapter 5
Worm, Virus, Backdoor, Trojan
Trojans and backdoors are two ways hackers can enter a system, and there are many different types, but they all have one thing in common. Another program must install them, or the user must intervene to install them on the system. Trojans and backdoors are dangerous tools in a legitimate hacker toolkit that should be used to test the security of a networked system.
Viruses and worms can be as dangerous as trojans and backdoors. Many viruses trigger trojans and can damage the system and then open a backdoor for the hacker. This chapter discusses the similarities and differences between Trojans, backdoors, viruses, and worms. These malicious tools and codes are essential to legitimate hackers because hackers use these tools to attack systems.
🔹 Topics in this chapter include
| Chapter 5 | ||
|---|---|---|
| 5-1 Introduction | 5-8 What are the signs of a trojan attack? | 5-15 The difference between a virus and a worm |
| 5-2 Trojans and backdoors | 5-9 What is Wrapping? | 5-16 Types of viruses |
| 5-3 What is a Trojan? | 5-10 Trojan build tools | 5-17 How the virus spreads and infects the system |
| 5-4 What are overt and covert channels? | 5-11 What are the anti-malware techniques? | 5-18 An example of a simple virus |
| 5-5 Types of Trojans | 5-12 Trojan escape techniques | 5-19 Trojan build tools |
| 5-6 How do Reverse-connecting Trojans work? | 5-13 Check the file system to deal with malware | 5-20 Antivirus Bypass Techniques |
| 5-7 How Netcat Trojans Work | 5-14 Viruses and worms | 5-21 Virus detection methods |
Chapter 6
Sniffers
A sniffer is a tool for obtaining packages or frames. It eavesdrops on network traffic and shows them to the hacker as a command line with graphics. Some advanced sniffer eavesdrops on packets and can put them back together to form the original text or email.
Sniffer is used to capturing traffic sent between two systems. Depending on how the sniffer is used and security measures, the hacker can use the sniffer to detect usernames, passwords, and other confidential information posted on the network. Many hacking attacks and hacking tools require a sniffer to obtain important information from the target system. In this chapter, we will explain how sniffer works and some standard sniffer tools.
🔹 Topics in this chapter include
| Chapter 6 | ||
|---|---|---|
| 6-1 Introduction | 6-6 Capture by Ethereal and display filters | 6-11 Proxy Server DNS Poisoning |
| 6-2 Protocols prone to eavesdropping | 6-7 MAC Flooding | 6-12 DNS Cache Poisoning |
| 6-3 Active and passive eavesdropping | 6-8 DNS Poisoning | 6-13 Dealing with eavesdropping |
| 6-4 ARP Poisoning | 6-9 Intranet DNS Spoofing | |
| 6-5 MAC Duplicating | 6-10 Internet DNS Spoofing |
Chapter 7
Denial of Service and Session hijacking
A hacker tries to quickly slow down the system in a DoS attack and prevent users from using its resources. Hackers can target only one method or one network, and they usually succeed.
Session hijacking is one of the methods of hacking. Once the hacker has taken the session, it creates a temporary DoS for the end-user. After a user makes a regular session, the hacker uses session hijacking to capture the session. It can also use session hijacking to carry out a man-in-the-middle attack when the hacker is between the receiver and the client and eavesdrops on all traffic.
🔹 Topics in this chapter include
| Chapter 7 | ||
|---|---|---|
| 7-1 Introduction | 7-8 Deal with DOS & DDOS | 7-15 RST Hijacking |
| 7-2 Denial of Service | 7-9 Session Hijacking | 7-16 Blind Hijacking |
| 7-3 Types of DOS attacks | 7-10 Hijacking & Spoofing | 7-17 Risks of Session Hijacking |
| 7-4 How DDOS attacks work | 7-11 Types of Session Hijacking | 7-18 How to prevent Session Hijacking |
| 7-5 How BOTs & BOTNET work | 7-12 Sequence prediction | |
| 7-6 What is a smurf attack? | 7-13 What are the steps in Session Hijacking? | |
| 7-7 What is SYN flooding? | 7-14 TCP / IP Hijacking |
Chapter 8
Hacking web servers, vulnerabilities in web applications, web-based password cracking techniques
Web servers and web applications are highly susceptible to attack. The first reason is that web servers must be accessible via the Internet. When a web server is attacked, it provides a way for a hacker to enter the network. Not only web server software but also programs running on the webserver can be used for the attack. Because of their functionality, web servers are more accessible and less protected than other systems, so it is much easier to attack web servers.
🔹 Topics in this chapter include
| Chapter 8 | ||
|---|---|---|
| 8-1 Introduction | 8-9 Web Server Protection Checklist | 8-17 Authentication |
| 8-2 Hack web servers | 8-10 Vulnerabilities of web applications | 8-18 Types of authentication |
| 8-3 Types of web server vulnerabilities | 8-11 How web applications work | 8-19 Password |
| 8-4 Attacks on web servers | 8-12 The purpose of hacking web applications | 8-20 What is a cracker password? |
| 8-5 IIS Unicode Exploit | 8-13 Attack Anatomy | 8-21 How does a cracker password work? |
| 8-6 Patch management techniques | 8-14 Web application threats | 8-22 Attack to break the password: Category |
| 8-7 Vulnerability scanners | 8-15 Google Hacking | |
| 8-8 Web server security methods | 8-16 Web-based password cracking techniques |
Chapter 9
SQL Injection and Buffer Overflow
SQL injection and Buffer Overflow attacks are similar in that they both take place through the user’s input box. A user input box is where a user may enter their username and password on a website, add data to a URL, and search for a word in an application.
SQL injection and Buffer Overflow vulnerabilities are both caused by one problem: Invalid parameters. If developers do not spend enough time examining the variables that the user can enter, the results will be severe and unpredictable. Professional hackers can take advantage of these vulnerabilities and shut down the system or program or take a shell to execute their commands.
🔹 Topics in this chapter include
| Chapter 9 | ||
|---|---|---|
| 9-1 Introduction | 9-5 Blind SQL Injection | 9-9 Heap-based overflow buffer overflow (heap) |
| 9-2 What is SQL Injection? | 9-6 Blind SQL Injection | 9-10 How to detect buffer overflow in the program |
| 9-3 Steps to perform SQL Injection | 9-7 Buffer Overflow types and detection methods | 9-11 Buffer overflow change techniques |
| 9-4 SQL Server vulnerabilities | 9-8 Stack-based buffer overflow | 9-12 Buffer overflow prevention methods |
Chapter 10
Hack wireless networks
One of the entry points of hackers into the network is the use of wireless networks. They have many vulnerabilities due to the radio frequency nature of wireless networks and the rapid adaptation of wireless technologies for home and commercial networks.
Many wireless LANs (WLANs) are based on the IEEE 802.11 standard and its extensions such as 802.11a, 802.11b & 802.11n. The 802.11 standard has only basic security features and many weaknesses. The 802.11i extension is the latest security solution that covers 802.11 vulnerabilities. The Wi-Fi Association has introduced additional security certificates called WPA and WPA2 to bridge the gap between the original 802.11 standard and the latest 802.11i extension. In this chapter, we will discuss vulnerabilities and security solutions based on IEEE and Wi-Fi standards.
🔹 Topics in this chapter include
| Chapter 10 | ||
|---|---|---|
| 10-1 Introduction | 10-5 Wireless Network Hacking Terms | 10-9 Steps of hacking wireless networks |
| 10-2 Wireless standards | 10-6 Wireless eavesdropping and inserting SSIDs and MAC spoofing | 10-10 Methods of identifying wireless networks |
| 10-3 Wireless concepts | 10-7 Rogue Access Point (fake) | 10-11 Ways to secure wireless networks |
| 10-4 WEP and WPA authentication mechanisms and breaking techniques | 10-8 Wireless Network Hacking Techniques |
Chapter 11
Physical security
Physical security is one of the most critical parts of IT security to prevent the loss or theft of confidential and sensitive data. If an organization fails to provide adequate physical security, other technical security measures such as firewalls and IDSs can be circumvented.
There is a sentence that says, “When you log in, your network is yours.” By physically securing your network and organization, you prevent theft of equipment such as laptops or tape drives, embedding keyloggers on systems, and placing access points on the web. Physical security depends on individuals. Therefore, it is prone to social engineering attacks, such as entering a building behind an employee and not providing an ID card or key (thus, bypassing the problem of physical security).
🔹 Topics in this chapter include
| Chapter 11 | ||
|---|---|---|
| 11-1 Introduction | 11-4 What is the need for physical security? | 11-7 Physical Security Checklist |
| 11-2 Physical security breach events | 11-5 Who is responsible for physical security? | 11-8 Some physical security tools |
| 11-3 Physical security breach events | 11-6 Factors that affect physical security |
Chapter 12
Hack Linux
Linux is a popular operating system for system administrators because it is a source and allows change. Because Linux is open-source, there are several versions of it called distribution. Some of these distributions serve as a commercial operating system for clients and servers. Some of its standard distributions are Mandrake, RedHat Debian, and SUSE; some of the free versions are Gentoo and Knoppix.
The flexibility and cost of Linux, as well as the increase in the number of Linux applications, has led to the choice of Linux as the operating system of many systems. Although Linux is more secure than Windows, it has vulnerabilities that can be exploited. This chapter describes how to use Linux as an operating system and secure it to prevent an attack.
🔹 Topics in this chapter include
| Chapter 12 | ||
|---|---|---|
| 12-1 Introduction | 12-5 How to compile a Linux kernel | 12-9 Linux security methods |
| 12-2 Linux basis | 12-6 GCC compilation commands | 12-10 Linux Firewall (IPTable) |
| 12-3 Basic Linux Commands | 12-7 How to install Linux kernel modules | |
| 12-4 Linux directories | 12-8 Linux vulnerabilities |
Chapter 13
Avoiding IDSs, Honeypots and Firewalls
Intrusion detection systems (IDS), firewalls, and honeypots are security measures that assure you that a hacker cannot access your network or system. Intrusion detection systems (IDS) and firewalls are closed filtering devices and monitor traffic according to pre-written rules. Honeypot is a fake target system used as bait for a hacker to keep him from achieving valuable targets. As a security expert, you need to be familiar with how they work and how they create security.
🔹 Topics in this chapter include
| Chapter 13 | ||
|---|---|---|
| 13-1 Introduction | 13-4 Firewall | 13-7 Different types of Honeypot |
| 13-2 Types of intrusion detection systems and escape techniques | 13-5 Types of firewalls | 13-8 Honeypot location on the network |
| 13-3 Escape from IDS | 13-6 Honeypot | 13-9 Physical and virtual honeypot |
Chapter 14
Cryptography
Cryptography is the study of encryption and encryption algorithms. Encryption is the conversion of a message from exact text to ciphertext and vice versa. The purpose of encryption is to convert the data so that the eavesdropper can not read the data with someone who does not have the password—encryption to secure communications. Cryptography defines the techniques used in encryption. This chapter will explain cryptography and encryption algorithms.
🔹 Topics in this chapter include
| Chapter 14 | ||
|---|---|---|
| 14-1 Introduction | 14-3 How to generate public and private keys | 14-5 SSH |
| 14-2 Encryption and encryption techniques | 14-4 A look at the RC5 & RC4 & SHA & MD5 Blowfish & algorithms |
Chapter 15
Penetration testing methods
Penetration testing simulates a hacker attack to gain access to a network with an organization’s systems. The purpose of penetration testing is to examine an organization’s implementation and security policy: Basically, to see if the organization has adequately implemented the security criteria set out in its security policy.
A hacker who intends to gain access to an organization’s network is different from a person who performs as a pen tester and uses his knowledge to increase an organization’s network’s security without risk.
🔹 Topics in this chapter include
| Chapter 15 | ||
|---|---|---|
| 15-1 Introduction | 15-4 Penetration testing steps | 15-7 Items to be presented in the penetration test |
| 15-2 Security assessments | 15-5 Legal framework for penetration testing | |
| 15-3 Penetration testing methods | 15-6 Automated penetration testing tools |
Authors
| Order | Pic | Name | Information |
|---|---|---|---|
| The First |  | Mohammad Hossein Mohammadi | 1. Personal Website 2. LinkedIn 3. M.H.Mohammadimir2017@gmail.com |
| The Second |  | Seyed Yahya Moradi | 1. Personal Website 2. LinkedIn 3. S.YahyaMoradi@yahoo.com |
| Third |  | Milad Siampour | 1. LinkedIn 2. Miladit90@gmail.com |