[ CEH Training ] :: [ Day 2 ]

This entry is part 4 of 10 in the series [ Certified Ethical Hacker Training ]

Cryptography: A Starter Lesson

Symmetric, asymmetric, signatures etc.

Stage 1 of a Hack: Footprinting (formerly “Reconnaisance”)

Chapter 4
  • “Phone book” information
  • Employee names and info
  • Company/facility info
  • IP address ranges
  • Job information

Google Hacking and Google Dorking p.108 ff.

Open Source Intelligence: OSINT

Tools:

Google: Advanced Search Operators

The Google Hacking Database

Archive.org (The Wayback Machine)

Netcraft

Email tools

COMP INT tools

Command line:

nslookup

dig

whois

p0f

Maltego, of course

Stage 2 of a Hack: Scanning

  • Pings and ping sweeps
  • Port scanning
  • traceroute
Chapter 5

Port scans

Network scans

Vulnerability scans

TCP and UDP scans

nmap – https://nmap.org/, http://scanme.nmap.org/

NBname vulnerability and exploit:
http://www.cultdeadcow.com/tools/nbname.html

Videos:

“Nmap Tutorial for Beginners – 1”
https://www.youtube.com/watch?v=5MTZdN9TEO4

Note the switches: -A, -v

–> Perform the lookup exercise starting at 6:30 in the video.

“Nmap Tutorial For Beginners – 2”
https://www.youtube.com/watch?v=VFJLMOk6daQ

“Nmap Tutorial For Beginners – 3”
https://www.youtube.com/watch?v=OUQkCAHdX_g

–> Practice with the following:

-F

-sV

–open

Grep-able output:

nmap -oG - 192.168.1.0-255 -vv > results.txt

Tools:

nmap

hping3 p. 134 ff.

Angry IP

Nessus

Nexpose

Banner grabbing

Exercises

  1. Perform nmap TCP, SYN, XMAS, FIN, NULL and ACK scans against the designated target.
  2. Perform UDP scans against the target’s ports.
  3. Scan several hosts to perform OS fingerprinting on them.
  4. Perform banner grabbing on the target using first telnet, then netcat.
Chapter 6

Stage 3 of a hack: Enumeration

  • Users and Groups
  • Shares and other network services
  • Routing tables
  • DNS and machine names
  • Applications and  banners
  • Determining what auditing is in place

Tools

Command line in Windows and Linux

PsTools

Sparta – http://sparta.secforce.com/

https://tools.kali.org/information-gathering/sparta

OpenVAS: https://www.kali.org/news/kali-linux-20171-release/

Exercises

  1. Attempt a null session connection to the designated target.
  2. Attempt a zone transfer from the designated target.
  3. Find JXplorer. There is a practice server (that is usually up) at http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ . Can you figure out how to connect?
  4. Perform Exercise 7.7 on page 215: Using netcat
  5. Install Sparta on Kali. Be sure to watch the two short videos. Unleash it on the designated targets.

Homework

  1. Watch or re-watch the nmap videos above.
  2. Perform several types of scans on scanme.nmap.org. Do all scans reveal the same thing?
  3. Look closely at the nmap switches. For instance, what does the -s switch always need, and always specify?
  4. Practice forming packets with hping3. Create a Ping of Death packet.

[ CEH Training ] :: [ Day 1 ]

This entry is part 3 of 10 in the series [ Certified Ethical Hacker Training ]

Introductions

Short bios and description of experience

Assessment test

Some discussion of the CEH:
http://www.techexams.net/forums/ec-council-ceh-chfi/116310-passed-my-ceh-resit-some-thoughts-cert-ec-council-3.html

Chapter 1

Hacking in theory and practice

  1. Origins and definitions
  2. “Hacking as it was done in 1998”
  3. Deeper hacking methodology
  4. EC-Council’s definitions
  5. The role of contracts

Colors of Hats

Colors of Boxes

Scope, Terms of Engagement, etc.

Hackable Websites

Hackthissite.org: Take them up on this offer! A great learning site. https://www.hackthissite.org/

Root-me.org: There are challenges in several categories, and they’re quite good. There is no clear pathway through, though, so it’s up to your hackerly curiosity to explore your interests.
https://www.root-me.org/?lang=en

Shellterlabs: Work through a series of lessons to gain competencies in one area after another. The challenges are truly challenging. https://shellterlabs.com/en/

Chapter 2

TCP/IP models, important ports, proxies and firewalls

Chapter 3

Crypto

In-Class Exercise:

Maltego: activation and configuration

Official training videos: https://www.youtube.com/watch?v=sP-Pl_SRQVo&list=PLC9DB3E7C258CD215

Homework:

  1. Begin a Maltego investigation (graph) of yourself. Start with the Person object and expand outward to work information, email addresses etc. Every single particle of information you can gather about yourself, anyone else can too.While this kind of scanning is perfectly legal in many parts of the world (think about what ad agencies know about you), remember this critical hacker principal: Don’t attract unneeded attention.
  2. Take your first reading pass through Chapters 1, 2 and 3. Highlight liberally. Plan for using special markers in locations that directly discuss test topics (i.e. questions).

[ Certified Ethical Hacker Training ] :: [ Syllabus ]

This entry is part 2 of 10 in the series [ Certified Ethical Hacker Training ]

 SYLLABUS

Text:

Certified Ethical Hacker Exam Guide, Third Edition, by Matt Walker

# CEH v9: Certified Ethical Hacker Version 9 Study Guide 3rd Edition, by Sean-Philip Oriyano

Learning Objectives

Successful preparation to pass the EC-Council Certified Ethical Hacker exam.

Gaining a thorough familiarity with hacking tools and techniques.

Day 1

Hacking in theory and practice

Open-source intelligence research with Maltego

 

Tools:

Google

Command line

Maltego

Day 2

Stage 1 of a hack: Footprinting

Google Hacking and Google Dorking

Open Source Intelligence: OSINT

Stage 2 of a hack: Scanning

Tools:

Nmap

Hping3

Banner grabbing

Vulnerability scanning

Network mapping

Day 3

Stage 3 of a hack: Enumeration

Tools:

Command line in Windows and Linux

PsTools

Sparta

OpenVAS

Day 4

Stage 4 of a hack: System Hacking

Password cracking

Cracking cryptography

Tools:

HashCat and sample hash dumps

Day 5

Malware

Constructing trojans

Covert channels

Sniffing on the wire

Social engineering

DoS

Tools:

Wireshark

Sample VOIP capture

Tcpdump

Hping3

Day 6

Session hijacking

-LAN

-Online

-Wifi

Tools:

Ettercap

Cain & Abel

OWASP suite

Burp Suite

Day 7

SQL injection

Wifi cracking

Firewall running

Tools:

Hackthissite.org

Root-me.org

Aircrack-ng

Nmap