[ Certified Ethical Hacker v10 ] :: [ Module 7 ]

School for Hackers :: Red Glasses Girl
This entry is part 9 of 21 in the series [ Certified Ethical Hacker Training ]

Module 7: Social Engineering Social engineering falls into the category of non-technical attacks. For the purposes of the CEH test, remember the usual lists. Tactics: exploiting moral obligation, abusing trust, making threats, offering something for nothing, and taking advantage of ignorance. Impacts: financial loss, terrorism, privacy loss, legal problems, loss of goodwill, outright business collapse. …

[ Certified Ethical Hacker v10 ] :: [ Module 8 ] :: Denial of Service

Hacking in the dark
This entry is part 10 of 21 in the series [ Certified Ethical Hacker Training ]

Module 8: Denial of Service DoS is the tool of hacktivists and sometimes organized crime. Types of Attacks Service request flood Simply make millions of page requests, for instance. See the effects: https://www.youtube.com/watch?v=hNjdBSoIa8k SYN attack/flood: hping3 -i u1 -S -p 80 <target ip> S = SYN flag, -p 80 = port 80, -i u1 = …

[ Certified Ethical Hacker v10 ] :: [ Module 9 ] :: Session Hijacking

School for Hackers :: Red Glasses Girl
This entry is part 11 of 21 in the series [ Certified Ethical Hacker Training ]

Module 9: Session Hijacking Brute-forcing a Session ID Stealing a Session ID Calculating an ID Spoofing vs. Hijacking Be sure to recognize the difference between just lying about your IP address, and actually taking over a running user session. Cross-site scripting MitM SMB Relay attack: https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python Tools Ettercap Cain & Abel

[ Certified Ethical Hacker v10 ] :: [ Module 10 ] :: Web Servers and Applications

School for Hackers :: Red Glasses Girl
This entry is part 12 of 21 in the series [ Certified Ethical Hacker Training ]

Tools whatweb <target ip> -v # for a single target whatweb -v 192.168.0.1/24 # for a subnet ua-tester -u www.schoolforhackers.com -d M D uniscan-gui  # opens a GUI Nikto: Wikto: a website vulnerability tool: http://sectools.org/tool/wikto/ Burp Suite “Getting Started with Burp Proxy”: https://support.portswigger.net/customer/en/portal/articles/1783118-Proxy_Getting%20Started.html “Brute Force a Website Login Page with Burp Suite”: https://www.youtube.com/watch?v=25cazx5D_vw “Using Burp …

[ Certified Ethical Hacker v10 ] :: [ Module 11 ] :: SQL Injection

Glenn Norman hacking
This entry is part 13 of 21 in the series [ Certified Ethical Hacker Training ]

SQL injection Cheat sheet: https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ OWASP guide: https://www.owasp.org/index.php/SQL_Injection Dumping a complete database: http://resources.infosecinstitute.com/dumping-a-database-using-sql-injection/ Exercises 1. Log into your root-me.org account, click Challenges and click Web Server. This will get you here: https://www.root-me.org/en/Challenges/Web-Server/. Start with “SQL Injection – Authentication”. Note all the other SQL Injection challenges. Can you beat them all? 2. In either Metasploitable2 or …

[ Certified Ethical Hacker v10 ] :: [ Module 12 ] :: WiFi and Bluetooth

Image: Benjamin Caudill
This entry is part 14 of 21 in the series [ Certified Ethical Hacker Training ]

WiFi Basics SSID: the human-readable name of the network BSSID: the MAC address of the access point ESSID: the name of a network that spans multiple access points IVs: Initialization vectors, short string of bits that allow users to access the network with unique session keys PWR (as listed in airodump-ng) is a negative number …