Introduction xxi
Assessment Test xxx
Chapter 1 Getting Started with Ethical Hacking 1
Hacking: A Short History 2
The Early Days of Hacking 2
Current Developments 3
Hacking: Fun or Criminal Activity? 4
The Evolution and Growth of Hacking 6
What Is an Ethical Hacker? 7
Ethical Hacking and Penetration Testing 10
Hacking Methodologies 15
Vulnerability Research and Tools 18
Ethics and the Law 18
Summary 20
Exam Essentials 20
Review Questions 21
Chapter 2 System Fundamentals 25
Exploring Network Topologies 26
Working with the Open Systems Interconnection Model 30
Dissecting the TCP/IP Suite 33
IP Subnetting 35
Hexadecimal vs. Binary 35
Exploring TCP/IP Ports 37
Domain Name System 39
Understanding Network Devices 39
Routers and Switches 39
Working with MAC Addresses 41
Proxies and Firewalls 42
Intrusion Prevention and Intrusion Detection Systems 43
Network Security 44
Knowing Operating Systems 46
Windows 46
Mac OS 47
Linux 48
Backups and Archiving 49
Summary 49
Exam Essentials 50
Review Questions 51
Chapter 3 Cryptography 55
Cryptography: Early Applications and Examples 56
History of Cryptography 57
Tracing the Evolution 58
Cryptography in Action 59
So How Does It Work? 60
Symmetric Cryptography 61
Asymmetric, or Public Key, Cryptography 62
Understanding Hashing 68
Issues with Cryptography 69
Applications of Cryptography 71
IPSec 71
Pretty Good Privacy 73
Secure Sockets Layer (SSL) 74
Summary 75
Exam Essentials 75
Review Questions 76
Chapter 4 Footprinting and Reconnaissance 81
Understanding the Steps of
Ethical Hacking 82
Phase 1: Footprinting 82
Phase 2: Scanning 83
Phase 3: Enumeration 83
Phase 4: System Hacking 83
What Is Footprinting? 84
Why Perform Footprinting? 84
Goals of the Footprinting Process 85
Terminology in Footprinting 87
Open Source and Passive Information Gathering 87
Active Information Gathering 87
Pseudonymous Footprinting 88
Internet Footprinting 88
Threats Introduced by Footprinting 88
The Footprinting Process 88
Using Search Engines 89
Location and Geography 91
Social Networking and Information Gathering 91
Financial Services and Information Gathering 92
The Value of Job Sites 92
Working with E–mail 93
Competitive Analysis 94
Google Hacking 95
Gaining Network Information 96
Social Engineering: The Art of Hacking Humans 96
Summary 97
Exam Essentials 97
Review Questions 98
Chapter 5 Scanning Networks 103
What Is Network Scanning? 104
Checking for Live Systems 106
Wardialing 106
Wardriving 108
Pinging 108
Port Scanning 110
Checking for Open Ports 110
Types of Scans 112
Full Open Scan 112
Stealth Scan, or Half–open Scan 112
Xmas Tree Scan 113
FIN Scan 114
NULL Scan 114
ACK Scanning 115
UDP Scanning 115
OS Fingerprinting 116
Banner Grabbing 117
Countermeasures 118
Vulnerability Scanning 119
Drawing Network Diagrams 119
Using Proxies 120
Setting a Web Browser to Use a Proxy 121
Summary 122
Exam Essentials 122
Review Questions 123
Chapter 6 Enumeration of Services 127
A Quick Review 128
Footprinting 128
Scanning 128
What Is Enumeration? 129
Windows Basics 130
Users 130
Groups 131
Security Identifiers 132
Services and Ports of Interest 132
Commonly Exploited Services 133
NULL Sessions 135
SuperScan 136
The PsTools Suite 137
Enumeration with SNMP 137
Management Information Base 138
SNScan 139
Unix and Linux Enumeration 139
finger 140
rpcinfo 140
showmount 140
Enum4linux 141
LDAP and Directory Service Enumeration 141
Enumeration Using NTP 142
SMTP Enumeration 143
Using VRFY 143
Using EXPN 144
Using RCPT TO 144
SMTP Relay 145
Summary 145
Exam Essentials 146
Review Questions 147
Chapter 7 Gaining Access to a System 151
Up to This Point 152
System Hacking 154
Authentication on Microsoft Platforms 165
Executing Applications 169
Covering Your Tracks 170
Summary 172
Exam Essentials 173
Review Questions 174
Chapter 8 Trojans, Viruses, Worms, and Covert Channels 179
Malware 180
Malware and the Law 182
Categories of Malware 183
Viruses 184
Worms 190
Spyware 192
Adware 193
Scareware 193
Trojans 194
Overt and Covert Channels 203
Summary 205
Exam Essentials 205
Review Questions 206
Chapter 9 Sniffers 209
Understanding Sniffers 210
Using a Sniffer 212
Sniffing Tools 213
Wireshark 214
TCPdump 218
Reading Sniffer Output 221
Switched Network Sniffing 224
MAC Flooding 224
ARP Poisoning 225
MAC Spoofing 226
Port Mirror or SPAN Port 227
On the Defensive 227
Mitigating MAC Flooding 228
Detecting Sniffing Attacks 230
Exam Essentials 230
Summary 230
Review Questions 231
Chapter 10 Social Engineering 235
What Is Social Engineering? 236
Why Does Social Engineering Work? 237
Why is Social Engineering Successful? 238
Social–Engineering Phases 239
What Is the Impact of Social Engineering? 239
Common Targets of Social Engineering 240
What Is Social Networking? 241
Mistakes in Social Media and Social Networking 243
Countermeasures for Social Networking 245
Commonly Employed Threats 246
Identity Theft 250
Protective Measures 250
Know What Information Is Available 251
Summary 252
Exam Essentials 252
Review Questions 254
Chapter 11 Denial of Service 259
Understanding DoS 260
DoS Targets 262
Types of Attacks 262
Buffer Overflow 267
Understanding DDoS 271
DDoS Attacks 271
DoS Tools 273
DDoS Tools 273
DoS Defensive Strategies 276
Botnet–Specific Defenses 277
DoS Pen Testing Considerations 277
Summary 277
Exam Essentials 278
Review Questions 279
Chapter 12 Session Hijacking 283
Understanding Session Hijacking 284
Spoofing vs. Hijacking 286
Active and Passive Attacks 287
Session Hijacking and Web Apps 288
Types of Application–Level Session Hijacking 289
A Few Key Concepts 292
Network Session Hijacking 294
Exploring Defensive Strategies 302
Summary 302
Exam Essentials 303
Review Questions 304
Chapter 13 Web Servers and Web Applications 309
Exploring the Client–Server Relationship 310
The Client and the Server 311
Closer Inspection of a Web Application 311
Vulnerabilities of Web Servers and
Applications 313
Common Flaws and Attack Methods 316
Summary 323
Exam Essentials 323
Review Questions 324
Chapter 14 SQL Injection 329
Introducing SQL Injection 330
Results of SQL Injection 332
The Anatomy of a Web Application 333
Databases and Their Vulnerabilities 334
Anatomy of a SQL Injection Attack 336
Altering Data
