CEH v9Certified Ethical Hacker Version 9

CEH™ Certified Ethical Hacker

Study Guide

Version 9

Sean-Philip Oriyano

Development Editor: Kim Wimpsett

Technical Editors: Raymond Blockmon, Jason McDowell, Tom Updegrove

Production Editor: Rebecca Anderson

Copy Editor: Linda Recktenwald

Editorial Manager: Mary Beth Wakefield

Production Manager: Kathleen Wisor

Executive Editor: Jim Minatel

Media Supervising Producer: Rich Graves

Book Designers: Judy Fung and Bill Gibson

Proofreader: Nancy Carrasco

Indexer: J & J Indexing

Project Coordinator, Cover: Brent Savage

Cover Designer: Wiley

Cover Image: ©Getty Images Inc./Jeremy Woodhouse

Copyright © 2016 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-25224-5

ISBN: 978-1-119-25227-6 (ebk.)

ISBN: 978-1-119-25225-2 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,

electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of

the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization

through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA

01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the

Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-

6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with

respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including

without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or

promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is

sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional

services. If professional assistance is required, the services of a competent professional person should be sought. Neither

the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is

referred to in this work as a citation and/or a potential source of further information does not mean that the author or

the publisher endorses the information the organization or Web site may provide or recommendations it may make.

Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between

when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer

Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with

standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media

such as a CD or DVD that is not included in the version you purchased, you may download this material at

http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2016934529

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley &

Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission.

CEH is a trademark of EC-Council. All other trademarks are the property of their respective owners. John Wiley & Sons,

Inc. is not associated with any product or vendor mentioned in this book.

I would like to dedicate this book to Medal of Honor recipient (and personal hero) Sgt.

Maj. (USA) Jon R. Cavaiani, who passed away some time before this book was written.

Thank you for giving me the honor to shake your hand.

Acknowledgments

Writing acknowledgements is probably the toughest part of writing a book in my opinion

as I always feel that I have forgotten someone who had to deal with my hijinks over the

past few months. Anyway, here goes.

First of all, I want to thank my Mom and Dad for all of your support over the years as well

as being your favorite son. That’s right, I said it.

I would also like to take a moment to thank all the men and women I have served with

over the years. It is an honor for this Chief Warrant Officer to serve with each of you. I

would also like to extend a special thanks to my own unit for all the work you do, you are

each a credit to the uniform. Finally, thanks to my Commander for your mentorship,

support, and faith in my abilities.

To my friends I want to say thanks for tearing me away from my computer now and then

when you knew I needed to let my brain cool off a bit. Mark, Jason, Jennifer, Fred, Misty,

Arnold, Shelly, and especially Lisa, you all helped me put my focus elsewhere for a while

before I went crazy(er).

I would also like to thank Shigeru Miyamoto for bringing the Legend of Zelda into reality.

Finally, on a more serious note, I would like to dedicate this book to Medal of Honor

recipient (and personal hero) Sgt. Maj. (USA) Jon R. Cavaiani who passed away some

time before this book was written. Thank you for giving me the honor to shake your hand.

—Sean-Philip Oriyano

Duty, Service, Honor

About the Author

Sean Oriyano (www.oriyano.com) is a seasoned security professional and entrepreneur.

Over the past 25 years he has split his time among writing, researching, consulting, and

training various people and organizations on a wide range of topics relating to both IT and

security. As an instructor and consultant, Sean has traveled all over the world, sharing his

knowledge as well as gaining exposure to many different environments and cultures

along the way. His broad knowledge and easy-to-understand manner, along with a healthy

dose of humor, have led to Sean being a regularly requested instructor.

Outside of training and consulting, Sean is also a best-selling author with many years of

experience in both digital and print media. Sean has published books for McGraw-Hill,

Wiley, Sybex, O’Reilly Media, and Jones & Bartlett. Over the last decade Sean has

expanded his reach even further by appearing in shows on both TV and radio. To date,

Sean has appeared in over a dozen TV programs and radio shows discussing various

cybersecurity topics and technologies. When in front of the camera, Sean has been noted

for his casual demeanor and praised for his ability to explain complex topics in an easy-to￾understand manner.

Outside his own business activities, Sean is a member of the military as a chief warrant

officer specializing in infrastructure and security as well as the development of

new troops. In addition, as a CWO he is recognized as a subject matter expert in his field

and is frequently called upon to provide expertise, training, and mentoring wherever

needed.

When not working, Sean is an avid obstacle course racer, having completed numerous

races, including a world championship race and a Spartan Trifecta. He also enjoys

traveling, bodybuilding, training, and developing his mixed martial arts skills plus taking

survival courses.

Sean holds many certifications and qualifications that demonstrate his knowledge and

experience in the IT field, such as the CISSP, CNDA, and Security+.

CONTENTS

Introduction

Exam 312-50 Exam Objectives

Assessment Test

Answers to Assessment Test

Chapter 1: Introduction to Ethical Hacking

Hacking: the Evolution

So, What Is an Ethical Hacker?

Summary

Exam Essentials

Review Questions

Chapter 2: System Fundamentals

Exploring Network Topologies

Working with the Open Systems Interconnection Model

Dissecting the TCP/IP Suite

IP Subnetting

Hexadecimal vs. Binary

Exploring TCP/IP Ports

Understanding Network Devices

Working with MAC Addresses

Intrusion Prevention and Intrusion Detection Systems

Network Security

Knowing Operating Systems

Backups and Archiving

Summary

Exam Essentials

Review Questions

Chapter 3: Cryptography

Cryptography: Early Applications and Examples

Cryptography in Action

Understanding Hashing

Issues with Cryptography

Applications of Cryptography

Summary

Exam Essentials

Review Questions

Chapter 4: Footprinting

Understanding the Steps of Ethical Hacking

What Is Footprinting?

Terminology in Footprinting

Threats Introduced by Footprinting

The Footprinting Process

Summary

Exam Essentials

Review Questions

Chapter 5: Scanning

What Is Scanning?

Checking for Live Systems

Checking the Status of Ports

The Family Tree of Scans

OS Fingerprinting

Countermeasures

Vulnerability Scanning

Mapping the Network

Using Proxies

Summary

Exam Essentials

Review Questions

Chapter 6: Enumeration

A Quick Review

What Is Enumeration?

About Windows Enumeration

Linux Basic

Enumeration with SNMP

Unix and Linux Enumeration

LDAP and Directory Service Enumeration

Enumeration Using NTP

SMTP Enumeration

Summary

Exam Essentials

Review Questions

Chapter 7: System Hacking

Up to This Point

System Hacking

Summary

Exam Essentials

Review Questions

Chapter 8: Malware

Malware

Overt and Covert Channels

Summary

Exam Essentials

Review Questions

Chapter 9: Sniffers

Understanding Sniffers

Using a Sniffer

Switched Network Sniffing

Summary

Exam Essentials

Review Questions

Chapter 10: Social Engineering

What Is Social Engineering?

Social Networking to Gather Information?

Commonly Employed Threats

Identity Theft

Summary

Exam Essentials

Review Questions

Chapter 11: Denial of Service

Understanding DoS

Understanding DDoS

DoS Tools