CEH Certified Ethical Hacker Bundle, 5th Edition PDF

Copyright © 2022 by McGraw Hill. All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher. CEH™ Certified Ethical Hacker Bundle, Fifth Edition (ebundle) © 2022 by McGraw Hill ISBN: 978-1-264-27477-2 MHID: 1-264-27477-7 The material in this ebundle also appears in the print bundle version of this title: ISBN 978-1-264-27476-5 / MHID 1-264-27476-9: CEH™ Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition © 2022 by McGraw Hill ISBN: 978-1-264-26994-5 MHID: 1-264-26994-3 CEH™ Certified Ethical Hacker Practice Exams, Fifith Edition © 2022 by McGraw Hill ISBN: 978-1-264-26996-9 MHID: 1-264-26996-X McGraw Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative, please visit the Contact Us pages at www.mhprofessional.com. McGraw Hill is an independent entity from the International Council of E-Commerce Consultants® (EC-Council) and is not affiliated with EC-Council in any manner. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with EC-Council in any manner. This publication and accompanying media may be used in assisting students to prepare for the Certified Ethical Hacker (CEH™) exam. Neither EC-Council nor McGraw Hill warrants that use of this publication and accompanying media will ensure passing any exam. CEH is a trademark or registered trademark of EC-Council in the United States and certain other countries. All other trademarks are trademarks of their respective owners. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this publication, they have been printed with initial caps. Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and McGraw Hill (“McGraw Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. Contents Section I: CEH Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition Section II: CEH Certified Ethical Hacker Practice Exams, Fifth Edition ALL IN ONE CEH Certified ™ Ethical Hacker EXAM GUIDE Fifth Edition ABOUT THE AUTHOR Matt Walker, CEH, is an I security and education proessional, currently working rom his home in beautiul roy, Alabama. For over 20 years he has held a variety o roles in virtually the entire gamut o I security, including roles as the director o the Network raining Center and a curriculum lead/senior instructor or Cisco Networking Academy on Ramstein AB, Germany, and as a network engineer or NASA’s Secure Net- work Systems (NSS), designing and maintaining secured data, voice, and video network- ing or the agency. Matt also worked as an instructor supervisor and senior instructor at Dynetics, Inc., in Huntsville, Alabama, providing onsite certiication-awarding classes or (ISC)2, Cisco, and CompIA, and ater two years came right back to NASA as an I security manager or UNIeS, SAIC, at Marshall Space Flight Center. He has written and contributed to numerous technical training books or NASA, Air Education and raining Command, and the U.S. Air Force, as well as commercially, and he continues to train and write certiication and college-level I and IA security courses. About the Technical Editor Brad Horton currently works as an intelligence specialist with the U.S. Department o Deense. Brad has worked as a security engineer, commercial security consultant, pen- etration tester, and inormation systems researcher in both the private and public sectors. his has included work with several deense contractors, including General Dynamics C4S, SAIC, and Dynetics, Inc. Brad currently holds the Certiied Inormation Systems Security Proessional (CISSP), the CISSP – Inormation Systems Security Management Proessional (CISSP-ISSMP), the Certiied Ethical Hacker (CEH), and the Certiied Inormation Systems Auditor (CISA) trade certiications. Brad holds a bachelor’s degree in Commerce and Business Administration rom the University o Alabama, a mas- ter’s degree in Management o Inormation Systems rom the University o Alabama in Huntsville (UAH), and a graduate certiicate in Inormation Assurance rom UAH. When not hacking, Brad can be ound at home with his amily or on a local gol course. he views and opinions expressed in all portions o this publication belong solely to the author and/or editor and do not necessarily state or relect those o the Department o Deense or the United States Government. Reerences within this publication to any spe- ciic commercial product, process, or service by trade name, trademark, manuacturer, or otherwise, do not necessarily constitute or imply its endorsement, recommendation, or avoring by the United States Government. ALL IN ONE CEH Certified ™ Ethical Hacker EXAM GUIDE Fifth Edition Matt Walker New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto McGraw Hill is an independent entity rom the International Council o E-Commerce Consultants® (EC-Council) and is not aliated with EC-Council in any manner. Tis study/training guide and/or material is not sponsored by, endorsed by, or aliated with EC-Council in any manner. Tis publication and accompanying media may be used in assisting students to prepare or the Certifed Ethical Hacker (CEH™) exam. Neither EC-Council nor McGraw Hill warrants that use o this publication and accompanying media will ensure passing any exam. CEH is a trademark or registered trademark o EC-Council in the United States and certain other countries. All other trademarks are trademarks o their respective owners. Copyright © 2022 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-1-26-426995-2 MHID: 1-26-426995-1 The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-426994-5, MHID: 1-26-426994-3. eBook conversion by codeMantra Version 1.0 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benet of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com. Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. The views and opinions expressed in all portions of this publication belong solely to the author and/or editor and do not neces- sarily state or reect those of the Department of Defense or the United States Government. References within this publication to any specic commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, do not necessar- ily constitute or imply its endorsement, recommendation, or favoring by the United States Government. Some glossary terms included in this book may be considered public information as designated by The National Institute of Standards and Technology (NIST). NIST is an agency of the U.S. Department of Commerce. Please visit https://www.nist.gov for more information. TERMS OF USE This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, IN- CLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information ac- cessed through the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. Tis book is dedicated to my grandson, Walker Marshall Byrd. May your future be as bright as your smile, and always remember Grandpa is your favorite… This page intentionally left blank CONTENTS AT A GLANCE Chapter 1 Getting Started: Essential Knowledge.................................... 1 Chapter 2 Reconnaissance: Inormation Gathering or the Ethical Hacker....... 51 Chapter 3 Scanning and Enumeration.............................................. 89 Chapter 4 Snifng and Evasion..................................................... 143 Chapter 5 Attacking a System...................................................... 189 Chapter 6 Web-Based Hacking: Servers and Applications....................... 235 Chapter 7 Wireless Network Hacking.............................................. 279 Chapter 8 Mobile Communications and the IoT.................................. 305 Chapter 9 Security in Cloud Computing.......................................... 343 Chapter 10 Trojans and Other Attacks.............................................. 371 Chapter 11 Cryptography 101....................................................... 409 Chapter 12 Low Tech: Social Engineering and Physical Security................. 453 Chapter 13 The Pen Test: Putting It All Together................................... 485 Appendix A Tool, Sites, and Reerences.............................................. 503 Appendix B About the Online Content.............................................. 527 Glossary.................................................................. 531 Index...................................................................... 563 vii This page intentionally left blank CONTENTS Acknowledgments...................................... xv Introduction.......................................... xvii Chapter 1 Getting Started: Essential Knowledge........................ 1 Security 101.......................................... 2 Essentials........................................ 2 Security Basics.................................... 15 Introduction to Ethical Hacking........................... 25 Hacking erminology.............................. 26 he Ethical Hacker................................ 34 Chapter Review........................................ 42 Questions....................................... 45 Answers......................................... 48 Chapter 2 Reconnaissance: Inormation Gathering or the Ethical Hacker... 51 Footprinting.......................................... 52 Passive Footprinting............................... 54 Active Footprinting................................ 56 Footprinting Methods and ools........................... 57 Search Engines................................... 57 Website and E-mail Footprinting...................... 66 DNS Footprinting................................. 67 Network Footprinting.............................. 79 Other ools...................................... 81 Chapter Review........................................ 83 Questions....................................... 85 Answers......................................... 87 Chapter 3 Scanning and Enumeration.................................. 89 Fundamentals......................................... 90 CP/IP Networking............................... 90 Subnetting....................................... 98 Scanning Methodology.................................. 102 Identiying argets................................. 103 Port Scanning.................................... 106 Evasion......................................... 116 Vulnerability Scanning............................. 119 Enumeration.......................................... 121 Windows System Basics............................. 121 Unix/Linux System Basics........................... 123 Enumeration echniques............................ 124 ix CEH Certified Ethical Hacker All-in-One Exam Guide x Chapter Review........................................ 131 Questions....................................... 137 Answers......................................... 140 Chapter 4 Snifng and Evasion......................................... 143 Essentials............................................. 144 Network Knowledge or Sniing...................... 144 Active and Passive Sniing........................... 156 Sniing ools and echniques............................. 157 echniques...................................... 157 ools........................................... 162 Evasion.............................................. 165 Devices Aligned Against You......................... 166 Evasion echniques................................ 174 Chapter Review........................................ 180 Questions....................................... 184 Answers......................................... 187 Chapter 5 Attacking a System.......................................... 189 Getting Started........................................ 190 Windows Security Architecture....................... 190 Linux Security Architecture.......................... 198 Methodology..................................... 203 Hacking Steps......................................... 206 Authentication and Passwords........................ 207 Privilege Escalation and Executing Applications.......... 216 Hiding Files and Covering racks..................... 219 Chapter Review........................................ 226 Questions....................................... 230 Answers......................................... 232 Chapter 6 Web-Based Hacking: Servers and Applications................ 235 Web Servers.......................................... 236 Nonproit Organizations Promoting Web Security........ 236 Attack Methodology............................... 241 Web Server Architecture............................ 242 Web Server Attacks................................ 250 Attacking Web Applications.............................. 256 Application Attacks................................ 257 Countermeasures.................................. 269 Chapter Review........................................ 270 Questions....................................... 274 Answers......................................... 277 Contents xi Chapter 7 Wireless Network Hacking................................... 279 Wireless Networking.................................... 280 Wireless erminology, Architecture, and Standards........ 280 Wireless Hacking.................................. 289 Chapter Review........................................ 298 Questions....................................... 301 Answers......................................... 303 Chapter 8 Mobile Communications and the IoT......................... 305 he Mobile World..................................... 306 Mobile Vulnerabilities and Risks...................... 307 Mobile Platorms and Attacks........................ 311 Io................................................. 317 Io Architecture.................................. 318 Io Vulnerabilities and Attacks....................... 320 Io Hacking Methodology.......................... 327 O Hacking.......................................... 331 Deinition and Concepts............................ 332 Security Concerns................................. 334 Chapter Review........................................ 335 Questions....................................... 339 Answers......................................... 342 Chapter 9 Security in Cloud Computing................................. 343 Cloud Computing..................................... 344 Cloud Computing Service ypes...................... 346 Cloud Deployment Models.......................... 349 Cloud Security........................................ 352 Cloud hreats.................................... 354 Cloud Attacks and Mitigations....................... 359 Cloud Hacking................................... 360 Chapter Review........................................ 363 Questions....................................... 366 Answers......................................... 368 Chapter 10 Trojans and Other Attacks.................................... 371 he “Malware” Attacks.................................. 372 rojans......................................... 375 Viruses and Worms................................ 379 Fileless Malware................................... 385 Malware Analysis.................................. 387 Malware Countermeasures........................... 389 Remaining Attacks..................................... 391 Denial o Service.................................. 391 Session Hijacking................................. 395 Chapter Review........................................ 399 Questions....................................... 404 Answers......................................... 406 CEH Certified Ethical Hacker All-in-One Exam Guide xii Chapter 11 Cryptography 101........................................... 409 Cryptography and Encryption Overview..................... 410 erminology..................................... 410 Encryption Algorithms and echniques................. 411 PKI, the Digital Certiicate, and Digital Signatures............. 424 he PKI System.................................. 425 Digital Certiicates................................. 428 Digital Signatures................................. 432 o Sum Up...................................... 433 Encrypted Communication and Cryptography Attacks.......... 433 Encrypted Communication.......................... 436 Cryptography Attacks.............................. 441 Chapter Review........................................ 443 Questions....................................... 447 Answers......................................... 450 Chapter 12 Low Tech: Social Engineering and Physical Security........... 453 Social Engineering...................................... 454 Human-Based Social Engineering Attacks............... 456 Computer-Based Attacks............................ 462 Mobile-Based Attacks.............................. 468 Preventing Social Engineering Attacks.................. 469 Physical Security....................................... 472 Physical Security 101............................... 472 esting Physical Security............................ 478 Chapter Review........................................ 479 Questions....................................... 481 Answers......................................... 484 Chapter 13 The Pen Test: Putting It All Together.......................... 485 Methodology and Steps.................................. 486 Security Assessments............................... 487 Security Assessment Deliverables...................... 494 Guidelines....................................... 496 More erminology..................................... 496 Chapter Review........................................ 498 Questions....................................... 500 Answers......................................... 502 Appendix A Tool, Sites, and Reerences................................... 503 Vulnerability Research Sites............................... 503 Footprinting ools..................................... 504 Scanning and Enumeration ools.......................... 507 System Hacking ools................................... 510 Cryptography and Encryption............................ 515 Sniing.............................................. 516 Contents xiii Wireless............................................. 517 Mobile and Io........................................ 518 rojans and Malware.................................... 521 Web Attacks.......................................... 523 Miscellaneous......................................... 524 ools, Sites, and Reerences Disclaimer...................... 525 Appendix B About the Online Content.................................... 527 System Requirements................................... 527 Your otal Seminars raining Hub Account.................. 527 Privacy Notice.................................... 527 Single User License erms and Conditions................... 527 otalester Online..................................... 529 echnical Support...................................... 529 Glossary..................................................... 531 Index........................................................ 563 This page intentionally left blank ACKNOWLEDGMENTS When I wrote the irst edition o this book, one o the irst people I gave a copy to was my mom. She didn’t, and still doesn’t, have a clue what most o it means, but she was thrilled and kept saying, “You’re an author…,” like I had cured a disease or saved a baby rom a house ire. At the time I elt weird about it, and I still do. Looking back on the opportunity I was given—almost out o the blue—by im Green and McGraw Hill, I just can’t believe the entire thing came to pass. And I’m even more surprised I had anything to do with it. hose who know me well understand what is meant when I say I’m just not capable of doing this. I don’t have the patience or it, I’m not anywhere near the smartest guy in the room (and right now the only others in this room with me are a plastic Batman, a zombie garden gnome, and a iki doll), and my Southern brand o English doesn’t always repre- sent the clearest medium rom which to provide knowledge and insight. Not to mention I have the attention span o a gnat. It still amazes me it all worked then, and I’m loored we’re here again with yet another edition. In previous editions o this book I tried with all that was in me to provide something useul to CEH candidates, and I’ve attempted to make this edition even better. I’ve learned a lot (like how having a static study book or an ever-changing certiication leaves you open to horrendous book review cruelty), and hope this one helps me learn even more. I’ve put a lot o eort into tidying up loopholes and adding salient inor- mation rom the ever-growing supply EC-Council avails us with CEH v11. In cases o success, it was a team eort and credit goes to those who helped me in spite o mysel. here were many, many olks around me who picked up the slack and corrected—both technically and grammatically—any writing I’d screwed up. In cases where there was a misstep or misquote, or something was missed entirely, these areas o ailure are without question mine and mine alone. But somehow we all pulled it o, and there are thanks to be had or that. he McGraw Hill team that works to get these editions out is beyond compare. Seri- ously, these olks are super smart, exceptionally dedicated to their task, and un to work with. hey deserve parades, 60 Minutes stories about their lives, and bronze statues o themselves set somewhere or others to admire and aspire to. Please know how humbled I am to have had the opportunity to work with you, how appreciative I am o all your hard work, and how much I admire and respect all o you. You guys rock. xv CEH Certified Ethical Hacker All-in-One Exam Guide xvi his book, and its previous editions, simply would not have been possible without our technical editor, Brad Horton. I’ve known Brad since 2005, when we both served time in “the vault” at Marshall Space Flight Center, and I am truly blessed to call him a riend. I’ve said it beore and I’ll state it again here: Brad is singularly, without doubt, the most talented technical mind I have ever met in my lie. He has great taste in bourbon (although not so much with Scotch), roots or the right team, and smacks a gol ball straighter and truer than most guys I’ve seen—on and o V. He is a loving husband to his beautiul wie, a great ather to his children, a one-o-a-kind pen tester, and a antastic team lead. He even plays the piano and other musical instruments like a pro and, I hear, is a antastic bowler. I hate him. ;-) Brad’s insights as a pen test lead were laser sharp and provided great odder or more discussion. Want proo he’s one o the best? I’d be willing to bet none o you reading this book has ever actually relished a ull critique o your work. But I do. Brad’s edits are simultaneously witty, humorous, and cutting to the core. I someone had bet me our or ive years ago that I’d not only enjoy reading critiques o my work but would be looking orward to them, I would be paying out in spades today. You’re one o the absolute bests, my riend...or a government worker, anyway. Roll ide. Lastly, there is no way any o these books could have been started, much less completed, without the support o my lovely and talented wie, Angie. In addition to the unending encouragement throughout the entire process, Angie is the greatest contributing editor I could have ever asked or. Having someone as talented and intelligent as her sitting close by to run things past, or ask or a review on, was priceless. Not to mention, she’s adorable. Her insights, help, encouragement, and work while this project was ongoing sealed the deal. I can’t thank her enough. INTRODUCTION Welcome, dear reader! I sincerely hope you’ve ound your way here to this introduction happy, healthy, and brimming with conidence—or, at the very least, curiosity. I can see you there, standing in your bookstore lipping through the book or sitting in your living room clicking through virtual pages at some online retailer. And you’re wonder- ing whether you’ll buy it—whether this is the book you need or your study guide. You probably have perused the outline, checked the chapter titles—heck, you may have even read that great author bio they orced me to write. And now you’ve ound your way to this, the Introduction. Sure, this intro is supposed to be designed to explain the ins and outs o the book—to lay out its beauty and craty witticisms in such a way that you just can’t resist buying it. But I’m also going to take a moment and explain the realities o the situation and let you know what you’re really getting yoursel into. his isn’t a walk in the park. Certiied Ethical Hacker (CEH) didn’t gain the reputa- tion and value it has by being easy to attain. It’s a challenging examination that tests more than just simple memorization. Its worth has elevated it as one o the top certiications a technician can attain, and it remains part o DoD 8570’s call or certiication on DoD networks. In short, this certiication actually means something to employers because they know the eort it takes to attain it. I you’re not willing to put in the eort, maybe you should pick up another line o study. I you’re new to the career ield or you’re curious and want to expand your knowledge, you may be standing there, with the glow o innocent expectation on your ace, read- ing this intro and wondering whether this is the book or you. o help you decide, let’s take a virtual walk over to our entrance sign and have a look. Come on, you’ve seen one beore—it’s just like the one in ront o the roller coaster reading, “You must be this tall to enter the ride.” However, this one is just a little dierent. Instead o your height, I’m interested in your knowledge, and I have a question or two or you. Do you know the OSI reerence model? What port does SMP use by deault? How about elnet? What transport protocol (CP or UDP) do they use and why? Can you possibly run something else over those ports? What’s an RFC? Why am I asking these questions? Well, my new virtual riend, I’m trying to save you some agony. Just as you wouldn’t be allowed on a roller coaster that could poten- tially ling you o into certain agony and/or death, I’m not going to stand by and let you waltz into something you’re not ready or. I any o the questions I asked seem otherworldly to you, you need to spend some time studying the mechanics and inner workings o networking beore attempting this certiication. As brilliantly written as this little tome is, it is not—nor is any other book—a magic bullet, and i you’re looking or something you can read one night and become Super-Hacker by daybreak, you’re never going to ind it. xvii CEH Certified Ethical Hacker All-in-One Exam Guide xviii Don’t get me wrong—go ahead and buy this book. You’ll want it later, and I could use the sales numbers. All I’m saying is you need to learn the basics beore stepping up to this plate. I didn’t bother to drill down into the basics in this book because it would have been 20,000 pages long and scared you o right there at the rack without you even picking it up. Instead, I want you to go learn the “101” stu irst so you can be successul with this book. It won’t take long, and it’s not rocket science. I was educated in the public school system o Alabama and didn’t know what cable V or VCR meant until I was nearly a teenager, and I igured it out—how tough can it be or you? here is plenty in here or the beginner, though, trust me. I wrote it in the same manner I learned it: simple, easy, and (ideally) un. his stu isn’t necessarily hard; you just need the basics out o the way irst. I think you’ll ind, then, this book perect or your goals. For those o you who have already put your time in and know the basics, I think you’ll ind this book pleasantly surprising. You’re obviously aware by now that technology isn’t magic, nor is it necessarily diicult or hard to comprehend—it’s just learning how some- thing works so you can use it to your advantage. I tried to attack ethical hacking in this manner, making things as light as possible and laughing a little along the way. But please be orewarned: you cannot, should not, and will not pass this exam by just reading this book. Any book that promises that is lying to you. Without hands-on eorts, a lot o practice, and a whole lot o additional study, you simply will not succeed. Combine this book with some hands-on practice, and I don’t think you’ll have any trouble at all with the exam. Read it as a one-stop-shop to certiication, though, and you’ll be leaving the exam room wondering why you didn’t pass. here is, o course, one primary goal and ocus o this book—to help you achieve the title o Certiied Ethical Hacker by passing the version 11 exam. I believe this book provides you with everything you’ll need to pass the test. However, I’d like to think it has more to it than that. I hope I also succeed in another goal that’s just as important: helping you to actually become an employed ethical hacker. No, there is no way someone can simply pick up a book and magically become a seasoned I security proessional just by reading it, but I sincerely hope I’ve provided enough real-world insight that you can saely rely on keeping this book around on your journey out there in the real world. How to Use This Book his book covers everything you’ll need to know or EC-Council’s Certiied Ethical Hacker examination as it stands right now. CEH topics expand seemingly by the day, and I’m certain you will see the latest hot topic reerenced somewhere in your exam. Hence, I’ve taken great pains throughout the entirety o this writing to remind you over and over again to do your own research and keep up with current news. However, based on inormation derived rom the oicial courseware, discussions with pen testers and security proessionals actually working, research o topics by your humble author, and contributions rom the tech editor, I’m pretty conident I have everything locked down as best I can. Each chapter covers speciic objectives and details or the exam, as deined by EC-Council (ECC). I’ve done my best to arrange them in a manner that makes sense, and I hope you see it the same way. Introduction xix Each chapter has several components designed to eectively communicate the inormation you’ll need or the exam: Exam ips are exactly what they sound like. hese are included to point out an area you need to concentrate on or the exam. No, they are not explicit test answers. Yes, they will help you ocus your study. Sidebars are included in each chapter and are designed to point out inormation, tips, and stories that will be helpul in your day-to-day responsibilities. Not to mention, they’re just downright un sometimes. Please note, though, that although these sidebars provide real-world accounts o interesting pieces o inormation, some o them reinorce testable material. Don’t just discount them as simply “neat”—some o the circumstances and tools described in these sidebars may prove the dierence in correctly answering a question or two on the exam. Specially called-out Notes are part o each chapter, too. hese are interesting tidbits o inormation that are relevant to the discussion and point out extra inormation. Just as with the sidebars, don’t discount them. here are multiple site links provided throughout the book or articles, news sources, tool locations, and a host o other things. Obviously things change rapidly out there in the wild, wild world o the Internet, and a URL provided today may be deunct—or the content within it may get changed—by the time you are reading this book. I something doesn’t work or you ind a quote or reerence has been changed rom the original, you may have to do some searching on your own to ind the material (or use the WayBack machine, which you’ll read about later). Tools, Sites, and References Disclaimer All URLs listed in this book were current and live at the time o writing. McGraw Hill makes no warranty as to the availability o these World Wide Web or Internet pages. McGraw Hill has not reviewed or approved the accuracy o the contents o these pages and speciically disclaims any warranties o merchantability or itness or a particular purpose. Training and the Examination Beore I get to anything else, let me be crystal clear: this book will help you pass your test. I’ve spent a lot o reading and research time to ensure everything EC-Council has asked you to know beore taking the exam is covered in the book, and I think it’s covered pretty darn well. However, I again eel the need to caution you: do not use this book as your sole source of study. his advice goes or any book or any certiication. You simply cannot expect to pick up a single book and pass a certiication exam. You need practice. You need hands-on experience, and you need to practice some more. And anyone—any publisher, author, or riendly book sales clerk partway through a long shit at the local store—who says otherwise is lying through their teeth. CEH Certified Ethical Hacker All-in-One Exam Guide xx Yes, I’m ully conident this book is a great place to start and a good way to guide your study. Just don’t go into this exam with weird overconidence because “I read the book so I’m good.” he exam changes oten, as it should, and new material pops up out o thin air as the days go by. Avail yoursel o everything you can get your hands on, and or goodness’ sake build a home lab and start perorming some (a lot o ) hands-on practice with the tools. here is simply no substitute or experience, and I promise you, come test time, you’ll be glad you put your time in. Speaking o the test (oicially titled CEH 312-50 as o this writing), it was designed to provide skills-and-job-roles-based learning, standard-based training modules, and better industry acceptance using state-o-the-art labs (in the oicial courseware and online). he exam consists o 125 multiple-choice questions and lasts our hours. A passing score is, well, different or each exam. See, EC-Council now implements a “cut score” or each o their questions; the questions go through beta testing, and each is assigned a cut score to mark the level o diiculty. Should your test include multiple hard questions, your passing “cut score” may be as low as 60 percent. I you get the easier questions, you may have to score upward o 78 percent (https://www.eccouncil.org/programs/certiied- ethical-hacker-ceh/). Delivery o the exam is provided by Pearson VUE and ECC. hese tidbits should help you: Be sure to pay close attention to the Exam ips in the chapters. hey are there or a reason. And retake the practice exams—both the end-o-chapter exams and the electronic exams—until you’re sick o them. hey will help, trust me. You are allowed to mark, and skip, questions or later review. Go through the entire exam, answering the ones you know beyond a shadow o a doubt. On the ones you’re not sure about, choose an answer anyway and mark the question or urther review (you don’t want to ail the exam because you ran out o time and had a bunch o questions that didn’t even have an answer chosen). At the end o each section, go back and look at the ones you’ve marked. Change your answer only i you are absolutely, 100 percent sure about it. You will, with absolute certainty, see a couple o question types that will blow your mind. One or two will come totally out o let ield. I’ve taken the CEH exam six times—rom version 5 to the current version (which this book is written or)—and every single time I’ve seen questions that seemed so ar out o the loop I wasn’t sure I was taking the right exam. When you see them, don’t panic. Use deductive reasoning and make your best guess. Almost every single question on this exam can be whittled down to at least 50/50 odds on a guess. he other type o question you’ll see that makes you question reality are those using horribly bad grammar in regard to the English language. Just remember this is an international organization, and sometimes things don’t translate easily. When you encounter code questions on the exam (which show code snippets or you to answer questions about), pay attention to port numbers. Even i you’re unsure about what generated the log or code, you can usually spot the port numbers pretty quickly. his will deinitely help you on a question or two. Additionally, don’t neglect the plain text on the right side o the code snippet. It can oten show you what the answer is. Introduction xxi Lastly, uture ethical hacker, regarding an extra addition to this already noteworthy exam and certiication: it’s just the beginning. Jay Bavisi, EC-Council CEO, created the next logical step or those holding the written test certiication—a means to prove skills and abilities in a practical exam setting known as the CEH Practical Exam. It’s a six-hour exam that presents 20 practical challenges or candidates to attempt, administered in the EC-Council iLabs Cyber Range test ormat (https://ilabs.eccouncil.org/cyber-range/). Passing score is listed at 70 percent, but the actual scoring o the challenge labs (i.e., how one attains 70 percent) isn’t noted anywhere I can ind, as o this writing. Ater comple- tion o the exam and practical, candidates are bestowed the title CEH Master. Per the EC-Council website, “CEH is meant to be the oundation or anyone seeking to be an Ethical Hacker. he CEH Practical Exam was developed to give Ethical Hackers the chance to prove their Ethical Hacking skills and abilities.” Oh, and one more un nugget to chew in chasing all this down should appeal to any ans o the book Ready Player One: the op 10 perormers in both CEH and CEH Practical exams will be showcased on the CEH Master Global Ethical Hacking Leader Board. Objectives In addition to test tips and how to get certiied, one o the questions I get asked most oten is, “Hey, Matt, what’s on the test?” Ater noting the myriad reasons why I cannot and should not provide exact test questions and answers (ethics and nondisclosure agree- ments and such), I usually respond with, “Everything in this book. And a little more.” Now I know some o you are reading this and saying, “Wait a minute… his is supposed to be an All-in-One exam guide. What do you mean with the “And a little more” addition there? I thought you covered everything in this book? Let me explain. First, I’m a quick learner, and the reviews and responses rom the irst ew editions o this book lead me to an irreutable truth: no static book ever written can cover everything EC-Council decides to throw into their exam queue. A couple months—heck, even days— ater publication, EC-Council might decide to insert questions regarding some inane attack rom the past, or about something that just happened (such as any zero-day issues your intrepid author had no knowledge o beore writing/submitting to publication). It’s just the nature o certiication exams: some o it is just going to be new, no matter what training source you use. And, yes, that includes EC-Council’s own oicial course material as well. CEH Certified Ethical Hacker All-in-One Exam Guide xxii Second, and to the more interesting question o insight into editor–author relation- ships at McGraw Hill, a previous editor had to beat on me quite a bit because we disagreed on including an objectives map in this book. he editor rightly noted that an objectives map helps candidates ocus their study as well as helps instructors create lesson plans and classroom schedules. My argument centered on a couple o things. First is the unavoidable act that EC-Council’s objectives simply don’t exist; at least not in a clearly worded ormat with indication o what level o knowledge would be needed and/or tested or each one. Secondly, EC-Council was supposed to be moving away rom versions altogether and adopting the continuing proessional education model that most other certiication pro- viders use. Which means EC-Council may just up and change their objectives any time they feel like it—without releasing another “version.” So, a conundrum—which we solved and present now to you. he ollowing courseware map or this book compares where you will ind EC-Council’s coverage in our little oering here. Additionally, EC-Council deines nine domains or their current CEH certiication (https://www.eccouncil.org/wp-content/uploads/2021/01/ CEH-Exam-Blueprint-v4.0.pd ). As noted earlier, the speciic objectives (or rather, sub-objectives) covered within each domain change rapidly, but the coverage on the exam broken down by percentages may help you in your study. Please check the link beore your exam to see i EC-Council has made any changes. CEH Exam 312-50 CEHv11 Subdomains/ All-in-One CEHv11 Domains Courseware Chapters Coverage 1. Information Security and Introduction to Ethical Hacking Chapter 1 Ethical Hacking Overview 2. Reconnaissance Techniques Footprinting and Reconnaissance Chapter 2 Scanning Networks Chapter 3 Enumeration Chapter 3 3. System Hacking Phases and Vulnerability Analysis Chapter 5 Attack Techniques System Hacking Chapter 5 Malware Threats Chapter 10 4. Network and Perimeter Hacking Sniing Chapter 4 Social Engineering Chapter 12 Denial-o-Service Chapter 10 Session Hijacking Chapter 10 Evading IDS, Firewalls, and Honeypots Chapter 4 5. Web Application Hacking Hacking Web Servers Chapter 6 Hacking Web Applications Chapter 6 SQL Injection Chapter 6 6. Wireless Network Hacking Hacking Wireless Networks Chapter 7 Introduction xxiii CEH Exam 312-50 CEHv11 Subdomains/ All-in-One CEHv11 Domains Courseware Chapters Coverage 7. Mobile Platform, IoT, and OT Hacking Hacking Mobile Platorms Chapter 8 IoT and OT Hacking Chapter 8 8. Cloud Computing Cloud Computing Chapter 9 9. Cryptography Cryptography Chapter 11 So there you have it, ladies and gentlemen. Hopeully this helps in preparing your study/classroom and calms any ears that I may have let something out. The Certification So, you’ve studied, you’ve prepped, and you think you’re ready to become CEH certiied. Usually most olks looking or this certiication believe their next step is simply to go take a test, and or years (as is the case or most other certiications) that was the truth. However, times change, and certiication providers are always looking or a way to add more worth to their title. EC-Council is no dierent, and it has changed things just a bit or candidates. When you apply or the certiication, there are a couple o things EC-Council asks or to protect the integrity o the program. First is that prior to attending this course, you will be asked to sign an agreement stating that you will not use your newly acquired skills or illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemniy EC-Council with respect to the use or misuse o these tools, regardless o intent. Second is some orm o veriication you’re qualiied to be in this raternity—that is, that you’ve been working the job long enough to know what’s going on, or that you’ve completed appropriate training (in the eyes o EC-Council anyway) to make up or that. here are two ways or a candidate to attain CEH certiication: with training or using only sel-study. he training option is pretty straightorward: you must attend an EC-Council–approved CEH training class beore attempting the exam. And they really, really, really want you to attend their training class. Per the site (https://iclass.eccouncil.org/), training options include the ollowing: Live, online, instructor-led hese classes are oered by many ailiates EC-Council has certiied to provide the training. hey oer the oicial courseware in one o two methods: a standard classroom setting or via an “online-live” training class you can view rom anywhere. Both oerings have an ECC-certiied instructor leading the way and as o this writing costs $2,895 per seat. Client site EC-Council can also arrange or a class at your location, provided you’re willing to pay or it, o course. Costs or that depend on your organization. CEH Certified Ethical Hacker All-in-One Exam Guide xxiv As or doing it on your own, a couple methods are available: iClass In this option, you pay or the oicial courseware and prerecorded oerings, along with the labs used or the class. his allows you to work through the stu on your own, without an instructor. Cost as o this writing is $1,899. Self-study I you want to study on your own and don’t care about the class at all (that is, you’ve been doing this or a while and don’t see the value o going to a class to have someone teach you what you already know), you can simply buy the courseware or $850 and study on your own. One more quick note on training: it’s a lot better than it used to be. EC-Council– certiied classes and instructors are top notch, and the new curriculum isn’t just sitting in a classroom while someone reads slides and provides you test questions to practice on. Now the class itsel actually requires completion o multiple Break-the-Code Challenges, “ranging across 4 levels o complexity covering 18 attack vectors, including the OWASP op 10.” So coming out o the classroom you’ve not only seen what you’re supposed to know, you’ve done it! Once you attend training, you can register or and attempt the exam with no addi- tional cost or steps required. As a matter o act, the cost or the exam is usually part o the course pricing. I you attempt sel-study, however, there are some additional require- ments, detailed here, straight rom EC-Council: In order to be considered or the EC-Council certiication exam without attending oicial training, a candidate must: Hold a CEH certiication o version 1 to 7. Have a minimum o two years work experience in InoSec domain. Remit a nonreundable eligibility application ee o $100. Submit a completed Exam Eligibility Application Form ound here: https://cert.eccouncil.org/Exam-Eligibility-Form.html. I urther inormation is requested rom the applicant ater the application is submitted and 90 days pass with no response rom the applicant, the application will be automatically rejected and a new orm will have to be submitted (on average an application processing time is between ive to ten working days). On the application, there is a section or the applicant to list a supervisor or department lead who will act as their veriier. EC-Council reaches out to the listed veriier to conirm the applicant’s experience. I the application is approved, the applicant will be sent instructions on purchasing a voucher rom EC-Council directly. EC-Council will then send the candidate the eligibility code and the voucher code which candidate can use to register and schedule the test. I application is not approved, the application ee o $100 will not be reunded. he approved application is valid or three months rom the date o approval, so the candidate must purchase a voucher within three months. Ater the voucher codes are released, the applicant has one year to use the codes. Introduction xxv And there you have it, dear reader. Sure, there are a couple o additional hoops to jump through or CEH using sel-study, but it’s the best option, cost-wise. From the perspective o someone who has hired many employees in the security world, I honestly believe it may be the better option all around: anyone can attend a class, but those who sel-study need to have a sponsor to veriy they have the appropriate experience. It’s well worth the extra step, in my humble opinion. Finally, thank you or picking up this book. I’ve been blown away by the response to previous editions, and humbled beyond words by all o it. I sincerely hope your exam goes well, and I wish you the absolute best in your upcoming career. Here’s hoping I see you out there, somewhere and sometime! God bless. This page intentionally left blank Getting Started: Essential Knowledge CHAPTER 1 In this chapter you will Identiy components o TCP/IP computer networking Understand basic elements o inormation security Understand incident management steps Identiy undamentals o security policies Identiy essential terminology associated with ethical hacking Deine ethical hacker and classiications o hackers Describe the ive stages o ethical hacking Deine the types o system attacks Identiy laws, acts, and standards aecting IT security Identiy Cyber Kill Chain methodology terms A couple years back, my ISP point-of-presence router, nestled in the comm-closet-like area I’d lovingly built just for such items of IT interest, decided it had had enough of serving the humans and went rogue on me. It was subtle at first—a stream dropped here, a choppy communication session there—but it quickly became clear Skynet wasn’t going to play nicely, and a scorched-earth policy wasn’t off the table. After battling with everything for a while and narrowing down the culprit, I called the handy help desk line to get a new router ordered and delivered for me to install myself, or to get a friendly in-home visit to take the old one and replace it. After answering the phone and taking a couple of basic and perfectly reasonable pieces of information, the friendly help desk employee started asking me what I considered to be ridiculous ques- tions: “Is your power on? Is your computer connected via a cable or wireless? Is your wireless card activated, because sometimes those things get turned off in airplane mode?” And so on. I played along for a little while. I mean, look, I get it: they have to ask those questions. But after 10 or 15 minutes of dealing with it I lost patience and just told the guy what was wrong. He paused, thanked me, and continued reading the scroll of ques- tions no doubt rolling across his screen from the “Customer Says No Internet” file. 1 CEH Certified Ethical Hacker All-in-One Exam Guide 2 I survived the gauntlet and finally got a new router ordered, which was delivered the very next day at 8:30 in the morning. Everything finally worked out, but the whole experience came to mind as I sat down to start the latest edition of this book. I got to looking at the chapters from the previous edition and thought to myself, “What were you thinking? Why were you telling them about networking and the OSI model? You’re the help desk guy here.” Why? Because I have to. I’ve promised to cover everything here (at least as much as I can, given the moving target this certification presents), and although you shouldn’t jump into study material for the exam without already knowing the basics, we’re all human and some of us will. But don’t worry, dear reader: I’ve winnowed out some of the networking basics from past editions. I did retain a fantastic explanation of the OSI reference model, what PDUs are at what level, and why you should care, even though I’m pretty sure you know this already. I’m going to do my best to keep it better focused for you and your study. This chapter still includes some inanely boring and mundane information that is probably as exciting as that laundry you have piled up waiting to go into the machine, but it has to be said, and you’re the one to hear it. We’ll cover the many terms you’ll need to know, including what an ethical hacker is supposed to be, and maybe even cover a couple terms you don’t know. Security 101 If you’re going to start a journey toward an ethical hacking certification, it should follow that the fundamental definitions and terminology involved with security should be right at the starting line. We’re not going to cover everything involved in IT security here—it’s simply too large a topic, we don’t have space, and you won’t be tested on every ele- ment anyway—but there is a foundation of 101-level knowledge you should have before wading out of the shallow end. This chapter covers the terms you’ll need to know to sound intelligent when discussing security matters with other folks. And, perhaps just as importantly, we’ll cover some basics of TCP/IP networking because, after all, if you don’t understand the language, how are you going to work your way into the conversation? Essentials Before we can get into what a hacker is and how you become one in our romp through the introductory topics here, there are a couple things I need to get out of the way. First, even though I covered most of this in that Shakespearean introduction for the book, I want to talk a little bit about this exam and what you need to know, and do, to pass it. Why repeat myself? Because after reading reviews, comments, and e-mails from our first few outings, it has come to my attention almost none of you actually read the introduction. I don’t blame you; I skip it too on most certification study books, just going right for the meat. But there’s good stuff there you really need to know before reading further, so I’ll do a quick rundown for you up front. Second, we need to cover some security and network basics that will help you on your exam. Some of this section is simply basic memorization, some of it makes perfect com- mon sense, and some of it is, or should be, just plain easy. You’re really supposed to know Chapter 1: Getting Started: Essential Knowledge 3 this already, and you’ll see this stuff again and again throughout this book, but it’s truly bedrock information and I would be remiss if I didn’t at least provide a jumping-off point. The Exam Are you sitting down? Is your heart healthy? I don’t want to distress you with this shock- ing revelation I’m about to throw out, so if you need a moment, go pour a bourbon (another refrain you’ll see referenced throughout this book) and get calm before you read further. Are you ready? The CEH version 11 exam is difficult, and despite hours (days, weeks) of study and multiple study sources, you may still come up against a version of the exam that leaves you feeling like you’ve been hit by a truck. I know. A guy writing and selling a study book just told you it won’t be enough. Trust me when I say it, though, I’m not kidding. Of course this will be a good study reference. Of course you can learn something from it if you really want to. Of course I did everything I could to make it as up to date and comprehensive as possible. But if you’re under the insane assumption this is a magic ticket, that somehow written word from April 2021 is going to magically hit the word-for-word reference on a specific test question in whatever time frame/year you’re reading this, I sincerely encourage you to find some professional help before the furniture starts talking to you and the cat starts making sense. Those of you looking for exact test questions and answers that you can memorize to pass the exam will not find it in this publication, nor any other. For the rest of you, those who want a little focused attention to prepare the right way for the exam and those looking to learn what it really means to be an ethical hacker, let’s get going with your test basics. First, if you’ve never taken a certification-level exam, I wouldn’t recommend the CEH exam as your first experience. It’s tough enough to pass without all the distractions and nerves involved in your first walkthrough. When you do arrive for your exam, you usually check in with a friendly test proctor or receptionist, sign a few forms, and get funneled off to your testing room. Every time I’ve gone it has been a smallish office or a closed-in cubicle, with a single monitor staring at me ominously. You’ll click START and begin whizzing through questions one by one, clicking the circle to select the best answer(s) or clicking and dragging definitions to the correct section. At the end there’s a SUBMIT button, which you will click and then enter a break in the time-space continuum— because the next 10 seconds will seem like the longest of your life. In fact, it’ll seem like an eternity, where things have slowed down so much you can actually watch the refresh rate on the monitor and notice the cycles of AC current flowing through the office lamps. When the results page finally appears, it’s a moment of overwhelming relief or one of surreal numbness. If you pass, none of the study material matters and, frankly, you’ll almost immediately start dumping the stored memory from your neurons. If you don’t pass, everything mat- ters. You’ll race to the car and start marking down everything you can remember so you can study better next time. You’ll fly to social media and the Internet to discuss what went wrong and to lambast anything you didn’t find useful in preparation. And you’ll almost certainly look for something, someone to blame. Trust me, don’t do this. Everything you do in preparation for this exam should be done to make you a better ethical hacker, not to pass a test. If you prepare as if this is your job, if you take everything you can use for study material and try to learn instead of memorize, you’ll be better off, CEH Certified Ethical Hacker All-in-One Exam Guide 4 pass or fail. And, consequentially, I guarantee if you prepare this way your odds of passing any version of the test that comes out go up astronomically. The test itself? Well, there are some tips and tricks that can help. I highly recommend you go back to the introduction and read the sections “Training and the Examination” and “The Certification.” They’ll help you. A lot. Here are some other tips that may help: Do not let real life trump EC-Council’s view of it. There will be several instances somewhere along your study and eventual exam life where you will say, aloud, “That’s not what happens in the real world! Anyone claiming that would be stuffed in a locker and sprayed head to toe with shaving cream!” Trust me when I say this: real life and a certification exam do not necessarily always directly correspond. To prepare for some of these questions, you’ll need to study and learn what you need for the exam, knowing full well it’s different in the real world. If you don’t know what I mean by this, ask someone who has been working in the field for a while if they think social engineering is passive, as EC-Council suggests. Go to the bathroom before you enter your test room. Even if you don’t have to. Because, trust me, you do. Use time to your advantage. The exam is split into sections, with a time frame set up for each one. You can work and review inside the section all you want, but once you pass through it you can’t go back. And if you fly through a section, you don’t get more time on the next one. Take your time and review appropriately. Make use of the paper and pencil/pen the friendly test proctor provides you. As soon as you sit down, before you click START on the ominous test monitor display, start writing down everything from your head onto the paper provided. I would recommend reviewing just before you walk into the test center those sections of information you’re having the most trouble remembering. When you get to your test room, write them down immediately. That way, when you’re losing your mind a third of the way through the exam and start panicking that you can’t remember what an XMAS scan returns on a closed port, you’ll have a reference. And trust me, having it there makes it easier for you to recall the information, even if you never look at it. Trust your instincts. When you do question review, unless you absolutely, positively, beyond any shadow of a doubt know you initially marked the wrong answer, do not change it. Take the questions at face value. I know many people who don’t do well on exams because they’re trying to figure out what the test writer meant when putting the question together. Don’t read into a question; just answer it and move on. Schedule your exam sooner than you think you’ll be ready for it. I say this because I know people who say, “I’m going to study for six months and then I’ll be ready to take the exam.” Six months pass and they’re still sitting there, studying and preparing. If you do not put it on the calendar to make yourself prepare, you’ll never take it, because you’ll never be ready. Chapter 1: Getting Started: Essential Knowledge 5 Again, it’s my intention that everyone reading this book and using it as a valuable resource in preparation for the exam will attain the certification, but I can’t guarantee you will. Because, frankly, I don’t know you. I don’t know your work ethic, your attention to detail, or your ability to effectively calm down to take a test and discern reality from a certification definition question. All I can do is provide you with the information, wish you the best of luck, and turn you loose. Now, on with the show. The OSI Reference Model Most of us would rather take a ballpeen hammer to our toenails than to hear about the OSI reference model again. It’s taught up front in every networking class we all had to take in college, so we’ve all heard it a thousand times over. That said, those of us who have been around for a while and have taken a certification test or two also understand that mastery of the OSI model usually results in a few easy test answers—provided you understand what the questions are asking for. I’m not going to bore you with the same stuff you’ve heard or read a million times before, because, as stated earlier, you’re supposed to know this already. What I am going to do, though, is provide a quick rundown for you to peruse, should you need to refresh your memory. I thought long and hard about the best way to go over this topic again for our review, and decided I’d ditch the same old boring method of explaining it. Instead, let’s look at the 10,000-foot overhead view of a communications session between two computers depicted in the OSI reference model through the lens of building a network—specifically by trying to figure out how you would build a network from the ground up. Step in the Wayback Machine with Sherman, Mr. Peabody, and me, and let’s go back before net- working was invented. How would you do it? NOTE Even something as simple as the OSI model can get really overcomplicated i you read enough into it. For example’s sake, we’re looking at it in this text as it relates to TCP/IP. While TCP/IP generally rules the networking world, there are other protocol stacks that do much the same thing. The OSI model just helps us to talk about networks in a structured way. First, looking at those two computers sitting there wanting to talk to one another, you might consider the basics of what is right in front of your eyes: What will you use to connect your computers together so they can transmit signals? In other words, what media would you use? There are several options: copper cabling, glass tubes, even radio waves, among others. And depending on which one of those you pick, you’re going to have to figure out how to use them to transmit useable information. How will you get an electrical signal on the wire to mean something to the computer on the other end? What aspect of a radio wave—its frequency, amplitude, etc.—can you use to spell out a word or a color? For that matter, what type of radio wave should you use? On top of all that, you’ll need to figure out connectors, interfaces, and how to account for interference. And that’s just Layer 1 (the Physical layer), where everything is simply bits—that is, 1’s and 0’s. CEH Certified Ethical Hacker All-in-One Exam Guide 6 Layer 2 then helps answer the questions involved in growing your network. In figuring out how you would build this whole thing, if you decide to allow more than two nodes to join, how do you handle addressing? With only two systems, it’s no worry—everything sent is received by the system on the other end—but if you add three or more systems to the mix, you’re going to have to figure out how to send the message with a unique address. And if your media is shared, how would you guarantee everyone gets a chance to talk, and no one’s message jumbles up anyone else’s? The Data Link layer (Layer 2) handles this using frames, which encapsulate all the data handed down from the higher layers. Frames hold addresses that identify a machine inside a particular network. And what happens if you want to send a message out of your network? It’s one thing to set up addressing so that each computer knows where all the other computers in the neighborhood reside, but sooner or later you’re going to want to send a message to another neighborhood—maybe even another city. And you certainly can’t expect each computer to know the address of every computer in the whole world. This is where Layer 3 steps in, with the packet used to hold network addresses and routing information. It works a lot like ZIP codes on an envelope. While the street address (the physical address from Layer 2) is used to define the recipient inside the physical network, the network address from Layer 3 tells routers along the way which neighborhood (network) the message is intended for. Other considerations then come into play, like reliable delivery and flow control. You certainly wouldn’t want a message just blasting out without having any idea if it made it to the recipient; then again, you may want to, depending on what the message is about. And you definitely wouldn’t want to overwhelm the media’s ability to handle the mes- sages you send, so maybe you might not want to put the giant boulder of the message onto your media all at once, when chopping it up into smaller, more manageable pieces makes more sense. The next layer, Transport, handles this and more for you. In Layer 4, the segment handles reliable end-to-end delivery of the message, along with error correc- tion (through retransmission of missing segments) and flow control. At this point you’ve set the stage for success. There is media to carry a signal (and you’ve figured how to encode that signal onto that media), addressing inside and outside your network is handled, and you’ve taken care of essentials like flow control and reli- ability. Now it’s time to look upward toward the machines themselves and make sure they know how to do what they need to do. The next three layers (from the bottom up— Session, Presentation, and Application) handle the data itself. The Session layer is more of a theoretical entity, with no real manipulation of the data itself—its job is to open, maintain, and close a session. The Presentation layer is designed to put a message into a format all systems can understand. For example, an e-mail crafted in Microsoft Outlook may not necessarily be received by a machine running Outlook, so it must be trans- lated into something any receiver can comprehend—like pure ASCII code—for delivery across a network. The Application layer holds all the protocols that allow a user to access information on and across a network. For example, FTP allows users to transport files across networks, SMTP provides for e-mail traffic, and HTTP allows you to surf the Internet at work while you’re supposed to be doing something else. These three layers make up the “data layers” of the stack, and they map directly to the Application layer of the TCP/IP stack. In these three layers, the protocol data unit (PDU) is referred to as data. Chapter 1: Getting Started: Essential Knowledge 7 OSI layer Example protocols PDU Application FTP, HTTP, SMTP, etc. Presentation AFP, NCP, MIME, etc. Data Session X.225, SCP, ZIP, etc. Transport TCP, UDP Segment Network IP Packet Data link ARP, CDP, PPP, etc. Frame USB standards, Bluetooth, Physical Bit etc. Figure 1-1 OSI reerence model NOTE As with any ield o study, technology has its own lingo and associated acronym soup. Check the glossary or any acronyms that don’t immediately register with you. The layers, and examples of the protocols you’d find in them, are shown in Figure 1-1. EXAM TIP Demonstrating your OSI knowledge on the test won’t be something as simple as answering a question about which protocol data unit goes with which layer. Rather, you’ll be asked questions that knowledge o the model will help with; knowing what happens at a given layer will assist you in remembering what tool or protocol the question is asking about. Anagrams can help your memory: “All People Seem To Need Daily Planning” will keep the layers straight, and “Do Sergeants Pay For Beer” will match up the PDUs with the layers. TCP/IP Overview Keeping in mind you’re supposed to know this already, we’re not going to spend an inordi- nate amount of time on this subject. That said, it’s vitally important to your success that the basics of TCP/IP networking are as ingrained in your neurons as other important aspects of your life, like maybe Mom’s birthday, the size and bag limit on redfish, the proper ratio of bourbon to anything you mix it with, and the proper way to place toilet CEH Certified Ethical Hacker All-in-One Exam Guide 8 paper on the roller (pull paper down, never up). This will be a quick preview, and we’ll revisit (and repeat) this in later chapters. TCP/IP is a set of communications protocols that allows hosts on a network to talk to one another. This suite of protocols is arranged in a layered stack, much like the OSI reference model, with each layer performing a specific task. Figure 1-2 shows the TCP/ IP stack. In keeping with the way this chapter started, let’s avoid a lot of the same stuff you’ve probably heard a thousand times already and look at an overly simplified example of a basic web browser exchange, and follow the message from one machine to another through a TCP/IP network. This way, I hope to hit all the basics you need without bor- ing you to tears and causing you to skip the rest of this chapter altogether. Keep in mind there is a whole lot of simultaneous goings-on in any session, so I may take a couple liberties to speed things along. Suppose, for example, user Joe wants to get ready for the season opener and decides to do a little online shopping for his favorite University of Alabama football gear. Joe begins by opening his browser and typing in a request for his favorite website. His com- puter now has a data request from the browser that it looks at and determines cannot be answered internally—that is, not locally to Joe’s system. Why? Because the browser wants a page that is not stored locally. So, now searching for a network entity to answer the request, Joe’s system chooses the protocol it knows the answer for this request will come back on (in this case, port 80 for HTTP) and starts putting together what will become a session—a bunch of segments sent back and forth to accomplish a goal. OSI model TCP/IP model Protocols Application HTTP, FTP, SNMP, SMTP, Presentation Application DNS, POP, IMAP, NNTP, Telnet, SSH, DHCP, etc. Session Transport Transport TCP, UDP Network Internet IP, ICMP Data link ARP, L2TP, STP, HDLC, Network access FDDI, etc. Physical Figure 1-2 TCP/IP stack Chapter 1: Getting Started: Essential Knowledge 9 Since this is an Ethernet TCP/IP network, Joe’s computer talks to other systems using a format of bits arranged in a specific order. These collections of bits in a specific order are called frames (Figure 1-3 shows a basic Ethernet frame), are built from the inside out, and rely on information handed down from upper layers. In this example, the Ap

CEH Certified Ethical Hacker Bundle, 5th Edition PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue