4. Certified Ethical Hacker 2016

APPENDIX C ■ ANSWERS FOR SAMPLE QUESTIONS

Chapter 10 - Web Application Hacking

1. b
2. b
3. c
4. c

Chapter 11 - Wireless Hacking

1. b
2. b
3. b

Chapter 12 - Mobile hacking

1. b
2. a
3. c
4. c
5. c

Chapter 13 - IDS and Honeypots

1. b
2. c
3. b
4. c
5. b

Chapter 14 - Cryptography

1. d
2. b
3. a
4. c
5. b
6. b

192

Index

„A limited discoverable, 149
nondiscoverable, 149
Access control lists (ACL), 47 pairing, 149
Access control matrix, 88 threats, 149–150
Accounting, 88 Bluetooth pairing, 149
Active reconnaissance, 103 Bluetooth threats
Adaptive chosen plain text attack, 180 Bluejacking, 150
Address Resolution Protocol (ARP), 45 Bluesmacking, 150
ALTER, 26–27 Bluesnarfing, 150
Alternate data streams, 125–126 Bluesniff, 150
Android application components, 154–155 hijacking, 149
Android OS, 154 inherent vulnerabilities, 149
Android security testing loss of personal data, 149
malicious code, 149
automated testing, 156 sending SMS, 149
manual testing, 155 using airtime, 149
Announced testing, 101 Botnet Trojans, 121, 125
Asymmetric encryption, 172 Brute-force attack, 120, 128
Atomicity, consistency, isolation and durability Bug Bounty program, 185

(ACID), 24 „C
Attack phase, 103–104
Authenticated scan, 98 CA-signed certificates, 177
Authentication, 88 Centralized authentication, 6
Authentication, Authorization, and Accounting Certificate authority (CA), 177
Certificate revocation lists (CRL), 177
(AAA), 87–88 Certifications
Authorization, 88
Automated scanning tools, 138–139 auditing track, 184
Automated testing, 101 forensics track, 184
information security general track, 184
„B network security track, 183
security testing track, 184
Backtracking, 88 Cheat-Sheet to Linux Commands, 18
Back up, 7 Cheat-Sheet to Windows Commands, 12
Basic Service Set Identifier (BSSID), 145 Cipher text-only attack, 180
Bing Your Own Device (BYOD), 153 Classical Ciphers, 172
Black-box penetration testing, 99, 100 Cloud computing, 78
Black hats, 91 types, 78
Block ciphers, 173 Cloud security, 80
Bluejacking, 150 Cloud service offerings, 79
Bluetooth attacks, 150 benefits, 79
Bluetooth hacking Cmdlets, 58

attacks, 150
discoverable, 149

© Sagar Ajay Rahalkar 2016 193
S.A. Rahalkar, Certified Ethical Hacker (CEH) Foundation Guide, DOI 10.1007/978-1-4842-2325-3

■ INDEX Default passwords, 116
Defense in depth, 90
Command-shell Trojans, 121 Demilitarized zone (DMZ), 164
Company-confidential data, 104 Denial of Service (DoS) attack, 99, 124–125, 128
Competitive intelligence, 111 Developing tools, 186
Computer worms, 123 Device brick, 153
Confidentiality-Integrity-Availability (CIA) Device drivers, 5
Dictionary attack, 119, 128
ATM PINs, 86 Digital certificate, 177
availability, 86 Digital signature, 177, 179
building blocks, 85 DISTINCT clause, 31
implementing information, 86–87 Distributed password recovery, 120
information security (InfoSec), 86 DNS, 44
passwords, 86 Docker, 77–78
security controls, 85 Document Trojans, 121
Copy files, 56 DoSattack. See Denial of Service (DoS) attack
Covering tracks, 127–128 Double output redirection, 62
CREATE, 25–26 DROP, 27
Cross-site request forgery (CSRF), 134 Dynamic Host Control Protocol (DHCP), 45
Cross-site scripting (XSS), 134–135
Cryptanalysis, 180 „E
Cryptography, 136
asymmetric encryption, 172 Eavesdropping, 147
ciphers types, 172–173 Email Trojans, 121
definition, 171 Encryption
key escrow, 172
message digest attacks, cryptography and
cryptanalysis, 180
algorithm transforms, 174
free online tool, calculation, 176 entities, 180
hashing algorithms, 175 principles, 180
SSH, 176 Enumeration, 103
symmetric key encryption, 172 target system, 114
tools, 174 TCP Ports, 114
Custom ROM, 153 Ethical hacking, 92
Cyber terrorists, 92 Evading firewalls, 165–166
Exploit, 89
„D Extension to wired network, 144
External penetration testing, 99–100
Database
ACID, 24 „F
columns, 24
definition, 23 False negative vulnerability, 105
primary key, 24–25 False positive vulnerability, 105
records, 24 File-handling functions, 67
software, 23
tables, 24 check file, 57
threats, 23 deletion, 56
IP address, 57
Data control language new file/directory, 56
GRANT, 27 Wi-Fi connections, 57
REVOKE, 28 File system, 4
File virus, 122
Data definition language Finger command, 117
ALTER, 26–27 Firewalls, 48–49
CREATE, 25–26 architecture, 164
DROP, 27 DMZ, 164
TRUNCATE, 27 identification techniques, 165–166
types, 164
Data manipulation
DELETE query, 32
INSERT, 31–32
UPDATE query, 32

194

■ INDEX

Footprinting Hypervisors
attacker, 109 type 1, 72
competitive intelligence, 111 type 2, 72
DNS servers, 112 virtualization, 73
email, 110–111 virtual machines, 72
Google, 112
hacking methodology, 109 „I
social networking sites, 113
target network topology, 109 If Else, 55
website, 109 Incident management, 93
WHOIS, 111 Information security threats, 90
Infrastructure-as-a-Service (IaaS), 79
Foreign key, 25 Input redirection, 63
Functions, 66–67 INSERT, 31–32
Integrated Scripting Environment (ISE), 54
„G Internal penetration testing, 99–100
Internet layer, 39
GRANT, 27 Intrusion detection system (IDS), 49
Graphical User Interface (GUI), 12
Gray-box penetration testing, 99, 100 evade and bypass, 162
Gray hats, 91 predefined signature database, 161
GROUP BY clause, 29 signs, 163
types, 161
„H Intrusion prevention system, 49
iOS security guidelines, 157
Hackers IP addressing, 41
categories, 91 iptables rule, 17
computing skills, 91 IP V4, 43
unauthorized access, 91 IP V6, 43

Hacking, 92 „J
alternate data streams, 125–126
botnet, 125 Jaibreaking iOS, 156
computer worms, 123
covering tracks, 127–128 „K
DoS attack, 124–125
keyloggers, 120–121 Kernel, 3
mobile platforms Key escrow, 172
Android, 154–156 Keyloggers, 128
iOS, 156–157 Known plain text attack, 180
online malware analysis, 123
password-cracking techniques, 119–120 „L
privilege escalation, 124
rootkits, 123 LAN-LAN wireless connection, 144
social engineering, 123–124 Learning Programming
steganography, 126–127
Trojans, 121 Languages, 185
viruses, 122 Libraries, 67
Lightweight Directory Access
Hashing algorithms, 175–176
HAVING clause, 30 Protocol (LDAP), 114
Heap-based memory allocation, 5 Linux
HIPAA standards, 98
Honeypots Cheat-Sheet, 18
commands, 18
defined, 166 directory structure, 13
detecting honeypots, 167 firewall (IP tables), 17
types, 167 passwords, 14–15
Human threats, 90 permissions, 15–16
Hybrid attack, 120 processes, 16

195

■ INDEX „O

Linux (cont.) Online malware analysis, 123
shell Open System Interconnection (OSI), 37–38
creation, 59 Operating system (OS)
FOR loop, 61
if conditions, 60–61 description, 3
logic building, 60 Kernel, 3
reading input, 59 machine language, 3
structural basics, 58–59 memory management, 5
ring architecture, 4
Lists, 65 vulnerable and unpatched, 3
Local authentication, 6 Oracle VirtualBox, 74–76
ORDER BY clause, 30
„M
„P
Macro virus, 122
Maltego, 113 Passive reconnaissance, 103
Manual testing, 101 Password-cracking techniques
Media Access Control (MAC)
brute force attack, 120
address, 44 complexity, 119
Memory management, 5 dictionary attack, 119
Message digests, 174–176 distributed password recovery, 120
Microsoft Windows hybrid attack, 120
non-technical attacks, 120
local vs. centralized, 5 rainbow tables, 120
processes, 10 rule-based attack, 120
security policies, 10, 12 syllable attack, 120
service, 8–9 Penetration testing
Misconfigured access point automated vulnerability scanning, 105
internal employee portal, 99
attack, 147 life-cycle, 97, 101
Mobile attack vectors, 153 methodological process, 97
Mobile device management (MDM), 157 vulnerability assessment, 99
Mobile Terminology, 153 Pen-tester, 99
Modern ciphers, 173 Pen testing, 97
Modules, 67 Perimeter testing, 103
Multiple access points, 144 Physical threats, 90
Pipes, 55
„N Pipl search engine, 113
Platform-as-a-Service (PaaS), 79
Natural threats, 90 Policy, procedure, guidelines, and standards, 92
NetBIOS enumeration, 114 Polymorphic virus, 122
Netscantools Pro, 117 Port numbers, 42–43
Network access layer, 39 Post-attack phase, 104
Network Address Translation (NAT), 46 PowerShell, 53
Networking Cmdlets, 58
commands, 54
connectivity, 37 If Else decision making, 55
OSI vs.TCP/IP Models, 37–39 ISE, 54
TCP/IP model, 38 for loops, 55
TCP vs. UDP, 39 variables, 54
threats, 37 Pre-attack phase, 102–103
Network security devices Primary key, 24–25
routers, 48 Private IP, 41–42
switches, 48 Private key cryptography, 173
NMAP tool, 115
Non-disclosure agreement (NDA), 102
Nonrepudiation, 89
Non-technical attacks, 120
Nutshell, 15–16

196

Privilege escalation, 124 ■ INDEX
Proof-of-concept (PoC), 105
Public IP, 41–42 Self-signed certificates, 177
Public key cryptography, 173 Service Set Identifier (SSID), 145
Public key infrastructure (PKI) Shell scripting, 53
Shodan, 113
functioning, 177 Simple Network Management Protocol (SNMP),
terminology, 177
Python, 53 114
functions, 66–67 Single output redirection, 62
IDLE GUI, 64 Site-to-Site VPN, 48
If Else, 65–66 Snapshots, 73
Lists, 65 Social engineering, 123–124, 128
for loop, 66 Social networking platforms, 113, 185
printing, 64 Sockets, 41
reading input, 64 Software-as-a-Service (SaaS), 79
version 2.7.X, 63 Software containerization, 77–78
Spectrum analysis, 148–149
„Q Spy hackers, 92
SQL, 24
Quality assurance (QA) testing, 97 SSH. See Secure Shell (SSH)
Query and Clauses SSL. See Secure socket layer (SSL)
SSL certificate
SELECT and FROM, 28–29
Query processing Internals, 33 CA-signed certificates, 177
digital signature, 179
„R issuing authority, validity, and

Rainbow tables, 120 encryption, 178
Redirection, 61 self-signed certificates, 177
Registration authority, 177 testing, 178
Remote Access VPN, 47 TLS, 179
Remote URL, 57 Stack-based memory allocation, 5
REVOKE, 28 Stack vs. heap, 5
Ring OS architecture, 4 State-sponsored hackers, 92
Risk-based authentication, 88 Steganography, 126–128
Rogue access point attack, 147 Stock ROM, 153
Rootkits, 123, 128 StreamArmor, 126
Routers, 48 Stream ciphers, 173
Rubber horse attack, 180 Substitution cipher, 173
Rule-based attack, 120 Suicide hackers, 91
SuperScan tool, 116
„S Switches, 48
Syllable attack, 120
Script-kiddies, 92 Symbols, 32–33
Secure shell (SSH), 176 Symmetric key encryption, 172
Secure socket layer (SSL), 179 System/boot-sector virus, 122
Security assessments
„T
breakdown, 97
lifecycle, 97 TCP flags, 40
non-IT sectors, 97 TCP handshake, 40
security audits, 98 TCP/IP model, 38
software application, 97 TCP wrappers, 18
software industry, 97 Threat, 90
Security audits, 98 Transmission Control Protocol (TCP), 39
Security policies, 10, 12 Transport layer security (TLS), 179
SELECT, 28 Transposition cipher, 173
Trojans, 121, 128
TRUNCATE, 27

197

■ INDEX overview, 131
web Servers, 138
„U Web/networking functions, 57
WHERE clause, 29
Unannounced testing, 101 White-box penetration
Unauthenticated scan, 98
User Datagram Protocol (UDP), 39 testing, 99, 101
White hats, 91
„V WHOIS database, 111
Wi-Fi authentication, 145–146
Variables, 54 Wi-Fi networks, 57
Virtualization
common wireless threats, 147
benefits, 71 use of, 146
definition, 71 warchalking, 146
security issues, 73 wardriving, 146
Virtual Private Network (VPN), 47 wireless encryption
Viruses
anti-virus signature development, 122 standards, 147
definition, 122, 128 types, 146
design and development, 122 Wi-Fi signal jamming, 147
detection, 122 Windows Event Viewer, 7–8
eradication, 122 Windows Firewall, 12
infection and replication, 122 Windows registry, 6–7
trigger and launch, 122 Wireless hacking methodology
types, 122 break Wi-Fi encryption, 148
Vulnerability assessment, 89, 98 discovering Wi-Fi networks, 147
execute attacks, 148
„ W, X, Y GPS mapping, 147
traffic analysis, 147
Web application Wireless networks
flaws advantages, 143
authentication, 132 disadvantages, 144
authorization, 132–133 types, 144
business logic, 137 Wireless standards
configuration management, 135 access point, 145
cryptography, 136 bandwidth, 145
input validation, 134–135 BSSID, 145
mitigations, 139–140 features, 144
session management, 133–134 hotspot, 145
hacking
attack vectors, 132 „Z
automated scanning tools, 138–139
methodology, 137–138 ZenMAP port scanner, 115
mitigations, 139–140 Zero-Day vulnerability/exploit, 89–90

198