- [ Certified Ethical Hacker v10 ] :: [ TOC ]
- [ Certified Ethical Hacker v10 ] :: [ Syllabus ]
- [ Certified Ethical Hacker v10 ] :: [ Chapters 1 & 2 ] :: Footprinting and Reconnaissance
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 ] :: Scanning
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Enumeration
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Vulnerability Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 4 ] :: Sniffing, Evasion and Packet Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 ] :: System Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 ] :: Web Servers and Applications
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: SQL Injection
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: sqlmap
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: Burp Suite
- [ Certified Ethical Hacker v10 ] :: [ Chapter 7 ] :: WiFi Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 ] :: Hacking Mobile Devices
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 cont’d ] :: Hacking the Internet of Things
- [ Certified Ethical Hacker v10 ] :: [ Chapter 9 ] :: Hacking in the Cloud
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 ] :: Trojans, Backdoors, Viruses and Worms
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Denial of Service
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security
- [ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology
- [ CEH Training ] :: [ Day 7 ]
- Using the GNU Debugger: John Hammond
- [ Review ] :: EC-Council’s iLabs Platform
- [ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT
- [ Certified Ethical Hacker v10 ] :: [ Practical ] :: Become a CEH Master
Hacking Web Servers and Applications
Tools to Know for Reconnaisance, Scanning and Attacking Web Servers and Applications
Discovering Server Details
Netcraft
whatweb <target ip> -v # for a single target whatweb -v 192.168.0.1/24 # for a subnet
ua-tester -u www.schoolforhackers.com -d M D
uniscan-guiĀ # opens a GUI
Tampering with Server Requests
Tamper Data / Tamper Data for Firefox Quantum – a lightweight proxy plugin for Firefox that letsĀ you capture and modify http/s requests.
Web Exploit and Vulnerability Tool Kits
Nikto
Wikto: a website vulnerability tool:
http://sectools.org/tool/wikto/
Burp Suite
Burp is a must-have tool, both for the CEH test and for real-life security auditing. Know this tool as deeply as you can before testing.
“Getting Started with Burp Proxy”:
https://support.portswigger.net/customer/en/portal/articles/1783118-Proxy_Getting%20Started.html
“Brute Force a Website Login Page with Burp Suite”:
https://www.youtube.com/watch?v=25cazx5D_vw
“Using Burp to Test for Path Traversal Vulnerabilities”:
https://support.portswigger.net/customer/en/portal/articles/2590663-using-burp-to-test-for-path-traversal-vulnerabilities
“Brute force attack (form, ssh, ftp) using burp suite and hydra”:
https://www.youtube.com/watch?v=y3Oh54BUN0U
“Brute Force Router Password using BurpSuite”:
https://www.youtube.com/watch?v=gSVM65_pLfA
ZAP: The ZED Attack Proxy
OWASP makes their own testing proxy, ZAP (or Zed or ZAProxy) that makes auditing for the OWASP Top 10 Vulnerabilities a much clearer process.
Get it and learn about it: https://www.zaproxy.org/
Really Ancient Tools Mentioned in the CEH Exam
Hunt: 20+ years old.
“Hunt is a program for intruding into a connection, watching it and resetting it. Hunt operates on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. Hunt doesn’t distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees.”
https://packetstormsecurity.com/sniffers/hunt/
Brutus
THC-Hydra
OWASP Guide
Nessus / OpenVAS
WinSSLMiM
POODLE (obsolete)
Vulnerabilities to Exploit
Hidden fields
Buffer overflow
DoS
Banner grabbing:
telnet schoolforhackers.com 80
XSS
Cross-site scripting exploits web forms that don’t do good sanitizing of the data you input. Root-me.org has a good description of the “rules”:
From the excellent JackkTutorials, see this video:
“Basic XSS Guide #1 – Alert() – Redirection – Cookie Stealing”
https://www.youtube.com/watch?v=486KmQOcwWg
Insecure Deserialization
This kind of attack takes advantage of the way web requests serialize data, a way to pass an object as a string of characters. It’s one of the OWASP Top 10 Vulns, and you should have at least a basic idea what it is.
Another, longer example:
Attack Targets
Input validation
Unvalidated redirects and forwards
Insecure login systems (see Brutus)
Scripting errors
Session management
CAPTCHA
AntiCaptcha plugin (Chrome, Firefox)
CAPTCHA Be Gone (?)
Rumola (Firefox, Chrome, Safari)
Directory traversal