Ethical Hacking & Countermeasure Specialist. Course Title: Ethical Hacking & Countermeasure Specialist: Web Applications and Data Servers

Transcription

1 Ethical Hacking & Cuntermeasure Specialist Curse Title: Ethical Hacking & Cuntermeasure Specialist: Web Applicatins and Data Servers Page 1 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

2 Ethical Hacking & Cuntermeasure Specialist Curse Descriptin This certificatin cvers a plethra f ffensive security tpics ranging frm hw perimeter defenses wrk t scanning and attacking simulated netwrks. A wide variety f tls, viruses, and malware is presented in this and the ther fur bks, prviding a cmplete understanding f the tactics and tls used by hackers. By gaining a thrugh understanding f hw hackers perate, an Ethical Hacker will be able t set up strng cuntermeasures and defensive systems t prtect an rganizatin's critical infrastructure and infrmatin. Certificate Inf Ethical Hacking & Cuntermeasure Specialist: Web Applicatins and Data Servers Wh Shuld Attend This curse will significantly benefit security fficers, auditrs, security prfessinals, site administratrs, and anyne wh is cncerned abut the integrity f the netwrk infrastructure. Curse Duratin 2 days (9:00AM 5:00PM) CPE/ECE Qualificatin 16 ECE Credits awarded fr attendance (1 fr each classrm hur) Suggested Retail: $799 USD Page 2 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

3 Ethical Hacking & Cuntermeasure Specialist Required Curseware: Visit and click n Training Wrkshps fr rdering details. What s included? Physical Curseware 1 year Access T EC-Cuncil Student LMS fr Practical Labs (if applicable), testing, and Certificate Curse + Supplement Cst: See the Training Wrkshps sectin at fr current pricing infrmatin. Related Certificates: Ethical Hacking & Cuntermeasure Specialist: Attack Phases Ethical Hacking and Cuntermeasures: Threats and Defense Mechanisms Ethical Hacking and Cuntermeasures: Linux, Macintsh and Mbile Systems Ethical Hacking and Cuntermeasures: Secure Netwrk Infrastructures Page 3 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

4 Ethical Hacking & Cuntermeasure Specialist Curse Briefing 1. Sessin Hijacking Chapter Brief: Sessin Hijacking refers t the explitatin f a valid cmputer sessin where an attacker takes ver a sessin between tw cmputers. The attacker steals a valid sessin ID which he uses t get int the system and extract the data. Sessin hijacking includes attacks such as TCP sessin hijacking, Blind hijacking, and Man-in-the-Middle (MITM) attacks. This mdule explains abut the hijacking f a valid cmputer sessin. It briefs abut the sessin hijacking prcess, techniques used in hijacking, and steps t perfrm sessin hijacking. It explains the tw levels f perfrming sessin hijacking that include: netwrk level hijacking and applicatin level hijacking. It explains abut the different tls t perfrm sessin hijacking. 2. Hacking Web Servers Chapter Brief: Often a breach in security causes mre damage in terms f gdwill than in actual quantifiable lss. This makes web server s security critical t the nrmal functining f an rganizatin. There are inherent security risks assciated with web servers, the lcal area netwrks that hst web sites and users wh access these web sites using brwsers. Cmprmised web servers can expse the Lcal Area Netwrk (LAN) r the crprate netwrk t Internet threats. This mdule deals with the hacking f web servers. It explains abut web server defacement, Apache web server security, attacks against IIS, and web server vulnerabilities. It discusses abut Patch Management and vulnerability scanners. 3. Web Applicatin Vulnerabilities Chapter Brief: A web applicatin is cmprised f many layers f functinality. Hwever, it is cnsidered a threelayered architecture cnsisting f presentatin, lgic, and data layers. A web applicatin is cmpsed with several cmpnents such as web server, the applicatin cntent that resides n the web server, and a typically back end data stre where the applicatin accesses and interfaces with. The vulnerabilities in the web applicatins including the crss-site flaws, buffer verflws, and injectin flaws may be used t launch several attacks n the web applicatins. This mdule explains abut the vulnerabilities that are pssible in web applicatins. It explains abut the bjectives f web applicatin hacking, anatmy f an attack, and cuntermeasures. It explains abut the tls used fr hacking web applicatins. 4. Web-Based Passwrd-Cracking Techniques Chapter Brief: Authenticatin is any prcess by which ne verifies that smene actually is wh he/she claims t be. Typically, this invlves a user name and a passwrd. A passwrd cracker is an applicatin t restre the stlen/frgtten passwrds f a netwrk resurce r f a desktp cmputer. It can als be used t help a human cracker t btain unauthrized access t resurces. Page 4 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

5 Ethical Hacking & Cuntermeasure Specialist This mdule explains abut the web-based passwrd cracking techniques. It explains abut the authenticatin mechanisms, HTTP authenticatin, Integrated Windws (NTLM) Authenticatin, certificate-based authenticatin, frms-based authenticatin, RSA SecurID Tken, Bimetrics authenticatin, and types f bimetrics authenticatin. The mdule briefs abut hw t crack the passwrds and lists the tls fr passwrd cracking. 5. Hacking Web Brwsers Chapter Brief: Tday, web brwsers such as Internet Explrer, Mzilla Firefx, and Apple Safari (t name a few), are installed n almst all cmputers. As web brwsers are used frequently, it is vital t cnfigure them securely. Often, the web brwser that cmes with an perating system is nt set up in a secure default cnfiguratin. Nt securing yur web brwser can quickly lead t a variety f cmputer prblems caused by anything frm spyware being installed withut yur knwledge t intruders taking cntrl f yur cmputer. This mdule familiarizes yu with hacking different web brwsers and explains hw web brwsers wrk and access HTML dcuments. Hacking Firefx using Firefx spfing, infrmatin leak and passwrd vulnerabilities are explained. Security tls and Firefx security features secure Firefx frm being hacked. Redirectin infrmatin disclsure and Windw injectin vulnerabilities are used fr hacking Internet Explrer. Different brwser settings and Internet explrer security features are mentined fr securing Internet explrer. Different vulnerabilities present in Opera, Safari, and Netscape are described. This mdule als lists the different security features and brwser settings f Opera, Safari, and Netscape. 6. SQL Injectin Chapter Brief: SQL cmmands such as INSERT, RETRIEVE, UPDATE, and DELETE are used t perfrm peratins n the database. Prgrammers use these cmmands t manipulate the data in the database server. SQL injectin is defined as a technique that takes advantage f nn-validated input vulnerabilities and injects the SQL cmmands thrugh a web applicatin that are executed in a back-end database. The mdule deals with expliting a web applicatin by injecting the SQL cde. The mdule explains abut SQL Injectin techniques and attacks n the web applicatins. It briefs abut SQL Injectin in different databases, SQL Injectin tls, Blind SQL Injectin, SQL Injectin defense and detectin Tls, and SQL Injectin cuntermeasures. 7. Hacking Database Servers Chapter Brief: Database servers huse critical infrmatin that includes crprate, custmer, and financial data. This infrmatin culd be used by the attackers t tarnish the reputatin f the rganizatin r fr mnitry reasns. Hacking the databases culd run an rganizatin ut f business r cst them millins f dllars. This mdule depicts hw databases are vulnerable t attacks. Attackers use TCP prt scan t find an Oracle database server n the netwrk. Once the Oracle database server has been traced, the first prt f call is made t the TNS Listener. Using PL/SQL Injectin, attackers can ptentially elevate their level f privilege frm a lw-level PUBLIC accunt t an accunt with DBA-level privileges. Page 5 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

6 Ethical Hacking & Cuntermeasure Specialist The mdule als deals with the security issues and type f Database attacks and describes hacking tricks that an attacker uses t explit SQL server systems. Page 6 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

7 Ethical Hacking & Cuntermeasure Specialist Curse Outline Chapter 1: Sessin Hijacking Case Example Intrductin t Sessin Hijacking What is Sessin Hijacking Understanding Sessin Hijacking Spfing vs. Hijacking Packet Analysis f a Lcal Sessin Hijack Steps in Sessin Hijacking Sessin Hijacking Prcess Sessin Hijack Attack Scenari Types f Sessin Hijacking Sessin Hijacking Levels Spfing Versus Hijacking Netwrk Level Hijacking The Three-Way Handshake TCP Cncepts 3-Way Handshake Sequence Numbers Sequence Number Predictin TCP/IP Hijacking IP Spfing: Surce Ruted Packets RST Hijacking RST Hijacking Tl: hijack_rst.sh #./hijack_rst.sh Blind Hijacking Man-in-the-Middle Attack using Packet Sniffer UDP Hijacking Applicatin Level Hijacking Sessin Hijacking Tls IP Watcher Remte TCP Sessin Reset Utility Pars HTTP Sessin Hijacking Tl Dnshijacker Tl Hjksuite Tl Cuntermeasures Page 7 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

8 Ethical Hacking & Cuntermeasure Specialist Prtecting against Sessin Hijacking Methds t Prevent Sessin Hijacking (T be Fllwed by Web Develpers) Methds t Prevent Sessin Hijacking: (T be Fllwed by Web Users) Defending against Sessin Hijack Attacks Sessin Hijacking Remediatin IPSec Mdes f IPSec IPSec Architecture Cmpnents f IPSec IPSec Authenticatin and Cnfidentiality IPSec Prtcl: AH ESP IPSec Implementatin Chapter 2: Hacking Web Servers Case Example Intrductin t Hacking Web Servers Surces f Security Vulnerabilities in Web Servers Web Attack Impacts Web Site Defacement Hw are Web Servers Defaced Attacks Against IIS IIS 7 Cmpnents Unicde Unicde Directry Traversal Vulnerability IIS Directry Traversal (Unicde) Attack Hacking Tl: IISxplit.exe Msw3prt IPP Vulnerability RPC DCOM Vulnerability ASP Trjan (cmd.asp) IIS Lgs Tls Netwrk Tl: Lg Analyzer Hacking Tl: CleanIISLg IIS Security Tl: Server Mask ServerMask ip100 Page 8 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

9 Ethical Hacking & Cuntermeasure Specialist CacheRight HttpZip LinkDeny ServerDefender AI ZipEnable W3cmpiler Yersinia Metasplit Framewrk KARMA Karmetasplit Prerequisites fr Karmetasplit Running Karmetasplit Immunity CANVAS Prfessinal Cre Impact MPack Nesplit Patch Management Vulnerability Scanners Chapter 3: Web Applicatin Vulnerabilities Intrductin t Web Applicatin Vulnerabilities Web Applicatins Web Applicatin Architecture Cmpnents Web Applicatin Vulnerability Characteristics Tp Web Applicatin Vulnerabilities Cmmn Web-Based Applicatins Attacks Unvalidated Input Brken Access Cntrl Brken Accunt and Sessin Management Web Applicatin Hacking Anatmy f an Attack Web Applicatin Threats Crss-Site Scripting/XSS Flaws An Example f XSS Cuntermeasures SQL Injectin Cmmand Injectin Flaws Page 9 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

10 Ethical Hacking & Cuntermeasure Specialist Cuntermeasures Ckie/Sessin Pisning Cuntermeasures Parameter/Frm Tampering Hidden Field Buffer Overflw Cuntermeasures Directry Traversal/Frceful Brwsing Cuntermeasures Cryptgraphic Interceptin Ckie Snping Authenticatin Hijacking Cuntermeasures Lg Tampering Errr Message Interceptin Attack Obfuscatin Platfrm Explits DMZ Prtcl Attacks DMZ Cuntermeasures Security Management Explits Web Services Attacks Zer-Day Attacks Netwrk Access Attacks TCP Fragmentatin DNS Pisning Web Applicatin Hacking Tls Wget GUI fr Wget WebSleuth BlackWidw SiteScpe WSDigger :Web Services Testing Tl CkieDigger SSLDigger WindwBmb WindwBmb: Reprt Page 10 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

11 Ethical Hacking & Cuntermeasure Specialist Burp: Psitining Paylads Cnfiguring Paylads and Cntent Enumeratin Passwrd Guessing Burp Prxy: Intercepting HTTP/S Traffic Hex-editing f Intercepted Traffic Brwser Access t Request Histry Burpsuite curl Chapter 4: Web-Based Passwrd-Cracking Techniques Intrductin t Web-Based Passwrd-Cracking Techniques Authenticatin Authenticatin Definitin Authenticatin Mechanisms HTTP Authenticatin Basic Authenticatin Digest Authenticatin Integrated Windws (NTLM) Authenticatin Negtiate Authenticatin Certificate-based Authenticatin Frms-Based Authenticatin RSA SecurID Tken Bimetrics Authenticatin Types f Bimetrics Authenticatin Fingerprint-Based Identificatin Hand Gemetry-Based Identificatin Retina Scanning Afghan Wman Recgnized After 17 Years Face Recgnitin Face Cde: WebCam Based Bimetrics Authenticatin System Passwrd Cracking Passwrd Cracking Tls L0phtcrack (LC4) Jhn the Ripper Brutus Obiwan Page 11 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

12 Ethical Hacking & Cuntermeasure Specialist Authfrce Hydra Cain & Abel RAR Gammaprg WebCracker Munga Bunga PassList SnadBy MessenPass Wireless WEP Key Passwrd Spy RckXP Passwrd Spectatr Pr WWWhack SamInside Lm2ntcrack Windws Passwrd Cracker MDB Passwrd Cracker Passwrd Recvery Bundle 2009 Advanced FTP Passwrd Recvery Kernel SQL Passwrd Recvery AirGrab Passwrd PRO Visual Zip Passwrd Recvery Prcessr Passwrd Hacking Sftware Passwrdstate Chapter 5: Hacking Web Brwsers Intrductin Hw Web Brwsers Wrk Hacking Firefx Firefx Prf f Cncept Infrmatin Leak Vulnerability Firefx Spfing Vulnerability Passwrd Vulnerability Firefx Cmmand Line URI Handling Vulnerability Firefx Cde Executin Vulnerability Cncerns With Saving Frm r Lgin Data Cleaning Up Brwsing Histry Page 12 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

13 Ethical Hacking & Cuntermeasure Specialist Ckies Internet Histry Viewer: Ckie Viewer Firefx Security Blcking Ckies Optins Tls Fr Cleaning Unwanted Ckies Tl: CkieCuller Getting Started Main Setting Privacy Settings Security Settings Cntent Settings Clear Private Data Mzilla Firefx Security Features Hacking Internet Explrer Redirectin Infrmatin Disclsure Vulnerability Windw Injectin Vulnerability Internet Explrer Vulnerabilities Internet Explrer Security Getting Started Security Znes Custm Level Trusted Sites Zne Privacy Overwrite Autmatic Ckie Handling Per Site Privacy Actins Disable Third-party Brwser Extensins Specify Default Applicatins Internet Explrer Security Features Hacking Opera JavaScript Invalid Pinter Vulnerability BitTrrent Header Parsing Vulnerability Trrent File Handling Buffer Overflw Vulnerability URL Handling Cde Executin Vulnerability Opera Stred Crss Site Scripting (XSS) Vulnerability Opera Security and Privacy Features Hacking Safari Securing Safari Page 13 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

14 Ethical Hacking & Cuntermeasure Specialist Chapter 6: SQL Injectin Case Example Intrductin t SQL Injectin SQL Injectin Techniques SQL Manipulatin Cde Injectin Functin Call Injectin Buffer Overflws Expliting Web Applicatins What Attackers Lk Fr OLE DB Errrs Input Validatin Attack SQL Injectin Techniques Hw t Test fr an SQL Injectin Vulnerability Hw It Wrks SQL Injectin in Different Databases SQL Injectin in Oracle SQL Injectin in MySql Database Attacks Against Micrsft SQL Server Tls fr Autmated SQL Injectin Blind SQL Injectin SQL Injectin Cuntermeasures Preventing SQL Injectin Attacks SQL Injectin Defense and Detectin Tls SQL Blck Acunetix Web Vulnerability Scanner Chapter 7: Hacking Database Servers Intrductin t Hacking Database Servers Hacking Oracle Database Server Attacking Oracle Security Issues in Oracle Types f Database Attacks Hw t Break int an Oracle Database and Gain DBA Privileges Hacking an SQL Server Hw an SQL Server Is Hacked Page 14 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.

15 Ethical Hacking & Cuntermeasure Specialist Security Tls Security Checklists Page 15 f 15 Web Applicatins and Data Servers Cpyright by EC-Cuncil All Rights Reserved. Reprductin is Strictly Prhibited.