Certified Ethical Hacker CEH Exam Cram (2022)

Preview (31 of 516 Pages)

100%

Purchase to unlock

Loading page image...

Certified Ethical Hacker (CEH)Exam CramDr. Chuck Easttom

Loading page image...

Copyright © 2022 by Pearson Education, Inc.All rights reserved. This publication is protected by copyright, andpermission must be obtained from the publisher prior to any prohibitedreproduction, storage in a retrieval system, or transmission in any form or byany means, electronic, mechanical, photocopying, recording, or likewise. Forinformation regarding permissions, request forms, and the appropriatecontacts within the Pearson Education Global Rights & PermissionsDepartment, please visit www.pearson.com/permissions.No patent liability is assumed with respect to the use of the informationcontained herein. Although every precaution has been taken in thepreparation of this book, the publisher and author assume no responsibilityfor errors or omissions. Nor is any liability assumed for damages resultingfrom the use of the information contained herein.ISBN-13: 978-0-13751344-4ISBN-10: 0-13-751344-5Library of Congress Control Number:Printed in the United States of AmericaScoutAutomatedPrintCodeTrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Pearson IT Certification cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.CompTIA is a registered trademark of CompTIA, Inc.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurate aspossible, but no warranty or fitness is implied. The information provided ison an “as is” basis. The author and the publisher shall have neither liabilitynor responsibility to any person or entity with respect to any loss or damagesarising from the information contained in this book.

Loading page image...

Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus, orbranding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Editor-in-ChiefMark TaubDirector, ITP Product ManagementBrett BartowExecutive Acquisitions EditorJames ManlyDevelopment EditorEllie BruManaging EditorSandra SchroederProject EditorMandie FrankCopy EditorKitty WilsonIndexerProofreaderTechnical EditorAkhil BehlPublishing Coordinator

Loading page image...

Cindy TeetersDesignerChuti PrasertsithCompositorcodeMantra

Loading page image...

Pearson’s Commitment to Diversity,Equity, and InclusionPearson is dedicated to creating bias-free content that reflects the diversity ofall learners. We embrace the many dimensions of diversity, including but notlimited to race, ethnicity, gender, socioeconomic status, ability, age, sexualorientation, and religious or political beliefs.Education is a powerful force for equity and change in our world. It has thepotential to deliver opportunities that improve lives and enable economicmobility. As we work with authors to create content for every product andservice, we acknowledge our responsibility to demonstrate inclusivity andincorporate diverse scholarship so that everyone can achieve their potentialthrough learning. As the world’s leading learning company, we have a dutyto help drive change and live up to our purpose to help more people create abetter life for themselves and to create a better world.Our ambition is to purposefully contribute to a world where:• Everyone has an equitable and lifelong opportunity to succeed throughlearning.• Our educational products and services are inclusive and represent therich diversity of learners.• Our educational content accurately reflects the histories and experiencesof the learners we serve.• Our educational content prompts deeper discussions with learners andmotivates them to expand their own learning (and worldview).While we work hard to present unbiased content, we want to hear from youabout any concerns or needs with this Pearson product so that we caninvestigate and address them.• Please contact us with concerns about any potential bias athttps://www.pearson.com/report-bias.html.

Loading page image...

Contents at a GlanceAbout the AuthorAcknowledgmentsAbout the Technical EditorWe Want to Hear from You!Reader ServicesIntroductionChapter 1. Reconnaissance and ScanningChapter 2. Enumeration and Vulnerability ScanningChapter 3. System HackingChapter 4. MalwareChapter 5. Packet Sniffing and Social EngineeringChapter 6. Denial of Service and Session HijackingChapter 7. Evading Security MeasuresChapter 8. Hacking Web Servers and Web ApplicationsChapter 9. Hacking WirelessChapter 10. Hacking MobileChapter 11. IOT and OT HackingChapter 12. Cloud Computing and HackingChapter 13. CryptographyTear CardGlossary

Loading page image...

Table of ContentsAbout the AuthorAcknowledgmentsAbout the Technical EditorWe Want to Hear from You!Reader ServicesIntroductionAboutCEH Exam CramAbout the CEH v11 ExamCompanion WebsitePearson Test Prep Practice Test SoftwareAssessing Exam ReadinessPremium Edition eBook and Practice TestsChapter 1. Reconnaissance and ScanningReconnaissance TypesActive Reconnaissance TechniquesWhat Next?Chapter 2. Enumeration and Vulnerability ScanningScanningScanning ProcessNetwork Packet CaptureVulnerability ScanningWhat Next?Chapter 3. System HackingCEH Methodology

Loading page image...

Pass the HashSpywareWhat Next?Chapter 4. MalwareMalware TypesVirusesProtecting Against MalwareWhat Next?Chapter 5. Packet Sniffing and Social EngineeringSocial EngineeringPacket SniffingWhat Next?Chapter 6. Denial of Service and Session HijackingDenial of ServiceSession HijackingWhat Next?Chapter 7. Evading Security MeasuresIntrusion Detection SystemsFirewalls and HoneypotsVirtual Private NetworksIDS Evasion TechniquesFirewall Evasion TechniquesWhat Next?Chapter 8. Hacking Web Servers and Web ApplicationsWeb ServersWeb ApplicationsWhat Next?Chapter 9. Hacking Wireless

Loading page image...

Wireless TechnologyHacking WirelessWhat Next?Chapter 10. Hacking MobileMobile TechnologiesMobile ThreatsWhat Next?Chapter 11. IOT and OT HackingIoT FundamentalsIOT Security and HackingWhat Next?Chapter 12. Cloud Computing and HackingCloud FundamentalsCloud Computing AttacksWhat Next?Chapter 13. CryptographyCryptography ConceptsPKICryptographic AttacksWhat Next?Tear CardGlossary

Loading page image...

About the AuthorDr. Chuck Easttomis the author of 34 books, including several on computersecurity, forensics, and cryptography. He holds a doctor of science degree incybersecurity, a Ph.D. in nanotechnology, a Ph.D. in computer science, andthree master's degrees (one in applied computer science, one in education,and one in systems engineering). He is also an inventor with 23 patents. He isa senior member of both the IEEE and the ACM. He is also a DistinguishedSpeaker of the ACM and a Distinguished Visitor of the IEEE. Dr. Easttom iscurrently an adjunct professor for Georgetown University and for Universityof Dallas.

Loading page image...

DedicationFor my wife, Teresa, who is always so supportive of my work.—Chuck Easttom

Loading page image...

AcknowledgmentsThanks are due to Eleanor (Ellie) Bru for working on this title once more andmaking it as strong as it can be.—Chuck Easttom

Loading page image...

About the Technical EditorAkhil Behl, CCIE Emeritus No. 19564,is a passionate IT executive withkey focus on cloud and security. He has 18+ years of experience in the ITindustry, working across several leadership, advisory, consultancy, andbusiness development profiles with various organizations. His technologyand business specializations include cloud, security, infrastructure, datacenter, and business communication technologies. Currently he leadsbusiness development for cloud for a global systems integrator.Akhil is a published author. Over the span of the past few years, he hasauthored multiple titles on security and business communicationtechnologies. He has contributed as technical editor for over a dozen bookson security, networking, and information technology. He has published fourbooks with Pearson Education/Cisco Press.He has published several research papers in national and internationaljournals, includingIEEE Xplore, and presented at various IEEE conferences,as well as other prominent ICT, security, and telecom events. Writing andmentoring are his passion.He holds CCIE Emeritus (Collaboration and Security), Azure SolutionsArchitect Expert, Google Professional Cloud Architect, Azure AI CertifiedAssociate, Azure Data Fundamentals, CCSK, CHFI, PMP, ITIL, VCP,TOGAF, CEH, ISM, CCDP, and many other industry certifications. He hasbachelor's degree in technology and a master's in business administration.

Loading page image...

We Want to Hear from You!As the reader of this book,youare our most important critic andcommentator. We value your opinion and want to know what we’re doingright, what we could do better, what areas you’d like to see us publish in, andany other words of wisdom you’re willing to pass our way.We welcome your comments. You can email or write to let us know whatyou did or didn’t like about this book—as well as what we can do to makeour books better.Please note that we cannot help you with technical problems related to thetopic of this book.When you write, please be sure to include this book’s title and author as wellas your name and email address. We will carefully review your commentsand share them with the author and editors who worked on the book.Email: community@informit.com

Loading page image...

Reader ServicesRegister your copy ofCertified Ethical Hacker Exam Cramatwww.pearsonitcertification.com for convenient access to downloads, updates,and corrections as they become available. To start the registration process, goto www.pearsonitcertification.com/register and log in or create an account.*Enter the product ISBN 9780137513444 and click Submit. When the processis complete, you will find any available bonus content under RegisteredProducts.*Be sure to check the box indicating that you would like to hear from us toreceive exclusive discounts on future editions of this product.

Loading page image...

IntroductionWelcome toCertified Ethical Hacker Exam Cram. This book is designed toprepare you to take—and pass—the CEH exam. The CEH exam has becomethe leading introductory-level network certification available today. It isrecognized by both employers and industry giants as providing candidateswith a solid foundation of networking concepts, terminology, and skills.AboutCEH Exam CramExam Crams are designed to give you the information you need to know toprepare for a certification exam. They cut through the extra information,focusing on the areas you need to get through the exam. With this in mind,the elements within Exam Crams are aimed at providing the examinformation you need in the most succinct and accessible manner.This book is organized to closely follow the actual EC-Council objectives forexam CEH v11. As such, it is easy to find the information required for eachof the specified EC-Council CEH v11 objectives. The objective focus designused by this Exam Cram is an important feature because the information youneed to know is easily identifiable and accessible.Within the chapters, potential exam hot spots are clearly highlighted withExam Alerts. They have been carefully placed to let you know that thesurrounding discussion is an important area for the exam. To further help youprepare for the exam, a Cram Sheet is included that you can use in the finalstages of test preparation. Be sure to pay close attention to the bulleted pointson the Cram Sheet because they pinpoint the technologies and facts you willprobably encounter on the test.Finally, great effort has gone into the questions that appear throughout thechapter and the practice tests to ensure that they accurately represent the lookand feel of the ones you will see on the real CEH v11 exam. Be sure, beforetaking the exam, that you are comfortable with both the format and content ofthe questions provided in this book.

Loading page image...

About the CEH v11 ExamThe CEH v11 exam is the newest iteration of several versions of the exam.The new CEH v11 objectives are aimed toward those who have at least twoyears of experience in cybersecurity and some exposure to penetrationtesting.You will have a maximum of four hours to answer the 125 questions on theexam. The allotted time is quite generous, so when you finish, you willprobably have time to double-check a few of the answers you were unsure of.Time is not typically an issue for this exam. The issue is ensuring that youfully understand the material in this book! Note that the exam includes 20practical challenges. So when you see tools and techniques in this book,make sure you practice with them!You need a minimum score of 70% to pass the CEH v11 exam. This meansyou can miss some questions and still pass. Your goal should be to get asmany correct as you can, but if you feel like you don’t really know theanswers to a few questions, don’t panic. Even if you get a few wrong, youcan still pass the exam. The 70% is actually an estimate. CEH uses anadaptive format, described at https://cert.eccouncil.org/faq.html?_ga=2.167294973.253704694.1632148579-1175590966.1632148579.EC-Council CEH v11 Exam TopicsTable I-1 lists general exam topics (that is, objectives) and specific topicsunder each general topic (that is, subobjectives) for the CEH v11 exam. Thistable also lists the chapter in which each exam topic is covered.Table I-1Certified Ethical Hacker Exam Topics

Loading page image...

Booking and Taking the CEH v11 ExamIn order to be considered for the EC-Council CEH exam without attendingofficial network security training, a candidate must have at least two years ofwork experience in the information security domain. A candidate who has therequired work experience can submit an eligibility application form (seehttps://cert.eccouncil.org/application-process-eligibility.html) along with anonrefundable fee of US$100. The exam itself costs $850.When booking the exam, you need to provide the following information:• Your name as you would like it to appear on your certificate• Your Social Security or social insurance number• Contact phone numbers (to be called in the event of a problem)• Mailing address to which you want your certificate mailed• Exam number and title• Email address for contact purposes• Credit card information so that you can pay online (You can redeem avoucher by calling the respective testing center.)What to Expect from the ExamIf you haven’t taken a certification test, the process can be a little unnerving.Even if you’ve taken numerous tests, it is not much better. Mastering theinner mental game often can be as much of a battle as knowing the material.Knowing what to expect before heading in can make the process a little morecomfortable.Certification tests are administered on a computer system at a Pearson VUEauthorized testing center. The format of the exams is straightforward: Foreach question you have several possible answers to choose from. Thequestions in this book provide a good example of the types of questions youcan expect on the exam. If you are comfortable with the questions providedin the book, the test should hold few surprises. The questions vary in length.Some of them are longer scenario questions, whereas others are short and tothe point. Carefully read each question; a longer questions typically has a key

Loading page image...

point that will lead you to the correct answer.Most of the questions on the CEH v11 exam require you to choose a singlecorrect answer, but a few require multiple answers. When there are multiplecorrect answers, a message at the bottom of the screen prompts you with themessage “Choose all that apply.” Be sure to read these messages.Also make sure you are prepared for practical questions. These questions askyou to actually use tools and techniques described in this book. This is oftendone as a separate test with six hours to do 20 practical problems. As you canimagine, these questions are very involved. So practice, practice, practice,....A Few Exam-Day DetailsIt is recommended that you arrive at the examination room at least 15minutes early, although a few minutes earlier certainly would not hurt. Thiswill give you time to prepare and will give the test administrator time toanswer any questions you might have before the test begins. Many peoplesuggest that you review the most critical information about the test you’retaking just before the test. (Exam Cram books provide a reference—the CramSheet, located inside the front of the book—that lists the essentialinformation from the book in distilled form.) Arriving a few minutes earlywill give you some time to compose yourself and mentally review this criticalinformation.You will be asked to provide two forms of ID, one of which must be a photoID. Each of the IDs you present should have a signature. You also might needto sign in when you arrive and sign out when you leave.Be warned: The rules are clear about what you can and cannot take into theexamination room. Books, laptops, note sheets, and so on are not allowed inthe examination room. The test administrator will hold these items, to bereturned after you complete the exam. You might receive either a wipe boardor a pen and a single piece of paper for making notes during the exam. Thetest administrator will ensure that no paper is removed from the examinationroom.After the Test

Loading page image...

Whether you want it or not, as soon as you finish your test, your scoredisplays on the computer screen. In addition to the results appearing on thecomputer screen, a hard copy of the report prints for you. Like the onscreenreport, the hard copy displays your exam results and provides a summary ofhow you did on each section and on each technology. If you wereunsuccessful, this summary can help you determine the areas you need tobrush up on.When you pass the CEHv11 exam, you will have earned the CEHcertification, and your certificate will be mailed to you within a few weeks.Should you not receive your certificate and information packet within fiveweeks of passing your exam, contact feedback@eccouncil.org.Last-Minute Exam TipsStudying for a certification exam is no different than studying for any otherexam, but a few hints and tips can give you the edge on exam day:•Read all the material:EC-Council has been known to include materialnot expressly specified in the objectives. This book includes additionalinformation not reflected in the objectives to give you the best possiblepreparation for the examination.•Watch for the Exam AlertsThe CEH v11 objectives include a widerange of technologies. Exam Tips and Notes throughout each chapter aredesigned to highlight out exam-related hot spots. They can be your bestfriends when preparing for the exam.•Use the questions to assess your knowledge:Don’t just read thechapter content; use the exam questions in each chapter to find out whatyou know and what you don’t. If you struggle, study some more, review,and then assess your knowledge again.•Review the exam objectives:Develop your own questions andexamples for each topic listed. If you can develop and answer severalquestions for each topic, you should not find it difficult to pass theexam.Good luck!

Loading page image...

Companion WebsiteRegister this book to get access to the Pearson Test Prep practice testsoftware and other study materials plus additional bonus content. Check thissite regularly for new and updated postings written by the author that providefurther insight into the more troublesome topics on the exams. Be sure tocheck the box that you would like to hear from us to receive updates andexclusive discounts on future editions of this product or related products.To access this companion website, follow these steps:1.Go towww.pearsonITcertification.com/registerand log in or create anew account.2.Enter the ISBN9780137375769.3.Answer the challenge question as proof of purchase.4.Click theAccess Bonus Contentlink in the Registered Products sectionof your account page to be taken to the page where your downloadablecontent is available.Please note that many of our companion content files can be very large,especially image and video files.If you are unable to locate the files for this title by following these steps,please visitwww.pearsonITcertification.com/contactand select theSiteProblems/Commentsoption. Our customer service representatives willassist you.Pearson Test Prep Practice Test SoftwareAs noted previously, this book comes complete with the Pearson Test Preppractice test software and two full exams. These practice tests are available toyou either online or as an offline Windows application. To access the practiceexams that were developed with this book, please see the instructions in thecard inserted in the sleeve in the back of the book. This card includes aunique access code that enables you to activate your exams in the PearsonTest Prep practice test software.

Loading page image...

NoteThe cardboard sleeve in the back of this book includes a piece ofpaper. The paper lists the activation code for the practice examsassociated with this book. Do not lose the activation code. On theopposite side of the paper from the activation code is a unique, one-time-use coupon code for the purchase of the Premium Edition eBookand Practice Test.Accessing the Pearson Test Prep Software OnlineThe online version of this software can be used on any device with a browserand connectivity to the Internet, including desktop machines, tablets, andsmartphones. To start using your practice exams online, follow these steps:1.Go towww.PearsonTestPrep.com.2.SelectPearson IT Certificationas your product group.3.Enter your email/password for your account. If you don’t have anaccount on PearsonITCertification.com, establish one by going toPearsonITCertification.com/join.4.In the My Products tab, click theActivate New Productbutton.5.Enter the access code printed on the insert card in the back of your bookto activate your product. The product is now listed in your My Productspage.6.Click theExamsbutton to launch the exam settings screen and start apractice exam.Accessing the Pearson Test Prep Software OfflineIf you want to study offline, you can download and install the Windowsversion of the Pearson Test Prep software. There is a download link for thissoftware on the book’s companion website, or you can enter the followinglink in your browser:www.pearsonitcertification.com/content/downloads/pcpt/engine.zip

Loading page image...

To access the book’s companion website and the software, follow these steps:1.Register your book by going toPearsonITCertification.com/registerand entering the ISBN9780137375769.2.Respond to the challenge questions.3.Go to your account page and select theRegistered Productstab.4.Click theAccess Bonus Contentlink under the product listing.5.Click theInstall Pearson Test Prep Desktop Versionlink under thePractice Exams section of the page to download the software.6.After the software downloads, unzip all the files on your computer.7.Double-click the application file to start the installation and follow theonscreen instructions to complete the registration.8.When the installation is complete, launch the application and click theActivate Exambutton on the My Products tab.9.Click theActivate a Productbutton in the Activate Product Wizard.10.Enter the unique access code found on the card in the sleeve in the backof your book and click theActivatebutton.11.ClickNextand then clickFinishto download the exam data to yourapplication.12.Start using the practice exams by selecting the product and clicking theOpen Exambutton to open the exam settings screen.Note that the offline and online versions will sync together, so saved examsand grade results recorded in one version will be available to you on the otheras well.Customizing Your ExamsWhen you are in the exam settings screen, you can choose to take exams inone of three modes:• Study mode• Practice Exam mode

Loading page image...

• Flash Card modeStudy mode allows you to fully customize an exam and review answers asyou are taking the exam. This is typically the mode you use first to assessyour knowledge and identify information gaps. Practice Exam mode lockscertain customization options in order to present a realistic exam experience.Use this mode when you are preparing to test your exam readiness. FlashCard mode strips out the answers and presents you with only the questionstem. This mode is great for late-stage preparation, when you really want tochallenge yourself to provide answers without the benefit of seeing multiple-choice options. This mode does not provide the detailed score reports that theother two modes provide, so it is not the best mode for helping you identifyknowledge gaps.In addition to these three modes, you will be able to select the source of yourquestions. You can choose to take exams that cover all of the chapters, or youcan narrow your selection to just a single chapter or the chapters that make upspecific parts in the book. All chapters are selected by default. If you want tonarrow your focus to individual chapters, simply deselect all the chapters andthen select only those on which you wish to focus in the Objectives area.You can also select the exam banks on which to focus. Each exam bankcomes complete with a full exam of questions that cover topics in everychapter. The two exams printed in the book are available to you, as are twoadditional exams of unique questions. You can have the test engine serve upexams from all four banks or just from one individual bank by selecting thedesired banks in the exam bank area.You can make several other customizations to your exam from the examsettings screen, such as the time of the exam, the number of questions,whether to randomize questions and answers, whether to show the number ofcorrect answers for multiple answer questions, or whether to serve up onlyspecific types of questions. You can also create custom test banks byselecting only questions that you have marked or questions on which youhave added notes.Updating Your ExamsIf you are using the online version of the Pearson Test Prep software, you

Loading page image...

should always have access to the latest version of the software as well as theexam data. If you are using the Windows desktop version, every time youlaunch the software, it will check to see if there are any updates to your examdata and automatically download any changes made since the last time youused the software. This requires that you be connected to the Internet at thetime you launch the software.Sometimes, due to a number of factors, the exam data might not fullydownload when you activate your exam. If you find that figures or exhibitsare missing, you might need to manually update your exams.To update a particular exam you have already activated and downloaded,simply select theToolstab and click theUpdate Productsbutton. Again,this is only an issue with the desktop Windows application.If you wish to check for updates to the Windows desktop version of thePearson Test Prep exam engine software, simply select theToolstab andclick theUpdate Applicationbutton. Doing so allows you to ensure that youare running the latest version of the software engine.Assessing Exam ReadinessExam candidates never really know whether they are adequately prepared forthe exam until they have completed about 30% of the questions. At that point,if you are not prepared, it is too late. The best way to determine yourreadiness is to work through all of the quizzes in each chapter and review thefoundation and key topics presented in each chapter. It is best to work yourway through the entire book unless you can complete each subject withouthaving to do any research or look up any answers.Premium Edition eBook and Practice TestsThis book also includes an exclusive offer for 70% off the Premium EditioneBook and Practice Tests edition of this title. Please see the coupon codeincluded with the cardboard sleeve for information on how to purchase thePremium Edition.

Loading page image...

Chapter 1. Reconnaissance andScanningThis chapter covers the following CEH exam objectives:• Reconnaissance types• Scanning techniques• Scanning tools• Evasion techniquesOne of the fundamental tasks with penetration testing is gatheringinformation about the target; this is calledreconnaissance. A successfulpenetration test depends on having information about the target site. Scanningtools and techniques are critical to conducting a successful penetration test.Reconnaissance TypesCramSaverIf you can correctly answer these CramSaver questions, save time byskimming the Exam Alerts in this section and then completing the CramQuiz. If you are in any doubt at all, read everything in this chapter.1.Which of the following web pages would be most likely to give youinformation about the operating system and web server a website is using?❍A.archive.org❍B.shodan.io❍C.exinfo.org❍D.netcraft.com2.When examining an email header, what does the References sectiondenote?

Loading page image...

❍A.The address that should be used to reply to the message❍B.Information about the content type❍C.The Message ID that is being replied to❍D.Additional addresses being copied3.Carol is trying to find information about a specific IP address in Belgium.Which registry should she check?❍A.RIPE NCC❍B.ARIN❍C.APNIC❍D.LACNICAnswers1. D.netcraft.com can provide details on the web server, including theoperating system, web server software, and more.2. C.The References section shows the message ID(s) that the email isreplying to.3. A.RIPE NCC is the registry for Europe. ARIN is the registry for NorthAmerica, APNIC is the one for Asia Pacific, and LACNIC is the one forLatin America.Exam AlertObjectiveThe various scanning tools are critical for the CertifiedEthical Hacker exam. Make certain you know these tools in detail. Itis not enough to just know each tool in a general manner. Make sureyou know details. For example, with command line tools, such asNmap, you should know the various flags.In this section we discuss various scanning techniques and tools. We alsodiscuss specific terminology and methodology. There are alternative termsfor reconnaissance. One such term that is used on the Certified Ethical

Loading page image...

Hacker (CEH) exam isfootprinting.There are many ways to conduct reconnaissance, or footprinting. There aretwo types of footprinting: active and passive. Passive footprinting involvesgathering information about the target without any direct interaction with thetarget systems or network. Active footprinting requires some level ofinteraction with the target systems.Passive Reconnaissance TechniquesPassive reconnaissance techniques allow you to gather a plethora ofinformation from a website without any interaction with the website. Thetarget doesn’t actually know you are gathering the information. This isusually the first step in the ethical hacking process: gathering as muchinformation about the target as you can before moving ahead in the CyberKill Chain. There are a wide range of tools and techniques to facilitate thisprocess, many of them free.Google HackingOne passive footprinting technique that is featured on the CEH v11 exam isusing Google searches, sometimes calledGoogle hacking. You can do quite abit with a Google search. This is a list of commonly used Google hackingtechniques:•[cache:]:Displays the web pages stored in the Google cache. Forexample, the Google cache of my page can be retrieved withcache:chuckeasttom.com.•[link:]:Lists web pages that have links to the specified web page.•[related:]:Lists web pages that are similar to a specified web page.•[info:]:Presents some information that Google has about a particularweb page.•[site:]:Presents results only for websites in the given domain. Forexample, to search my website for the wordcryptography, you wouldusecryptography site:chuckeasttom.com.•[allintitle:]:Presents results only for websites with all of the search

Preview Mode

This document has 516 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions (2023)

Company

Explore

Study Tools