CNIT 123
Ethical Hacking and Network Defense

Fall 2007 Sam Bowne

Final Scores posted 1-16-08

Open Lab Hours for Sci 214

Schedule · Lecture Notes · Projects · Links · Bookshelf · Home Page

Errors in the textbook

77744  501  THU 6 pm - 9 pm  Science 215

Catalog Description

Students learn how hackers attack computers and networks, and how to protect systems from such attacks, using both Windows and Linux systems. Students will learn legal restrictions and ethical guidelines, and will be required to obey them. Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, exploiting Windows and Linux vulnerabilities, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.

Prerequisites: CNIT 106 and 120 or equivalent familiarity with the fundamentals of networking and security.

Upon successful completion of this course, the student will be able to:
  1. Explain what an ethical hacker can and can not do legally, and explain the credentials and roles of penetration testers.
  2. Define the types of malicious software found in modern networks.
  3. Explain the threats and countermeasures for physical security and social engineering.
  4. Perform footprinting to learn about a company and its network.
  5. Perform port scans to locate potential entry points to servers and networks.
  6. Perform enumeration (finding resources, accounts, and passwords) on Microsoft, Netware, and Unix/Linux targets.
  7. Perform very simple programming in C, HTML, and Perl, specifically oriented towards the needs of network security professionals.
  8. Learn how to identify Microsoft Windows vulnerabilities and to harden systems.
  9. Learn how to identify Linux vulnerabilities and to protect servers.
  10. Describe how to take control of Web Servers, and how to protect them.
  11. Locate and hack into wireless networks, and protect them.
  12. Explain how cryptography and hashing work, and perform attacks against them such as password cracking and man-in-the-middle attacks.
  13. Describe and deploy security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.


Hands-On Ethical Hacking and Network Defense by Michael T. Simpson -- ISBN: 0-619-21708-1 Buy from Amazon

CNIT 123: Ethical Hacking and Network Defense -- Lecture Notes and Projects by Sam Bowne (buy it at the CCSF Bookstore)

(may be revised)

Thu 8-16  Ch 1: Ethical Hacking Overview
Thu 8-23  Ch 2: TCP/IP Concepts Review
Thu 8-30Quiz on Ch 1 & 2   
Proj 1-3 due
Ch 3: Network and Computer Attacks
Fri 8-31 Last Day to Add Classes
Thu 9-6Quiz on Ch 3  
Proj 4&5 due
Ch 4: Footprinting and Social Engineering
Thu 9-13Quiz on Ch 4 
Proj 6&7 due
Ch 5: Port Scanning
Mon 9-17 Last Day to Request CR/NC Grading
Thu 9-20Quiz on Ch 5 
Proj 8&9 due
Ch 6: Enumeration
Thu 9-27Quiz on Ch 6 
Proj 10&11 due
Ch 7: Programming for Security Professionals
Thu 10-4Quiz on Ch 7 
Proj 12&13 due
Ch 8: Microsoft Operating System Vulnerabilities
Thu 10-11Quiz on Ch 8
Proj 14&15 due
Ch 9: Linux Operating System Vulnerabilities
Thu 10-18Class Cancelled for Toorcon
Thu 10-25Quiz on Ch 9
Proj 16&17 due
Ch 10: Hacking Web Servers
Thu 11-1Quiz on Ch 10 
Proj 18 due
Ch 11: Hacking Wireless Networks
Thu 11-8Quiz on Ch 11 
Proj 19&20 due
Ch 12: Cryptography
Tue 11-13 Last Day to Withdraw
Thu 11-15Quiz on Ch 12 
Proj 22&23 due
Ch 13: Protecting Networks with Security Devices
Thu 11-22 Holiday - No Class
Thu 11-29Quiz on Ch 13 
Proj 21&22 due
Lecture 14: More Wireless Hacking -- Cracking WEP Encryption (not in textbook)
Thu 12-6No Quiz 
Proj 23 due
Lecture 15: Man-in-the-Middle Attack (not in textbook)
Thu 12-13  Final Exam: 6 PM Room 215

Lecture Notes

Student Agreement
Code of Ethics
Ch 1: Ethical Hacking Overview     Powerpoint
Ch 2: TCP/IP Concepts Review     Powerpoint
Ch 3: Network and Computer Attacks     Powerpoint
Ch 4: Footprinting and Social Engineering     Powerpoint
Ch 5: Port Scanning     Powerpoint
Ch 6: Enumeration     Powerpoint
Ch 7: Programming for Security Professionals     Powerpoint
           hello.c    hello2.c    hello3.c    loopdemo.c    pingscan.c
           branch.plx    hello.plx    hello2.plx    leet.plx    pingscan.plx
Ch 8: Microsoft Operating System Vulnerabilities     Powerpoint
Ch 9: Linux Operating System Vulnerabilities     Powerpoint     Linux Notes for Lecture
Ch 10: Hacking Web Servers     Powerpoint
Ch 11: Hacking Wireless Networks     Powerpoint
Ch 12: Cryptography     Powerpoint
Ch 13: Protecting Networks with Security Devices     Powerpoint
Lecture 14: More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP)     Powerpoint
Lecture 15: Stealing Passwords from HTTPS Sessions with a Man-in-the-Middle Attack     Powerpoint
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top


The projects are the heart of the course. We will use virtual and physical machines running Windows XP, Vista, Windows 2000, and Ubuntu Linux on closed private networks, performing real network attacks and intrusions which would be illegal on public networks. We will use both wired and wireless networks. We will also perform countermeasures to prevent, detect, and mitigate the damage done by these attacks.

How to Read Your CCSF Email
How to Get your Windows XP Activation Code from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home

Corrections to Projects

Project 1: Preparing a Trusted Windows XP Virtual Machine (10 pts.)
Project 2: Using Metasploit to Take Over a Windows 2000 Computer (Ch 3, 15 pts.)        Process Utility for Classroom Demo
Project 3: Stealing Passwords with a Packet Sniffer (Ch 3, 15 pts.)
Project 4: Installing Ubuntu Linux (20 pts.)
Project 5: Using whois (Ch 4, 10 pts.)
Project 6: Port Scans and Firewalls (Ch 5, 15 pts.)
Project 7: Analyzing Types of Port Scans (Ch 5, 20 pts.)
Project 8: Using a Software Keylogger (10 pts.)
Project 9: NetBIOS Null Sessions (Ch 6, 15 pts.)
Project 10: Programming in C on Ubuntu Linux (Ch 7, 15 pts.)
Project 11: Programming in Perl on Ubuntu Linux (Ch 7, 10 pts.)
Project 12: Cracking Windows XP Passwords with Ophcrack (15 pts.)
Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (10 pts.)
Project 14: Rootkitting Ubuntu Linux (Ch 9, 20 pts.)      fix-fu
Project 15: Using a Hardware Keylogger (10 pts.)
Project 16: Setting up a Web Server (15 pts.)      Big Image
Project 17: Performing a Denial of Service Attack With Nmap (15 pts.)
Project 18: Nessus Vulnerability Scanner (20 pts.)
Project 19: John the Ripper on Ubuntu Linux (Ch 12, 10 pts.)
Project 20: Installing Metasploit on Ubuntu Linux (15 pts.)
Project 21: Unlocking a Windows Desktop from Ubuntu Linux With MSFconsole (20 pts.)
Project 22: Testing Firewalls (Ch 13, 15 pts.)
Project 23: Cracking WEP from Windows on a Busy WLAN (20 pts.)
Project 24: Sniffing Passwords with ettercap on Ubuntu Linux (15 pts.)
Project 25: Stealing Passwords from HTTPS Sessions with a Man-in-the-Middle Attack (15 pts. extra credit)
Project 25 Alternate: HTTPS MITM with Cain (15 pts. extra credit)

Project X1: Subnet Exercises (Ch 2, 10 pts. extra credit)
Project X2: HackThisSite (Ch 10, 15 pts. extra credit)
Project X3: Getting into Ubuntu Linux Without a Password (15 pts. extra credit)
Project X4: Protecting Your Privacy with The Onion Router (TOR) (10 pts. extra credit)
Project X5: Programming with Python on Windows (Ch 7, 15 pts. extra credit)
Project X6: Microsoft Baseline Security Analyzer (MBSA) (Ch 8, 10 pts. extra credit)
Project X7: Winfingerprint (Ch 8, 10 pts. extra credit)
Project X8: OpenPGP on Ubuntu Linux (Ch 12, 15 pts. extra credit)
Project X9: Cracking Windows Passwords with Cain and Abel (Ch 12, 15 pts. extra credit)
Project X10: Cracking WEP With Packet Injection with the Backtack 2 Live CD (15 pts. extra credit)
Project X11: Installing VMware Tools With VMplayer (10 pts. extra credit)
Proj X12: Installing Windows Server 2008 Beta (15 pts)
Proj X13: Building a Server 2008 Beta Domain Controller (15 pts)
Proj X14: Joining a Domain from Vista (10 pts)

Proposed topics for additional projects:
  • Spoofing Web pages to Steal Credentials
  • TCP/IP Session Hijacking
  • Using ARP and DNS Cache Poisoning to Intercept Network Traffic
  • Man-in-the-Middle Attacks and Defeating Secure Sockets Layer
  • Defeating Biometric Security Devices
  • Hacking Magnetic Stripe Cards
  • Lockpicking and Bump Keys
  • Google Hacking
  • Capture the Flag: teams of students attacking and defending each other's servers
Back to Top

Hacker's Bookshelf


The Art of Deception

The Art of Deception: Controlling the Human Element of Security (2003) by Kevin D. Mitnick, William L. Simon, Steve Wozniak
The Art of Intrusion

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers (2005) by Kevin D. Mitnick, William L. Simon

Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (1996) by Tsutomu Shimomura, John Markoff
Hacker Crackdown

The Hacker Crackdown: Law And Disorder On The Electronic Frontier (1993) by Bruce Sterling

Hackers: Heroes of the Computer Revolution (2001) by Steven Levy

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age (2002) by Steven Levy

Brute Force: Cracking the Data Encryption Standard (2005) by Matt Curtin

Fiction With Technical Information

Stealing the Network

Stealing the Network: How to Own the Box (2003) by Ryan Russell, Ido Dubrawsky, FX, Joe Grand, Tim Mullen
Stealing the Network

Stealing the Network: How to Own a Continent (2004) by FX, Paul Craig, Joe Grand, Tim Mullen, Fyodor, Ryan Russell, Jay Beale
Stealing the Network

Stealing the Network: How to Own an Identity (2005) by Raven Alder, Chris Hurley, Tom Parker, Ryan Russell, Jay Beale, Riley Eller, Brian Hatch, Jeff Moss
Zero Day Exploit

Zero Day Exploit: Countdown to Darkness (2004) by Rob Shein, David Litchfield, Marcus Sachs


Gray Hat Hacking

Gray Hat Hacking : The Ethical Hacker's Handbook (2004) by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester
Hacker's Challenge

Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (2001) by Mike Schiffman
Hacker's Challenge 2

Hacker's Challenge 2: Test Your Network Security & Forensic Skills (2002) by Mike Schiffman, Bill Pennington, David Pollino, Adam J. O'Donnell
Hacker's Challenge 3

Hacker's Challenge 3 (2006) by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi
Google Hacking

Google Hacking for Penetration Testers (2004) by Johnny Long, Ed Skoudis, Alrik van Eijkelenborg

Wi-Foo: The Secrets of Wireless Hacking (2004) by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky
Back to Top


Back to Top
Valid XHTML 1.0!      
Last Updated: 1-16-08