CNIT 124
Advanced Ethical Hacking

Fall 2008 Sam Bowne

Scores with Final Grades posted 12-19

Open Lab Hours for Sci 214

First Results of the 11-19-08 Wardriving to Twin Peaks -- Eric's Big Antenna

Schedule · Lecture Notes · Projects · Links · Forum · CEH Flashcards · Home Page

CRN 78276 Weds 6-9 SCIE 215

Catalog Description

Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

Prerequisites: CNIT 123.

Upon successful completion of this course, the student will be able to:
  1. Use Google and automated footprinting tools to locate vulnerable Web servers, passwords, open VNC servers, database passwords, and Nessus reports
  2. Perform sophisticated ping and port scans with several tools, and protect servers from the scans
  3. Enumerate resources on systems using banner-grabbing and specific attacks against common Windows and Unix/Linux services including FTP, Telnet, HTTP, DNS, and many others, and protect those services
  4. Use authenticated and unauthenticated attacks to compromise Windows and Unix/Linux systems and install backdoors and remote-control agents on them, and protect the systems from such attacks
  5. Enter networks through analog phone systems, defeating many authentication techniques, and defend networks from such attacks
  6. Penetrate PBX, voicemail, Virtual Private Network (VPN), and Voice over Internet Protocol (VoIP) systems, and defend them
  7. Perform new wireless attacks, including denial-of-service and cracking networks using Wi-Fi Protected Access (WPA) and WPA-2
  8. Identify firewalls and scan through them
  9. Perform classical and modern Denial of Service (DoS) attacks, and defend networks from them
  10. Locate Web server vulnerabilities, exploit them, and cure them
  11. Describe many ways Internet users are attacked through their browsers and other Internet clients, and the protective measures that can help them


Hacking Exposed, Fifth Edition by Stuart McClure, Joel Scambray, and George Kurtz -- ISBN:0-07-226081-5 Buy from Amazon

CNIT 124: Advanced Ethical Hacking -- Lecture Notes and Projects (Fall 2008) by Sam Bowne (buy it at the CCSF Bookstore)


Wed 8-20  Ethical Principles & Ch 1: Advanced Footprinting
Wed 8-27  Ch 2: Advanced Scanning
Sat 8-30
Mon 9-1
Holiday - No Class
Wed 9-3Quiz on Ch 1 & 2   
Proj 1-3 due
Ch 3: Advanced Enumeration
Fri 9-5 Last Day to Add Classes
Wed 9-10Quiz on Ch 3  
Proj 4&5 due
Ch 4: Hacking Windows (part 1)
Fri 9-12 Last Day to Drop Classes
Wed 9-17No Quiz 
Proj 6&7 due
Ch 4: Hacking Windows (part 2)
Thu 9-18 Last Day to Remove an Incomplete Grade
Fri 9-19 Last Day to Request pass/no pass Grading
Wed 9-24Quiz on Ch 4 
Proj 8 due
Ch 5: Hacking Unix/Linux
Wed 10-1Quiz on Ch 5 
Ch 6: Remote Connectivity and VoIP Hacking
Wed 10-8Quiz on Ch 6 
Proj 9 &10 due
Ch 7: Network Devices
Mon 10-13 Holiday - No Classes
Wed 10-15Quiz on Ch 7 
Proj 11&12 due
Ch 8: Advanced Wireless Hacking
Tue 10-21 Mid-Term Grades Due
Wed 10-22Quiz on Ch 8
Proj 14 due
Ch 9: Firewalls
Wed 10-29Quiz on Ch 9 
Proj 15 due
Ch 10: Denial of Service (DoS) Attacks
Wed 11-5Quiz on Ch 10 
Proj 16&17 due
Student Presentations
Wed 11-12No Quiz  
Proj 18&19 due
Ch 11: Hacking Code
Fri 11-14 Last Day to Withdraw
Wed 11-19Quiz on Ch 11  Ch 12: Web Hacking
Weds 11-26
Sun 11-30
Holiday - No Class
Weds 12-3 Class Cancelled
Wed 12-10Quiz on Ch 12 Last Class
Proj 13 due
Ch 13: Exploiting the Internet User
Wed 12-17  Final Exam: 6 pm Room 215
Back to Top


Student Agreement
Code of Ethics
Ch 1: Footprinting     Powerpoint
Ch 2: Scanning     Powerpoint
Ch 3: Enumeration     Powerpoint      Demo notes
Ch 4: Hacking Windows (Part 1)     Powerpoint
Ch 4: Hacking Windows (Part 2)     Powerpoint
Ch 5: Hacking Unix/Linux     Powerpoint
Ch 6: Remote Connectivity and VoIP Hacking     Powerpoint
Ch 7: Network Devices (revised 10-8-08)     Powerpoint
Ch 8: Wireless Hacking     Powerpoint
Ch 9: Firewalls     Powerpoint
Ch 10: Denial of Service (DoS) Attacks     Powerpoint
Ch 11: Hacking Code (revised 11-12-08)     Powerpoint
Ch 12: Web Hacking     Powerpoint (revised 11-19-08)     Exploitable Message Board
Ch 13: Exploiting the Internet User     Powerpoint (rev. 12-10-08)
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top

Projects (more projects will be added)

The projects are the heart of the course. We will use virtual and physical machines running OpenSolaris, Ubuntu Linux, Windows XP, Vista, Windows 2000, Windows 2003 Server and/or Windows 2008 Server (Beta or RC) on closed private networks, performing real network attacks and intrusions which would be illegal on public networks. We will use both wired and wireless networks. We will also perform countermeasures to prevent, detect, and mitigate the damage done by these attacks.

How to Read Your CCSF Email
How to Get your Windows XP Activation Code from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Ubuntu Virtual Machine Problems

Proj 1: Setting up a Windows Machine (10 pts)
Proj 2: HTTP Headers (10 pts)
Proj 3: Hacking into a Kiosk (20 pts)
Proj 4: Hacking into Kiosk2 (20 pts)
Proj 5: Port Knocking (20 pts)
Proj 6: SideJacking Gmail (15 pts)
Proj 7: Password Recovery on Vista (10 pts)
Proj 8: Firewalk (20 pts)
Proj 9: Web Application Hacking: Hacme Travel (20 pts)
Proj 10: Web Application Hacking: Hacme Bank (20 pts)
Proj 11: Buffer Overflows with Damn Vulnerable Linux (15 pts)
Proj 12: Nikto and Cross-Site Scripting (XSS) (15 pts)
Proj 13: Independent Project (20 pts)
Proj 14: USB Switchblade (15 pts)        Download PocketKnife_v0870        Download Universal_Customizer
Proj 15: Stealing Cookies with Persistent XSS (15 pts)
Proj 16: VoIP (20 pts) (revised 12-18-08)
Proj 17: Fuzzing X-Lite with VoIPER (20 pts)
Proj 18: SIPVicious scanning 3CX and Asterix PBX Servers (20 pts)
Proj 19: Capturing RAM Contents with Helix (15 pts)

Proj X1: OpenWrt on a Buffalo Router (15 pts)
Proj X2: SideJacking Gmail on a Switched Network (10 pts)
Proj X3: Rootkitting Windows (15 pts)
Proj X4: Automatic Pwn with Metasploit (15 pts)
Proj X5: Using Adeona to Locate a Computer (10 pts)

Proj X12: Installing Windows 7 Pre-Beta (15 pts)            Virtual Floppy with VMware NIC Drivers
Proj X13: Tour of Windows 7 Pre-Beta (15 pts)
Proj X14: Enabling the new Taskbar in Windows 7 Pre-Beta with the Blue Badge tool (5 pts)
Back to Top


Links Organized by Textbook Chapters

Links Organized by Certified Ethical Hacker v5 Chapters

           Linking provided by Blogrolling
Back to Top

Valid XHTML 1.0!      
Last Updated: 12-19-08