Textbook

CNIT 124
Advanced Ethical Hacking

Spring 2008 Sam Bowne

Final Scores Posted 5-23-08

Open Lab Hours for Sci 214

Schedule · Lecture Notes · Projects · Links · Forum · CEH Flashcards · Home Page


38558 601 SAT 01:00-04:00PM SCIE 215

Catalog Description

Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

Prerequisites: CNIT 123.

Upon successful completion of this course, the student will be able to:
  1. Use Google and automated footprinting tools to locate vulnerable Web servers, passwords, open VNC servers, database passwords, and Nessus reports
  2. Perform sophisticated ping and port scans with several tools, and protect servers from the scans
  3. Enumerate resources on systems using banner-grabbing and specific attacks against common Windows and Unix/Linux services including FTP, Telnet, HTTP, DNS, and many others, and protect those services
  4. Use authenticated and unauthenticated attacks to compromise Windows and Unix/Linux systems and install backdoors and remote-control agents on them, and protect the systems from such attacks
  5. Enter networks through analog phone systems, defeating many authentication techniques, and defend networks from such attacks
  6. Penetrate PBX, voicemail, Virtual Private Network (VPN), and Voice over Internet Protocol (VoIP) systems, and defend them
  7. Perform new wireless attacks, including denial-of-service and cracking networks using Wi-Fi Protected Access (WPA) and WPA-2
  8. Identify firewalls and scan through them
  9. Perform classical and modern Denial of Service (DoS) attacks, and defend networks from them
  10. Locate Web server vulnerabilities, exploit them, and cure them
  11. Describe many ways Internet users are attacked through their browsers and other Internet clients, and the protective measures that can help them

Textbook

Hacking Exposed, Fifth Edition by Stuart McClure, Joel Scambray, and George Kurtz -- ISBN:0-07-226081-5 Buy from Amazon


Schedule

DateQuizTopic
Sat 1-19  Ethical Principles & Ch 1: Advanced Footprinting
Sat 1-26  Ch 2: Advanced Scanning
Fri 2-1 Last Day to Add Classes
Sat 2-2Quiz on Ch 1 & 2   
Proj 1-3 due		 Ch 3: Advanced Enumeration
Sat 2-9Quiz on Ch 3  
Proj 4&5 due		 Ch 4: Hacking Windows (part 1)
Sat 2-16 Holiday - No Class
Tue 2-19 Last Day to Request CR/NC Grading
Wed 2-20 Last Day to Remove an Incomplete Grade
Sat 2-23No Quiz 
Proj 6&7 due		 Ch 4: Hacking Windows (part 2)
Sat 3-1Quiz on Ch 4 
Proj 8&9 due		 Ch 5: Hacking Unix/Linux
Sat 3-8Quiz on Ch 5 
Proj 10&11 due		 Ch 6: Remote Connectivity and VoIP Hacking
Sat 3-15Quiz on Ch 6 
Proj 12&13 due		 Ch 7: Network Devices
Sat 3-22 Holiday - No Class
Sat 3-29 Holiday - No Class
Sat 4-5Quiz on Ch 7
Ch 8: Advanced Wireless Hacking
4-7 through 4-11 RSA Security Conference (extra credit)
Fri 4-11 Last Day to Withdraw
Sat 4-12Quiz on Ch 8
Proj 14 due		 Ch 9: Firewalls
Sat 4-19Quiz on Ch 9 
Proj 15 due		 Ch 10: Denial of Service (DoS) Attacks
Sat 4-26Quiz on Ch 10 
Proj 16&17 due		 Ch 11: Hacking Code
Sat 5-3Quiz on Ch 11 
Proj 18&19 due		 Ch 12: Web Hacking
Sat 5-10Quiz on Ch 12 -- Last Class Ch 13: Exploiting the Internet User
Thu 5-15  DEFCON Paper Submissions Due
Sat 5-17  Final Exam: 1 pm Room 215
Fri 8-10
through
Sun 8-12		  DEFCON in Las Vegas
Back to Top


Lectures

Policy
Student Agreement
Code of Ethics
Ch 1: Footprinting     Powerpoint
Ch 2: Scanning     Powerpoint
Ch 3: Enumeration     Powerpoint
Ch 4: Hacking Windows (Part 1)     Powerpoint
Ch 4: Hacking Windows (Part 2)     Powerpoint
Ch 5: Hacking Unix/Linux     Powerpoint
Ch 6: Remote Connectivity and VoIP Hacking     Powerpoint
Ch 7: Network Devices     Powerpoint
Ch 8: Wireless Hacking     Powerpoint
Ch 9: Firewalls     Powerpoint
Ch 10: Denial of Service (DoS) Attacks     Powerpoint
Ch 11: Hacking Code     Powerpoint
Ch 12: Web Hacking     Powerpoint
Ch 13: Exploiting the Internet User     Powerpoint
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.


Back to Top


Projects

The projects are the heart of the course. We will use virtual and physical machines running OpenSolaris, Ubuntu Linux, Windows XP, Vista, Windows 2000, Windows 2003 Server and/or Windows 2008 Server (Beta or RC) on closed private networks, performing real network attacks and intrusions which would be illegal on public networks. We will use both wired and wireless networks. We will also perform countermeasures to prevent, detect, and mitigate the damage done by these attacks.

Corrections to Projects

How to Read Your CCSF Email
How to Get your Windows XP Activation Code from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Ubuntu Virtual Machine Problems

Proj 1: Setting up a Windows Machine (10 pts)
Proj 2: HTTP Headers (10 pts)
Proj 3: Hacking into a Kiosk (20 pts)
Proj 4: Setting Up a Solaris Machine (20 pts)
Proj 5: Hacking into Kiosk2 (20 pts)
Proj 6: Port Knocking (20 pts) (revised 4-28-08)
Proj 7: SideJacking Gmail (15 pts)
Proj 8: Scanning a Network (20 pts)
Proj 9: Linux Root Exploit (10 pts)
Proj 10: Apache Web Server on Solaris (20 pts)
Proj 11: CGI Scripts on Solaris (15 pts)
Proj 12: Password Recovery on Vista (10 pts)
Proj 13: andLinux (15 pts)
Proj 14: OpenWrt on a Buffalo Router (15 pts)
Proj 15: Cracking WPA (20 pts)
Proj 16: Firewalk (20 pts)
Proj 17: Web Application Hacking: Hacme Travel (20 pts)
Proj 18: Buffer Overflows with Damn Vulnerable Linux (15 pts)
Proj 19: Nikto and Cross-Site Scripting (XSS) (15 pts)

Proj X1: Installing Solaris X on a Virtual Machine (15 pts)
Proj X2: SideJacking Gmail on a Switched Network (10 pts)
Proj X3: Web Application Hacking: Hacme Bank (20 pts)
Proj X4: Rootkitting Windows (15 pts)
Proj X5: Automatic Pwn with Metasploit (15 pts)
Back to Top


Links

Links Organized by Textbook Chapters

Links Organized by Certified Ethical Hacker v5 Chapters


           Linking provided by Blogrolling
Back to Top


Valid XHTML 1.0!      
Last Updated: 5-23-08