CNIT 124
Advanced Ethical Hacking

Summer 2009 Sam Bowne

Wardriving Results: 11-19-08    4-25-09

Schedule · Lecture Notes · Projects · Links · Forum · CEH Flashcards · Home Page

CRN 38558 Sat 2-5 SCIE 215

Catalog Description

Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

Prerequisites: CNIT 123.

Upon successful completion of this course, the student will be able to:
  1. Use Google and automated footprinting tools to locate vulnerable Web servers, passwords, open VNC servers, database passwords, and Nessus reports
  2. Perform sophisticated ping and port scans with several tools, and protect servers from the scans
  3. Enumerate resources on systems using banner-grabbing and specific attacks against common Windows and Unix/Linux services including FTP, Telnet, HTTP, DNS, and many others, and protect those services
  4. Use authenticated and unauthenticated attacks to compromise Windows and Unix/Linux systems and install backdoors and remote-control agents on them, and protect the systems from such attacks
  5. Enter networks through analog phone systems, defeating many authentication techniques, and defend networks from such attacks
  6. Penetrate PBX, voicemail, Virtual Private Network (VPN), and Voice over Internet Protocol (VoIP) systems, and defend them
  7. Perform new wireless attacks, including denial-of-service and cracking networks using Wi-Fi Protected Access (WPA) and WPA-2
  8. Identify firewalls and scan through them
  9. Perform classical and modern Denial of Service (DoS) attacks, and defend networks from them
  10. Locate Web server vulnerabilities, exploit them, and cure them
  11. Describe many ways Internet users are attacked through their browsers and other Internet clients, and the protective measures that can help them


Hacking Exposed, Sixth Edition by Stuart McClure, Joel Scambray, and George Kurtz -- ISBN-10: 0071613749 Buy from Amazon

CNIT 124: Advanced Ethical Hacking -- Lecture Notes and Projects (Spring 2009) by Sam Bowne (buy it at the CCSF Bookstore)


Monday, July 13 Ethical Principles & Ch 1: Advanced Footprinting
Ch 2: Advanced Scanning
Ch 3: Advanced Enumeration
Tuesday, July 14 Ch 4: Hacking Windows
Ch 5: Hacking Unix/Linux
Wednesday, July 15 Ch 6: Remote Connectivity and VoIP Hacking
Ch 7: Network Devices
Ch 8: Wireless Hacking
Thursday, July 16 Ch 9: Hacking Hardware
Ch 10: Hacking Code
Ch 11: Web Hacking
Friday, July 17 Ch 12: Hacking the Internet User
Back to Top


Student Agreement
Code of Ethics
Ch 1: Footprinting (From 5th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 2: Scanning (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 3: Enumeration (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions      Demo notes
Ch 4: Hacking Windows (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 5: Unix/Linux (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 6: Remote Connectivity and VoIP Hacking (6th Ed.) (revised 3-18)     PowerPoint     Powerpoint with iClicker Questions
Ch 7: Network Devices (6th Ed.) (revised 3-25)     PowerPoint     Powerpoint with iClicker Questions
Ch 8: Wireless Hacking (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 9: Hacking Hardware (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 10: Hacking Code (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 11: Web Hacking (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions     Exploitable Message Board     WebGoat Instructions
Web 2.0 Vulnerabilities PowerPoint     Web 2.0 Vulnerabilities Document
Ch 12: Hacking the Internet User (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Download All CNIT 123 Projects as a big Word document
Download All CNIT 124 Projects as a big Word document
Download All CNIT 124 Lecture Notes as a big Word document
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top


Project Corrections

How to Read Your CCSF Email
How to Get your Windows XP Activation Code from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Ubuntu Virtual Machine Problems

Proj 1: Setting up a Windows Machine (10 pts)
Proj 2: HTTP Headers (10 pts)
Proj 3: Hacking into a Kiosk (20 pts)
Proj 4: Hacking into Kiosk2 (20 pts)
Proj 5: Port Knocking (20 pts) (rev. 7-15-09)
Proj 6: SideJacking Gmail (15 pts)
Proj 7: Password Recovery on Vista (10 pts)
Proj 8: Firewalk (20 pts)
Proj 9: Web Application Hacking: Hacme Travel (20 pts)
Proj 10: Web Application Hacking: Hacme Bank (20 pts)
Proj 11: Buffer Overflows with Damn Vulnerable Linux (15 pts) (revised 3-22-09)        Download DVL 1.0 (142 MB)
Proj 12: Nikto and Cross-Site Scripting (XSS) (15 pts)
Proj 13: Independent Project (20 pts)
Proj 14: USB Switchblade (15 pts)        Download PocketKnife_v0870        Download Universal_Customizer
Proj 15: Stealing Cookies with Persistent XSS (15 pts)
Proj 16: VoIP (20 pts)
Proj 17: Fuzzing X-Lite with VoIPER (20 pts)
Proj 18: SIPVicious scanning 3CX and Asterix PBX Servers (20 pts)
Proj 19: Capturing RAM Contents with Helix (15 pts)

Proj X1: SideJacking Gmail on a Switched Network (10 pts)
Proj X2: Automatic Pwn with BackTrack 2 (20 pts)
     Proj X2 Alternate: FastTrack with BackTrack 4 Pre-Final (20 pts)
Proj X3: SSLstrip (15 pts)
Proj X4: Cracking Cisco Passwords (15 pts)

Projects from CNIT 123

Project 1: Preparing a Trusted Windows XP Virtual Machine (10 pts.) (revised 1-28-09)
Project 2: Using Metasploit 3 to Take Over a Windows XP Computer (Ch 3, 15 pts.)
Project 3: Stealing Passwords with a Packet Sniffer (Ch 3, 15 pts.)
Project 4: Installing Ubuntu Linux (20 pts.) (revised 9-10-08)
Project 5: Port Scans and Firewalls (Ch 5, 15 pts.)
Project 6: Analyzing Types of Port Scans (Ch 5, 20 pts.)
Project 7: Using a Software Keylogger (10 pts.)
     Download SC Keylog Pro Demo
Project 8: Programming in C on Ubuntu Linux (Ch 7, 15 pts.)
Project 9: Programming in Perl on Ubuntu Linux (Ch 7, 10 pts.)
Project 10: Programming with Python on Windows (Ch 7, 15 pts.)
Project 11: Rootkitting Windows (Ch 7, 15 pts.)
     hxdef100r (you need to use 7-zip to open it, with password sam
Project 12: Cracking Windows XP Passwords with Ophcrack (15 pts.)
Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (10 pts.)
Project 14: Rootkitting Ubuntu Linux (Ch 9, 20 pts.)      fix-fu
Project 15: Using a Hardware Keylogger (10 pts.)
Project 16: Setting up a Web Server (15 pts.) (revised 10-17-08)      Big Image
Project 17: Performing a Denial of Service Attack With Nmap (15 pts.)
Project 18: Cracking Windows Passwords with Cain and Abel (Ch 12, 15 pts.)
Project 19: John the Ripper on Ubuntu Linux (Ch 12, 10 pts.)
Project 20: Cracking WEP with BackTrack 2 (20 pts.)
Project 21: Sniffing Passwords with ettercap on Ubuntu Linux (15 pts.) (revised 10-16-08)
Project 22: Stealing Passwords from HTTPS Sessions with a Man-in-the-Middle Attack Using Cain (15 pts.)

Project X1: Subnet Exercises (Ch 2, 10 pts. extra credit)
Project X2: HackThisSite (Ch 10, 15 pts. extra credit)
Project X3: Getting into Ubuntu Linux Without a Password (15 pts. extra credit)
Project X4: Protecting Your Privacy with The Onion Router (TOR) (10 pts. extra credit)
Project X5: Sniffing Cleartext Passwords with Cain and Abel (Ch 12, 10 pts. extra credit)
Project X6: Microsoft Baseline Security Analyzer (MBSA) (Ch 8, 10 pts. extra credit)
Project X7: Winfingerprint (Ch 8, 10 pts. extra credit)
Project X8: OpenPGP on Ubuntu Linux (Ch 12, 15 pts. extra credit)
Project X9: Cracking WPA (15 pts)

Back to Top



CEH Certification Resources

CEH Tips
CEH: Certified Ethical Hacker - Taking the Exam
CEH: Practice Exams
CEH: TechExams -- Certified Ethical Hacker (CEH) exam
EC-Council - Certified Ethical Hacker (312-50) Practice Exam - This is the one I used

Links for Chapter Lectures

Ch 4a: Metasploit Module Search Page
Ch 4b: How to get started with writing an exploit for Metasploit
Ch 4c: Msfconsole one-liner example
Ch 4d: Scanner HTTP Auxiliary Modules - Metasploit Unleashed
Ch 4e: Metasploit: The New Metasploit Browser Autopwn:...

Ch 5a: DNS Request Types
Ch 5b: 10 Linux DIG Command Examples for DNS Lookup
Ch 5c: Open Resolver Project
Ch 5d: Public DNS Server List
Ch 5e: DNS AXFR scan data
Ch 5f: DNS Hacking (Beginner to Advanced) - InfoSec Resources
Ch 5g Wildcard DNS record - Wikipedia
Ch 5h: Network tools for every sys admin
Ch 5i: The Strange History of Port 0

Miscellaneous Links

Learn Python the Hard Way
Fuzzing for SQL injection with Burp Suite Intruder - USE FOR PROJECTS
Pythonista on the App Store on iTunes -- INTERESTING FOR PROJECTS
Pythonista: Using pipista to install modules
How to Build a DNS Packet Sniffer with Scapy and Python
Bypassing Antivirus with Shellter 4.0 on Kali Linux -- GOOD 124 PROJECT

Old Links

New Unsorted Links

Ch 4f: Simple Take Over of Windows Server 2008 via ms09-050
Online JavaScript beautifier -- deobfuscates code! -- IMPORTANT FOR MALWARE ANALYSIS
Ch 7a: HowToDecrypt802.11 - The Wireshark Wiki
Ch 7b: security - WEP/WPA/WPA2 and wifi sniffing - Server Fault

           Linking provided by Blogrolling
Back to Top

Valid XHTML 1.0!      
Last Updated: 7-165-09 1 pm