CEH V11 Cheat Sheet 1, WGU Master's Course C701 - Ethical Hacking (Practice Exam 124q), Ethical Hacking - C701, Ethical Hacking - C701

Serial

Uniquely identifys the certification

Optional fields

e.g Issuer ID, Subject Alt Name

CAN-SPAM

email marketing

Service (SRV)

hostname & port # of servers

URG

indicates data being sent out of band

SYN

initial comms. Parameters and sequence #s

Replay

intruder sends to the victim the same message as was already used in the victim's communication Perform in MITM repeat exchange to fool system in setting up a comms channel

Operator:

keyword additional search items

inurl:

keywords anywhere in url

Intitle:

keywords in title tag of page

FIN

ordered close to communications

DNS

port 53 nslookup (UDP), Zone Ofer (TCP)

frequency analysis

repeating characters/phrases

uncache:

search Google cache only

subject's public key

self-explanatory

trickery and deceiot

social engineering

Digital certificate

used to verify user identity = nonrepudiation version: identifies format. Common = V1.

related-key attack

using two keys

DNS footprinting

whois, nslookup, dig

PKI

A set of hardware, software, people, policies, and procedures needed for digital certificates.

RC4

A variable key size symmetric key stream cipher used in WPA and WEP.

ACK

Ack to, and after SYN

Algorithm ID

Algo

CNAME

Aliases in zone. list multi services in DNS

El Gamal

Asymmetric Algo. !=Primes, log problem to encrypt/sign

ECC

Asymmetric Algo. Elliptical Curve Cryptography. Low process power/mobile

Ciphertext-only attack

Attacker ONLY has access to the ciphertext of messages. Obtain several messages with same algorithm

Hierarchical

CA at top. RA's Under to manage certs

Single authority

CA at top. Trust based on CA itself

CVE

Common Vulnerabilities and Exposures

CVSS

Common Vulnerability Scoring System

SOX

Corporate Finance Processes

ICMP Message Types - 3

Destination Unreachable: No host/ network codes

Mail Exchange (MX)

E-mail servers

ICMP Message Types - 0

Echo Reply: Answer to type 8 Echo Request

ICMP Message Types - 8

Echo Request: Ping message requesting echo

FERPA

Education records

Web of trust

Entities sign certs for each other

Issuer

Entity that verifies authenticity of certificate

brute force

Every possible combination of letters, numbers, and characters

Ext:

File Extension

RST

Forces comms termination in both directions

PSH

Forces delivery without concern for buffering

Reconnaissance/footprinting

Gathering information on targets, whereas foot-printing is mapping out at a high level. These are interchangeable in CEH

FISMA

Gov Networks Security STD

App/Presentation/Session Layer protocols and services

HTTP, FTTP, Telnet, NTP, DHCP, PING

MD5

Hash Algo. 128bit hash, express as 32bit hex

SHA1:

Hash Algo. 160bit has, rq 4 use in US apps

SHA2:

Hash Algo. 4 sep hash 224, 256, 384, 512

Address (A)

IP to Hostname for DNS lookup

Pointer (PTR):

IP to Hostname; for DNS lookup

Network Layer protocols and services

IP, ARP, ICMP, IGMP

ISO 27002

InfoSec Guidelines

DMCA

Intellectual Property

SPY-Act

License Enforcement

Loc:

Maps Location

CIDR

Method of the representing IP addresses

Name Server (NS)

NameServers with namespace

Regional Registry Coverage Map

North America - ARIn South America - Lacnic Europe - Ripe Africa - AFRINIC Asia - APNIC

Attack types

OS: Attacks targeting default OS Settings App Level: Application code attacks Shrink Wrap: off the shelf scripts and code Misconfiguration: not configured well

Transport Layer protocols and services

TCP, UDP

ICMP Message Types - 11

Time exceeded: Packet too long to be routed

Kerberos

88

3DES

Symmetric Algo. Triple repeated process for added strength until orgs can afford AES. 168bit keys (56bitx3)

IDEA

Symmetric Algo. International Data Encryption Algorithm. Block Cipher. Operates similar to DES (operates on 64bit blocks using 128bit key). Used with PGP

Threefish

Symmetric Algo. Large tweakable symmetric key block cipher. Block and key sizes are equal (256, 512, 1024)

Port Numbers

0-1023: Well-Known 1024-49151: Registered 49152-65535 Dynamic

DES

Symmetric Algo. Data Encryption Standard - the archetypal block cipher. Designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56bit key. (8bit parity); fixed block

IPv4 notation

/30=3 .225.252 /28=16 .255.240 /26=64 .255.192 /24=64 .255.0 /22=1024 .248.0 /20=4096 .240.0

TACACS

49

DNS port number

53

POP3

110

Portmapper (Linux)

111

NNTP

119

FTP

20/21

SSH

22

Telnet

23

SMTP

25

HTTP

80/8080

WINS

42

GLBA

Personal Finance Data

Start of Authority (SOA):

Primary name server

RFC 1918

Private IP Standard

RSA

Public Key crypto system for internet encryption and authentication. 2 very large Prime #s, 4,096bit. Modern std for asymmetric encryption.

5 phases to a penetration test/hacking phases

Recon Scanning & Enumeration Gaining Access Maintaining Access Covering Tracks

ICMP Message Types - 5

Redirect 2+ gateways for sender to use or the best route not the configured default gateway

Site:

Search only within domain

Key usage:

Shows for what purpose cert was made

ICMP Message Types - 4

Source Quench: Congestion control message

AES

Symmetric Algo. Advanced Encryption Standard is a symmetric key algorithm used by US gov to secure sensitive but unclassified material. Iterated block cipher, works by repeating the same operation multiple times. Replaced DES. It has a 128-bit block size with key sizes of 129, 192, and 256.

Subject

Whoever/whatever being identified by cert

XMKS

XML PKI System

allintitle:

any keywords can be in title

allinurl:

any of the keywords can be in url

chosen-plaintext

attacker defines their own plaintext

known plaintext attack

attacker has knowledge of some part of the plain text. search plaintext for repeatable sequences. Compare to t versions

DHCP

client - Discover -> Server Client<--Offers--Server Client--Request-->Server Client<--ACK--Server IP is removed from pool

RFC 3227

collecting and storing data