Book Image

CEH v10 Certified Ethical Hacker Study Guide

By : Ric Messier
Book Image

CEH v10 Certified Ethical Hacker Study Guide

By: Ric Messier

Overview of this book

As protecting information becomes a rapidly growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v10) certification. The CEH v10 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep a track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include intrusion detection, DDoS attacks, buffer overflows, virus creation, and more. This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles. By the end of the book, you’ll have all the information and knowledge you need to pass this test with flying colors
Table of Contents (23 chapters)
Free Chapter
About the Author
Assessment Test
Answers to Assessment Test
Comprehensive Online Learning Environment
End User License Agreement

Gathering Passwords

Once you have an exploited system, you will want to start gathering information on it. One type of information is the passwords on the system. There are a couple of ways to gather these passwords. In the preceding code listing, we got a Meterpreter shell on a target system. Not all exploits in Metasploit can yield a Meterpreter shell, but if we can get one, we have a powerful ally in gathering information and performing post-exploitation work. Using Meterpreter, we can gather information about the system so we know what we’re getting for password data. The command sysinfo will tell us the system name as well as the operating system. This tells us we’re going to be looking at LAN Manager hashes when we grab the passwords. We can do that using the hashdump command, which you can see in the following listing.

Obtaining passwords with Meterpreter

Computer        : WUBBLE-C765F2
OS              : Windows XP (Build 2600, Service Pack 2).
Architecture    :...