CEH PRACTICAL EXAM
TOPICS
1. Enumeration - finding the IP and Users.
2. Footprinting - Banner grabbing.
3. Steganography - Hinding information under images or files.
4. Packet Sniffing - Wireshark identify ddos attack and more.
5. Web Application Attack - SQL attack , XSS,etc.
6. Cryptography Attacks - Encoded information to decode it.
7. Remote code Execution - Using Metasploit create a reverse shell 8. Password Cracking - hydra , rainbow crack , John the ripper
TOOLS
1. Netdiscover - for scanning the network
2. NMAP - for finding the vulnerability and version
3. Hydra - For cracking the password
4. John the Ripper - Hash break
5. Sqlmap - Sql injection
6. Quick Stego - for steganography attack
7. WpScan - wordpress scan
8. Rainbow crack
9. Wireshark
10. Micrsoft RDP
11. Hashcalc.
12. veracrypt
13. Searchspolit / MetaSploit
Vulnerability :
XSS / IDOR / Host Header Injection / SQL Injection
Tools
1.Nmap
2.Hydra
3.Sqlmap
4.Wpscan
5.John the ripper
6.Hashcat
7.Metasploit
8.Wireshark
9.steghide
10.OpenStego
11.QuickStego
12.Dirb
13.Searchsploit
14.Veracrypt
15.Hashcalc
16.Rainbow Crack
Windows Topic : Steganogrphy , Cryptography , Wireshark (Learn wireshark filter save time)
Linux Topic : Network Scanning , SQL , Hash Craking , Password brute forcing and dvwa
Focuses on following Tools :
1. Nmap (Important)
2. Directory brute forcing tool (dirb, gobuster)
3. Password brute forcing tool (Hydra)
4. Sqlmap (Important tool)
5. Wpscan (Important tool)
6. JOhn the ripper / hashcat
7. Wireshark (Very Important)
8. Veracrypt and Steghide
Tools used according to OS :
Parrot Box Windows Box
1. netdiscover 1. Wireshark
2. NMAP 2. Hashcalc
3. Hydra 3. veracrypt
4. John the Ripper 4. BCTextEccoder
5. Wpscan 5. Cryptool
6. Sqlmap 6. Snow
7. ADB 7. OpenStego
Exam Quetions :
Q. How Many Machines are active ?
---> Use netdiscover
Q. Which Machine has FTP Server Open ?
---> Use nmap if port no. 22 open the ip will be enter
Q. Find 2 secret files using FTP ?
---> brute force FTP Usernames
Q. Find out phone number of web application user ?
---> Use Sqlmap in database the phone number will find
Q. Brute Force Wordpress Website User's Password ?
---> Use Wpscan
Q. Decode .hex file ?
---> Use Cryptool
Q. Which Machine started Dos attack ? DDOS attack happened on which IP? Find out http Credentials
from PCAP file ?
---> Use Wireshark to check PCAP file. analayze the packet in wireshark
Q. Decode the give text using given secret ?
---> Use BCTextEncoder
Q. Calculate SHA1 hash of a text ?
---> use Hashcalc. generate the hash value to find answer.
Q. Decrypt the hidden Volume and find secret file ?
---> Use Veracrypt whenever realted to volume use veracrypt
Q. Crack the given hash ?
---> go to personal computer browser and use hashes.com copy the hash and find solution.
Q. Find Secret hidden in the Image/File ?
---> Use OpenStego / Snow
Q. Find a Secret file in Android ?
---> Use ADB Android debuggine bridge give a file structure of android and finding files.
Q. Send data to another Machine (firewall blocked) ?
---> Use Covert TCP
Q. Find a device that running the ip address and then finding the username password of ftp server and login then finding a secret file and that read a content then decoded and submit the answer ?
---> 1. Scanning the all devices using Nmap and we found open port on device that is our ftp server device
2. Note down the ip address and then brute force the ftp server username and password using hydra and wordlist are given
3. After the getting username password login to ftp server using the command
-- # ftp [ip address of ftp server machine]
4. finding a secret file and decoded it in hashcat
5. Finally submit the answer and found out the solution.
_______________________________________________________________________________________________________