1. Veracryt
2. RDP to a given PC, take file from desktop
3. .hex question – use tool Cryptool
a. – des (no key)
b. Rc4 – key length
c. test
4. nmap
a. OS detection – mysql host kun device
b. ftp host – username
i. password chain
5. wireshark
a. look at pcap, which machine is dosing which
b. look at pcap, ddos kati ota ddos
6. steganography
a. use snow. ftp ip ra password (refer 4b)
7. sqlmap
a. phone number
8. user has hidden confidential information in mobile sdcard, find the file.
9. A server has a RAT installed, use it to compromise.
10. Wpscan username: password
11. Compare hash to find which file is changed
12. Sql injection vuln, which method will be most harmful. -trace
13. FTP:
a. Use hydra to brute force
b. You will get username password from some other question, use that to get the other file. (answer sam:test)
14
============================================================================
The list of resources for CEH certification exam compiled by Roshan Guragain
Resources
This has more than enough resources required to pass the exam.
However, to be precise, here are some resources Roshan Guragain recommends at minimum.
Web Security
Resource: https://portswigger.net/
Tools
- Sqlmap: sql injection
- directory brute-forcing: gobuster, dirbuster, dirb, ffuf
- enumerate and bruteforce users: wpscan
- https://linuxhint.com/wpscan_wordpress_vulnerabilities_scan/
Labs :
- https://tryhackme.com/room/ffuf
- https://tryhackme.com/room/owaspjuiceshop
- https://tryhackme.com/room/owasptop10
System Hacking
- Basic windows command line and system enumeration.
- Alternate data streams, hidden files on windows
Tools:
- Remote Desktop Connection
- psexec.py, smbexec.py, winexe: Windows shell from linux machine (in case rdp is off and smb is enabled)
- enum4linux: windows enumeration
- crackmapexec: bruteforce windows password
- hydra : bruteforce credentials
- lab: https://tryhackme.com/room/hydra
Sometimes one credential might not have enough permission so try to access the system using all the found credentials
- Android adb: ( port 5555 ), [ Explore hackthebox writeup ], adb shell
- Use this to access android filesystem files.
Stegnography
Most of the tools are present in the system itself, you just need to know which tools to use.
The passphrase required for decryption is provided in the question itself so just learn how to encrypt and decrypt using the tools.
Tools:
- snow, steghide, openstegno: windows
- steghide: windows
Here are more resources (these are overkill resources )
- https://book.hacktricks.xyz/stego/stego-tricks
- https://trailofbits.github.io/ctf/forensics/
- https://github.com/Samsar4/Ethical-Hacking-Labs/blob/master/5-System-Hacking/9- Steganography.md
Cryptography
Need to understand the hashing algorithms, find the modified files using checksum, decrypt texts using the below mentioned tools (cryptotool), decrypt encrypted files (veracrypt).
Tools:
- hashcalc , cryptool ( I was able to solve most of the cryptography questions using this)
- veracrypt : learn how to encrypt and decrypt files ( password is provided in the questions )
- https://www.youtube.com/watch?v=C25VWAGl7Tw https://www.youtube.com/watch?v=cxo8xosH_TI Powershell : get-filehash
hashcat, john ( hash cracking )
If you want to learn in depth : https://cryptopals.com/ (not needed to pass CEH).
Hash Cracking labs:
Network Enumeration
- Network enumeration: nmap
- Service enumeration: ftp, smb
- web enumeration:
- https://book.hacktricks.xyz/ : goldmine.
PCAP Analysis
Learn the filters to be used https://medium.com/hacker-toolbelt/wireshark-filters-cheat-sheet-eacdc438969c
Learn how to extract specific protocol traffic.
One question was to extract username and password from the http request.
Filter User:http.request.post |
Three questions were from the following topics
1. DoS detection
2. DDoS detection
3. Extracting credentials from http traffic
If you have completed the above and want to get confident try some boot2root machines on hackthebox and tryhackme. [ johnhammond , ippsec on youtube has good content for these boxes ]
Roshan Guragain 's Experience:
You join the session and connect to proctor. You need to install ( GoMeetings ) application on your machine. The proctor provides all the rules and instructions to start the exam. A single break of 15 minutes was provided to me ( which is preinformed ). After all the configuration is done, the proctor enter’s his credentials and the exam starts.
I was provided with two machines one windows and one Parrot OS. There are two tabs instructions(questions) and resources(machines).
All the tools required are present in the machine. On parrotOS root user’s home directory had most of the tools and there was a drive(CEH) for tools on the windows machines. Most of the questions are based on usage of tools. Some bruteforcing of credentials are needed to get access to some of the services. In case you are not able to answer some of the questions just skip it and come back later as you might find the
credentials of those machines on the later questions. Most of the questions are easily solvable and there are not rabbit holes at all in all of those questions. Since googling was allowed, I was able to search for most of the things. In case you are not able to answer any questions ( stegno ) google for the tools available on the system which might help you solve it. The wordlists ( username and passwords ) are also present on the system so it will not take much time.
For hash cracking in case you dont have better GPU you could use google colab instances.
In case you have any queries feel free to reachout to me at rgn@logpoint.com
