Giter Club home page Giter Club logo

ceh-practical-guide's Introduction

CEH-Practical-Guide

This Repo will help you to prepare better for CEH - Practical Exam

Exam Information

  • Exam Title: Certified Ethical Hacker (Practical)
  • Number of Challenges: 20
  • Duration: 6 hours
  • Passing Score: 70% (14 Questions)

My Experince

  • If you are doing bug bounty hunting, then you are half way there.
  • NMAP and wordpress knowledge is really important.
  • Best part - Google searches are allowed (๐Ÿ’ฅ)
  • Cryptographic knowledge is important
  • SQL Injection plays a major role
  • Simple User Enumeration and OS Banner grabbing
  • Stegnography
  • RDP Connection

Tools that will help you to pass exam

  1. NMAP
  2. SQLMap
  3. Hydra
  4. Wireshark
  5. Veracrypt
  6. Hashcalc
  7. Dirb
  8. Steghide
  9. Searchsploit
  10. Hashcat
  11. John
  12. WPSCAN
  13. Rainbow crack ( This helped me to get my first 3 question answers! )
  14. Nikto
  15. Metasploit

Resources

  1. If you can pay then the best resource is ASPEN iLabs.
  2. VulnHub
  3. Tryhackme ( Different related rooms like crackthehash, wirectf, hydra, sqli)
  4. ASPEN iLabs YT video ( https://www.youtube.com/watch?v=ycZFk-GT5-I&list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH )

Sample Questions

  1. Which username was tampered? ( You need to solving by comparing Hash values)
  2. Wordpress Username Enumeration!
  3. Retrieve Database names ( SQLi)
  4. How many machines are there? ( NMAP)
  5. Phone number of User X? ( Metasploit/Parameter Tampering)
  6. What is the hidden text in X.jpeg (STEGHIDE)
  7. Password crack for VCRYPT
  8. IP Address/ Version of Running windows Server.

Some of the commands used by me

  1. hydra -l root -P passwords.txt [-t 32] ftp [ https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/]
  2. hydra -L usernames.txt -P pass.txt mysql
  3. hashcat.exe -m hash.txt rokyou.txt -O
  4. nmap -p443,80,53,135,8080,8888 -A -O -sV -sC -T4 -oN nmapOutput 10.10.10.10 [https://www.stationx.net/nmap-cheat-sheet/]
  5. wpscan --url https://10.10.10.10/ --enumerate u
  6. netdiscover -i eth0 [ https://www.100security.com.br/netdiscover ]
  7. john --format=raw-md5 password.txt [ To change password to plain text ]

Reach out in case of further help

Instagram: https://www.instagram.com/bug_xs/

Thank you for reading!! ๐Ÿ™Œ๐Ÿ™Œ

ceh-practical-guide's People

Contributors

0xparth avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.