This Repo will help you to prepare better for CEH - Practical Exam
- Exam Title: Certified Ethical Hacker (Practical)
- Number of Challenges: 20
- Duration: 6 hours
- Passing Score: 70% (14 Questions)
- If you are doing bug bounty hunting, then you are half way there.
- NMAP and wordpress knowledge is really important.
- Best part - Google searches are allowed (💥)
- Cryptographic knowledge is important
- SQL Injection plays a major role
- Simple User Enumeration and OS Banner grabbing
- Stegnography
- RDP Connection
- NMAP
- SQLMap
- Hydra
- Wireshark
- Veracrypt
- Hashcalc
- Dirb
- Steghide
- Searchsploit
- Hashcat
- John
- WPSCAN
- Rainbow crack ( This helped me to get my first 3 question answers! )
- Nikto
- Metasploit
- If you can pay then the best resource is ASPEN iLabs.
- VulnHub
- Tryhackme ( Different related rooms like crackthehash, wirectf, hydra, sqli)
- ASPEN iLabs YT video ( https://www.youtube.com/watch?v=ycZFk-GT5-I&list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH )
- Which username was tampered? ( You need to solving by comparing Hash values)
- Wordpress Username Enumeration!
- Retrieve Database names ( SQLi)
- How many machines are there? ( NMAP)
- Phone number of User X? ( Metasploit/Parameter Tampering)
- What is the hidden text in X.jpeg (STEGHIDE)
- Password crack for VCRYPT
- IP Address/ Version of Running windows Server.
- hydra -l root -P passwords.txt [-t 32] ftp [ https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/]
- hydra -L usernames.txt -P pass.txt mysql
- hashcat.exe -m hash.txt rokyou.txt -O
- nmap -p443,80,53,135,8080,8888 -A -O -sV -sC -T4 -oN nmapOutput 10.10.10.10 [https://www.stationx.net/nmap-cheat-sheet/]
- wpscan --url https://10.10.10.10/ --enumerate u
- netdiscover -i eth0 [ https://www.100security.com.br/netdiscover ]
- john --format=raw-md5 password.txt [ To change password to plain text ]
Instagram: https://www.instagram.com/bug_xs/
Thank you for reading!! 🙌🙌