C|EH Practical Review and Guide

This Post is all about my approach to C|EH Practical.


What is C|EH Practical?


C|EH Practical is a six-hour, rigorous exam that requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, etc. in order to solve security audit challenges.

Same as many people in information security, I too got this opportunity through a scholarship. I had to pay a $100 fee for completing the enrollment.

This is an entry-level exam so it’s very beginner-friendly.

Pre-requisites

  1. A good webcam so the proctor can see you throughout the session.
  2. Must have a good internet connection.
  3. Decent laptop with a good amount of RAM (Because why not ?)
  4. Last but not least An empty room (You won’t find it if you’re an INDIAN)
  5. Brain as usual.

Who can pass this exam very easily?

  • People who do HTB boxes and CTFs would have completed some of the challenges from the exam already.
  • Those who engage in Bug Hunting and all those who are good at using the search engines efficiently.
  • Those who bought an iLabs subscription for CEH.

What should you know before starting the exam?

  • This entire exam will be on your browser.
  • The proctor will enter the credentials on your ASPEN DASHBOARD to give you access to the lab environment.
  • The lab environment has 2 machines (which are shown with credentials there).
    One is Kali Linux and the other is Windows Server 2016. (Both of them have tools in them)
  • You have to give your mouse/keyboard access to the proctor. (Just for a short time before starting the exam)
  • The network where machines are hosted is isolated from the internet. You can google things on your machine.

Prior tools knowledge


(Based on my exam. These are some of the tools I used)
P.S.: I suck at Windows so I used Kali as the main machine (Provided by EC Council during the exam).

  • NMAP (You already knew this is gonna be here)
  • METASPLOITABLE (With the database configured)
  • SQLMAP (There are different ways to give this tool input so stay calm)
  • WIRESHARK (Play with this tool a bit and know the possible things it can do)
  • JOHNTHERIPPER (Because it’s easy to use and sufficient for this exam)
  • WPSCAN (This is a great tool 😉 )
  • HYDRA (Bruteforcing tools are necessary while testing different things on the network)
  • RESPONDER (Basics functionalities)
  • SEARCHSPLOIT (To search MSF modules)
  • Windows-based tools for Cracking, Scanning, Hash calculations, etc.

Recommendations

  • My recommended OS for the exam is Windows because you’ll be asked to install the GoToMeeting application which isn’t available as a standalone app on Linux. (GoToMeeting could be used in a browser but is not preferred)
  • Scan the whole network first before starting with questions. If you are stuck at a question, skip it and come back to it again after 2-3 questions.
  • Lab Environment might be slow, don’t panic.
  • Focus on Enumeration more.

It took me about 3 hours to finish the exam.


Contact me here.

Leave a Reply