How I passed CEH (Practical) in my first attempt by Guru HariHaraun

Logo of Certified | Ethical Hacker (Practical)

Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH (Practical) examination within 4 hours. In the next 8 minutes, you will have an idea about what is CEH(Practical), who can face this exam, how you can ace this exam and my secret exam strategy.

NOTE: I have created my own notes as it would guide you with all the tools, tricks procedures notes that I used in my preparation and during my exam. Make sure to check it out! Since all the technical Jargon will be available on that notes. https://book.thegurusec.com/certifications/certified-ethical-hacker-practical

Certified Ethical Hacker (C|EH) (Practical)

Certified Ethical Hacker (Practical) | C|EH (Practical)

certified Ethical Hacker (Practical) is a six-hour, rigorous exam that requires to demonstrate the application of ethical hacking techniques and to solve a security audit challenge within a given limited of time, just like in the real world. The exam was developed by a panel of experienced SMEs which includes 20 real-life scenarios with questions designed to validate essential skills required in the ethical hacking domains as outlined in the C|EH program. It is not a simulated exam but rather, it mimics a real-world corporate network through the use of live virtual machines, networks, and applications designed to test ethical hacking skills.

CEH Practical Exam Information:

• Exam Name: Certified Ethical Hacker (Practical)
• Number of Challenges: 20
• Exam Infrastructure: iLabs (browser-based)
• Test Delivery: Online and at your cosy place
• Passing score: 70% (14 out of 20 challenges)
• Test duration: 6 Hours ( with 15 minutes of break )

CEH Practical Exam Details:

• The Exam is fully proctored by a proctor using GoToMeeting (Web Conferencing & Online Meeting Software) and webcam, microphone, screen streaming should be on and recorded for the entire period of the exam.
• The exam is completely on iLab which is a browser-based environment. So no need to worry about snapping your VMs.
• 2 Virtual Machine is provided for the user for pentesing: Parrot OS (Yes you heard, no more Kali😓) & Windows 7.
• This is fully an open book exam so we can google stuff online, take notes, can watch tutorials, reading blogs but what not to do is that Making hand-written notes is not allowed, should not contact people and make calls.
• Internet Access will not be available on your machine. you have to use your browser to access it.

Pre-requisite:

1. Basic Linux knowledge.
2. willingness to learn stuff.
3. Google is my Friend, Basic Googling knowledge.
4. Note Making. Manh, I can’t express how much important note making is. This habit will help you in every scenario in your life.

Preparation Days:

Here the fun starts, I had prior experience and knowledge on the Information security industry this doesn’t let you down since this exam portion covers from the scratch.

If you have 💰you can afford iLab because the challenges which might appear on exams are based on the lab activities. Since I couldn't afford iLab, I took the tools list and practised them on TryHackMe & HackTheBox. This Exam is all about how much knowledge you have on tools. On the given link below written by Pablo Gallardo are the tools that have been used in the iLab

List of Tools featured in CEH iLabs by Hacking Phases

Damn Vulnerable Web Application (DVWA)

Damn Vulnerable Web Application (DVWA) — Logo

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. DVWA aims to practice some of the most common web vulnerabilities, with various levels of difficulty. DVWA plays one of the major roles in the C|EH (Practical) exam. It is advisable to crack DVWA and get used to the box since the challenges may appear based on the challenges available on this box.

Note: The Tools, Methodology, process I had followed are all documented in GitBook. You can check it here: https://book.thegurusec.com/certifications/certified-ethical-hacker-practical

Certified Ethical Hacker (C|EH) (Practical)

Exam Experience:

Ahh! I hope you all are waiting for this section I guess!

I scheduled my exam for 20th January 2022 at 01:30 AM EST through their customer support dashboard since there was a problem with their exam scheduler application. Hopefully, by now they would have fixed the issue.

So, on the exam day, I logged in to my computer and waited for the meeting link which they told me that they will send 15 minutes before the exam started. As they said I got the link for GoToMeeting and the proctor started their process and she told me that Dual Monitor was not allowed during the exam😮. I went crazy because it totally affected the speed of my workflow and eventually I get used to it. Then, she verified my Identification and now the exam starts.

First and foremost I started my scanning phase because it might take some time since scanning the whole IP subnet may take a few minutes. In that time I started to go through all the challenges.

“Read the objective of your challenge on a layman terms”

After analyzing the challenges I started my hacking. It took me 4 hours to crack all the 19 questions. Since I went through some rabbit holes because of misunderstanding the challenge. After solving all the challenges I went to that one last challenge which I couldn't able to get the flag. It almost took 45 minutes to find the flag since my concentration level was low and completed my exam in 4 hours 45 minutes.

After I completed the exam, the proctor directed me to my exam mark panel and was surprised to see that I solved all the challenges & got my certificate🎉🥳

My Certificate Copy

Certificate of Achievement for completing Certified Ethical Hacker (Practical)

My Secret Strategy

Oh hey hi! you Welcome to the most anticipated part of the blog😁. Yes, When I was preparing for my exam I was searching for this section on others blogs and eventually, some helped me. In this section, I will reveal the secret strategy that I followed which eventually fasten up your process.

Note: I can’t give you the exam question as secret but i can help you with easter egg which helps you to make your hacking much faster and efficient way.

• On first begin the Nmap scan on parrot os shift to the windows machine and start Zenmap (GUI Version of Nmap). The reason is that in Parrot OS you may find it hard to parse all the IPs because the green colour with the terminal might overwhelm you. Instead, the Zenmap GUI would be useful to find out the services, OS running on that IP with a cute User Interface. Trust me this would be the great life-changer of your exam. I know as a penetration tester working on the terminal is cool but in the heat of the moment, the browser-based VM would make you tense.
• Also, Scan All the ports in the IPs because people are more brainy than the dump default scripts.
• You don’t have to use the word list available with the tools. They provide you with their custom word list respective to the module in which you are performing your attack.

• For brute-forcing the services, I strongly recommended “Hydra &Medusa”
• Try to solve the HTB box based on Android since there is a whole module in the coursework based on mobile phone hacking.
• If you arent able to solve the challenge or it is a time-consuming challenge, move to the next one. After completing a few challenges, go back to the missed or time-consuming challenge you may be able to solve.
• On your learning phase don’t skip the modules of cryptography and steganography. You may regret if you miss those modules. At least learn how to use the tools.

why only OffSec? Every cert are based on this

• I can’t stress about Reconnaissance and Enumeration. This is the key to finding a flag for your challenges. Gather many details as much as you can.
• Submit the answers as they ask you to submit the answers are prepopulated on their database so if you misspelt or submitted your answers in the wrong format then you can’t get your desired score.
• Google is your best friend. Ask anything you want but don't ask what does your loved one doing right now xP.

My Resources:

• My Digital Notes: https://book.thegurusec.com/certifications/certified-ethical-hacker-practical

Certified Ethical Hacker (C|EH)(Practical)

Others Journey and Preparation resources:

• https://lightkun-yagami.medium.com/passed-ec-councils-certified-ethical-hacker-practical-20634b6f0f2
• https://anontuttuvenus.medium.com/ceh-practical-exam-review-185ea4cef82a
• https://veeppiaar.medium.com/ec-council-ceh-v10-practical-exam-review-1b6c75dafbe6
• This subreddit helps you https://www.reddit.com/r/CEH/
• https://scottymcraig.github.io/CEHv10StudyGuide/
• https://diarium.usal.es/pmgallardo/2020/12/13/tools-for-ceh-practical/
• This Github Repository is the God!👇🏻

GitHub - CyberSecurityUP/Guide-CEH-Practical-Master

If you are reading this till now then you are serious about your exam! I strongly believe in you💪🏻. You can able to ace this exam with no issues.

Verify My Badge:

Verify Badge | ASPEN

Support Me:

You can help this guy who took days of effort to build this blog & CEH Practical digital books for public access💝🥰

I had put much effort into writing this Certified Ethical Hacker (Practical) Notes & blog even though they are not going to pay me anyway, but If someone is up for contributing me, I’d be more grateful for myself since I can use it for my hosting and server maintenance.

XD!

So, If you felt that my resources were useful, please make sure to contribute here😊🙏🏻🫂

Guru HariHaraun

If you find this blog worth reading then do hit that 👏🏻 and you know what you can clap a max of 50 😜

🔈 🔈 Infosec Writeups is organizing its first-ever virtual conference and networking event. If you’re into Infosec, this is the coolest place to be, with 16 incredible speakers and 10+ hours of power-packed discussion sessions. Check more details and register here.

IWCon2022 - Infosec WriteUps Virtual Conference