EC-Council CEH v10 Practical Exam Review
Hello guys !!! This is veeppiaar. As I promised, Iβm here posting my experiences on EC-Council CEH Practical Examination and also this is my very first public writeup I had ever posted.
As adviced by Aravazhi Rajendran, I applied for EC Councilβs CEH scholarship and luckily my application got approved and i started off acing towards the practical examination. At first I was totally blindfolded about the exam and started preparing on my own. Later I came to know the experiences shared by S Naveen Kumar, Anon Tuttu Venus, Gobinathan L, I started preparing according to it. And then, Sashi Kant Ojha H shared his experience which made me to prepare at faster pace. I will be always thankful to them.
I had scheduled my exam on 23rd september 2020 1:30 PM to 6:30 P.M IST and I had finished off challenges securing 18/20 score which is 90% .
CEH ANSI vs CEH Practical:
The CEH ANSI is a MCQ based exam which comprises of 125 questions and it needed to be completed within stipulated time of 4 hours. You need to secure atleast 88 questions correctly out of 125 questions which is roughly around 70% and it is an closed book test.(Note : This passing score may vary on each exams which ranges from 60% - 85%).
While CEH Practical is a hands-on exam where the candidate should demonstrate their practical skills learned in CEH ANSI and EC Councilβs ilabs under a single window exam proctor.
CEH Practical Exam Details:
- Exam Name: Certified Ethical Hacker (Practical)
- Number of Challenges: 20
- Exam Infrastructure: iLabs (browser based)
- Test Delivery : Online and at your own cosy place
- Passing score: 70% (14 challenges out of 20)
- Test Duration: 6 Hours ( with 15 minutes of break )
Furthermore Details:
This Exam is purely conducted in their ilabs environment where you will need only a good internet connection and your favourite browser to connect to their test environment.
This exam Provides two machines namely kali distro and windows machine to work with. Both of these machine doesnβt have open internet connection and hence you cannot surf the internet using those machines.
Some of the tools are outdated and if you are practiced with newest version of tools,while solving a challenge there may be possibility of encountering parameter/argument error using the tools in their kali machine. If you face the same, use manual page or help along with grep command.
You will recieve the link to exam before 15 minutes on the day of booked slot timing. Have an eye in spam inbox too!
You need to have a webcam,headphone and microphone, a valid ID Proof. Before commencing the exam, you need to show your entire workspace for the exam to the proctor.
You are not allowed to talk to any person during the exam as they are recording and monitoring your whole activities.
Difficulty Level:
In my point of view, this exam is too easy to solve and even beginners like me(yet iβm noob) will feel the exact difficulty level I had felt.
If you had practiced in ilabs,then it will be a piece of cake for you
Exam outline:
As mentioned in the EC- Council Website , You can be able to :
- Demonstrate the understanding of attack vectors
- Perform network scanning to identify live and vulnerable machines in a entire network.
- Perform OS banner grabbing, service, and user enumeration.
- Performing steganography and integrity verification
- Performing packet sniffing.
- Conducting a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
- Performing SQL injection attacks.
Tools I practiced for solving challenges:
Below is the list of tools which I practiced to be proficient for solving the challenges:
1.nmap (https://tryhackme.com/room/rpnmap)
2.john/hashcat (https://tryhackme.com/room/crackthehash)
3.sqlmap
4. wpscan
5.hydra (https://tryhackme.com/room/hydra)
6.wireshark and some other windows based tools like rainbowcrack,Quickstego etc..
Some OS command injection techniques
EXAM TIP !!!!
I. Always do a nmap scan for entire subnet network for these kind of exams.
- First find the ip address of current kali machine using ifconfig
- Then do a TCP scan of entire subnet using nmap
nmap -A -T4 -p- <IP address in CIDR notation> -oN nmap.txt
3. Then do a UDP Scan
nmap -sU <IP in CIDR Notation> -oN udp.txt
II. As i said before, you will face parameter/argument errors in outdated tools, use manual page piped along with grep in which command you want to find.
For example
sqlmap -h | grep βdumpβ
will return commands return to dumping a database. Similarly you can use for other tools.
Resources and blogs:
- https://www.youtube.com/playlist?list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH
- https://medium.com/@anontuttuvenus/ceh-practical-exam-review-185ea4cef82a
- https://medium.com/@jonaldallan/passed-ec-councils-certified-ethical-hacker-practical-20634b6f0f2
Verify my CEH Practical badge here:
You can also ping me in linkedin,telegram. My DMs are always open!!!!.
DONATIONS!!
If you loved my blog and got beneficial in exam and would like to donate me means, please try to donate some money to the people who are all needy. If you dont know for whom to donate, dont search in Internet. lookout of your window.You can see lot of needy people out there. You can donate meals to homeless peoples, You can buy stuffs from street vendors to raise their standards, you can donate to organisations like UNICEF, Save the Children kinda peoples, You can provide free education to peoples, you can buy books for students. It can be anything. Even if you want to share photos of your donation, do itβ¦but dont disclose the recieving end :). Thats all I want from you guys!!!.
Lets make the Helping as a chain.
