Separate names with a comma.
Recommended. Know people from your network.
Don't have an account?Sign up Now
To reset your password, enter the email address you registered with and we"ll send your instructions on their way.
Discussion in 'CEH' started by Baba_2, Feb 21, 2020.
i am attend the today class but it don't show
It takes some time to reflect, check now.
I Launched the "ilabs" from Ec-Council link. It is successfully launched and showing the scenario for LAB.
But, Where do i see the "Procedure/Steps" to perform the Lab ? (I don't see any pdf to download here).
Can anybody help me in finding the "Lab scenario steps" pdf ?
Hello Baba, i am David Vijay enrolled for the morning batch. I could not attend session on 22nd and 23rd Feb as i was out of town. But i downloaded the videos and completed and ready for next session.
go to ASPEN and download the pdf and all study data
like of ASPEN
any one can you provider me study material of 29 Feb.
Has anyone been able to get in contact with Baba? he still has not answered my private messages from after the first session.
Hi Ian, I see that Baba has replied to your message. Could you please paste his response here as I am beginner as well and his advice would really help. Thanks.
for the mac user security tools
site name :- objective-see
1. Knock-knock :-
Knock-knock uncovers persistently installed software in order to generically reveal such malware.
2. Task-explorer :-
Task-explorer allows one to visually explore all running processes.
3. ReiKey :-
ReiKey was designed to detect the keylogger .
4. Dylib Hijack Scanner or DHS :-
DHS will then scan and detect any applications that have been hijacked, or are vulnerable to hijacking.
more information to visit : https://objective-see.com
Is anyone got to know when the MOCK test going to happen? is the dates are announced? Thank you.
Baba- how can you get your parrot in full screen in virtual box? are you using virtual box ?
baba can you give me all book link
Today 75 que quiz not available , its only 22 que and on Scanning topic.please share the today 75 que quiz.
@Baba_2 : This might sound like a redundant question but I am unable to search for Victim PC virtual image (Windows 7, and Windows Server 2012 and 2016). I am all set with the Windows 10 image but stuck on the others. Any easy location for share please ?
Here you go -
Generally Google search can help you with these types of How to.. queries.
example - check if this can help you !
Hi , I am waiting for 125 questions quiz ...
may i know the link for this quiz (Feb 22 - March 22 : Morning batch )
Module 2 Footprinting and Reconnaisance
Sharing some tools/quick tips/notes/terminologies/jargons for this module that I could prepare for myself. Hope this helps!
Footprinting through Search Engines (Google, Bing, Yahoo, Ask, AOL, Baidu, DuckDuckGo)
Google Hacking Techniques [cache:] [allintitle:] [link:] [intitle:] [related:] [allinurl:] [info:] [inrul:] [site:] [location:]
Sensitive Information Left On Public Servers : GHDB (Google Hacking Database)
Sublist3r python program for listing the TLD = Top-Level Domains & Sub-domains [sublist3r -d google.com -p 80 -e Bing]
Geographical Location : Google Maps, Wikimapia, National Geographic Maps, Yahoo Maps, Bing Maps,
People Search : pipl, Spokeo, BeenVerified, Intelius
InSpy Utility : Gathering information From LinkedIn. This utility is available on Kali Linux and Parrot OS.
Financial Services / Financial Information : Google Finance, Yahoo Finance, The Street, Market Watch.
Job Sites: Footprinting can be done through job sites to find out what tools/servers/OS are used in some Org. indeed.com, careerbuilder.com, dice.com, glassdoor.com, linkedin.
Monitoring Using Alerts: Google Alerts, Twitter alerts, Giga Alert, TalkWalker Alerts
Determine OS : Netcraft, Shodan, Censys
Website Footprinting : Burp Suite, Zaproxy, Paros Proxy, Website Informer, Firebug.
Web spiders perform automated searches on the target website and collect specified information like email addrs and names.
Web Spidering Tools : SpiderFoot, Visual SEO Studio, WildShark SEO Spider Tool, Beam Us Up SEO Spider SEO, Scrapy, Screaming Frog, Xenu
Website Mirroring Tools : NCollector Studio, Teleport Pro, Portable Offline Browser, Website Ripper Copier, Gnu Wget, HTTrack Website Copier, Pavuk, BlackWidow, SurfOffline
Website Archives : archive.org
Extract Metadata of Public Documents = Metadata extraction tools = ExtractMetadata, FOCA, Meta Tag Analyzer, BuzzStream, Analyze Metadata, Exiftool
Web-site Watcher = Website Changes Monitor: VisualPing, FollowThatPage, Versionista, WatchThatPage, OnWebChange, InfoMinder, UpdateScanner, Check4Change
Email Tracking Tools = Email Footprinting : PoliteMail, Yesware, ContactMonkey, Zendio, ReadNotify, DidTheyReadIt, Trace Email (whatismyipaddress.com), emailtrackerpro, GetNotify
Competitive Intelligence Gathering : EDGAR DB, Hoovers, LexisNexis, Business Wire, company websites, search engines, press release, patent & trademarks, product catalogue, FACTIVA
Competitive Intelligence Company Plans : MarketWatch, TWST (the wall street transcript) alexa, euromonitor, experian, sec info, the search monitor, USPTO.
Competitive Intelligence Expert Opinions: (ABI/INFORM Global) ProQuest, SimilarWeb, AttentionMeter, Copernic Tracker, SEMRush.
Online Reputation Management (ORM): Trackur, Brand24, Social Mention, ReviewTrackers, Rankur, ReputationDEfender, BrandYourself, Google Alerts, WhosTAlkin, PR Software (cision.com), BrandsEye, TalkWalker
WHOis Lookup : ARIN, AFRINIC, APNIC, RIPE, LACNIC and huge number of other websites
IP Geolocation Lookup Tools : IP2Location, Geo IP Tool, IP Location Finder (tools.keycdn.com), ipfingerprints.com, iplocation.net, maxmind.com, risk.neustar, webhostinghero.com
DNS Records :
A : Points to a host's IP Address
MX : Points to domain's mail server
NS : Points to host's name server
CNAME: Canonical naming allows aliases to a host
SOA : Indicate authority for domain
SRV : Service records
PTR : Maps IP address to a hostname
RP : Responsible Person
HINFO: Host information record includes CPU type and OS
TXT : Unstructured text records
DNS Interrogation Tools : dnsstuff.com, kloth.net, mydnstools.info, centralops.net, nirsoft.net, dnswatch.info, dnstools.com, domaintools.com, dnsqueries.com, ultratools.com
DNS Interrogation Tools On Smartphone : themaillaundry.com, ulfdittmer.com, iptools.su, networkpanda.com, dnssniffer.com
IANA = Internet Assigned Numbers Authority has reserved the following three blocks of IP address space for private internets
10.0.0.0 - 10.255.255.255 (10/8 prefix),
172.16.0.0-172.31.255.255 (172.16/12 prefix) and
192.168.0.0-192.168.255.255 (192.168/16 prefix).
Traceroute Tools : pathanalyzer.com, GEO Spider oreware.com, Trout mcafee.com Magic NetTrace tialsoft.com, pingplotter.com, tools.keycdn.com, networkpinger.com, roadkil.net, analogx.com, ping-probe.com
Social Engineering Techniques : Eavesdropping, Shoulder Surfing, Dumpster Diving, Impersonation
Footprinting Tools : Maltego & Recon-ng (bitbucket.org), FOCA (Fingerprinting Organizations with Collected Archives), Recon-Dog
Any Quiz scheduled for this Batch ?
What about the Mock tests ?
Module 3- Scanning Networks (Part -1)Sharing quick notes for n/w scanning module. This is very high weight module and needs a huge time from my perspective. Hope it helps.
Objectives Of Network Scanning = Identifying live hosts, IP addresses, ports, services, vulnerabilities, operating system, system architecture
Fingerprinting : Finding OS and System architecture.
Scanning Types : Port Scanning, Network Scanning, Vulnerability Scanning,
TCP Communication Flags :
SYN : Synchronize : Initiate connection between hosts
ACK : Acknowledgement : Acknowledge receipt of packet
PSH : Push : Send all bufferred data immedately
RST : Reset : Reset a connection [Attackers use this to scan hosts in search of open ports]
FIN : Finish : No further transmissions
URG : Urgent : data contained in the packet should be processed immedately
SYN scanning mainly deals with three flags : SYN, ACK and RST. These are used for gathering illegal info from servers during enumeration.
TCP Connection Establishment = Three Way Handshake as below:
CLIENT > SYN, SEQ#10 > SERVER
CLIENT < SYN + ACK, ACK#11, SEQ#142 < SERVER
CLIENT > ACK, ACK#143, SEQ#11 > SERVER
TCP Session Termination done as below:
CLIENT > FIN, SEQ#50 > SERVER
CLIENT < ACK, ACK#51, SEQ#170 < SERVER
CLIENT < FIN, SEQ#171 < SERVER
CLIENT > ACK, ACK#172, SEQ#51 > SERVER
Packet Crafting / Fragmenting Packets / Packet Building/ Creating Custom packets = similar terms
Packet Crafting Tools : Colasoft Packet Builder, NetscanTools, Ostinato, SolarWinds, Packeth, Bittwist, WireEdit
IPv6 increases the IP Address size from 32-bits to 128-bits to support more levels of addressing hierarchy.
Scanning Tool: nmap, hping2, hping3
Nmap can craft packets to send to target to find information such as live hosts on network, services ( application name and version), operating system,
OS versions, type of packet filter/firewall.
Nmap includes flexible data transfer, redirection, debugging tool Ncat, comparing scan utility Ndiff and packet generation and response analysis tool Nping.
hping2/hping3 : command line network scanning and command line packet crafting tool for TCP/IP protocol.
MTU : Maximum Transmission Unit
hping2/hping3 : sends ICMP echo requests and supports TCP, UDP, ICMP and raw-IP protocol
hping2/hping3 : performs n/w security auditing, firewall testing, manual path MTU discovery, advanced traceroute, remote OS fingerprinting, remote uptime guessing
hping2/hping3 : can send custom TCP/IP packets
ICMP Scanning = Ping Sweep = Sending ICMP request OR ping to all hosts on n/w to determine which one is UP.
ICMP Ping : hping3 -1 10.0.0.25
SYN scan port 50-60 : hping3 -8 50-60 -S 10.0.0.25 -V
ACK scn on port 80 : hping3 -A 10.0.0.25 -p 80
FIN/PUSH.URG scan on port 80 : hping3 -F -P -U 10.0.0.25 -p 80
UDP scan on port 80 : hping3 -2 10.0.0.25 -p 80
Scan entire subnet for live hosts: hping3 -1 10.0.1.x --rand-dest -I eth0
Collecting initial sequence number : hping3 192.168.1.103 -Q -p 139 -s
intercept all traffic with http signature : hping3 -9 HTTP -I eth0
Firewalls and Timestamps : hping3 -S 22.214.171.124 -p 80 --tcp-timestamp
SYN FLOODING : hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 --flood
DNS ZONE TRANSFER takes TCP PORT 53
Scanning Tools : NetScanTools Pro, SuperScan(McAfee), PRTG N/W Monitor (paessler.com), OmniPeek(savvius.com),MiTeC N/W Scanner, NEWT Professional(komodolabs.com), Mega Ping (magnetosoft.com).
Scanning Tools For Mobile : Hackode, Zanti, Csploit, Faceniff, PortDroid Network Analysis, Pamn IP Scanner
Scanning Techniques : ICMP Scanning, TCP Scanning, UDP Scanning.
ICMP Scanning Techniques: ICMP Scanning, Ping Sweep, ICMP Echo Scanning. (used for locating active devices OR determining if ICMP goes through firewall).
TCP Scanning Techniques: Open TCP Scanning Methods (TCP Connect=Full open scan). Stealth (Half-open, Xmas, FIN Scan, NULL Scan), ACK Flag PRobe Scanning.
Third Party and Spoofed TCP scanning (IDLE/IP ID Header scanning).
Inverse TCP SCanning : Xmas Scan,FIN Scan,NULL Scan. = attacker sends probe packet with TCP flag (FIN, URG, PSH, NULL). RST = closed. No response = port open.
FIN probe. Xmas probe (FIN, URG, PSH). NULL probe (no TCP flags set). SYN/ACK probe. "super-user" privilege required. NOT EFFECTIVE FOR WINDOWS
UDP SCanning Technique = nmap -sU -v 10.10.10.10
Refer the list of reserved ports (Page-27 to 31) from courseware OR from wikipedia.
445 (SMB) Server Message Block: shares, username, accurate OS Version.
161,162 (SNMP) Simple N/W Management Protocol : system info, programs installed, usernames, n/w info.
Community Strings Password default for SNMP = Public , Private
139(TCP), 137(UDP) NetBIOS System name.
get system's name of the entire network range : nbtscan -r <IP-RANGE>
PING SWEEP = ICMP SWEEP = nmap -sn -PE -PA21,23,80,3389, 10.10.10.10-20 Angry IP SCanner, SolarWinds, NetScanTools Pro, Colasoft Ping Tool, Visual Ping Tester, OpUtils
PING SCAN = nmap -sn <IP_ADDRESS>. ICMP does not have port abstraction and it is not the same as port scanning.
nmap uses -P option to ICMP scan in parallel.
ICMP Type 13 message = requests the system timestamp
TCMP type 17 message = ADDRESS MARK REQUEST = netmask on a particular system.
Single Packet = 64 bytes (56 data bytes + 8 bytes of protocol header information).
NetBIOS information = computer name, workgroup name, currengly logged in WINDOWS user.
TCP Connect Scan = FULL OPEN Scan = 3-way-handshake > detects open port > sends RST packet = nmap -sT -v 10.10.10.10 = easily detectable scan and filterable.
Stealth Scan = Half-open scan = connection is RST just before completing the 3-way-handshake =hence half open. if target gives RST then port = closed.
Stealth Scan = Half-open scan is used for bypassing firewall rules, logging mechanism
ACK Flag probe scanning = nmap -sA -v 10.10.10.10 = no response from target = stateful firewall is present. if RST then port is not filtered.
IDLE/IPID Scan = nmap -Pn -p- -sI www.eccouncil.org www.certifiedhacker.com
SSDP & List Scanning = Simple Service Discovery Protocol.
Port Scanning Countermeasures = IDS, Firewall and all policies and rules to be configured properly.
IDS/Firewall Evasion Techniques = Packet Fragmentation, Source Routing, IP Address Decoy, IP addr spoofing, Proxy server chaining.
..partial.. to be completed in part-2.
Hi @DILEEP KUMAR M B - I think you should tag Baba using @Baba_2 so that he will get notified.
What is the Web cache poisoning ?
@baba, i missed to take up the quiz, kindly share me the link again for me to practise the test. Please help in this regard.
==== Module 8 SNIFFING====Sharing some quick tips post completion of lab related to Sniffing. I am absolutely sure I observed a couple of questions from below notes in sample tests.
Packet sniffer can capture data packets only from within a given subnet, which means that it cannot snif packets from another network.
2 Types = Passive and Active Sniffing
Passive = HUB BASED NETWORK
Active = Switch-Based n/w (generally ARP poisoning)
Protocols vulnerable to sniffing = HTTP, FTP, SMTP, POP etc.
N/W auditing tool = Wireshark, Cain & Abel etc.
Security Tools = PromqryUI detects attack on network.
HTTP traffic flows in plain text format = prone to MITM attack.
N/W analyzer = Capsa is a portable network for LANs and WLANs.
MAC Spoofing Tools = SMAC, GhostMAC, MAC Address Changer, Change MAC Address, SpoofMAC, Spoof-Me-Now, Tecnitium MAC Address Changer, Win7 MAC address Changer.
Secure N/W connection = use VPN and SSH Tunneling.
MITM is performed using Cain & Abel tool.
Detecting ARP Spoofing can be done by Wireshark, Xarp Tool.
Hey all we will share the quiz details soon.
Finally I have passed the CEH exam with a decent score a few moments ago. Thanks to the trainers @Baba_2 and Bipin Kulkarni.
Today, I appeared for CEHv10 Exam and cleared it.
I Wish to thank the trainer @Baba_2
Hearty Congratulations Dileep!
Thank you Sachin.
Many Congratulations @DILEEP KUMAR M B . Keep it up.
Mock exam details will be posted soon. please followup.