FEB 22 - March 22 || 2020 || CEH || Morning Batch

Discussion in 'CEH' started by Baba_2, Feb 21, 2020.

  1. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    345
    Likes Received:
    178
  2. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2
    upload_2020-2-22_19-22-25.png

    i am attend the today class but it don't show
     
    #2
  3. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2

    It takes some time to reflect, check now.
     
    #3
  4. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
    Hi Team,
    I Launched the "ilabs" from Ec-Council link. It is successfully launched and showing the scenario for LAB.
    But, Where do i see the "Procedure/Steps" to perform the Lab ? (I don't see any pdf to download here).

    Can anybody help me in finding the "Lab scenario steps" pdf ?
     

    Attached Files:

    #4
  5. David Vijay

    David Vijay Member

    Joined:
    Feb 6, 2020
    Messages:
    7
    Likes Received:
    0
    Hello Baba, i am David Vijay enrolled for the morning batch. I could not attend session on 22nd and 23rd Feb as i was out of town. But i downloaded the videos and completed and ready for next session.
     
    #5
  6. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2

    go to ASPEN and download the pdf and all study data

    like of ASPEN
    https://aspen.eccouncil.org
     
    #6
  7. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2
    any one can you provider me study material of 29 Feb.

    paint file
    tcp book

    thx
     
    #7
  8. Ian McDonald_1

    Ian McDonald_1 New Member

    Joined:
    Feb 17, 2020
    Messages:
    1
    Likes Received:
    0
    Has anyone been able to get in contact with Baba? he still has not answered my private messages from after the first session.
     
    #8
  9. Praneeth Dhanu Galla

    Joined:
    Feb 12, 2020
    Messages:
    1
    Likes Received:
    0
    Hi Ian, I see that Baba has replied to your message. Could you please paste his response here as I am beginner as well and his advice would really help. Thanks.
     
    #9
  10. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2
    for the mac user security tools

    site name :- objective-see
    1. Knock-knock :-
    Knock-knock uncovers persistently installed software in order to generically reveal such malware.

    2. Task-explorer :-
    Task-explorer allows one to visually explore all running processes.

    3. ReiKey :-
    ReiKey was designed to detect the keylogger .

    4. Dylib Hijack Scanner or DHS :-
    DHS will then scan and detect any applications that have been hijacked, or are vulnerable to hijacking.

    more information to visit : https://objective-see.com
     
    #10
  11. K Bhagya Lakshmi

    K Bhagya Lakshmi New Member

    Joined:
    Dec 21, 2019
    Messages:
    1
    Likes Received:
    0
    Is anyone got to know when the MOCK test going to happen? is the dates are announced? Thank you.
     
    #11
  12. Ariel L Barriga

    Joined:
    Dec 17, 2019
    Messages:
    2
    Likes Received:
    0
    Baba- how can you get your parrot in full screen in virtual box? are you using virtual box ?
     
    #12
  13. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2
    baba can you give me all book link
     
    #13
  14. ABHISHEK GAJANAN SARAFDAR

    Joined:
    Dec 27, 2019
    Messages:
    1
    Likes Received:
    0
    Today 75 que quiz not available , its only 22 que and on Scanning topic.please share the today 75 que quiz.
     
    #14
  15. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    @Baba_2 : This might sound like a redundant question but I am unable to search for Victim PC virtual image (Windows 7, and Windows Server 2012 and 2016). I am all set with the Windows 10 image but stuck on the others. Any easy location for share please ?
     
    #15
  16. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
  17. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Dear Ariel,

    Generally Google search can help you with these types of How to.. queries.
    example - check if this can help you !
    https://www.nakivo.com/blog/make-virtualbox-full-screen/

    Best Regards,
    --Sachin
     
    #17
  18. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    #18
    Pawanbeniwal likes this.
  19. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
    Hi , I am waiting for 125 questions quiz ...
    may i know the link for this quiz (Feb 22 - March 22 : Morning batch )
     
    #19
  20. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Module 2 Footprinting and Reconnaisance

    Sharing some tools/quick tips/notes/terminologies/jargons for this module that I could prepare for myself. Hope this helps!

    Footprinting through Search Engines (Google, Bing, Yahoo, Ask, AOL, Baidu, DuckDuckGo)
    Google Hacking Techniques [cache:] [allintitle:] [link:] [intitle:] [related:] [allinurl:] [info:] [inrul:] [site:] [location:]
    Sensitive Information Left On Public Servers : GHDB (Google Hacking Database)
    Sublist3r python program for listing the TLD = Top-Level Domains & Sub-domains [sublist3r -d google.com -p 80 -e Bing]
    Geographical Location : Google Maps, Wikimapia, National Geographic Maps, Yahoo Maps, Bing Maps,
    People Search : pipl, Spokeo, BeenVerified, Intelius
    InSpy Utility : Gathering information From LinkedIn. This utility is available on Kali Linux and Parrot OS.
    Financial Services / Financial Information : Google Finance, Yahoo Finance, The Street, Market Watch.
    Job Sites: Footprinting can be done through job sites to find out what tools/servers/OS are used in some Org. indeed.com, careerbuilder.com, dice.com, glassdoor.com, linkedin.
    Monitoring Using Alerts: Google Alerts, Twitter alerts, Giga Alert, TalkWalker Alerts
    Determine OS : Netcraft, Shodan, Censys
    Website Footprinting : Burp Suite, Zaproxy, Paros Proxy, Website Informer, Firebug.
    Web spiders perform automated searches on the target website and collect specified information like email addrs and names.
    Web Spidering Tools : SpiderFoot, Visual SEO Studio, WildShark SEO Spider Tool, Beam Us Up SEO Spider SEO, Scrapy, Screaming Frog, Xenu
    Website Mirroring Tools : NCollector Studio, Teleport Pro, Portable Offline Browser, Website Ripper Copier, Gnu Wget, HTTrack Website Copier, Pavuk, BlackWidow, SurfOffline
    Website Archives : archive.org
    Extract Metadata of Public Documents = Metadata extraction tools = ExtractMetadata, FOCA, Meta Tag Analyzer, BuzzStream, Analyze Metadata, Exiftool
    Web-site Watcher = Website Changes Monitor: VisualPing, FollowThatPage, Versionista, WatchThatPage, OnWebChange, InfoMinder, UpdateScanner, Check4Change
    Email Tracking Tools = Email Footprinting : PoliteMail, Yesware, ContactMonkey, Zendio, ReadNotify, DidTheyReadIt, Trace Email (whatismyipaddress.com), emailtrackerpro, GetNotify
    Competitive Intelligence Gathering : EDGAR DB, Hoovers, LexisNexis, Business Wire, company websites, search engines, press release, patent & trademarks, product catalogue, FACTIVA
    Competitive Intelligence Company Plans : MarketWatch, TWST (the wall street transcript) alexa, euromonitor, experian, sec info, the search monitor, USPTO.
    Competitive Intelligence Expert Opinions: (ABI/INFORM Global) ProQuest, SimilarWeb, AttentionMeter, Copernic Tracker, SEMRush.
    Online Reputation Management (ORM): Trackur, Brand24, Social Mention, ReviewTrackers, Rankur, ReputationDEfender, BrandYourself, Google Alerts, WhosTAlkin, PR Software (cision.com), BrandsEye, TalkWalker
    WHOis Lookup : ARIN, AFRINIC, APNIC, RIPE, LACNIC and huge number of other websites
    IP Geolocation Lookup Tools : IP2Location, Geo IP Tool, IP Location Finder (tools.keycdn.com), ipfingerprints.com, iplocation.net, maxmind.com, risk.neustar, webhostinghero.com
    DNS Records :
    A : Points to a host's IP Address
    MX : Points to domain's mail server
    NS : Points to host's name server
    CNAME: Canonical naming allows aliases to a host
    SOA : Indicate authority for domain
    SRV : Service records
    PTR : Maps IP address to a hostname
    RP : Responsible Person
    HINFO: Host information record includes CPU type and OS
    TXT : Unstructured text records
    DNS Interrogation Tools : dnsstuff.com, kloth.net, mydnstools.info, centralops.net, nirsoft.net, dnswatch.info, dnstools.com, domaintools.com, dnsqueries.com, ultratools.com
    DNS Interrogation Tools On Smartphone : themaillaundry.com, ulfdittmer.com, iptools.su, networkpanda.com, dnssniffer.com
    IANA = Internet Assigned Numbers Authority has reserved the following three blocks of IP address space for private internets
    10.0.0.0 - 10.255.255.255 (10/8 prefix),
    172.16.0.0-172.31.255.255 (172.16/12 prefix) and
    192.168.0.0-192.168.255.255 (192.168/16 prefix).

    Traceroute Tools : pathanalyzer.com, GEO Spider oreware.com, Trout mcafee.com Magic NetTrace tialsoft.com, pingplotter.com, tools.keycdn.com, networkpinger.com, roadkil.net, analogx.com, ping-probe.com
    Social Engineering Techniques : Eavesdropping, Shoulder Surfing, Dumpster Diving, Impersonation
    Footprinting Tools : Maltego & Recon-ng (bitbucket.org), FOCA (Fingerprinting Organizations with Collected Archives), Recon-Dog
    OSRFramework
     
    #20
    David Vijay and DILEEP KUMAR M B like this.
  21. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
     
    #21
    Baba_2 likes this.
  22. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
    Hi Baba,
    Any Quiz scheduled for this Batch ?
    What about the Mock tests ?
     
    #22
  23. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Module 3- Scanning Networks (Part -1)
    Sharing quick notes for n/w scanning module. This is very high weight module and needs a huge time from my perspective. Hope it helps.

    Objectives Of Network Scanning = Identifying live hosts, IP addresses, ports, services, vulnerabilities, operating system, system architecture
    Fingerprinting : Finding OS and System architecture.
    Scanning Types : Port Scanning, Network Scanning, Vulnerability Scanning,
    TCP Communication Flags :
    SYN : Synchronize : Initiate connection between hosts
    ACK : Acknowledgement : Acknowledge receipt of packet
    PSH : Push : Send all bufferred data immedately
    RST : Reset : Reset a connection [Attackers use this to scan hosts in search of open ports]
    FIN : Finish : No further transmissions
    URG : Urgent : data contained in the packet should be processed immedately

    SYN scanning mainly deals with three flags : SYN, ACK and RST. These are used for gathering illegal info from servers during enumeration.
    TCP Connection Establishment = Three Way Handshake as below:
    CLIENT > SYN, SEQ#10 > SERVER
    CLIENT < SYN + ACK, ACK#11, SEQ#142 < SERVER
    CLIENT > ACK, ACK#143, SEQ#11 > SERVER

    TCP Session Termination done as below:
    CLIENT > FIN, SEQ#50 > SERVER
    CLIENT < ACK, ACK#51, SEQ#170 < SERVER
    CLIENT < FIN, SEQ#171 < SERVER
    CLIENT > ACK, ACK#172, SEQ#51 > SERVER

    Packet Crafting / Fragmenting Packets / Packet Building/ Creating Custom packets = similar terms
    Packet Crafting Tools : Colasoft Packet Builder, NetscanTools, Ostinato, SolarWinds, Packeth, Bittwist, WireEdit
    IPv6 increases the IP Address size from 32-bits to 128-bits to support more levels of addressing hierarchy.
    Scanning Tool: nmap, hping2, hping3
    Nmap can craft packets to send to target to find information such as live hosts on network, services ( application name and version), operating system,
    OS versions, type of packet filter/firewall.
    Nmap includes flexible data transfer, redirection, debugging tool Ncat, comparing scan utility Ndiff and packet generation and response analysis tool Nping.
    hping2/hping3 : command line network scanning and command line packet crafting tool for TCP/IP protocol.
    MTU : Maximum Transmission Unit
    hping2/hping3 : sends ICMP echo requests and supports TCP, UDP, ICMP and raw-IP protocol
    hping2/hping3 : performs n/w security auditing, firewall testing, manual path MTU discovery, advanced traceroute, remote OS fingerprinting, remote uptime guessing
    hping2/hping3 : can send custom TCP/IP packets

    ICMP Scanning = Ping Sweep = Sending ICMP request OR ping to all hosts on n/w to determine which one is UP.

    ICMP Ping : hping3 -1 10.0.0.25
    SYN scan port 50-60 : hping3 -8 50-60 -S 10.0.0.25 -V
    ACK scn on port 80 : hping3 -A 10.0.0.25 -p 80
    FIN/PUSH.URG scan on port 80 : hping3 -F -P -U 10.0.0.25 -p 80
    UDP scan on port 80 : hping3 -2 10.0.0.25 -p 80
    Scan entire subnet for live hosts: hping3 -1 10.0.1.x --rand-dest -I eth0
    Collecting initial sequence number : hping3 192.168.1.103 -Q -p 139 -s
    intercept all traffic with http signature : hping3 -9 HTTP -I eth0
    Firewalls and Timestamps : hping3 -S 72.14.207.99 -p 80 --tcp-timestamp
    SYN FLOODING : hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 --flood

    DNS ZONE TRANSFER takes TCP PORT 53
    Scanning Tools : NetScanTools Pro, SuperScan(McAfee), PRTG N/W Monitor (paessler.com), OmniPeek(savvius.com),MiTeC N/W Scanner, NEWT Professional(komodolabs.com), Mega Ping (magnetosoft.com).
    Scanning Tools For Mobile : Hackode, Zanti, Csploit, Faceniff, PortDroid Network Analysis, Pamn IP Scanner
    Scanning Techniques : ICMP Scanning, TCP Scanning, UDP Scanning.
    ICMP Scanning Techniques: ICMP Scanning, Ping Sweep, ICMP Echo Scanning. (used for locating active devices OR determining if ICMP goes through firewall).
    TCP Scanning Techniques: Open TCP Scanning Methods (TCP Connect=Full open scan). Stealth (Half-open, Xmas, FIN Scan, NULL Scan), ACK Flag PRobe Scanning.
    Third Party and Spoofed TCP scanning (IDLE/IP ID Header scanning).
    Inverse TCP SCanning : Xmas Scan,FIN Scan,NULL Scan. = attacker sends probe packet with TCP flag (FIN, URG, PSH, NULL). RST = closed. No response = port open.
    FIN probe. Xmas probe (FIN, URG, PSH). NULL probe (no TCP flags set). SYN/ACK probe. "super-user" privilege required. NOT EFFECTIVE FOR WINDOWS
    UDP SCanning Technique = nmap -sU -v 10.10.10.10
    Refer the list of reserved ports (Page-27 to 31) from courseware OR from wikipedia.
    445 (SMB) Server Message Block: shares, username, accurate OS Version.
    161,162 (SNMP) Simple N/W Management Protocol : system info, programs installed, usernames, n/w info.
    Community Strings Password default for SNMP = Public , Private
    139(TCP), 137(UDP) NetBIOS System name.
    get system's name of the entire network range : nbtscan -r <IP-RANGE>
    PING SWEEP = ICMP SWEEP = nmap -sn -PE -PA21,23,80,3389, 10.10.10.10-20 Angry IP SCanner, SolarWinds, NetScanTools Pro, Colasoft Ping Tool, Visual Ping Tester, OpUtils
    PING SCAN = nmap -sn <IP_ADDRESS>. ICMP does not have port abstraction and it is not the same as port scanning.
    nmap uses -P option to ICMP scan in parallel.
    ICMP Type 13 message = requests the system timestamp
    TCMP type 17 message = ADDRESS MARK REQUEST = netmask on a particular system.
    Single Packet = 64 bytes (56 data bytes + 8 bytes of protocol header information).
    NetBIOS information = computer name, workgroup name, currengly logged in WINDOWS user.
    TCP Connect Scan = FULL OPEN Scan = 3-way-handshake > detects open port > sends RST packet = nmap -sT -v 10.10.10.10 = easily detectable scan and filterable.
    Stealth Scan = Half-open scan = connection is RST just before completing the 3-way-handshake =hence half open. if target gives RST then port = closed.
    Stealth Scan = Half-open scan is used for bypassing firewall rules, logging mechanism
    ACK Flag probe scanning = nmap -sA -v 10.10.10.10 = no response from target = stateful firewall is present. if RST then port is not filtered.
    IDLE/IPID Scan = nmap -Pn -p- -sI www.eccouncil.org www.certifiedhacker.com
    SSDP & List Scanning = Simple Service Discovery Protocol.
    Port Scanning Countermeasures = IDS, Firewall and all policies and rules to be configured properly.
    IDS/Firewall Evasion Techniques = Packet Fragmentation, Source Routing, IP Address Decoy, IP addr spoofing, Proxy server chaining.
    ..partial.. to be completed in part-2.
     
    #23
    David Vijay and DILEEP KUMAR M B like this.
  24. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Hi @DILEEP KUMAR M B - I think you should tag Baba using @Baba_2 so that he will get notified.
     
    #24
    DILEEP KUMAR M B likes this.
  25. Pawanbeniwal

    Pawanbeniwal Member

    Joined:
    Jan 20, 2020
    Messages:
    9
    Likes Received:
    2
    What is the Web cache poisoning ?
     
    #25
  26. David Vijay

    David Vijay Member

    Joined:
    Feb 6, 2020
    Messages:
    7
    Likes Received:
    0
    @baba, i missed to take up the quiz, kindly share me the link again for me to practise the test. Please help in this regard.
     
    #26
  27. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    ==== Module 8 SNIFFING====
    Sharing some quick tips post completion of lab related to Sniffing. I am absolutely sure I observed a couple of questions from below notes in sample tests.

    Packet sniffer can capture data packets only from within a given subnet, which means that it cannot snif packets from another network.
    2 Types = Passive and Active Sniffing
    Passive = HUB BASED NETWORK
    Active = Switch-Based n/w (generally ARP poisoning)
    Protocols vulnerable to sniffing = HTTP, FTP, SMTP, POP etc.
    N/W auditing tool = Wireshark, Cain & Abel etc.
    Security Tools = PromqryUI detects attack on network.
    HTTP traffic flows in plain text format = prone to MITM attack.
    N/W analyzer = Capsa is a portable network for LANs and WLANs.
    MAC Spoofing Tools = SMAC, GhostMAC, MAC Address Changer, Change MAC Address, SpoofMAC, Spoof-Me-Now, Tecnitium MAC Address Changer, Win7 MAC address Changer.
    Secure N/W connection = use VPN and SSH Tunneling.
    MITM is performed using Cain & Abel tool.
    Detecting ARP Spoofing can be done by Wireshark, Xarp Tool.
     
    #27
  28. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    345
    Likes Received:
    178
    Hey all we will share the quiz details soon.
     
    #28
  29. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Finally I have passed the CEH exam with a decent score a few moments ago. Thanks to the trainers @Baba_2 and Bipin Kulkarni.
     
    #29
    Pawanbeniwal and Baba_2 like this.
  30. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    345
    Likes Received:
    178
    hearty congratulations.
     
    #30
    Sachin Marawar_1 likes this.
  31. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
    Hello All,
    Today, I appeared for CEHv10 Exam and cleared it.
    I Wish to thank the trainer @Baba_2
     
    #31
    Sachin Marawar_1 likes this.
  32. Sachin Marawar_1

    Sachin Marawar_1 Active Member

    Joined:
    Apr 9, 2016
    Messages:
    16
    Likes Received:
    11
    Hearty Congratulations Dileep!
     
    #32
  33. DILEEP KUMAR M B

    Joined:
    Feb 7, 2020
    Messages:
    9
    Likes Received:
    2
    Thank you Sachin.
     
    #33
  34. Puneet Tambi

    Puneet Tambi Active Member

    Joined:
    Jul 30, 2019
    Messages:
    30
    Likes Received:
    11
    Many Congratulations @DILEEP KUMAR M B . Keep it up.
     
    #34
  35. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    345
    Likes Received:
    178
    Mock exam details will be posted soon. please followup.
     
    #35

Share This Page