I am through !!!!!!

Viewing 20 reply threads
  • Author
    Posts
    • #720
      skel
      Participant

      Hi guys

      This note is to thank u for helping in my CEH. I got through the exam about 2 hrs ago with 91/100

      I have one advise to all who want to do the CEH. Grab a Test King or similar document. 95% of the questions are there. But dont rely on the answers given by them. Lot of mistakes there. But study each question carefully and find all background information from the web.

      If it is a tool, download it run it and experience it. Study all the Snort Logs , NMAP outputs using the questions as the guide.

      So by the time u are done though the question list you have gained more than enogh knowladge to pass.

      Best of Luck to those who plan to do the exam in the near future and thanks for the guys who gave me hints on areas to concentrate

      Bye

    • #10284
      morpheus063
      Participant

      Hi skel,

      Congrats – You did it. Now more support from your side is requested to help wanna-be CEH’s like me to achieve the goals.

      Regards and best wishes,

      Morpheus

    • #10285
      Don Donzal
      Keymaster

      Well done.

      Can you tell us what EH-Net content helped you? I’d be interested to hear what sections, threads, articles or members were most helpful.

      As for brain dumps, I agree with you. Most of the answers are wrong. But if you use the questions as a study guide and a foundation to plot your studies and lab work, that is a better way to go. On the other hand, this also means that you can pass the exam without them, and sometimes being provided the answers (albeit wrong ones) is too tempting for some. So leaving them alone is probably a better way to go.

      Now that you have passed the exam, now what? I’m sure you realize this is just the beginning!

      Congrats and we look forward to your participation,
      Don

    • #10286
      Anonymous
      Participant

      Good job!

    • #10287
      skel
      Participant

      Thanks everybody

      I agree with Don. But considering the extent of the tools covered and the size of the syllabus, you just cant cover everything unless you are full time studying. So a brain dump like test king is a excellent guide. And if you can find out the correct answers to the questions there, u are gurenteed to pass. 

      Anyway there were number of questions on packet dumps. So try to understand them. specially Snort dumps. learn to identify IP flags, ehternet and IP source and destination addresses. Also remember the hex codes for ASCII claractors ,numbers and special charactors like ‘. ( need this to identify sql injections) . Also remember common port numbers like FTP/Telnet/SSH/SSL/TFTP/SNMP/DNS/Netbios/Keberos/IKE authentication (port 500).

      If there are any specific questions, I will try to answer from what ever I know.

      Well thats it.

      Regards

    • #10288
      skel
      Participant

      @don wrote:

      Can you tell us what EH-Net content helped you? I’d be interested to hear what sections, threads, articles or members were most helpful.

      Well the chapter form the CEH: Exam Prep 2 – Technical Foundations of Hacking  http://www.ethicalhacker.net/content/view/50/2/was quite useful. Also the thread I started about 2 weeks ago. you, Oyle, and jimbob gave some hints on what to expect on the exams.

      @don wrote:

      Now that you have passed the exam, now what? I’m sure you realize this is just the beginning!

      Next in line is the two Checkpoint NG certifications. I did CCSA and CCSE for CP2000 about 5 years ago. Need to do it again for the NG.

      Anybody who has done it here ??

      Regards

    • #10289
      Negrita
      Participant

      Congratualtions on your CEH.

      @skel wrote:

      Next in line is the two Checkpoint NG certifications. I did CCSA and CCSE for CP2000 about 5 years ago. Need to do it again for the NG.

      Anybody who has done it here ??

      I did the CCSA and CCSE NG with Application Inteligence courses in September 2004, and I passed the CCSA exam (156-210.4) in February 2005. The latest exam is for CCSA NGX which is exam 156-215.

      If you’re going to be doing the cert, I recommend getting the official courseware, as it covers the material very well and the exam questions are taken from it word for word. Do you work regularly with Check Point products? Do you have any questions?

      Perhaps start a new thread as this isn’t really CEH related.

    • #10290
      skel
      Participant

      @Negrita wrote:

      Perhaps start a new thread as this isn’t really CEH related.

      Hi Negrita

      Will post my reply to the Certifications discussion group

      regards

    • #10291
      Anonymous
      Participant

      Hey skel, you mentioned that the Test King examine prep was filled with errors. Would you say the errors were 10% , 20% or more ?  There are several examine preps for the CEH that are available and it might be good if we had reviews of them for CEH candidates.  I know Preplogic and Boson offer CEH examine preps, but it seems I have only heard negatives about them so far.

    • #10292
      skel
      Participant

      Hi Kev

      I would think the errors would be around 10%. But which 10% is the big  question. Some CEH  questions are very ambigous. So even if u search the whole internet u cant get a  clear solution.

      For Ex look at the following q

      An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to
      match too many signatures hence it cannot reliably be identified:

      21 ftp
      23 telnet
      80 http
      443 https

      What does this suggest ?

      A. This is a Windows Domain Controller
      B. The host is not firewalled
      C. The host is not a Linux or Solaris system
      D. The host is not properly patched

      I realy dont know what the answer to this. And I got this in the exam too.

      So best is to use the test king as guide and dig for information. So end of the day u will not only pass the exam but have good knowlade on hacking too.

      I havent seen preplogic or Bonson Exams, But I read in one Checkpoint forum that one guy got only about 5 questions in the exams from the Bonson Practice test. May be a member who has done Bonson can comment on this.

      regards

    • #10293
      skel
      Participant

      @Kev wrote:

      Hey skel, you mentioned that the Test King examine prep was filled with errors. Would you say the errors were 10% , 20% or more ?  There are several examine preps for the CEH that are available and it might be good if we had reviews of them for CEH candidates.  I know Preplogic and Boson offer CEH examine preps, but it seems I have only heard negatives about them so far.

      Also Look at this question

      Snort has been used to capture packets on the network. On studying the packets, the penetration tester
      finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
      (Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP
      connection concepts and the ability to read packet signatures from a sniff dumo.)
      05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1
      TCP TTL:44 TOS:0x10 ID:242
      ***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
      .
      .
      .
      05/20-17:06:58.685879 192.160.13.4:31337 -> 172.16.1.101:1024
      TCP TTL:44 TOS:0x10 ID:242
      ***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
      What is odd about this attack? (Choose the most appropriate statement)
      A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
      B. This is back orifice activity as the scan comes from port 31337.
      C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
      D. There packets were created by a tool; they were not created by a standard IP stack.

      Test king says answer is B. But I think the answer should be D because a valid IP packet cannot have a all FRP flags set. So this has to be a tool.

      Maybe somebody can clarify this answer.

    • #10294
      Don Donzal
      Keymaster

      As for the 2 questions:

      1. The one I remember has a kerberos port open as well. This was the clue that it was a windows machine.
      2. 31337 (AKA: Elite) is the port used by Back Orifice. Once you see that, forget about the rest.

      Hope this helps,
      Don

    • #10295
      skel
      Participant

      Hi

      On the packet capture.

      1. This attack is obviously a port scan using malformed TCP packets (scaning ports from 1 to 1024)
      2. Also notice the scans originate form port 31337.
      3. The packets are TCP

      The BO is known to listen on port 31337. But I doubt that it originates sessions from the listning port. If the destination port was 31337 then the communication is probably BO. So the source port being 31337 could mean thst it is a random port but it just happened to be 31337 in this case.

      I can also remember reading somewhere that BO uses UDP  (may be I am wrong here).

      In addition does BO have plugins to do port scanning? This I dont know. I have not seen a plugin to do this.

      Therefore I doubt that this is a BO activity.

      Regards

    • #10296
      Anonymous
      Participant
    • #10297
      Negrita
      Participant

      I agree with Chris. I got this question in my exam and I chose D because of the Fin, Reset and Push flags being all in the same packet.

    • #10298
      Anonymous
      Participant

        You could make Back Orifice act like that by modifying the source code, but it does not act that way in its default install.  That’s great Skel, any other questions like that you remember from Test King?  The question I have is how does the CEH examine answer those questions?  Perhaps they agree incorrectly with Test King answers?  When I took the CEH examine a while back, I don’t remember them showing your mistakes with corrected answers, but just gave you a final score.  I have noticed mistakes in the EC-Council material so that concerns me a little.  Perhaps Test King is correct in their answers if the CEH is incorrect, LOL! 

    • #10299
      Anonymous
      Participant

      most certs are that way, that way the cheaters like TestKing dont get ALL the right answers at the end of the exam…

    • #10300
      skel
      Participant

      Hi

      Chris G
      Thanks for the link. It cleared the UDP doubt I had. And you are right. Some questions does not have a clear answer.(Like the first one I listed). Only God knows what EC think what the correct answer is.

      Kev
      I need to dig in to the Testking and will do it when I have some free time. This week I will be out of the city.

    • #10301
      JKD
      Participant

      Hi Skel,
        I was wondering if you would be kind enough to make a link to the Test King site that you used. I noticed there is a TestKingcerts.com , a TestKing.org, a Testking.com, a Testkings.com,etc… I hoping to add something extra to study for my test.
      Thanks in advance,
      JKD

    • #10302
      Don Donzal
      Keymaster

      PM him. Not trying to be difficult, but we don’t need to give them publicity and higher search ranks with a link.

      Don

    • #10303
      slimjim100
      Participant

      skel Great job! I have seen a lot of people fail Certs because they depended on the testkings and other like sheets. I agree with “skel” as they are useful as just a small part of the study you need to pass and really understand the content. Thanks again for you input of the test and how you prepared.

      Slimjim100

Viewing 20 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?