.

I am through !!!!!!

<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Sat Sep 16, 2006 10:51 am

I am through !!!!!!

Hi guys

This note is to thank u for helping in my CEH. I got through the exam about 2 hrs ago with 91/100

I have one advise to all who want to do the CEH. Grab a Test King or similar document. 95% of the questions are there. But dont rely on the answers given by them. Lot of mistakes there. But study each question carefully and find all background information from the web.

If it is a tool, download it run it and experience it. Study all the Snort Logs , NMAP outputs using the questions as the guide.

So by the time u are done though the question list you have gained more than enogh knowladge to pass.

Best of Luck to those who plan to do the exam in the near future and thanks for the guys who gave me hints on areas to concentrate

Bye
Skel
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sat Sep 16, 2006 11:04 am

Re: I am through !!!!!!

Hi skel,

Congrats - You did it. Now more support from your side is requested to help wanna-be CEH's like me to achieve the goals.

Regards and best wishes,

Morpheus
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 16, 2006 12:06 pm

Re: I am through !!!!!!

Well done.

Can you tell us what EH-Net content helped you? I'd be interested to hear what sections, threads, articles or members were most helpful.

As for brain dumps, I agree with you. Most of the answers are wrong. But if you use the questions as a study guide and a foundation to plot your studies and lab work, that is a better way to go. On the other hand, this also means that you can pass the exam without them, and sometimes being provided the answers (albeit wrong ones) is too tempting for some. So leaving them alone is probably a better way to go.

Now that you have passed the exam, now what? I'm sure you realize this is just the beginning!

Congrats and we look forward to your participation,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Sat Sep 16, 2006 3:12 pm

Re: I am through !!!!!!

Good job!
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Sun Sep 17, 2006 11:01 pm

Re: I am through !!!!!!

Thanks everybody

I agree with Don. But considering the extent of the tools covered and the size of the syllabus, you just cant cover everything unless you are full time studying. So a brain dump like test king is a excellent guide. And if you can find out the correct answers to the questions there, u are gurenteed to pass. 

Anyway there were number of questions on packet dumps. So try to understand them. specially Snort dumps. learn to identify IP flags, ehternet and IP source and destination addresses. Also remember the hex codes for ASCII claractors ,numbers and special charactors like '. ( need this to identify sql injections) . Also remember common port numbers like FTP/Telnet/SSH/SSL/TFTP/SNMP/DNS/Netbios/Keberos/IKE authentication (port 500).

If there are any specific questions, I will try to answer from what ever I know.

Well thats it.

Regards
Skel
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Sun Sep 17, 2006 11:18 pm

Re: I am through !!!!!!

don wrote:Can you tell us what EH-Net content helped you? I'd be interested to hear what sections, threads, articles or members were most helpful.


Well the chapter form the CEH: Exam Prep 2 - Technical Foundations of Hacking  http://www.ethicalhacker.net/content/view/50/2/was quite useful. Also the thread I started about 2 weeks ago. you, Oyle, and jimbob gave some hints on what to expect on the exams.


don wrote:Now that you have passed the exam, now what? I'm sure you realize this is just the beginning!


Next in line is the two Checkpoint NG certifications. I did CCSA and CCSE for CP2000 about 5 years ago. Need to do it again for the NG.

Anybody who has done it here ??

Regards
Skel
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Mon Sep 18, 2006 1:14 am

Re: I am through !!!!!!

Congratualtions on your CEH.

skel wrote:Next in line is the two Checkpoint NG certifications. I did CCSA and CCSE for CP2000 about 5 years ago. Need to do it again for the NG.

Anybody who has done it here ??


I did the CCSA and CCSE NG with Application Inteligence courses in September 2004, and I passed the CCSA exam (156-210.4) in February 2005. The latest exam is for CCSA NGX which is exam 156-215.

If you're going to be doing the cert, I recommend getting the official courseware, as it covers the material very well and the exam questions are taken from it word for word. Do you work regularly with Check Point products? Do you have any questions?

Perhaps start a new thread as this isn't really CEH related.
Last edited by Negrita on Mon Sep 18, 2006 1:18 am, edited 1 time in total.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Mon Sep 18, 2006 5:15 am

Re: I am through !!!!!!

Negrita wrote:
Perhaps start a new thread as this isn't really CEH related.


Hi Negrita

Will post my reply to the Certifications discussion group

regards
Skel
<<

Kev

Post Mon Sep 18, 2006 4:45 pm

Re: I am through !!!!!!

Hey skel, you mentioned that the Test King examine prep was filled with errors. Would you say the errors were 10% , 20% or more ?  There are several examine preps for the CEH that are available and it might be good if we had reviews of them for CEH candidates.  I know Preplogic and Boson offer CEH examine preps, but it seems I have only heard negatives about them so far.
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Tue Sep 19, 2006 2:07 am

Re: I am through !!!!!!

Hi Kev

I would think the errors would be around 10%. But which 10% is the big  question. Some CEH  questions are very ambigous. So even if u search the whole internet u cant get a  clear solution.

For Ex look at the following q

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to
match too many signatures hence it cannot reliably be identified:

21 ftp
23 telnet
80 http
443 https


What does this suggest ?

A. This is a Windows Domain Controller
B. The host is not firewalled
C. The host is not a Linux or Solaris system
D. The host is not properly patched

I realy dont know what the answer to this. And I got this in the exam too.

So best is to use the test king as guide and dig for information. So end of the day u will not only pass the exam but have good knowlade on hacking too.

I havent seen preplogic or Bonson Exams, But I read in one Checkpoint forum that one guy got only about 5 questions in the exams from the Bonson Practice test. May be a member who has done Bonson can comment on this.

regards
Skel
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Tue Sep 19, 2006 2:26 am

Re: I am through !!!!!!

Kev wrote: Hey skel, you mentioned that the Test King examine prep was filled with errors. Would you say the errors were 10% , 20% or more ?  There are several examine preps for the CEH that are available and it might be good if we had reviews of them for CEH candidates.  I know Preplogic and Boson offer CEH examine preps, but it seems I have only heard negatives about them so far.



Also Look at this question

Snort has been used to capture packets on the network. On studying the packets, the penetration tester
finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP
connection concepts and the ability to read packet signatures from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
.
.
.
05/20-17:06:58.685879 192.160.13.4:31337 -> 172.16.1.101:1024
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
D. There packets were created by a tool; they were not created by a standard IP stack.

Test king says answer is B. But I think the answer should be D because a valid IP packet cannot have a all FRP flags set. So this has to be a tool.

Maybe somebody can clarify this answer.
Skel
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Sep 19, 2006 10:59 am

Re: I am through !!!!!!

As for the 2 questions:

1. The one I remember has a kerberos port open as well. This was the clue that it was a windows machine.
2. 31337 (AKA: Elite) is the port used by Back Orifice. Once you see that, forget about the rest.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Wed Sep 20, 2006 1:09 am

Re: I am through !!!!!!

Hi

On the packet capture.

1. This attack is obviously a port scan using malformed TCP packets (scaning ports from 1 to 1024)
2. Also notice the scans originate form port 31337.
3. The packets are TCP

The BO is known to listen on port 31337. But I doubt that it originates sessions from the listning port. If the destination port was 31337 then the communication is probably BO. So the source port being 31337 could mean thst it is a random port but it just happened to be 31337 in this case.

I can also remember reading somewhere that BO uses UDP  (may be I am wrong here).

In addition does BO have plugins to do port scanning? This I dont know. I have not seen a plugin to do this.

Therefore I doubt that this is a BO activity.

Regards
Skel
<<

LSOChris

Post Wed Sep 20, 2006 9:42 am

Re: I am through !!!!!!

<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Wed Sep 20, 2006 10:33 am

Re: I am through !!!!!!

I agree with Chris. I got this question in my exam and I chose D because of the Fin, Reset and Push flags being all in the same packet.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software