This post sums up the scattered information I have found regarding Certified Ethical Hacker (CEH) Practical Exam and my conclusions about how to prepare it.
My intention is not to include real questions from the exam, but give advice to exam candidates about how to pass it.
FAQ
What is the source material on which CEH Practical exam questions are based?
CEH Practical certification is the practical counterpart of CEH ANSI; as the name implies, it is its practical exam. So you need to know very well the theory basis in CEH ANSI, whose EC-Council official preparation material is called e-Courseware. Nevertheless, the questions of CEH Practical are not focused on e-Courseware, as CEH ANSI exam was already focused on it.
CEH Practical is based on the EC-Council official iLabs, that offers virtual labs and step-by-step exercises guides. iLabs should be your main reference to prepare this exam.
Complementary to both of them, there are videos presented by instructor Eric Reed, explaining both e-Courseware slides and iLabs exercises. These videos are not mandatory but are recommendable, as they explain the material in a more familiar way. I would recommend to watch them as a first approach, then go for slides and iLabs.
The package with all these online courses is called CEH iLearn
The EC-Council platform that centralizes the three above-mentioned sources is called iClass.
How can I prepare CEH Practical Exam?
According to the testimonials of some people I have found on the internet, an 85% is very similar to the exercises you do on iLabs. So it is highly recommended to hire iLabs and complete all exercises, and make notes about them, specially on the software that you need to master (they are detailed below). Exercises are so similar to the ones seen on iLabs that I would recommend not other platform than the official.
Alternatively, you can use the third-party Skillset CEH labs. Some exercises are for free, so it allows you to test the environment and methodology before deciding to hire it. I did not try any of them myself.
Some users propose to do some basics CTF’s (Capture the Flags), solve vulnerability scenarios (e.g., VulnHub, HackTheBox), watch hacking videos in YouTube (like Zero to root) and practice basics with tools (e.g., command line cybersecurity tools) in order to prepare the exam. I did not perform it myself and got 19 of 20 questions. So solving CTF’s is recommendable from a cybersecurity training point of view, but regarding CEH Practical is not necessary.
It is very important that you know how to scan the computers in your network. That is the very first step on any hacking attempt. Please find this post about it.
Which topics are enquired on CEH Practical Exam?
These are some of the topics, among others:
- Reconnaissance
- Scanning
- Enumeration
- Packet sniffing
- Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems, etc.
- System hacking, steganography
- Network scanning to identify live and vulnerable machines in a network.
- OS banner grabbing, service, and user enumeration.
- Different types of cryptography attacks.
- Web application attacks
- SQL injection attacks.
Which tools do I need to master for CEH Practical Exam?
The tools to be used on the exam are the one featured on iLabs.
At least:
- Scanning
- nmap (strongly!)
- Zenmap
- Sniffing
- Wireshark (strongly!)
- Rainbow tables
- RainbowCrack
- SQL Injection tools
- sqlmap
- Password brute-forcing tools
- Hydra
- John The Ripper
- WordPress Hacking
- wpscan
- Criptography
- hashcalc
- Veracrypt
- Steganography
- Quick Stego
Which tasks are NOT required to do CEH Practical Exam?
There is no need to write any bash-python-powershell or create custom payload.
I would pay less attention to these tools:
- Exploit frameworks
- Metasploit Framework
- Proxy tools:
- Burp Suite
- OWASP ZAP
- Malware creator
- ARP/MAC spoofers
- Cain and Abel
Is it really an open-book exam?
Yes, it is.
I heard from another candidate that you are not allow to check the iLabs, but I did not receive this instruction myself.
I could look up my personal notes on Google Docs about the iLabs themselves during the exam without any comment from proctor.
Is 6 hours enough to complete the exam?
Some users say it took them 2 hours to complete the exam, and some others say they finished 5 minutes before the time was over. So I suppose it depends on your skills, preparation, mental agility, state of mind, risk tolerance, etc.
In my case it took me 4 hours to complete 19 questions. I did not stop the timer while I took the break, so you have to remove 15 minutes, and then I spent one a half hour on the last exercise I did not got to complete.
Ensure you are familiar enough with tools that must be mastered to perform them quickly during the exam. I would recommend to have quick access to common syntax.
Are there any breaks allowed during the 6-hour exam?
During the 6-hour exam, I was granted just one 15-minute bathroom break.
I hear from other exam candidates that they had two 5-minute break, so it may vary.
You need to ask for these breaks. Since you ask them until they are granted, it may take some minutes to reply, so if you need an urgent bathroom break do not delay until it is too late.
During the exam, is there a unique lab for all exercises? Or is there a lab for each exam?
The environment to perform the exam is the same used for iLabs, so the interface must be familiar to those that attended the course.
Exam candidate has direct control on two machines: one is a Kali Linux machine, and the other one is Windows (probably Windows Server 2016).
Then he/she needs to discover what are the devices hosted inside its network. The machines in the network use the same OS as seen in iLabs, for example:
- Windows 10
- Windows Server 2012
- Windows 8
- Ubuntu
I suspect that the existing machines are the same as in iLabs, but with a different IP address.
The shared folder available on iLabs with all installers are also available. Files with password lists and other helpful stuff to solve labs is also available during the exam. In my case, I reused password lists instead of generating my own, like other exam candidates.
On the right pane, where you usually had the instructions in iLabs, you get the 20 questions. At the end of each questions there are radio buttons with options or a textbox to input the correct answer. Once you have replied all answers and finish the exam, you must warn proctor and click on “Submit”.
The same environment is used for each question. However, most questions are independent from each other, so you would not need to solve a question to continue with another. You can do them in any order.
How long does it take to get the results for the exam? Or is it corrected immediately?
Exam is corrected immediately, based on your input.
Once you finish the exam, you will find in Aspen platform the results for CEH Practical.
You might be also interested in…
- How to get Certified Ethical Hacker (CEH) Certification
- How to find devices on your network with nmap
External references
- Official references
- “Certified Ethical Hacker (Practical)“; EC-Council.
- “EC-Council Certification: Certified Ethical Hacker (Practical)“; EC-Council
- Feedback on exam by exam candidates
- “CEH Practical Exam Review“; Anon Tuttu Venus; medium.com; 2020-07-12
- “PASSED! EC-Council’s Certified Ethical Hacker (Practical)“; lightkun_yagami; medium.com; 2019-12-09.
- “CEH Practical“; vincedra; hackthebox.eu
- Useful info about the content
- https://www.stationx.net/nmap-cheat-sheet/
- https://www.poftut.com/how-to-scan-wordpress-sites-with-wpscan-tutorial-for-security-vulnerabilities/
- https://www.hackingarticles.in/database-penetration-testing-using-sqlmap-part-1/
- https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/
- https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux
- https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
[…] can read the main post about this […]