This Repo will help you to prepare better for CEH - Practical Exam
- Exam Title: Certified Ethical Hacker (Practical)
- Number of Challenges: 20
- Duration: 6 hours
- Passing Score: 70% (14 Questions)
- If you are doing bug bounty hunting, then you are half way there.
- NMAP and wordpress knowledge is really important.
- Best part - Google searches are allowed (π₯)
- Cryptographic knowledge is important
- SQL Injection plays a major role
- Simple User Enumeration and OS Banner grabbing
- Stegnography
- RDP Connection
- NMAP
- SQLMap
- Hydra
- Wireshark
- Veracrypt
- Hashcalc
- Dirb
- Steghide
- Searchsploit
- Hashcat
- John
- WPSCAN
- Rainbow crack ( This helped me to get my first 3 question answers! )
- Nikto
- Metasploit
- If you can pay then the best resource is ASPEN iLabs.
- VulnHub
- Tryhackme ( Different related rooms like crackthehash, wirectf, hydra, sqli)
- ASPEN iLabs YT video ( https://www.youtube.com/watch?v=ycZFk-GT5-I&list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH )
- Which username was tampered? ( You need to solving by comparing Hash values)
- Wordpress Username Enumeration!
- Retrieve Database names ( SQLi)
- How many machines are there? ( NMAP)
- Phone number of User X? ( Metasploit/Parameter Tampering)
- What is the hidden text in X.jpeg (STEGHIDE)
- Password crack for VCRYPT
- IP Address/ Version of Running windows Server.
- hydra -l root -P passwords.txt [-t 32] ftp [ https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/]
- hydra -L usernames.txt -P pass.txt mysql
- hashcat.exe -m hash.txt rokyou.txt -O
- nmap -p443,80,53,135,8080,8888 -A -O -sV -sC -T4 -oN nmapOutput 10.10.10.10 [https://www.stationx.net/nmap-cheat-sheet/]
- wpscan --url https://10.10.10.10/ --enumerate u
- netdiscover -i eth0 [ https://www.100security.com.br/netdiscover ]
- john --format=raw-md5 password.txt [ To change password to plain text ]
0xParth is a passionate cybersecurity professional who brings together expertise in multiple domains:
- π» Security Analyst - Specializing in vulnerability assessment and security testing
- πΉ Bug Bounty Hunter - Active participant in bug bounty programs
- π±βπ€ Community Leader - Leading and contributing to the security community
- π· YouTuber - Creating educational content at @BUGXS
- Instagram: @0xparth
- LinkedIn: /in/parthshu18
- Twitter: @0xparth
- Medium: @0xParth
- YouTube: @BUGXS
C, JavaScript, Python, Shell Script, Linux, Jira, Docker, Postman
- CEH-Practical-Guide - This Repo will help you to prepare better for CEH - Practical Exam (50 β)
- All-Bug-Dorks - Google dorks to find Bug Bounty Programs (1 β)
- API_Labs - Creating API labs for Classes
- Network_Scanner - Network scanner utility
- MAC_Changer - This script will help you out to change your MAC Address temporarily!
- takeoveer - Subdomain takeover toolkit
- 0xParth - Config files for my GitHub profile
- 0xparth.github.io - Personal website
- RecIT - Ultimate Recon Script π₯ (Private) - π Detailed Guide
- Recon-V2.0 - Backup to /Recon/V2.0 (Private)
- certsubs-corp - Certsubs for Enterprise (Private)
- recon - Reconnaissance tools (Private)
- hackathon - Hackathon projects (Private)
- certsubs-app - Certsubs for Bug Bounty Hunters (Private)
- pyRIT_Wrapper - PyRIT wrapper utility (Private)
- allsubz - All subdomains finder (Private)
- IntentClassifier - Intent classification tool (Private)
- PromptGuard - Prompt protection utility (Private)
- DocuCraft-AI - AI-powered documentation tool (Private)
- credential-stuffing - Credential stuffing testing (Private)
Instagram: https://www.instagram.com/bug_xs/
Thank you for reading!! ππ