CEH Practical Exam Guide

Exam Information

  • Exam Title: Certified Ethical Hacker (Practical)
  • Number of Challenges: 20
  • Duration: 6 hours
  • Passing Score: 70% (14 Questions)

My Experince

  • If you are doing bug bounty hunting, then you are half way there.
  • NMAP and wordpress knowledge is really important.
  • Best part — Google searches are allowed (💥)
  • Cryptographic knowledge is important
  • SQL Injection plays a major role
  • Simple User Enumeration and OS Banner grabbing
  • Stegnography
  • RDP Connection

Tools that will help you to pass exam

  1. NMAP
  2. SQLMap
  3. Hydra
  4. Wireshark
  5. Veracrypt
  6. Hashcalc
  7. Dirb
  8. Steghide
  9. Searchsploit
  10. Hashcat
  11. John
  12. WPSCAN
  13. Rainbow crack ( This helped me to get my first 3 question answers! )
  14. Nikto
  15. Metasploit


  1. If you can pay then the best resource is ASPEN iLabs.
  2. VulnHub
  3. Tryhackme ( Different related rooms like crackthehash, wirectf, hydra, sqli)
  4. ASPEN iLabs YT video ( https://www.youtube.com/watch?v=ycZFk-GT5-I&list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH )

Sample Questions

  1. Which username was tampered? ( You need to solving by comparing Hash values)
  2. Wordpress Username Enumeration!
  3. Retrieve Database names ( SQLi)
  4. How many machines are there? ( NMAP)
  5. Phone number of User X? ( Metasploit/Parameter Tampering)
  6. What is the hidden text in X.jpeg (STEGHIDE)
  7. Password crack for VCRYPT
  8. IP Address/ Version of Running windows Server.

Some of the commands used by me

  1. hydra -l root -P passwords.txt [-t 32] ftp [ https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/]
  2. hydra -L usernames.txt -P pass.txt mysql
  3. hashcat.exe -m hash.txt rokyou.txt -O
  4. nmap -p443,80,53,135,8080,8888 -A -O -sV -sC -T4 -oN nmapOutput [https://www.stationx.net/nmap-cheat-sheet/]
  5. wpscan — url — enumerate u
  6. netdiscover -i eth0 [ https://www.100security.com.br/netdiscover ]
  7. john — format=raw-md5 password.txt [ To change password to plain text ]

Reach out in case of further help

Instagram: https://www.instagram.com/bug_xs/

Thank you for reading!! 🙌🙌




Security Analyst, Bug XS Community Leader

Love podcasts or audiobooks? Learn on the go with our new app.

Zenon’s Treasure Hunt: The missing 4 words.

PlatON 2.0 White Paper: Decentralized Privacy-Preserving AI Network | Part 3: Technical…

How to Recognize and Avoid Phishing Scams

Google Goes Into WEB3.0 Business

The UK’s first implementation of finger vein biometrics for authenticating user payments has taken…

The Beauty of SSL-Handshake

Why Secrets Management is Critical to DevOps Pipeline Security

Digitalization of Energy Sector using IoT/IIoT — an invitation to Cyber Attacks?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Parth Shukla

Parth Shukla

Security Analyst, Bug XS Community Leader

More from Medium

HackTheBox Pandora Write-Up

Daily Bugle TryHackMe Write-Up

THM’s Alfred — Walkthrough

PortSwigger Web Security Academy Server-side topics — SQL Injection