CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Various Firewall Evasion techniques with nmap
  • Fragmented scan
  • Use common source ports
  • Sending smaller packets to scan
  • Decoy scan
  • Spoof mac
  • 2. Colasoft packet builder to avoid AV
  • 3. Custom packet in Hping3
  • Flood/ DDOS with Hping3
  • 4. Browse anonymously with proxy switcher
  • 5.Browse anonymously with cyber Ghost

Was this helpful?

  1. Module 3. Scanning Networks

4. Scan beyond Firewalls and IDS

IDSs and firewalls are efficient security mechanisms; however, they still have some security limitations. You may be required to launch attacks to exploit these limitations using various IDS/firewall

Techniques to evade IDS/firewall:

  • Packet Fragmentation: Send fragmented probe packets to the intended target, which re-assembles it after receiving all the fragments

  • Source Routing: Specifies the routing path for the malformed packet to reach the intended target

  • Source Port Manipulation: Manipulate the actual source port with the common source port to evade IDS/firewall

  • IP Address Decoy: Generate or manually specify IP addresses of the decoys so that the IDS/firewall cannot determine the actual IP address

  • IP Address Spoofing: Change source IP addresses so that the attack appears to be coming in as someone else

  • Creating Custom Packets: Send custom packets to scan the intended target beyond the firewalls

  • Randomizing Host Order: Scan the number of hosts in the target network in a random order to scan the intended target that is lying beyond the firewall

  • Sending Bad Checksums: Send the packets with bad or bogus TCP/UDP checksums to the intended target

  • Proxy Servers: Use a chain of proxy servers to hide the actual source of a scan and evade certain IDS/firewall restrictions

  • Anonymizers: Use anonymizers that allow them to bypass Internet censors and evade certain IDS and firewall rules

1. Various Firewall Evasion techniques with nmap

Fragmented scan

nmap -f 192.168.18.110

Use common source ports

nmap -g 80 192.168.18.110

It used a common port to send the traffic. So, it evades firewall.

Sending smaller packets to scan

nmap --mtu 8 192.168.18.110

it fragments the packets (maximum 8 bytes size)

Decoy scan

nmap -D RND:10 192.168.18.110

decoy hides the actual source IP in a number of random IP addresses to hide the actual identity.

Spoof mac

nmap -sT -Pn --spoof-mac 0 192.168.18.110

-sT TCP scan

-Pn do not perform host discovery

--spoof-mac randomize the mac address

2. Colasoft packet builder to avoid AV

3. Custom packet in Hping3

hping3 --udp --rand-source --data 500 192.168.18.110

--data specifies the packet body size

hping3 -S -p 80 -c 5 192.168.18.110

-S is for syn scan

-p port number

-c number of packets

Flood/ DDOS with Hping3

hping3 192.168.18.110 --flood

4. Browse anonymously with proxy switcher

5.Browse anonymously with cyber Ghost

Previous3. Perform OS DiscoveryNext5. Network scanning using various tools

Last updated 6 months ago

Was this helpful?

Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Anonymous Browsing via Proxy Servers with Proxy Switcher
Logo
Packet Builder for Network Engineer - Colasoft
Logo
Fast, Secure & Anonymous VPN service | CyberGhost VPN
Logo