Published in


Certified Ethical Hacker Practical Exam Guide

Hola Hackers, Today I’m going to share my experience about the CEH Practical Exam, which i have cleared recently and scored 19/20, in this article ill share the tools, resources, Windows based commands, Linux based commands and some deep insights.

Archive of stories about Ceh Practical – Medium
Image form EC-Council

Lets Start,

It was a 6hrs exam, I’ve finished all the 19 question in 2.5 hrs and spent 2 hrs on one single question which i was not able to exploit, the question was like “Retrieve the text file from the Server 2019 machine using the backdoor that was installed in the machine” there were some ports open and tried all kind of methodologies to exploit nothing worked.

Directly I’ll jump into the technical details, I don't want to bore you with the instructions and stuff.

Tools were used in the exam.

1) Nmap
2) Snow — Stegnography
3) Open Stego
3) Wpscan
4) WireShark
5) SqlMap
7) Hashcat
8) John
9) Hydra
10) Veracrypt
11) Crypttool
12) Hash Calculator
13) MD5 Calculator
14) PhoneSploit
15) MetaSploit
16) BCTextEncoder

Topics Covered

1) Scanning and Enumeration
2) Web-Application Pentesting
3) Cryptography
4) Stegnography
5) Dos & DDOS (Packet Sniffing)
6) Android Exploit

Sample Questions

1) Find the IP address of the machine which is running the RDP?
2) Find the OS name of the machine which is running MySQL database?
3) Find the HTTP method that poses a high risk to the application
4) Find the Phone number the employee?
5) Find the file name which is tampered by comparing the hashes which is given in the /hashes folder?
6) Decrypt the volume file using veracrypt?
7) Connect to the Server remotely using the credentials give by RDP?
8) Decode the file which is encoded in DES(ECB) format?
9) Find the password of the wordpress user “Raj”?
10) Find the attacker IP address who has launched the DOS attack?
11) Find the number of machines that were used to iniate the DDOS attack?
12) Find the username/password from the pcap file, which is in plain text?
13) Extract the information from the SDcard of the Android User?


There were more windows based questions so you have to practice on windows GUI tools like mentioned below.
1)Open Stego” for Stegnography

2)WireShark” for Pcap analysis

3)ZAP” for SQLInjecion exploit

4)Veracrypt” for Disk Decryption

5)Hash calculator” to find the hash of the file

6) MD5 Calculator” to compare the hashes

7)Cryptool” and “BCTextEncoder” to Crack the encoded files

Windows based Commands which will help you to find the answers.
1) net user — For Domain Users Enumeration
2) snow.exe -C -p “password” stegfile.txt
3) type C:\path.txt — It displays the content of the path.txt file.
4) dir
5) cd
6) hostname
7) whoami
8) PWd

Before giving the exam its very important to practice on these tools because the whole exam is based on the tools you should definitely know about these tools.

Check out the links

TryHackMe Rooms

Try to solve these machines, after completing these machines you will become familiar with windows and some other tools, these rooms will also helps you in the real pentesting world.


Linux based tools
1) Nmap
2) wpscan
3) sqlmap
4) hashcat
5) john
6) Hydra
7) PhoneSploit
8) Metasploit

Commands were used during the exam

1) Nmap
nmap -sn -oN nmap.txt
nmap -O -oN namp-OS.txt
namp -sC -sV -sS -oN namp-all.txt

2) wpscan
wpscan -u james -P /password.txt — url

3) sqlmap
I didn’t used “sqlmap” for any sqlinjection related question, incase if you get any questions related to sqlinjection use github repo you will find some usefull commands.

4) “hashcat” and “john”
If you get questions related to Hash caracking use this github repo you will find some usefull commands.

6) Hydra
hydra -L /user.txt -P /password.txt

7) Phonesploit
To exploit the Android device and get the reverse shell, these commands will help you and the phonesploit will be installed in the root folder, if you don't find the phonesploit use the command like “find phonesploit”.

8) Metasploit
If you get any questions related to netbios, SMB use metasploit.

Check out the links

TryHackMe Rooms

The Username and Password file will be present in the parrot machine it will help you to crack the ftp and wordpress related questions.

Don’t be nervous, you are going to pass the exam with no doubt. Patience is really needed for the exam because the parrot machine is outdated and its very slow.


1) First finish linux based questions like nmap etc and save those in the desktop folder, believe me you will look into the nmap scans over and over again.
2) Watch the ilab videos from youtube and reffer CEH practical Lab manual.
3) Everything will be asked from the ilab videos nothing will be out of sylabus.
4) Be Cool.

Some resource links will help you in the exam. (i-lab videos).

If you liked the content hit the Follow button and every week ill post informative and amazing content, make sure to follow onLinked-in & Twitter”.


Do Follow Techiepedia for more Interesting write-ups!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store