HELP - CEH Lab setup

greenland888greenland888 Member Posts: 12 ■□□□□□□□□□
I am going to prepare for CEH V7 exam. how to setup labs? Is there any lab manual recommended? Thanks.

Comments

  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I would recommend using virtual machines for the labs so you don't accidentally mess up the host operating system. I suggest using metasploitable (Metasploitable - Metasploit Unleashed) and backtrack in a vm. Book backtrack comes with netcat, nmap, snort, and some other programs so you don't have to install them.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    To back up what jamesleecoleman said, use the (free) VMware Player 4 to run the (free) Linux distro BackTrack 5 R2, which is downloadable as a ready-to-run VM. Using this set up, you can do Linux-to-Linux attacks on the same computer by running multiple instances of Players (big CPU and lots of RAM recommended). Also load an old (pre-SP3) Windows XP in another VM and you have a Window target to exploit.

    If you are looking to learn pen testing, vulnerability analysis, security assessment, etc. any time you spend learning BT5 and VMware Player (or Workstation) will not be wasted effort.
  • the_hutchthe_hutch Banned Posts: 827
    On a more serious note...take the CEHv8 exam. Its the exact same content, but has ANSI accreditation.
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    We can't. Until 2013.
  • the_hutchthe_hutch Banned Posts: 827
    Yeah, I just found that out too.
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    To set up for my labs I used my existing VirtualBox install (over Debian) and created virtual machines for BackTrack and Fedora Security Spin. You can install directly from the .iso on your host machine.

    I set Networking to Bridged, so they would reach over the host machine and connect directly to the outside-facing interface. (wlan0) The default setting in VBox is NAT, which means the VM is passing through the host and is protected by its firewall; but my firewall is very tight in and out, with only ports open that I absolutely need, so is not suited for a security scan. Anyway, if my target fights back I don't want them messing with my host, so bridging it is.

    Still need a firewall for the guests, so I installed Shorewall and closed all incoming ports and opened all outgoing ports to facilitate scans. Here's a neat little trick in Linux: lsof -i -n -P

    Needless to say, install Guest Additions in all guests.

    For labs I'm just installing and testing the tools recommended in All-In-One. Should be all you need according to several guys here. (including Hutch) I'm 25% through All-In-One, and have applied for permission to self study.

    P.S. - After ten years it turns out that Gnome is still limited and sucks. Staying with KDE.
  • SearchboxSearchbox Registered Users Posts: 2 ■□□□□□□□□□
    for lack of a better thread, i thought id necromance this one. sorry icon_sad.gif

    im trying to autodidact myself into the pen testing world, and got tons of books and stuff from various places. one of the items i got was a set of 4 disc's. supposedly some kind of CEH lab CD's.

    Labeled "CEH v6 LAB DVD 1"- 4 (4 separate disc's)

    i get nothing when i insert disc's in a windows machine. so a couple questions are, am i missing some other disc's like a some CEH Linux ISO or something. im not very failure with Linux stuff yet. i have a fedora 16 dedicated laptop and BT5 R2 USB/flash drive boot-able, but am like a kid in Disney land not knowing where to start. So i don't know if trying to load the DVD's on one of my currently available Linux distro's would make a difference.

    ill be honest and say i got the Lab DVD's on EBAY and am assuming i got ripped off. Thank You for any response.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Seachbox:

    Did you check to see if there were files on the disk? I don't think that you need the CEH cds to learn about pen testing. There are a lot of videos on youtube and free tools for you to learn about from documentation. I suggest that you install metasploitable and BT5R3 in a VM and learn about metasploit, nmap and wireshark to start off.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • SearchboxSearchbox Registered Users Posts: 2 ■□□□□□□□□□
    no sir, i can not check/see files on disk(s) they don't register in anyway. no auto play, not file explorer accessible, doesn't even register that there's a disk in the drive, and i have verified the drive does work properly :D

    maybe im thinking the CEH "lab" is something that it isnt going to be.
    the company i work for has given me access to skillport which has alot of compTIA , security+ , A+ etc... am looking for something a little more interactive than skillport - you tube - 20 books all reiterating the same things

    but since i've had no good clue where to start, i guess i will take your advice on a starting point of the things you mentioned :)

    TY for your reply sir
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I don't know what to tell you about the disks.

    I would suggest studying Security+ material too.

    Your lab will be what you can make it be and it will take some time to build it. I'm still working on my lab and I started over a year ago.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    Well v6 labs wouldn't be very helpful for v7 anyway.

    If you're self-study just use the All-In-One. If you're new to Linux, it will take a while to adjust to that alone.
  • gabyprgabypr Member Posts: 136 ■■■□□□□□□□
    This is what i have at home to practice hacking stuff:

    Virtual Box https://www.virtualbox.org/wiki/Downloads

    Backtrack 5 R3 (new version) Downloads

    Damm Vulnerable Linux (DVL) http://www.damnvulnerablelinux.org/

    Windows XP SP2 and/or Windows 7

    Metasploitable Metasploitable - Metasploit Unleashed

    Damm Vulnerable Web App DVWA - Damn Vulnerable Web Application

    With these machines you should be able to practice many tools and techniques. Good luck.
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I would also suggest getting a wireless router too.


    Maybe I should share my lab too...

    I have backtrack 5r2 in VMware

    Metasploitable/Win7/WinXP (unpatched) in Vm

    Cisco 2620XM router

    Ubuntu with Snort in Vm (having troubles)

    Nessus on both computeres

    *Had DVWA but I had to reload my computer.


    I try to run BTR2 from the laptop.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • I2SecureI2Secure Member Posts: 13 ■□□□□□□□□□
    if u have purchased books in books and with cd the comlete material is been provided
Sign In or Register to comment.