My experience on CEH v11 Practical Exam
Today afternoon, I took my CEH v11 Practical exam. About three weeks ago, I passed my CEH v11 Multiple-Choice Exam, I did not have the plan to take this exam. But inspired by a youtuber, I wanted to achieve CEH Master certificate as well as take it as the appetizer for OSCP, therefore I register this exam. There are few reviews on this exam, so if my experience could help you, I will happy for that.
This exam is a 6 hours long practical exam, more details can be found on EC-Council’s offical website (https://www.eccouncil.org/programs/certified-ethical-hacker-ceh-practical/), then I will share my thoughts and some information about it.
Some questions you maybe want to ask
Q1: Is this exam easy or difficult? How long did you finish it?
A1: It is entry-level. If you have iLabs, please go through some of tasks (I will list them later) and get very familiar with them, then the exam is easy to pass. Without iLabs, and also if you are an entry-level pentester, it will be a little challenging. I am an entry-level pentester, I answered 18/20 questions within 1.5 hours. If you just wanna pass, it will be very soon.
Q2: Aside from iLabs, what else I need to prepare for it?
A2: Tryhackme is a good partner, especially for entry-level pentesters. But iLabs is enough, make sure try to understand each step instead of just remembering it. Some tools’ versions are much older than that we use, therefore it could be a little different from practicing in your own box.
Q3: The network environment of the exam?
A3: I was asigned a Kali box and a Windows-2016 box (It should be the same for everyone), they are attacker boxes, they cannot access Internet. Aside from that, there are 5 victim hosts in the LAN. You need to perform some specific tasks, such as getting flag.txt files, cracking passwords/hashes, performing SQL injection, etc. The Kali box is very laggy, that makes the exam experience not so good.
Q4: Form of questions?
A4: Multiple choice and fill in the blank, according to your performance. I list some real questions below.
Some Tools and iLabs you need to master:
I list all of them in this file, please check them, I believe it is enough for you to pass the exam.
if you do not have iLabs, just open your textbook.
P3761, P3929, P4107, P4355, P4524, P4682, P4734, P4753, P4785, P4792, P4870, P5119, P5176
Some real questions:
1: Crack a hash from Responder’s log
2: Several questions based on Nmap scan results. Using nmap to enumerate is very important!!! Such as find the address of a host which has SNMP services running, the Apache version of a host, the OS of an host, etc.
3: Given a username, brute force its password by Burpsuite or Hydra (wpscan’s version is quite old). The wordlist is given and it is very short, you can even try them one by one, mostly it is the last one.
4: Open different packet files, use Wireshark to analyze the traffic. Such as finding the victim of a DOS attack, finding the victim of RAT, finding the source/destination port of a covert communication.
5: Brute force a FTP password, then login and capture the flag.
6: Extract PII from a file or a website (Parameter tamper)
7: Use sqlmap to extract a specific value
8: Etc.
My Opinions
The exam is overall not difficuly, but it worth taking. If you are entry-level, it will boost your confidence. The exam experience is just so so, because the Kali box is so laggy, but these tasks are quite fun. Anyway, I get CEH Master Certificate finally, and then I will prepare for OSCP, it will be a long way to go. I hope this article will help those who also want to take the practical exam.
