Week 3 – Enumeration and Cracking
Week 3 is done and it was the best yet! In this course, I have a feeling that every week will be better than the one before it. I studied for 10 hours after work and on the weekend and still managed to do a little painting!
In my original post, Investing a Year in Ethical Hacking, I detail my plan to invest 416 hours in 2017 to learn ethical hacking. Current progress: 30 / 416.
The end of the month is dangerously close. The year is almost 1/12th of the way over. Are you almost 1/12th of the way to your goal for the year?
Enumerating SMTP was…. a disappointment actually.
Keep reading and I’ll explain what I found along with how I cracked some passwords!
Week 2 – Scanning, Enumeration, and Back to Basics
The second week in my quest to become an ethical hacker is complete! With 11 hours of study time logged, this was a very productive week that touched a lot of different areas.
If you’re not sure why I’m posting this, take a look back at my original post, Investing a Year in Ethical Hacking where I detail my plan to invest 416 hours in 2017 to learn ethical hacking. Current progress: 20 / 416.
The hours are starting to add up and this is only week 2 of 52. I can’t wait to keep going and I hope you will join me!
As you know by now, I am a big fan of going SLOWLY through this content to really understand it. That is why I am still working on scanning here in week 2.
Some of the scans like the Null scan and Xmas scan don’t work against Windows systems. I tried scanning my Kali Linux system but since it is a locked-down OS for penetration testing, it doesn’t respond to anything. I don’t want to just skip this part and memorize the information without ever using it!
So I researched different Linux distributions and decided to download and build a CentOS 7 system since it is basically the same OS as Red Hat, only CentOS is free. After getting it installed, I got to run some scans against it and watch the magic happen. An interesting result I found is the difference in default ports that are open for Windows (firewall off) vs. Linux. Linux only has SSH open while Windows has ports for SMB and NetBIOS open.
I also ventured outside my isolated lab to do some careful testing on the real internet. HackThisSite.org is a wonderful resource which gives anybody a free pass to try basically anything as long as it is non-destructive. Keep reading to see what I found this week…
Week 1 – Google Hacking and Port Scanning
My first week of ethical hacking is done and it was a great week! I spent 9 hours working on scanning and reconnaissance. As I mentioned in my post, Investing a Year in Ethical Hacking, my goal is to spend 416 hours learning ethical hacking this year. Current progress: 9 / 416.
For anybody else studying CEH (or anything else), I hope this shows you that even little investments of time can result in huge improvements when done consistently over time.
Google “hacking” is a great starting point even though it isn’t actually hacking at all. It is amazing how much OSINT (Open Source Intelligence) is out there. I searched myself to start off and even found some old forum posts of mine from years ago that I had forgotten about!
Catching Phishers with Google?
Here is just one example of the fun you can have while learning search terms. I was really excited when I stumbled on what looked like a phishing page. Keep reading to see what happened.
Becoming a Certified Ethical Hacker, Day 1
OK…I cheated. I started early on CEH by reading a little and skimming some videos, but my 416-hour goal stands.
Current progress: 0 of 416 hours.
What should I do first?
Every goal has to start with a plan right? I explained in my first post of this series that the goal is to Earn the Certified Ethical Hacker (CEH) certification. I also explained why I think it is important. In the second post of this series, I detailed the tools that I think will contribute to success in becoming a Certified Ethical Hacker. Now I have to get a strategy together to actually work through this material in some orderly way. Detours are fine but, without a plan, I’ll waste a lot of time just trying to decide what to do next.
This is my typical 5-step approach.
- Run through all the material quickly via video training to get a broad understanding of the entire scope of the course.
- Edit: I am going deep with the videos rather than moving quickly this time to get the maximum hands-on experience.
- Read a book cover-to-cover while taking notes and practicing in the lab.
- Detour and repeat as needed to get comfortable.
- Take practice tests and focus on memorization.
- Earn CEH! Take & pass the exam and become a Certified Ethical Hacker.
That’s it. Time to stop posting and get to work!
Follow my progress here, on Twitter @Dconsec, or on Facebook @Dconsec
Are you working on CEH with me? I would love to hear about it in the comments below.