Curated list of CEHv12 labs.

• Windows 11 - Admin/Pa$$w0rd
• Parrot OS - attacker/toor

• No labs

• 3.2 Gather Personal Information from Various Social Networking Sites using Sherlock (update sherlock to latest version first)
• 6.1 Perform Whois Lookup using DomainTools (do on your own host, not in the lab environment)
• 7.2 Perform Reverse DNS Lookup using Reverse IP Domain Check and DNSRecon
• 9.1 Footprinting a Target using Recon-ng (up to step 44 only)

• 1.1 Perform Host Discovery using Nmap
• 2.5 Explore Various Network Scanning Techniques using Hping3

• 1.3 Perform NetBIOS Enumeration using an NSE Script
• 2.3 Perform SNMP Enumeration using SnmpWalk
• 3.1 Perform LDAP Enumeration using Active Directory Explorer (AD Explorer)
• 4.1 Perform NFS Enumeration using RPCScan and SuperEnum (skip SuperEnum, do only RPCScan)
• 5.1 Perform DNS Enumeration using Zone Transfer (repeat step 10 for zonetransfer.me)
• 7.2 Perform RPC, SMB, and FTP Enumeration using Nmap
• 8.3 Enumerate Information from Windows and Samba Hosts using Enum4linux

• 1.2 Perform Vulnerability Research in Common Vulnerabilities and Exposures (CVE)
• 2.2 Perform Vulnerability Scanning using Nessus (TAKES A LOT OF TIME, DO AFTER CLASS)
• 2.4 Perform Web Servers and Applications Vulnerability Scanning using CGI Scanner Nikto

• 1.5 Gain Access to a Remote System using Armitage (create 'share' folder manually before step 19)
• 2.2 Hack a Windows Machine using Metasploit and Perform Post-Exploitation using Meterpreter
• 2.6 Escalate Privileges to Gather Hashdump using Mimikatz
  • before the exercise, go to Local Security Policy -> Account Policies -> Account Lockout Policy and set threshold to 0 to disable account lockout
• 3.5 Image Steganography using OpenStego
• 4.1 View, Enable, and Clear Audit Policies using Auditpol
• 4.3 Clear Linux Machine Logs using the BASH Shell

• 1.1 Gain Control over a Victim Machine using the njRAT RAT Trojan
• 3.8 Perform Malware Disassembly using Ghidra
• 4.1 Perform Port Monitoring using TCPView and CurrPorts

• 1.2 Perform a DHCP Starvation Attack using Yersinia
• 1.4 Perform an Man-in-the-Middle (MITM) Attack using Cain & Abel
• 2.1 Perform Password Sniffing using Wireshark (install Wireshark from Tools - Module 3 Banner Grabbing)

• 1.1 Sniff Credentials using the Social-Engineer Toolkit (SET)
  • clone http version of the site, not https
  • skip creating phising email (steps 16 - 24), visit fake site directly
• 0.0 Give the trainer your card number, expiration date and CVV code

• 1.2 Perform a DoS Attack on a Target Host using hping3

• 1.1 Hijack a Session using Zed Attack Proxy (ZAP)
• 2.1 Detect Session Hijacking using Wireshark

• 1.1 Detect Intrusions using Snort
• 2.1 Bypass Windows Firewall using Nmap Evasion Techniques
• 2.2 Bypass Firewall Rules using HTTP/FTP Tunneling (do sprawdzenia)

• 1.6 Enumerate Web Server Information using Nmap Scripting Engine (NSE)
• 2.1 Crack FTP Credentials using a Dictionary Attack

• 1.1 Perform Web Application Reconnaissance
• 1.5 Identify Web Server Directories using Various Tools
• 2.1 Perform a Brute-force Attack using Burp Suite
• 2.4 Exploit Parameter Tampering and XSS Vulnerabilities in Web Applications
• 2.7 Exploit a Remote Command Execution Vulnerability to Compromise a Target Web Server
• 2.9 Gain Access by exploiting Log4j Vulnerability
  • Copy log4j-shell-poc folder from Ubuntu to Parrot -> into /home/attacker
  • On Parrot, go back to no proxy settings in Firefox before connecting to the web app (step 13)

• 1.1 Perform an SQL Injection Attack on an MSSQL Database
• 1.2 Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap

• 3.5 Crack a WPA2 Network using Aircrack-ng - (LIVE DEMO)

• No labs

• 1.1 Gather Information using Online Footprinting Tools

• https://github.com/ine-labs/AzureGoat
• https://github.com/ine-labs/AWSGoat
• https://github.com/ine-labs/GCPGoat

• 1.1 Calculate One-way Hashes using HashCalc
• 0.0 Calculate MD5 hash using md5sum (Linux)