Ethical Hacking Exercises

Categories: iLabs
Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.

Footprinting and Reconnaissance

Before a penetration test even begins, penetration testers spend time with their clients working out the scope, rules, and goals of the test. The penetration testers may break in using any means necessary, from using information found in the dumpster, to locating web application security holes, to posing as the cable guy. After pre-engagement activities, penetration testers begin gathering information about their targets.

Objective
The objective of the lab is to extract information concerning the target organization that includes, but is not limited to:
  • Type of firewall implemented, either hardware or software or a combination of both
  • IP address range associated with the target
  • Purpose of the organization and why it exists
  • How big is the organization? What class is its assigned IP Block?
  • Does the organization freely provide information about the type of operating systems employed and network topology in use?
  • Does the organization allow wireless devices to connect to wired networks?
  • Type of remote access used, either SSH or VPN
  • Is help sought from IT positions that give information on network services provided by the organization?
  • Identify organization’s users who can disclose their personal information that can be used for social engineering and assume such possible usernames

Scanning Networks

Building on exercises from our information gathering and threat modeling, we can now begin to actively query our victims for vulnerabilities that may lead to a compromise. We have narrowed down our attack surface considerably since we first began the penetration test with everything potentially in scope.

Objective
The objective of this lab is to help students in conducting network scanning, analyzing the network vulnerabilities, and maintaining a secure network. You need to perform a network scan to:
  • Check live systems and open ports
  • Perform banner grabbing and OS fingerprinting
  • Identify network vulnerabilities
  • Draw network diagrams of vulnerable hosts

Enumeration

Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted in an intranet environment.

Objective
The objective of this lab is to provide expert knowledge on network enumeration and other responsibilities that include:
  • User name and user groups
  • Lists of computers, their operating systems, and ports
  • Machine names, network resources, and services
  • Lists of shares on individual hosts on the network
  • Policies and passwords

System Hacking

The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files.

Objective

The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and to complete other tasks that include:

  • Extracting administrative passwords
  • Hiding files and extracting hidden files
  • Recovering passwords
  • Monitoring a system remotely

Trojans and Backdoors

A Trojan is a program that contains malicious or harmful code inside apparently harmless programming or data in such a way that it can gain control and cause damage, such as ruining the file allocation table on a hard disk. With the help of a Trojan, an attacker gets access to stored passwords in a computer and would be able to read personal documents, delete files, display pictures, and/or show messages on the screen.

Objective
The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of the lab include:
  • Creating a server and testing a network for attack
  • Detecting Trojans and backdoors
  • Troubleshoot the network for performance
  • Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected

Viruses and Worms

A virus is a self-replicating program that produces its own code by attaching copies of it onto other executable codes. Some viruses affect computers as soon as their codes are executed; others lie dormant until a predetermined logical circumstance is met.

Objective
The objective of this lab is to allow students to learn how to create viruses and worms. In this lab, you will learn how to:
  • Create viruses using tools
  • Create worms using worm generator tool

Sniffers

Sniffing is performed to collect basic information from the target and its network. It helps to find vulnerabilities and select exploits for attack. It determines network information, system information, and organizational information.

Objective
The objective of this lab is to familiarize students with how to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to:
  • Sniff the network
  • Analyze incoming and outgoing packets
  • Troubleshoot the network for performance

Social Engineering

Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people are aware of certain valuable information and are careless in protecting it.

Objective
The objective of this lab is to help students learn to:
  • Clone a website
  • Obtain user names and passwords using the Credential Harvester method
  • Generate reports for conducted penetration tests

Denial of Service

Denial-of-Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim’s system with illegitimate service requests or traffic to overload its resources and prevent it from performing intended tasks.

Objective
The objective of this lab is to help students learn to perform DoS attacks and to test networks for DoS flaws. In this lab, you will:
  • Create and launch a Denial-of-Service attack on a victim
  • Remotely administer clients’ systems
  • Perform a DoS attack by sending a large number of SYN packets continuously
  • Perform a DoSHTTP attack

Session Hijacking

Session hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID, which is used to get into the system and sniff the data. In TCP session hijacking, an attacker takes over a TCP session between two machines. Since most authentications occur only at the start of a TCP session, this allows the attacker to gain access to a machine.

Objective
The objective of this lab is to help students learn session hijacking and take necessary actions to defend against session hijacking. In this lab, you will:
  • Intercept and modify web traffic
  • Simulate a Trojan, which modifies a workstation’s proxy server settings

Hacking Web Servers

A web server, which can be referred to as the hardware, the computer, or the software, is the computer application that helps to deliver content that can be accessed through the Internet. Most people think a web server is just the hardware computer, but a web server is also the software computer application that is installed in the hardware computer. The primary function of a web server is to deliver web pages on the request to clients using the Hypertext Transfer Protocol (HTTP).

Objective
The objective of this lab is to help students learn to detect unpatched security flaws, verbose error messages, and much more. The objectives of this lab include:
  • Footprint web servers
  • Crack remote passwords
  • Detect unpatched security flaws

Hacking Web Applications

Web applications provide an interface between end users and web servers through a set of web pages generated at the server end or that contain script code to be executed dynamically within the client Web browser.

Objective
The objective of this lab is to provide expert knowledge of web application vulnerabilities and web applications attacks such as:
  • Parameter tampering
  • Directory traversals
  • Cross-Site Scripting (XSS)
  • Web Spidering
  • Cookie Poisoning and cookie parameter tampering
  • Securing web applications from hijacking

SQL Injection

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database.

Objective
The objective of this lab is to provide expert knowledge on SQL Injection attacks and other responsibilities that include:
  • Understanding when and how a web application connects to a database server in order to access data
  • Extracting basic SQL injection flaws and vulnerabilities
  • Testing web applications for blind SQL injection vulnerabilities
  • Scanning web servers and analyzing the reports
  • Securing information in web applications and web servers

Hacking Wireless Networks

A wireless network refers to any type of computer network that is wireless and is commonly associated with a telecommunications network whose interconnections between nodes are implemented without the use of wires. Wireless telecommunications networks are generally implemented with some type of remote information transmission system that uses electromagnetic waves such as radio waves for the carrier. The implementation usually takes place at the physical level or layer of the network.

Objective
The objective of this lab is to protect the wireless network from attackers. In this lab, you will learn how to:
  • Crack WEP using various tools
  • Capture network traffic
  • Analyze and detect wireless traffic

Evading IDS, Firewalls and Honeypots

An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.

Objective
The objective of this lab is to help students learn and detect intrusions in a network, log, and view all log files. In this lab, you will learn how to:
  • Install and configure Snort IDS
  • Run Snort as a service
  • Log snort log files to Kiwi Syslog server
  • Store snort log files to two output sources simultaneously

Buffer Overflow

Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.

Objective
The objective of this lab is to help students to learn and perform buffer overflow attacks to execute passwords. In this lab, you need to:
  • Prepare a script to overflow buffer
  • Run the script against an application
  • Perform penetration testing for the application
  • Enumerate a password list

Cryptography

Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to one that didn’t make sense.

Objective
This lab will show you how to encrypt data and how to use it. It will teach you how to:
  • Use encrypting/decrypting commands
  • Generate hashes and checksum files

Student Ratings & Reviews

No Review Yet
No Review Yet

Want to receive push notifications for all major on-site activities?