🏁CEH Engage Walkthroughs

Scenario

You have been hired as a part of the Red Team at CEHORG, an IT and ITES organization that deals with advanced research and development in the field of information security. It has offices all over the country connected in real-time by its network infrastructure. Your organization is worried about rising cybersecurity incidents and has entrusted you with a comprehensive security audit of the complete infrastructure. CEHORG’s internal network consists of several subnets housing various organizational units like any large organization. The front office is connected to a separate subnet that connects to the company’s public-facing computers. The company has installed multiple kiosks to help customers understand their products and services. The front office also has Wi-Fi connectivity to cater to the users who carry their smartphones and laptops. The CEHORG’s internal network is made up of Militarized and Demilitarized zones. As a security precaution, and by design, all the internal resource zones are configured with different subnet IPs. The militarized zone houses the application servers that provide application frameworks for various departments. The Demilitarized Zone contains public-facing systems of the organization, such as web and mail servers. The headquarter’s network topology and protocols are replicated worldwide in all its satellite offices for easy communication with the headquarters.

Description

CEHv12 Skill Check is divided into four parts. All four parts represent a single target organization as described in the scenario. The objective of these skill checks is to apply learning from CEH (Certified Ethical Hacker) modules in a real-life scenario to solve challenges you will face in red team assignments in your job roles. The skill check will help you practice the skills acquired in the class and convert them into proficiency. Part 1 of CEH Skill Check covers Footprinting and Reconnaissance, Scanning Networks, Enumeration, and Vulnerability Analysis modules. In this part, you are required to perform passive and active reconnaissance of the target organization, enumerating services, shares, users, user groups, etc., and perform vulnerability analysis of the identified systems/networks on the target. You need to note all the information discovered in this part of the Skill Check and proceed to the subsequent phases of the ethical hacking cycle in the next part of the Skill Check.

On the CyberQ cyber range, you will have access to

Ethical Hacker Workstations, EH Workstation – 1, and EH Workstation – 2.

EH Workstation – 1 is a Parrot Security machine which you will see as a console, and EH Workstation – 2 is a Windows 11 machine that you can RDP to access and use Windows-based tools and techniques.

The credentials to access EH Workstation – 1 (Parrot Security) machine are as below: Username: attacker Password: toor

The credentials to access EH Workstation – 2 (Windows 11) are as below: Username: Admin Password: Pa$$w0rd

Note: you can use Remmina RDP tool available in Parrot Security to connect to the machine.

Double-click EH Workstation - 2.remmina link at the Desktop in the Ethical Hacker - 1 (Parrot Security) machine to connect to the Ethical Hacker - 2 machine.

The credentials to access OpenVAS on EH Workstation – 1 (Parrot Security) machine are as below: Username: admin Password: password