Installing a Virtualized Operating System: The next step in preparing the lab system is to install your virtual machines and configure them.
Since I do not know which virtualization software you will choose, I will provide some broad steps on how the process works. You will need to research the specifics for your software of choice.
In general, the process works something like this:
- Create a new virtual machine in your software.
- Name the new virtual machine something meaningful, such as Windows 7 64-bit or Kali Linux.
- Depending on the OS you intend to install on the virtual machine, you will need to allocate some memory to the virtual environment.
I usually recommend allocating a minimum of 2 GB to a VM guest. Keep in mind that these amounts will vary, and most software will allow you to increase or decrease this amount later.
At this point you can install your operating system on the virtual environment. To do this you will need either an ISO file or media such as a CD/DVD or USB flash drive.
Once you have that in hand, follow the instructions in your virtualization software to mount the media and perform the installation process.
Installing the Tools
Once you have configured, patched, and prepared your virtual machine, you can install the applications you have chosen.
This section is meant to help you at least get started with the process of locating and evaluating some new tools.
To prepare for the CEH exam, you should learn how to use tools listed in the following sections.
Types of Software Tools
To make things easy I have classified the tools by category, each in no particular order.
Download: CEH v9 PDFs
Nmap: You can acquire Nmap at www.nmap.org, which is the website of the developer itself. Since this tool is such a flexible and powerful piece of software and is cross platform, you should seriously consider making it part of your toolkit.
Angry IP Scanner: Available at www.angryip.org, this piece of software is simple, quick and dirty way of locating which hosts are up or down on a network.
While the functionality for this tool can be replicated with a few enumeration phase. However, this tool is a port scanner as well.
Zanti (For Mobile Phones): This app is available on Google Play, where it can be downloaded for free.
Zenmap (Part of Nmap): Included as part of Nmap package, it is nothing more than a graphical front end to the command-line Nmap scanner.
NBTScan: This is used for NetBIOS scans and can be downloaded from www.sectools.org.
Hping2/hping3: These packet-crafting utilities can be used to create custom scans or probe individual ports with precision. They can be obtained at www.hping.org.
NetScan Tools: This multipurpose suite of tools is available at www.netscantools.com.
Download: EC Council CEH v9 Video Training Course
DumpSec: This is available from www.systemtools.org and can be used as a means to reveal the users, groups, printers, and other information from a targeted system.
SuperScan: This tool can be found at www.mcafee.com and is useful mostly for performing certain steps during the enumeration phase. However, this tool is at heart a port scanner as well.
Netcat: This is a multipurpose tool that can be used to perform enumeration. You can obtain it as www.sectools.org.
Cryptcat: It’s the same as Netcat except it offers encryption capabilities that Netcat can’t. it’s useful when trying to avoid sniffing or detection by an IDS and can be obtained at www.sourceforge.net .
TCPView: This is used to view connections to and from a given system and can be obtained at www.microsoft.com.
Sysinternals Suite: This collection of tools can be obtained at www.microsoft.com.
NirSoft Suite: This collection of various useful tools and utilities can be obtained at www.nirsoft.net.
L0phtCrack: This tool can be obtained from www.l0phtcrack.com.
Ophcrack: You can obtain this tool from www.sourceforge.net.
John the Ripper: Find this tool at www.openwall.com/john.
Trinity Rescue Kit: Here’s another multipurpose tool that is useful for performing password resets on a local computer. It can be downloaded from www.trinityhome.org.
Medusa: This is an old password cracker from www.sectools.org, but it still may work when other crackers fail.
RainbowCrack: Available at http://project-rainbowcrack.com/, it cracks hashes with rainbow tables.
Brutus: Available at www.sectools.org, this is an old but still somewhat effective web application password cracker.
Wireshark: Available at www.wireshark.org, this is the most popular packet sniffer in the IT industry. It’s fully customizable packet sniffers with plenty of documentation can help both online and in print. Wireshark boasts cross-platform support and consistency across platforms.
Tcpdump: Available at www.tcpdump.org, this is a popular command-line sniffer available for both the Unix and Linux platforms.
Windump: Available at www.winpcap.org, this is a version of a tcpdump but ported to the Windows platform.
Cain & Able: Available at www.oxid.it, this multipurpose tool includes basic sniffing capabilities among other functions designed to recover passwords.
Kismet (for Wireless): Available at www.kismetwireless.net, this is a popular wireless sniffing and detection tool designed for the Linux operating system.
Ntop: Available at www.ntop.org, this is a high-speed sniffer designed for Unix systems.
NetworkMiner: Available at www.netresec.com, this network sniffer is capable of capturing traffic and doing analysis but also is capable of performing forensically accepted analysis.
Download: CEH v9 2000+ Tools & PDFs
Kismet: Available at www.kismetwireless.net, this is a popular wireless sniffing and detection tool designed for the linux operating system.
inSSIDer: Available at www.metageek.com, this is a network detection and location tool.
Reaver: Available at https://code.google.com/p/reaver-wps/, this tool is used to perform brute-force attacks against WPS-enabled routers.
Netstumbler (Old but Useful on 32-bit Systems): This offering from www.netstumble.com works much like MetaGeek’s offering but is not as feature rich.
Bluesnarfer: You can obtain this tool from the repositories of any linux distribution.
Aircrack-ng: Available at www.aircrack-ng.org, this is a suite of tools used to target and access wireless networks.
Download: Unrevealed Secret DoS Commands
Logging and Event-Viewing Tools:
LogParserLizard: Available at www.lizard-labs.com, this tool is used to analyze log files and allows for the creation of queries to reveal events from Event Viewer and other logs such as IIS and FTP.
NOTE: I want to point out that if you use Kali Linux 2.0, which was released on August 11,2015, the product includes a full suite of tools to do all of the tasks we covered in this blog as well as others we haven’t covered.
If you are going to use Kali Linux, I highly recommend that you update your distribution regularly.