qa

Flags Challenge 1: Perform an extensive

scan of the target network and identify the
Product Version of the Domain Controller.
(Format: NN.N.NNNNN) Challenge 2: While
investigating an attack, you found that a
Windows web development environment
was exploited to gain access to the system.
Perform extensive scanning and service
enumeration of the target networks and
identify the number of mercury services
running in the Server. (Format: N) Challenge
3: Identify a machine with RDP service
enabled in the 10.10.55.0/24 subnet. Crack
the RDP credentials for user Jones and
obtain a file hide.cfe containing an
encrypted image file. Decrypt the file and
enter the CRC32 value of the image file as
the answer. Note: Use Jones's password to
extract the image file.. (Format: NaaNNNaa)
Challenge 4: An insider attack involving one
of the employee's mobile device in the
10.10.55.0/24 subnet has been identified.

qa 1
 You are assigned to covertly access the
user's device and obtain hidden data in the
image file stored . Analyze the image file
and extract the sensitive data hidden in the
file and enter the secret code as the answer.
(Format: A*AaAa*AN) Challenge 5: Perform
a vulnerability scan for the host with IP
address 192.168.44.32. What is the CVE
number of the vulnerability with least
severity score? (Format: AAA-NNNN-
NNNN) Challenge 6:

Exploit a remote login and command-line

execution application on a Linux target in
the

10.10.55.0/24 subnet to access a sensitive

file, Netnormal.txt. Enter the content in the
file

as the answer. (Format: ANaN*aNaN)

Challenge 7

qa 2
 An ex-employee of an organization has
stolen a vital account credential and stored
it in a

file named restricted.txt before leaving the

organization. The credential is a nine-
character

alpha-numeric string. Enter the credential

as the answer. The restricted.txt file has
been

identified from the employee's email

attachment and stored in the "EH
Workstation – 2"

machine in the Documents folder. Note: You

have learned that "password" is the key to

extracting credentials from the restricted.txt

file. (Format: aaaaa*NNN)

Challenge 8

qa 3
 Exploit weak credentials used for SMB
service on a Windows machine in the
10.10.55.0/24

subnet. Obtain the file, Sniffer.txt hosted on

the SMB root, and enter its content as the

answer. (Format: a*aaNaNNa)

You used shoulder surfing to identify the

username and password of a user on the

Ubuntu machine in the 10.10.55.0/24

network, that is, marcus and M3rcy@123.
Access

the target machine, perform vertical

privilege escalation to that of a root user,
and enter

the content of the imroot.txt file as the

answer. (Format: AANNNN***)

Challenge 10

qa 4
 :

A disgruntled ex-employee Martin has

hidden some confidential files in a folder
"Scan" in a

Windows machine in the 10.10.55.0/24

subnet. You can not physically access the
target

machine, but you know that the organization

has installed a RAT in the machine for
remote

administration purposes. Your task is to

check how many files present in the Scan
Folder

and enter the number of files sniffed by the

employee as answer. (Format: N)

Challenge 12

qa 5
 You are investigating a massive DDoS attack
launched against a target at 172.22.10.10.

Your objective is to identify the packets

responsible for the attack and determine the
least

IPv4 packet count sent to the victim

machine. The network capture file "Evil-
traffic.pcapng"

is saved in the Documents folder of the "EH

Workstation – 2" (Windows 11) machine.

(Format: NNNNN)

Challenge 13

Perform an SQL injection attack on your

target web application cinema.cehorg.com
and extract the password of user Daniel.
You have already registered on the website
with credentials Karen/computer. (Format:

qa 6
 aaaaaaaaaa) Challenge 14: Explore the web
application at www.cehorg.com and enter
the flag's value on the page with
page_id=95. (Format: A**NNAA) Challenge
15: Perform vulnerability research and
exploit the web application
training.cehorg.com, available at
10.10.55.50. Locate the Flag.txt file and
enter its content as the answer. (Format:
A*a*aNNN) Challenge 16: Perform SQL
injection attack on a web application,
cybersec.cehorg.com, available at
192.168.44.40. Find the value in the Flag
column in one of the DB tables and enter it
as the answer. (Format: *aNNaNAA)
Challenge 17: A set of files has been
uploaded through DVWA
(http://192.168.44.32:8080/DVWA). The
files are located in the
"C:\wamp64\www\DVWA\ECweb\Certified\"
directory. Access the files and decode the
base64 ciphers to reveal the original
message among them. Enter the decrypted
message as the answer. You can log into the

qa 7
 DVWA using the credentials
admin/password. (Format: A**aaa*AA)
Challenge 18: Analyze the traffic capture
from an IoT network located in the
Documents folder of the "EH Workstation –
1" (ParrotSecurity) machine, identify the
packet with IoT Publish Message, and enter
the topic length as the answer. (Format: N)
Challenge 19: A disgruntled employee of
your target organization has stolen the
company's trade secrets and encrypted
them using VeraCrypt. The VeraCrypt
volume file "Its_File" is stored on the C:
drive of the "EH Workstation – 2" machine.
The password required to access the
VeraCrypt volume has been hashed and
saved in the file .txt in the Documents folder
in the "EH Workstation – 1" (ParrotSecurity)
machine. As an ethical hacker working with
the

company, you need to decrypt the hash in

the Hash2crack.txt file, access the
Veracrypt volume, and find the secret code

qa 8
 in the file named EC_data.txt. (Format:
NA*aNaa**A) Challenge 20: Your
organization suspects the presence of a
rogue AP in the vicinity. You are tasked with
cracking the wireless encryption,
connecting to the network, and setting up a
honeypot. The airdump-ng tool has been
used, and the Wi-Fi traffic capture named
"W!F!_Pcap.cap" is located in the
Documents folder in the "EH Workstation –
1" (ParrotSecurity) machine. Crack the
wireless encryption and enter the total
number of characters present in the Wi-Fi
password. (Format: N) Q15. Perform
vulnerability research and exploit the web
application training.cehorg.com, available at
10.10.55.50. Locate the Flag.txt file and
enter its content as the answer. Q17. A set of
files has been uploaded through DVWA
(http://192.168.44.32:8080/DVWA). The
files are located in the "C:\
wamp64\www\DVWA\ECweb\Certified\"
directory. Access the files and decode the
base64 ciphers to reveal the original

qa 9
 message among them.Enter the decrypted
message as the answer. You can log into the
DVWA using the credentials
admin/password. (Format: A**aaa*AA) Q14.
Explore the web application at
www.cehorg.comand enter the flag's value
on the page with page_id=95. (Format:
A**NNAA) Ans:- B$#98TY Q16. Perform
SQL injection attack on a web application,
cybersec.cehorg.com, available at
192.168.44.40.Find the value in the Flag
column in one of the DB tables and enter it
as the answer. (Format: *aNNaNAA) Q19. A
disgruntled employee of your target
organization has stolen the company's trade
secrets and encrypted them using
VeraCrypt. The VeraCrypt volume file
"Its_File" is stored on the C: drive of the "EH
Workstation – 2" machine. The password
required to access the VeraCrypt volume
has been hashed and saved in the file .txt in
the Documents folder in the "EH
Workstation – 1" (ParrotSecurity) machine.
As an ethical hacker working with the

qa 10
 company, you need to decrypt the hash in
the Hash2crack.txt file, access the
Veracrypt

volume, and find the secret code in the file

named EC_data.txt. ANS:- 3C_c0un(!L Q5.
Perform a vulnerability scan for the host
with IP address 192.168.44.32. What is the
CVE number of the vulnerability with least
severity score?(Format: AAA-NNNN-NNNN)
Q18. Analyze the traffic capture from an IoT
network located in the Documents folder of
the "EH Workstation – 1" (ParrotSecurity)
machine, identify the packet with IoT
Publish Message, and enter the topic length
as the answer. (Format: N) Ans:-9 Q9. You
used shoulder surfing to identify the
username and password of a user on the
Ubuntu machine in the
10.10.55.0/24network, that is, marcus and
M3rcy@123. Access the target machine,
perform vertical privilege escalation to that
of a root user, and enter the content of the
imroot.txt file as the answer. (Format:

qa 11
 AANNNN***) Q20. Your organization
suspects the presence of a rogue AP in the
vicinity. You are tasked with cracking the
wireless encryption, connecting to the
network, and setting up a honeypot. The
airdump- ng tool has been used, and the Wi-
Fi traffic capture named "W!F! _Pcap.cap" is
located in the Documents folder in the "EH
Workstation – 1" (ParrotSecurity) machine.
Crack the wireless encryption and enter the
total number of characters present in the
Wi-Fi password. (Format: N) ANS:-9 Q18.
Analyze the traffic capture from an IoT
network located in the Documents folder of
the "EH Workstation – 1" (ParrotSecurity)
machine, identify the packet with IoT
Publish Message, and enter the topic length
as the answer. (Format: N) Ans:-9 Q2. While
investigating an attack, you found that a
Windows web development environment
was exploited to gain access to the system.
Perform extensive scanning and service
enumeration of the target networks and
identify the number of mercury services

qa 12
 running in the Server. (Format: N) Ans:-7
Q12. You are investigating a massive DDoS
attack launched against a target at
172.22.10.10. Your objective is to identify the
packets responsible for the attack and
determine the least IPv4 packet count sent
to the victim machine. The network capture
file "Evil- traffic.pcapng" is saved in the
Documents folder of the "EH Workstation –
2" (Windows 11) machine.(Format: NNNNN)
Ans:-19554 Q8. Exploit weak credentials
used for SMB service on a Windows
machine in the 10.10.55.0/24subnet. Obtain
the file, Sniffer.txt hosted on the SMB root,
and enter its content as the answer.
(Format: a*aaNaNNa)

Want to read all 6 pages?

Previewing 3 of 6 pages Upload your study docs or become a member.

qa 13
 View full document

Challenge 1
Perform an extensive scan of the target network and identify the Product Version
of the Domain Controller.

Answer Format: NN.N.NNNNN

Answer: 10.0.20348

Challenge 2
While investigating an attack, you discovered that a Windows web development
environment was exploited to gain system access. Conduct extensive scanning
and service enumeration of the target network to identify the number of mercury
services running on the server.

Answer Format: N

Answer: 7

Challenge 3
Locate a machine with RDP service enabled within the 10.10.55.0/24 subnet. Crack
the RDP credentials for user Jones and access a file named hide.cfe containing an
encrypted image. Decrypt the file and provide the CRC32 value of the image.

Answer Format: NaaNNNaa

Challenge 4
An insider attack involving an employee's mobile device within the 10.10.55.0/24
subnet has been detected. Covertly access the user's device, retrieve hidden data
from an image file, and extract the secret code from it.

Answer Format: A*AaAa*AN

qa 14
 Challenge 5
Perform a vulnerability scan on the host with IP 192.168.44.32 . Identify the CVE
number for the vulnerability with the lowest severity score.

Answer Format: AAA-NNNN-NNNN

Challenge 6
Exploit a remote login and command-line execution application on a Linux target
within the 10.10.55.0/24 subnet to retrieve the content of a sensitive file,
Netnormal.txt .

Answer Format: ANaN*aNaN

Challenge 7
An ex-employee has stolen vital credentials and stored them in a file called
restricted.txt . This nine-character alphanumeric credential is located on the "EH

Workstation – 2" machine in the Documents folder. Use "password" as the

decryption key.

Answer Format: aaaaa*NNN

Challenge 8
Exploit weak SMB credentials on a Windows machine within the 10.10.55.0/24

subnet to obtain the file Sniffer.txt stored in the SMB root and enter its content.

Answer Format: a*aaNaNNa

Challenge 9
Using shoulder surfing, you identified the username and password (marcus /
M3rcy@123) on an Ubuntu machine within the 10.10.55.0/24 subnet. Access the
machine, perform vertical privilege escalation to root, and provide the content of
imroot.txt .

Answer Format: AANNNN***

Challenge 10

qa 15
 An ex-employee named Martin has hidden confidential files in a folder named
"Scan" on a Windows machine in the 10.10.55.0/24 subnet. You can't physically
access the device, but a remote administration tool (RAT) is installed. Determine
and enter the number of files in the "Scan" folder.

Answer Format: N

Challenge 12
During a DDoS attack investigation, identify the least IPv4 packet count sent to the
target at 172.22.10.10 . The network capture file Evil-traffic.pcapng is in the
Documents folder on "EH Workstation – 2" (Windows 11).

Answer Format: NNNNN

Answer: 19554

Challenge 13
Perform an SQL injection attack on the target web application cinema.cehorg.com to
extract the password for user Daniel. You are registered on the site with credentials
Karen / computer.

Answer Format: aaaaaaaaaa

Answer: qwertyuiop

Challenge 14
Explore the web application at www.cehorg.com and locate the flag on the page with
page_id=95 .

Answer Format: A**NNAA

Answer: B$#98TY

Challenge 15
Research and exploit the vulnerabilities of the web application training.cehorg.com

available at 10.10.55.50 to locate the content of Flag.txt .

Answer Format: A*a*aNNN

qa 16
 Challenge 16
Perform an SQL injection attack on cybersec.cehorg.com at 192.168.44.40 . Locate the
Flag value in one of the database tables and enter it.

Answer Format: aNNaNAA

Challenge 17
Access files uploaded through DVWA ( http://192.168.44.32:8080/DVWA ) located at
C:\wamp64\www\DVWA\ECweb\Certified\ . Decode the base64 ciphers to reveal the original

message among them. Use admin/password to log in.

Answer Format: A**aaa*AA

Challenge 18
Analyze the IoT network traffic capture file in the Documents folder on "EH
Workstation – 1" (ParrotSecurity), identify the IoT Publish Message packet, and
enter its topic length.

Answer Format: N

Answer: 9

Challenge 19
A disgruntled employee has encrypted company trade secrets using VeraCrypt,
stored in Its_File on the "EH Workstation – 2" machine’s C:\ drive. The hash of the
required password is saved in Hash2crack.txt in the Documents folder on "EH
Workstation – 1" (ParrotSecurity). Decrypt this hash, access the VeraCrypt volume,
and enter the secret code from EC_data.txt .

Answer Format: NA*aNaa**A

Answer: 3C_c0un(!L

Challenge 20
The organization suspects a rogue AP. Crack the Wi-Fi encryption, connect to the
network, and set up a honeypot. The capture file W!F!_Pcap.cap is in the Documents

qa 17
 folder on "EH Workstation – 1" (ParrotSecurity). Enter the total number of
characters in the Wi-Fi password.

Answer Format: N

Answer: 9

qa 18