Let's start off with saying, I was originally not planning to do the C|EH Practical. I only found out about this towards the end of last year and then the thought popped in my head that maybe I should just do this as I already passed the C|EH last year May and once you get through the C|EH practical exam, you get the C|EH Master certification.
I am not going to go into the setting up and booking the exam, I am just going to blog about my experiance of the exam itself.
So I started bright and early, 7:45am. After going through the necessary checks with the proctor I was ready to begin the exam. For those that don't know, the C|EH practical exam comprises of 20 questions which you have to answer within 6 hours based on the enviromnent they give you. It's open book so you are allow to use google, youtube and your notes. However, you are not allowed to ask anyone for help, no phone is allowed, no messaging like, discord, irc, skype, etc and only one 15 minute break.
Right off the bat I made a stupid mistake on the first question which took me 20 minute more than it should of. I misread question two which also cost me more time than it should of, so basically I wasted about 45 minute on the first 2 questions alone which should have really taken me 10 minutes. So an hour on the first two questions did not sit well with me at all!
I then decided to just glance through all the questions and get some idea of what is being asked and see what I could do in advance. Enumerating the basic network with nmap and finding all the info helped a lot to answer quite a few questions fairly easy. Most of the questions were straight forward for me and after just under 3 hours I managed to answer 18 of the questions.
There were two questions I was struggling with and for the life of me, everything I threw at it didn't work! I had enough to pass and could have stopped right there. With me, there is no giving up and I spent the next two hours trying to figure it out. With an hour left, I just told myself this is not worth it as it could be something with the environment and it's something I just have to accept. I could have found the answer in another way, but I did not want to deviate from the scope of the question as the session was being recorded and was scared they would review it and find that I exploited it via another method which was not related to the question and then revoke my certification.
I have to add, my experience doing the exam was not enjoyable for me. You have to connect to their environment, in a browser which is slow. You need to use their attack boxes. Some or most of the tools is outdated from what I experienced. You are not allowed to use a second monitor and being on a laptop screen which is tiny to navigate around on is not ideal. Copy and paste didn't work most of the time and switching between everything was a nightmare.
Did I learn anything from this exam, no. Probably because I had all the knowledge already and I actually didn't use google or my notes at all, except for those two questions I was struggling with to confirm if my methods were working and they were so I could not understand why it was not working. Oh well.
Needless to say, I recieved both my certifications and badges.