Ethical hacking final review chapters 6+7+8

Enumeration of Windows systems can be more difficult if port _______ is filtered.

139

compiler

A program that converts source code into executable or binary code.

NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?

Backward compatibility

Which of the following takes you from one area of a program (a function) to another area?

Branching

___ takes you from one area of a program (a function) to another area.

Branching

SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

Default

What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?

Domain Controllers

What type of Windows Server is the most likely server to be targeted by a computer hacker?

Domain controller

Which testing process is the most intrusive?

Enumeration

Why enumeration more intrusive process than port scanning and foot printing?

Enumeration is more intrusive because you're not just identifying a resource; you're attempting to access it. It goes beyond passive scanning of a network to find open ports. For example, sometimes this process entails guessing passwords after determining a username. Moreover, to enumerate first you need to determine OS of the target host by Port scanning and footprinting. For example, NBT (NetBIOS over TCP/IP) is the tool for enumerating Microsoft Oss

A NetBIOS name does not need to be unique on a network.

False

To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?

Footprinting

Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?

HFNetChk

Which of the following is the act of performing a task over and over?

Looping

____ is the act of performing a task over and over.

Looping

Which of the following commands is a powerful enumeration tool included with Windows?

NBTSTAT

What command connects to a computer containing shared files and folders?

Net use

Which of the following commands gives you a quick way to see if there are any shared resources on a computer or server?

Net view

Which of the following protocols does NetBios use to access a network resource?

NetBEUI

Early Windows OSs used which of the following programs loaded into memory to interact with a network resource or device?

NetBIOS

The computer names you assign to Windows systems are called which of the following?

NetBIOS

A remote administration tool that can be run on most operating systems. It also allows an administrator (and an attacker) to gain details about a remote system.

Simple Network Management Protocol (SNMP)

a null session is an anonymous connection established without credentials, such as a username and password. Also called an anonymous logon, a null session can be used to display information about users, groups, shares, and password policies.

True

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Windows Containers

A well documented Windows's OS vulnerability was null sessions. What /windows operating system was the first to disable null sessions by default?

Windows Server 2003

What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

null session

When writing a script which statement allows you to avoid creating an endless loop in your script?

while

a way of having your program repeat an action a certain number of time

while loop

checks whether a condition is true and then continues looping until the condition becomes false

while loop

Carelessly reviewing your program's code might result in having which of the following in your program code?

bug

error that causes unpredictable results

bug

structure that holds pieces of data and functions

class

converts a text-based program, called source code, into executable or binary code

compiler

tells the compiler how to convert a value in a function

conversion specifier

performs an action first and then tests to see whether the action should continue to occur

do loop

What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?

enumeration

A ____ is a mini program within a main program that carries out a task.

function

Unauthenticated connection to a Windows computer that uses no logon and password values

null session

English-like language you can use to help create the structure of your program

pseudocode

A loop usually completes after ____________________ is conducted on a variable and returns a value of true or false.

testing

represents a numeric or string value

variable

for loop

A loop that initializes a variable, tests a condition, and then increments or decrements the variable.

assembly language

A programming language that uses a combination of hexadecimal numbers and expressions to program instructions that are easier to understand than machine-language instructions.

algorithm

A set of directions used to solve a problem.

____________________ language uses a combination of hexadecimal numbers and expressions, such as mov, add, and sub, making it easier for humans to write programs than in binary or machine language.

Assembly

Security testers conduct enumeration for what reasons?

Gaining access to shares and network resources, and obtaining user logon and group memberships

class

In object-oriented programming, the structure that holds pieces of data and functions.

NetBIOS over TCP/IP is called which of the following in Windows Server 2003?

NetBT

What does the "NBT" part of "NBTscan" stand for?

NetBios over TCP/IP

Most NetBIOS enumeration tools connect to the target system by using which of thefollowing?

Null sessions

Which of the following tools can be used to enumerate Windows systems?

OpenVAS, dumplt, hyena

Which on of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?

SNMP

What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

SecureBoot

What upper-level service is required to utilize file and printer sharing in Windows?

Server Message Block

Which of the following is a Windows programming interface that allows computers to communicate across a local area network (LAN)?

NetBIOS

SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?

TCP/IP

conversion specifier

Tells the compiler how to convert the value indicated in a function.

Bugs are worse than syntax errors because a program can run successfully with a bug, but the output might be incorrect or inconsistent.

True

By default, the SNMP service uses "public" as a credential for read-only access and "private" for read-write access.

True

NBTscan is a utility can be used for enumeration Windows OSs.

True

NBTscan is a utility that can be used for enumerating Windows OSs.

True

NetBIOS isn't a protocol; it's just the interface to a network protocol that enables a program to access a network resource.

True

NetBIOS over TCP/IP is called NBT in Windows 2000 Server; in Windows Server 2003, it's called NetBT.

True

SMB listens on TCP port 445 and doesn't need to use NetBIOS over TCP/IP unless support for older Windows versions is required.

True

The SNMP service can run on both Windows and *nix, but for this section we will focus on *nix. SNMP is useful for administrators who want to see system statistics, version numbers, and other detailed host information remotely.

True

A null session is enabled by default in all the following Windows versions except:

Server 2008

Why should system administrator disable unused services and account?

System administrator should disable unused services and account because they give intruders a potential point of entry into a network. For example, if you have a Windows Server 2016 system acting as a file server, you certainly don't need DNS services running on it; doing so leaves port 53 TCP/UDP open and vulnerable to attack. The idea is simple: Open only what needs to be open, and close everything else—also known as reducing the attack surface. (The attack surface is the amount of code a computer system exposes to unauthenticated outsiders.) With fewer services exposed, there's less chance of an attacker being able to find an unpatched vulnerability In addition, filtering out unnecessary ports can protect systems from attack. such as FTP (20 and 21 TCP) TFTP (69 UDP), Telnet (23 TCP) and other. The best way to protect a network from SMB attacks is to make sure perimeter routers and firewalls filter out ports 137 to 139 and 445. Blocking ports 139 and 445 has the added benefit of protecting against external null session attacks. An attacker can gain entry through many other ports.

Several hacking tools that target SMB can still cause damage to Windows networks. Two well-known SMB hacking tools are L0phtcrack's SMB Packet Capture utility and SMBRelay, which intercept SMB traffic and collect usernames and password hashes.

True

The net view command can be used to see whether there are any shared resources on a server. True or False?

True