Pen Testing - Chapter 4
phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
______________ is one of the components most vulnerable to network attacks
DNS
which of the following contains host records for a domain?
DNS
FOCA
Extract metadata from documents on Web sites to reveal the document creator's network logon and email address, information on IP addresses of internal devices and more
Whois
Gather IP and domain information
wget
Retrieve web pages or files via HTTP, HTTPS or FTP (command available on all *nix systems)
before you conduct a security test by using social engineering tactics, what should you do?
get written permission from the person that hired you to conduct the security test
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
if you're trying to find newsgroup postings by IT employees of a certain company, which of the following websites should you visit?
http://groups.google.com
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.) a. Passwords b. ATM PINs c. Long-distance access codes d. Open port numbers
passwords, atm pins, long distances access codes
dig
perform DNS zone transfers; replaces the nslookup command (command available on all *nix systems)
Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following? a. Shoulder surfing b. Piggybacking c. False entering d. Social engineering
piggy backing
HTTP operates on
port 80
netcat
read and write data to ports over a network (command available on all *nix systems)
500 Internal Server Error
request could not be fulfilled by the server
When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?
review job postings on websites such as www.monster.com or www.dice.com
namedroppers
run a domain name search, more than 30 million domain names updated daily
Google groups
search for email addresses in technical or non-technical newsgroup postings
which of the following is one method of gathering information about the operating systems a company is using?
search the web for email addresses of IT employees
Discovering a user's password by observing the keys he or she presses is called which of the following? a. Password hashing b. Password crunching c. Piggybacking d. Shoulder surfing
shoulder surfing
disk cleaning
software that writes binary 0s on all portions of the disks
footprinting
the process of finding information on a company's network (reconnaissance)
Many social engineers begin gathering the information they need by using which of the following? a. The Internet b. The telephone c. A company intranet d. E-mail
the telephone
piggybacking
trailing closing behind an employee who has access to an area without the person realizing you didn't use a PIN or security badet to enter the area
Netcraft Site Report
uncover underlying technologies that a Web site operates on
What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.) a. Urgency b. Status quo c. Position of authority d. Quid pro quo
urgency, position of authority
social engineering techniques
urgency, quid pro quo, status quo, kindness and position
which of the following is a fast and easy way to gather information about a company
view the company's web site, look for the company's ads in the yellow pages
What's one way to gather information about a domain?
view the header of an email you send to an email account that doesn't exist
Zed Attack Proxy
web site analysis tool, can spider/crawl remote Web sites and even produce a list of vulnerabilities that might be present on a remote Web site
Domain dossier
web tool useful in gathering ip and domain information (whois, DNS, traceroute)
to find information about the key IT personnel responsible for a company's domain, you might use which of the following tools?
whois, domain dossier
which of the following tools can assist you in finding general information about an organization and its employees?
www.google.com, http://groups.google.com
which of the following is a good website for gathering information on a domain?
www.google.com, www.namedroppers.com, http://centralops.net/col, www.arin.net
active footpriting
you are actually prodding the target network in ways that might seem suspicious to network defenders. you are likely to be logged
what is meant by "footprinting is passive"
you are not accessing information illegally or gathering unauthorized information with false credentials. You are not even engaging with remote systems. Passive activities are likely to go unnoticed
Which fo the following enables you to veiw all the host computers on a network?
zone transfers
HEAD
HTTP method that is the same as the GET method, but retrieves only the header information of an HTML document, not the document body
OPTIONS
HTTP method that requests information on available options
GET
HTTP method that retrieves data by URI
TRACE
HTTP method, starts a remote application-layer loopback of the request message
CONNECT
HTTP method, used with a proxy that can dynamically switch a tunnel connection, such as Secure Sockets Layer (SSL)
DELETE
HTTP method; Requests that the origin server delete the identified resource
POST
HTTP method; allows data to be posted (i.e. sent to a Web server)
PUT
HTTP method; requests that the entity be stored under the Request-URI
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a. Cname record b. Host record c. PTR record d. SOA record
SOA record
502 Bad Gateway
Server received an invalid response from the upstream server
WayBack Machine
Site used to find previous versions/history of a web site.
start of authority (SOA) record
The resource record that identifies which name server is the authoritative source of information for data within this domain. The first record in the zone database file must be an SOA record.
505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request
501 Not Implemented
The server either does not recognize the request method, or it lacks the ability to fulfill the request
503 Service Unavailable
The server is currently unavailable (overloaded or down)
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server
A cookie can store information about a Websites visitors?
True
shoulder surfing
Watching an authorized user enter a security code on a keypad or what they are typing on a keyboard
web bug
a 1-pixel 1-pixel image file referenced in an <IMG> tag, and it usually works with a cookie. Its purpose is similar to that of spyware and adware: to get information about the person visiting the Web site, such as an IP address, the time the Web bug was viewed, and the type of browser used to view the page
Maltego (https://www.paterva.com)
a foot printing tool used to discover relevant files, email addresses, and other important information with this powerful graphic user interface (GUI) tool
a footprinting tool to uncover files, systems, sites, and other information about a target using advanced operators and specially crafted queries
spear phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organization
cookie
a text file generated by a we server and stored on a user's browser
reconnaissance
another term for footprinting, the process of finding information on a company's network
What's the first method a security tester should attempt to find a password for a computer on the network? a. Use a scanning tool. b. Install a sniffer on the network. c. Ask the user. d. Install a password-cracking program.
ask the user
disk cleaning formatting should be performed how many times
at least 7
Recon-ng
automates footing printing with a powerful, advanced framework utilizing search engines, social media and other sources
zone transer
can be done using the dig command to attempt to transfer all the records for which the DNS server is responsible
white pages
conduct areserve phone number lookups and retrieve address information
spidering
crawl new web pages, archive their location, make records of their content and create a working history of all outbound and inbound links of the page.
Web Data Extractor
extract contact data such as email, phone, and fax information, from a selected target
competitive intelligence
gaining information about one's competitors' activities so that you can anticipate their moves and react appropriately
Metis
gather competitive intelligence from Web sites
