448 FINAL
Pen Test: what were the steps, at tools at each step:
1. Recon :: zenmap 2. Identify Vulnerabilities :: OpenVAS 3. Gain Access :: Metasploit
In one of the labs you used one of the servers to pivot. Select all that are true about pivoting ::
1. The server that allowed you to pivot had 2 network adapters enabled, which connected into 2 different networks 2. it allowed us to discover a different network than the one we are on. 3. it allowed us to discover a server that was on a different subnet than our Kali instance.
What is xss?
Cross-site scripting : attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user's browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.
W06: MITM What is Driftnet used for? what is Ettercap used for?
DRIFTNET: watches network traffic & displays JPEGS and GIFS & play MPEGS ETTERCAP: sniff live connections, content filtering on the fly, network & host analysis. CAN CHANGE TRAFFIC ROUTED THROUGH IT
what is IDS and what is an example
Intrusion detection system Snort
What syntax for SQL injection attack that will return all of the users from the table? - Jerry or '1' = '1 - Jerry' or '1' = '1 -Jerry' or '1' = '1'
Jerry' or '1' = '1
Which of the following is a SIEM (Security information and event management)?
LogRythm
What are the most common hashing algorithms?
MD5 RIPEMD SHA1 SHA2 SHA256
What type of Cipher would be used for : T.eno etaciled a si ytiruces dna modeerf neewteb ecnalab eh
Rotate
W13: Stenography what tools are used, and each tools strengths?
STEGHIDE: to hide & uncover secret file in various img and audio files w/password DIGITAL INVISIBLE INK: a java tool that allow hide files in img files.
What is the network configuration called when the network is configured so that you can only see the traffic addressed to your computer? NOT ALL OTHER TRAFFIC ON NETWORK
SWITCHED
What type of Cipher would be used for : HWEOLRLLOD
Transposition
W14: TrueCrypt/TrueCrack What is each tool used for
TrueCrypt: on the fly encryption TrueCrack: brute-force password cracker for TrueCrypt volumes, allowing for decryption of volumes
What type of Cipher would be used for : Vpnfma sgt nvffqay om
Vigenere cipher w/ password
W02: Recon what are the tools for recon, and what do they provide?
Zenmap/nmap: - network scanning and host detection tool netcat: - port scanning - banner grabbing - remote admin - remote backups
W10-09: Hashcat How does hashcat work? * we used it to crack UNIX shadow file hashes of passwords
a password cracker that uses hashkeys -MD5 -SHA -RipeMd , etc.
W08: Web-app security What is Burp Suite?
integrated platform for preforming security testing of web applications. Mapping and analysis of apps attack surface & finding & exploiting vulnerabilities. * Find ways to SQL INJECTION
what tool did you use to connect to the shell of your partners Kali image?
netcat
W07: Cryptography John the ripper is password cracker that can crack passwords through dictionary or brute-force attack. What is huge file used to crack?
rockyou.txt
W04: Metasploit/armitage Armitage is the GUI for Metasploit What can you do with Armatage?
-Scan a Linux host -find exploits -exploit the host -handle post-exploitation
What type of Cipher would be used for : SGZrdmluem0gZWggWXpnbnptLCBkc3pnIHdsIGJsZiBnc3JtcD8=
BASE 64 + ATBASH
What type of Cipher would be used for : SSBhbSBzbyBlYXN5IHRvIGRlY3J5cHQh
Base 64
what does BCP stand for?
Business Continuity Plan
What type of Cipher would be used for : Xxyb! Bxvnxwn bqrocnm vn.
CAESARIAN SHIFT
W12: SPLUNK <3 What is splunk used for?
Captures, indexes, and correlates real-time data in searchable repository for which generates graphs, reports, alerts, dashboards, and visualizations
What is a CVE and what purpose does it serve?
Common Vulnerabilities and Exposures(CVE) is a list of entries, each containing an identification number, a description, and at least one public reference, for publicly known cybersecurity vulnerabilities.
The targets of xss are:
Other users
W03: Vulnerabilities What tool do you use to preform a vulnerability assessment?
OpenVas
T/F All popular programming web technologies are susceptible to xss
TRUE
T/F VoP and data travel over the same network
TRUE