Ethical Hacking 6.1.13
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in? answer /etc/services /etc/passwd /etc/group /etc/shadow
/etc/shadow
Which enumeration process tries different combinations of usernames and passwords until it finds something that works? answer Exploiting SMTP Brute force Zone transfers Default passwords
Brute Force
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services? answer Reconnaissance Enumeration Scanning Sniffing
Enumeration
What port does a DNS zone transfer use? answer TCP 139 TCP 53 TCP 445 TCP 23
TCP 53
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find? answer The domain guests The built-in guest The domain admins The built-in administrator
The built-in guest The Guest account is a user account for people who do not have individual accounts. The SID ends with -501. The Administrator account is a user account for the system administrator. The SID ends with -500. The Domain Admins group is a global group whose members are authorized to administer the domain. The SID ends with -512. The Domain Guests group is a global group that, by default, has only one member, the domain's built-in Guest account. The SID ends with -514.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file? answer Usernames, but no passwords The root username and password Usernames and passwords No usernames or passwords
Usernames, but no passwords The /etc/passwd file on a Linux host contains the following: The username and user ID used to identify each user. Passwords that are encrypted and saved on the computer or on the network. Group identification numbers (GIDs).
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use? answer TCP/UDP 53 TCP/UDP 3268 TCP/UDP 445 TCP/UDP 389
TCP/UDP 389
Which of the following enumeration tools provides information about users on a Linux machine? answer Null session PsTools finger SuperScan
finger
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model? answer Transport Layer Network Layer Application Layer Session Layer
Application Layer
Which of the following ports are used by null sessions on your network? answer 135 and 445 139 and 444 137 and 443 139 and 445
139 and 445 A Null Session attack uses the Windows net command to map a connection using a blank username and password. These connections would take place over port 139 (NetBIOS sessions services) or 445 (runs SMB over TCP/IP without NetBIOS). Port 135 is used by the Remote Procedure Call service in Windows for client-server communications. Port 137 is used by the NetBIOS Name Server (NBNS). NBNS is used to associate names and IP addresses of systems and services. Port 443 is the standard TCP port that is used for websites that use SSL. Port 444 may use a defined protocol to communicate, depending on the application.
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers? answer nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine) nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine) nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine) nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine)
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine) On the manager's computer, Shawn would enter nc -l -p 2222 (the -l switch listens for an incoming connection, and the -p switch tells netcat to use specific source port). On Shawn's computer, he would enter nc -nv 192.168.34.91 2222 (the -n switch tells netcat not to use DNS lookups, and the -v switch uses verbose output). The -s switch tells netcat to use the source IP address.
Which of the following best describes IPsec enumeration? answer Is used by most email servers and clients to send email messages. Is used to manage devices such as routers, hubs, and switches. Uses ESP, AH, and IKE to secure communication between VPN endpoints. Uses SIP to enable voice and video calls over an IP network.
Uses ESP, AH, and IKE to secure communication between VPN endpoints. IPsec uses ESP (Encapsulation Security Payload), AH (Authentication Header), and IKE (Internet Key Exchange) to secure communication between virtual private network endpoints. Using enumeration tools, attackers can pull sensitive information such as the encryption and hashing algorithm, authentication type, and key distribution algorithm. The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station. The agent is found on the device that is being managed, and the SNMP management station serves as the communication point for the agent. VoIP uses SIP (Session Initiation Protocol) to enable voice and video calls over an IP network. SIP service generally uses UDP/TCP ports 2000, 2001, 5050, and 5061. Simple Mail Transfer Protocol (SMTP) is the protocol used by most email servers and clients to send email messages. Scanning tools and commands can be used to verify the existence of specific email addresses and can even provide a list of all users on a distribution list.
