Ethical Hacking II
What needs to be in the GRUB to run a terminal with root permissions?
'rw initrd=/install/gtk/initrd.gz quiet splash init=/bin/bash', to have read-write permissions.
What protocol is exploited to achieve the On-Path position?
ARP
This is not an automated web application vulnerability scanning tool?
Bettercap
What describes the HTTP GET method?
The method requests a specified resource from the server.
If you run the nmap 5.25.128.0/18 -p 3389 command, how many potential IPs are you looking for, and with which default service?
16,384 IPs with remote desktop
Which user would you compromise if you could not get root access?
A user with sudo permissions
Sasha wants to crack a password on a website. To do so, she did some research on the user and gathered information about him. What tool can be used to make the cracking process easier?
CUPP (Common Users Passwords Profiler)
What must you do to make your browser use an interception proxy like Burpe Suite?
Change the manual proxy configuration to the loopback on port 8080.
What type of attack is an XSS?
Client-side attack
What is the BEST way to mitigate unwanted pre-boot access to a Windows machine?
Full disk encryption
Which of the following password attack method that uses pre-computed hash values?
Rainbow table
Cross-site scripting or XSS comes in which three forms?
Reflected, stored, and DOM
Hierarchy of Windows privileges
Regular User Admin NT Authority Delegated Admin Domain Admin Enterprise Admin
In Metasploit, how do you display the required fields of an exploit?
Show Options
In Meterpreter, what command would you use to find the current user?
getuid
What nmap command would you use to fingerprint or to find out versions?
nmap 192.168.1.100 -sV
server-side technologies
ASP/ASP.NET, Oracle, PHP, Ruby, JSP, SQL/NoSQL, & CGI
Thomas tries to change his friend's PC boot order but encounters a password request. Which security solution was implemented?
BIOS (Basic Input/Output System) password
What tool is highly effective when testing client-server transactions, can be used to manipulate captured data, and can send the data to the server?
Burp Suite
What SQL Injection attack is the easiest to perform?
Error based SQLi
What are some defensive measures you can take against a Brute-force attack?
Fail2Ban, strong password, and login attempt limitation.
What does Talos do?
Gathers global information about cyber attacks.
This is not a server-side technology?
HTML
client-side technologies
HTML, CSS, and JS
Apache, Nginx, and IIS are examples of what?
HTTP servers
John wants to launch a phishing campaign. He is looking for a tool to help him clone a specific website. What tool can he use to create the website?
HTTrack
What is true about Hashcat?
Hashcat can use the GPU as the processing unit for the brute-force attacks.
These establishments would need to have a HIPPA certification?
Hospitals
What are social engineering attacks based on?
Human errors
What tool can crack protected PDF files using the Brute-force technique?
John the Ripper
What is EternalBlue?
Known Windows exploit
Ted was hired to perform penetrating testing on a system. Which platform can help him accomplish that?
MetaSploit
What is used to perform customized network scans?
Nmap
In a database, if you want the data to be sequential, which command would you use?
ORDER
Intercepting and eavesdropping on communication is which type of attack?
On-Path attack
What does an ethical hacker require to start evaluating a system?
Permission
What can Leanne use to prevent SQL injection on her website?
Prepared Statements
What is true regarding an SFX attack?
SFX are self-extracting & SFX can be used to deceive a victim into running background executables and scripts.
This is not a HASH algorithm.
SHA-67 or SHA-25
What tool can you use to search for an exploit?
SearchSploit
John built a forum-based website. He wants to save a payload in the database to affect its viewers. What attack is most likely used?
Stored XSS
In a database query, what does 1=1 do?
Tell the system that it is a true statement.
Tom is a cyber consultant. He used Nmap to map an organization and find open ports. For one scanned port, he received RST as a response. What is the port status?
The port is closed.
What happens when you create a DWORD key in the registry HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon with a username and a value of zero?
The user is hidden.
Why may cookies be stolen via XSS?
To steal another's user's session.
What SQL query is used to change existing values?
UPDATE: updates the value in single or multiple rows or columns
A password on the GRUB boot loader in Linux systems prevents the following?
Unwanted reboots & Editing
For the dirbuster tool to work, it requires:
Wordlists
David recently discovered a new security vulnerability in his software that wasn't known before. What is the correct term for his discovery?
Zero-Day