Quiz 4: Enumeration & Password Cracking
Which of the following command-line switches would you use for Operating System detection in Nmap?
-O
What file contains a list of the groups on a Linux system?
/etc/group
What file contains a list of the users on a Linux system?
/etc/passwd
Where are the encrypted passwords stored in Linux?
/etc/shadow
When working with Windows systems, what is the RID of the true administrator account?
500
____ is the process of identifying the services and resources a target uses. It is an active form of reconnaissance.
Enumeration
By default, Windows Vista and Windows 7 store both the LM and NT hashes.
False
Which of the following is considered an off-line password cracking tool?
John the Ripper (aka John)
Jessie has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately. What would you suggest to Jessie to help identify the OS that is being used on the remote web server?
Telnet to an open port and grab the banner.
In terms of passwords, what is considered a brute force attack?
You attempt every single possibility until you exhaust all possible combinations or discover the password