Quiz 4: Enumeration & Password Cracking

Which of the following command-line switches would you use for Operating System detection in Nmap?

-O

What file contains a list of the groups on a Linux system?

/etc/group

What file contains a list of the users on a Linux system?

/etc/passwd

Where are the encrypted passwords stored in Linux?

/etc/shadow

When working with Windows systems, what is the RID of the true administrator account?

500

____ is the process of identifying the services and resources a target uses. It is an active form of reconnaissance.

Enumeration

By default, Windows Vista and Windows 7 store both the LM and NT hashes.

False

Which of the following is considered an off-line password cracking tool?

John the Ripper (aka John)

Jessie has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately. What would you suggest to Jessie to help identify the OS that is being used on the remote web server?

Telnet to an open port and grab the banner.

In terms of passwords, what is considered a brute force attack?

You attempt every single possibility until you exhaust all possible combinations or discover the password