04 CEH: Enumeration
What *ntpdate* parameter is used by an attacker to perform a function that can force the time to always be slewed?
-B
what *nbtstat flag* displays NetBIOS client and server sessions, listing the remote computers by destination IP address only?
-S
What *smtp-user-enum* option is used to select the file containing hostnames running the SMTP service?
-T <file>
What option of the *finger* command-line utility is used for preventing the matching of usernames?
-m
What *nbtstat* parameter is used to display the count of all names resolved by a broadcast or WINS server?
-r
What *nbtstat flag* displays NetBIOS client and server sessions, attempting to convert the destination IP address to a name?
-s
Which NetBIOS code allows you to obtain the hostname or the domain name?
00
Which NetBIOS code allows you to obtain the messenger service running for the computer or for the logged-in user?
03
What are the 4 goals of enumerating NetBIOS?
1. A list of computers that belong to the domain 2. A list of shares on the individuals hosts in the network 3. Credentials 4. Policies
What are the 3 types of *network information* that attackers can enumerate via SNMP (according to the material)?
1. ARP tables 2. Routing tables 3. Traffic
What 2 tools does the material recommend for enumerating IPv6?
1. Enyx 2. IPv6 Hackit
What are the 4 types of *network resources* that attackers can enumerate via SNMP (according to the material)?
1. Hosts 2. Routers 3. Devices 4. Shares
What 2 tools does the material recommend for DNSSEC Zone Walking?
1. LDNS 2. DNSRecon
What are the 3 SMTP commands that can be leveraged to enumerate valid users on the SMTP server?
1. VRFY 2. EXPN 3. RCPT TO
What are the 3 methods of DNS enumeration specified in the material?
1. Zone Transfer 2. DNS Cache Snooping 3. DNSSEC Zone Walking
What 2 tools does the material recommend for performing a DNS Zone Transfer?
1. dig 2. nslookup
What 2 tools does the material recommend for enumerating BGP?
1. nmap 2. BGP toolkit
What 2 tools does the material recommend for enumerating TFTP?
1. nmap 2. PortQry
What 4 tools does the material recommend for SMB enumeration?
1. nmap 2. SMBMap 3. enum4linux 4. nullinux
Which NetBIOS code allows you to obtain the domain master browser name and identifies the Primary Domain Controller (PDC) for the domain?
1B
Which NetBIOS code allows you to obtain the master browser name for the subnet?
1D
In which of the following enumeration techniques does an attacker take advantage of different error messages generated during the service authentication process? 1. Extracting usernames using SNMP 2. Brute-force Active Directory 3. Extracting usernames using email IDs 4. Extracting information using default passwords
2. Brute-force Active Directory
Which NetBIOS code allows you to obtain the server service running?
20
What is a virtual database containing a formal description of all the network objects that can be managed using SNMP?
A Management Information Base (MIB)
What is a unique 16-character ASCII string used to identify a network device over TCP/IP?
A NetBIOS name
You've just finished port scanning a target and find that it has UDP port 500 open. What type of host might this be?
A VPN gateway
What is the DNS enumeration technique whereby an attacker queries the DNS server for a specific cached DNS record?
DNS cache snooping
What is *dnsenum* used for?
DNS enumeration
What is the DNS enumeration technique whereby an attacker attempts to obtain internal records of the DNS server if the DNS server is not properly configured?
DNSSEC Zone Walking
What SMTP in-built command shows the actual delivery addresses of aliases and mailing lists?
EXPN
What command is new to SNMPv2?
GetBlk
What command is used by the SNMP manager continuously to retrieve all the data stored in an array or table?
GetNextRequest
What SNMP command is used by an SNMP agent to meet a request made by the SNMP manager?
GetResponse
What Management Information Base (MIB) contains object types for managing and monitoring host resources?
HOSTMIB.MIB
What is Active Directory Explorer (AD Explorer) used for?
LDAP enumeration
What is JXExplorer used for?
LDAP enumeration
What is LDAP Account Manager used for?
LDAP enumeration
What is LDAP Admin tool used for?
LDAP enumeration
What is LDAP Search used for?
LDAP enumeration
What is Luma used for?
LDAP enumeration
What is Softerra LDAP Administrator used for?
LDAP enumeration
What Management Information Base (MIB) contains object types for workstation and server services?
LMMIB2.MIB
What type of information can an attacker obtain by enumerating NTP?
List of hosts that use that NTP server
What Management Information Base (MIB) contains information about TCP/IP, network interfaces, and the SNMP configuration?
MIB_II.MIB
What is RPCScan used for?
NFS enumeration
What is SuperEnum used for?
NFS enumeration
What is rpcinfo used for?
NFS enumeration
What is showmount used for?
NFS enumeration
What is NTP Server Scanner used for?
NTP enumeration
What is PRTG Network Monitor's SNTP Sensor Monitor used for?
NTP enumeration
What is udp-proto-scanner used for?
NTP enumeration
What is *nbtstat* used for?
NetBIOS enumeration
What is Advanced IP Scanner used for?
NetBIOS enumeration
What is Global Network Inventory used for?
NetBIOS enumeration
What is Hyena used for?
NetBIOS enumeration
What is Nsauditor Network Security Auditor used for?
NetBIOS enumeration
What is SuperScan used for?
NetBIOS enumeration
What is nmap's nbtstat.nse used for?
NetBIOS enumeration
What tool suite does the material recommend for enumerating user accounts via NetBIOS?
PsTools
What SMTP in-built command defines the recipients of a message?
RCPT TO
What is NetScan Tools Pro used for?
SMTP enumeration
What is smtp-user-enum used for?
SMTP enumeration
What is Network OpUtils used for?
SNMP enumeration
What is Network PRTG Network Monitor used for?
SNMP enumeration
What is Network Performance Monitor used for?
SNMP enumeration
What is SoftPerfect Network Scanner used for?
SNMP enumeration
What is SolarWinds Engineer's Toolset used for?
SNMP enumeration
What is snmpcheck used for?
SNMP enumeration
Which version of SNMP has the device and manager sending the secret password in cleartext and doesn't give you the option of configuring MD5 hashing?
SNMPv1
Which version of SNMP has the device and manager sending the secret password in cleartext and does give you the option of configuring MD5 hashing?
SNMPv2
Which version of SNMP supports encryption and hashing and allows administrators to specify whether they want privacy and authentication?
SNMPv3
What protocol does VoIP generally use to enable voice and video calls over an IP network?
Session Initiation Protocol (SIP)
What's the port for NetBIOS Name Service (NBNS)?
TCP 139
What's the port of Border Gateway Protocol (BGP)?
TCP 179
What's the port for explicit FTPS?
TCP 20 and 21
What's the port for Network File System (NFS)?
TCP 2049
What's the port for SFTP?
TCP 22
What is the port for LDAPS?
TCP 636
What's the port for implicit FTPS?
TCP 989 and 990
What's the port for Microsoft RPC Endpoint Mapper?
TCP/UDP 135
What's the port for SNMP Trap?
TCP/UDP 162
What 4 ports does SIP generally run on?
TCP/UDP 2000, 2001, 5050, 5061
What's the port for Lightweight Directory Access Protocol (LDAP)?
TCP/UDP port 389
What's the purpose of enumerating NFS?
To determine the target's shared resources
What's the purpose of enumerating SMTP?
To obtain a list of valid users for that SMTP server
What is the purpose of the Network Time Protocol (NTP)?
To synchronize the clocks of networked computers
What SNMP command allows an SNMP agent to inform the pre-configured SNMP manager of a certain event?
Trap
True or false: Windows Group Policies can be used at both the host level and at the Active Directory domain level.
True
What's the port of the Network Time Protocol?
UDP 123
What's the port for Simple Network Management Protocol (SNMP)?
UDP 161
What's the port for ISAKMP / Internet Key Exchange (IKE)?
UDP 500
What is the port for syslog?
UDP 514
What SMTP in-built command validates users?
VRFY
What Management Information Base (MIB) stores information about Windows Internet Name Service (WINS) in an SNMP system?
WINS.MIB
What is the Metasploit module for VoIP/SIP enumeration?
auxiliary/scanner/sip/enumerator
What tool does the material recommend for DNS Cache Snooping?
dig
What Unix/Linux tool displays information about system users such as login name, real name, terminal name, idle time, login time, office location, and office phone numbers?
finger
What tool does the material recommend for enumerating IPsec?
ike-scan
What *nbtstat* command should you run to obtain the NetBIOS name table of <target>?
nbtstat -a <target>
What *nbtstat* command should you run to obtain the contents of the NetBIOS name cache, table of NetBIOS names, and their resolved IP addresses?
nbtstat -c
What Windows command does the material recommend for viewing shared resources of a the current domain via NetBIOS?
net view /domain
What Windows command does the material recommend for viewing shared resources of a <target> machine via NetBIOS?
net view \\<target> /ALL
What tool collects the number of time samples from a number of time sources?
ntpdate
What tool queries the NTP daemon about its current state and requests changes to that state
ntpdc
What tool is used to monitor the operation of the NTP daemon and determine its performance?
ntpq
What tool is used to trace a chain of NTP servers back to the primary source?
ntptrace
What Unix/Linux tool displays a list of users who are logged on to remote machines or machines on the local network?
rusers
What Unix/Linux tool displays a list of users who are logged on to hosts on the local network?
rwho
What tool is used to interact with and send commands to an SMTP server?
telnet
