448 FINAL

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Pen Test: what were the steps, at tools at each step:

1. Recon :: zenmap 2. Identify Vulnerabilities :: OpenVAS 3. Gain Access :: Metasploit

In one of the labs you used one of the servers to pivot. Select all that are true about pivoting ::

1. The server that allowed you to pivot had 2 network adapters enabled, which connected into 2 different networks 2. it allowed us to discover a different network than the one we are on. 3. it allowed us to discover a server that was on a different subnet than our Kali instance.

What is xss?

Cross-site scripting : attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user's browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.

W06: MITM What is Driftnet used for? what is Ettercap used for?

DRIFTNET: watches network traffic & displays JPEGS and GIFS & play MPEGS ETTERCAP: sniff live connections, content filtering on the fly, network & host analysis. CAN CHANGE TRAFFIC ROUTED THROUGH IT

what is IDS and what is an example

Intrusion detection system Snort

What syntax for SQL injection attack that will return all of the users from the table? - Jerry or '1' = '1 - Jerry' or '1' = '1 -Jerry' or '1' = '1'

Jerry' or '1' = '1

Which of the following is a SIEM (Security information and event management)?

LogRythm

What are the most common hashing algorithms?

MD5 RIPEMD SHA1 SHA2 SHA256

What type of Cipher would be used for : T.eno etaciled a si ytiruces dna modeerf neewteb ecnalab eh

Rotate

W13: Stenography what tools are used, and each tools strengths?

STEGHIDE: to hide & uncover secret file in various img and audio files w/password DIGITAL INVISIBLE INK: a java tool that allow hide files in img files.

What is the network configuration called when the network is configured so that you can only see the traffic addressed to your computer? NOT ALL OTHER TRAFFIC ON NETWORK

SWITCHED

What type of Cipher would be used for : HWEOLRLLOD

Transposition

W14: TrueCrypt/TrueCrack What is each tool used for

TrueCrypt: on the fly encryption TrueCrack: brute-force password cracker for TrueCrypt volumes, allowing for decryption of volumes

What type of Cipher would be used for : Vpnfma sgt nvffqay om

Vigenere cipher w/ password

W02: Recon what are the tools for recon, and what do they provide?

Zenmap/nmap: - network scanning and host detection tool netcat: - port scanning - banner grabbing - remote admin - remote backups

W10-09: Hashcat How does hashcat work? * we used it to crack UNIX shadow file hashes of passwords

a password cracker that uses hashkeys -MD5 -SHA -RipeMd , etc.

W08: Web-app security What is Burp Suite?

integrated platform for preforming security testing of web applications. Mapping and analysis of apps attack surface & finding & exploiting vulnerabilities. * Find ways to SQL INJECTION

what tool did you use to connect to the shell of your partners Kali image?

netcat

W07: Cryptography John the ripper is password cracker that can crack passwords through dictionary or brute-force attack. What is huge file used to crack?

rockyou.txt

W04: Metasploit/armitage Armitage is the GUI for Metasploit What can you do with Armatage?

-Scan a Linux host -find exploits -exploit the host -handle post-exploitation

What type of Cipher would be used for : SGZrdmluem0gZWggWXpnbnptLCBkc3pnIHdsIGJsZiBnc3JtcD8=

BASE 64 + ATBASH

What type of Cipher would be used for : SSBhbSBzbyBlYXN5IHRvIGRlY3J5cHQh

Base 64

what does BCP stand for?

Business Continuity Plan

What type of Cipher would be used for : Xxyb! Bxvnxwn bqrocnm vn.

CAESARIAN SHIFT

W12: SPLUNK <3 What is splunk used for?

Captures, indexes, and correlates real-time data in searchable repository for which generates graphs, reports, alerts, dashboards, and visualizations

What is a CVE and what purpose does it serve?

Common Vulnerabilities and Exposures(CVE) is a list of entries, each containing an identification number, a description, and at least one public reference, for publicly known cybersecurity vulnerabilities.

The targets of xss are:

Other users

W03: Vulnerabilities What tool do you use to preform a vulnerability assessment?

OpenVas

T/F All popular programming web technologies are susceptible to xss

TRUE

T/F VoP and data travel over the same network

TRUE


Set pelajaran terkait

Fill in the blank - Dental Anatomy book - tmj

View Set

Pharmacology: Lifespan Considerations. Chapter 3

View Set

Emergency Action Plans and Fire Protection

View Set

18.Story Point Estimations - Planning Poker

View Set

Caesar Workbook answers Book 1 Page 4-6

View Set

Taking on Segregation packet - page 5

View Set

Foods and Nutrition - Measuring and Equivalents

View Set

chapter 42: stress and adaptation

View Set

Mastering Astronomy Unit 3 (Chapter 5 and 6)

View Set