Ethical Hacking

Ace your homework & exams now with Quizwiz!

How much damage did NotPetya cause?

$10 billion

Where are Linux passwords stored?

/etc/shadow

In exploitation section using eternalblue, which port number is exploited to launch the attack ?

445

What is GRUB?

A bootloader that loads the operating system

ARP poisoning forges what?

ARP Packets

What does ARP stand for?

Address Resolution Protocol

What user would you try to compromise if you could not get root access?

Any user

A DoS attack would affect which part of the CIA Triad?

Availability

Thomas tries to change his friend's PC boot order but encounters a password request. What security solution was implemented?

BIOS password

What is a Windows Disk Encryption Feature?

BitLocker

What tool is highly effective when testing client-server transactions, can be used to manipulate captured data, and can send the data to the server?

Burp Suite Repeater

HashCat uses what for processing Brute force attacks?

CPU/GPU

Sasha wants to crack a password on a website. To do so, she did some research on the user and gathered information about him. What tool can be used to make the cracking process easier?

CUPP

What is Talos?

Cisco's threat intelligence group

Protecting information from unauthorized access meets which element of the CIA Triad?

Confidentiality

What are the goals of the CIA triad?

Confidentiality, Integrity, Availability

What can you steal with XSS?

Cookies, credentials

What does XSS stand for?

Cross-site scripting

Which of the following is not true about SQL statements? A. SQL statements are not case sensitive. B. SQL statements can be written on one or more lines. C. Keywords cannot be split across lines. D. Clauses must be written on separate lines.

D. Clauses must be written on separate lines.

Which of these are valid SQL? A. SELECT * FROM table ORDER name DESC; B. SELECT name; firstname FROM table C. SELECT * FROM table ORDER name ASC; D. SELECT * FROM table ORDER BY name DESC;

D. SELECT * FROM table ORDER BY name DESC;

True or False? NMAP is the tool we would use to see traffic traversing in the network.

False

True or false? A mutated dictionary attack uses a standard password list.

False

True or false? Adding a "$" sign to a user account hides it from the logon screen.

False

What are some valid types of HTTP request methods?

HEAD, DELETE, TRACE, PUT, etc.

John wants to launch a phishing campaign. He is looking for a tool to help him clone a specific website. What tool can he use to create the website?

HTTrack

Social Engineering is a type of what?

Hacking

The Social Engineering Toolkit is what?

Helps perform social engineering attacks and generate phishing sites

What does Ngrok help us do?

Host a phishing website in the Internet

What is privilege escalation?

Increasing privileges on a user account

Why is JavaScript added to web pages?

It makes websites more interactive.

What does HIPAA do?

It protects the privacy/security of a person's health info

What is an example of a client-side technology?

JavaScript

XSS commonly uses what type of scripting language?

JavaScript

What uses the GPU to crack passwords?

Jumbo-John and HashCat

What is an example of an open-source operating system?

Linux

Which Windows privilege type gives privileged account access to the local system?

Local admin

ARP cache poisoning involves sending erroneous what?

MAC addresses

What is a common relational database?

MySQL and MariaDB

Confidentiality means what?

Not talking about company business with others

What command sorts rows in SQL?

ORDER BY

What are some examples of Server-Side coding?

PHP, MySQL, etc.

What is the primary use of Hashcat?

Password Cracking

How can you identify a password?

Password guessing, default passwords, cracking and phishing

In a wired environment, where do we (the attacker) need to be positioned to perform a MITM attack?

Physically connected to the network

What does the SQL command "SELECT" do?

Picks the Attributes you wish to see as a search result

What can Leanne use to prevent SQL Injection on her website?

Prepared statements

What is OWASP?

Project dedicated to securing the web

What are the three permissions in Linux?

RWX

What SQLi attack provides visible output?

Regular SQLi

What does SQLi stand for?

SQL Injection

How does SQL Injection work?

SQL query is entered into the input box of a website, The SQL code can give unauthorised access to the database

What is an example of an Nmap scan?

SYN Scans, Xmas Scans, ACK Scans

What are SFX files?

Self Extracting files that are used to run background executables

What are cookies?

Small text files that are saved to your device by various websites

John built a forum-based website. He wants to save a payload in the database to affect its viewers. What attack is most likely to be used?

Stored XSS

SQL Stands for what?

Structured Query Language

A stored XSS attack is saved in what?

The web application's database

Which method do we used to mitigate the attack from EternalBlue ?

Upgrade the system to the newer version

What's a fingerprint?

Version information for running services

What is Burp Suite used for?

Web application security testing

Packet sniffing and file grabbing violate which element of the CIA Triad?

confidentiality

What command can be used to display a list of users?

net user

How can an attacker who is using the Windows command line run all the commands with administrator privilege?

run the command prompt program as administrator

What file can make it so you can access cmd.exe on logon without password?

sethc.exe

In Linux, how do you execute a command with privileged permissions?

sudo/su

What is the aim of an ARP spoofing attack?

to associate IP addresses to the wrong MAC address

What is the purpose of a hash?

to provide a digital fingerprint

What are the On-Path execution Steps in order?

1. Attacker places their system between computers that communicate with each other 2. Ideally, victim should not be aware their traffic is being intercepted 3. The attacker collects and potentially modifies data 4. The attacker analyzes and potentially weaponizes collected data.

What can we use to validate a server is legitimate and authenticate?

A certificate from a CA

How was MeDoc used to spread NotPetya?

A malicious update infected customers

Which protocols use TCP? A. HTTPS B. HTTP C. SSH D. ICMP

A. HTTPS B. HTTP C. SSH

How can we mitigate local PE in Linux?

Add a password to GRUB, encrypt the hard drive or volume, and physically secure the system

What is an example of a cloud service provider?

Amazon AWS, Azure

A bind shell creates a connection from the what?

Attacker to the victim (the victim is listening)

What services use UDP? A. SSH B. DNS C. ICMP D. DHCP

B. DNS D. DHCP

Which of the following is used by a system to connect to the network? A. Firewall B. NIC C. RAM D. SSD

B. NIC

What tool did we use to perform BOTH ARP spoofing and DNS poisoning?

Bettercap

What type of operations are executed on the browser?

Client-side

Local file inclusion attacks allow you to execute what?

Code local to the target's server.

Remote file inclusion attacks allow you to execute what?

Code remote to the target's server.

What are good lateral movement techniques?

Credential theft/reuse and exploitation

Which type of On-Path attack includes the process of redirecting a domain name request to a custom phishing domain?

DNS Poisoning

What are the common impacts of XSS?

Defacing, Cookie theft, clickjacking, malware delivery

How can we mitigate the local PE attack?

Encrypting the hard drive, physically securing the PC and a BIOS password

Which Windows privilege type can access any resource in the entire organization?

Enterprise domain admin

True or false? Adobe was transparent with what security controls they implemented.

False

True or false? DNS poisoning can occur without the attacker being on-path

False

True or false? GRUB loads after the operating system

False

True or false? NotPetya is a trojan horse and cryptomining malware

False

True or false? Obfuscating payloads can help prevent anti-virus detection with 100% efficacy.

False

True or false? Ping uses the SSH protocol

False

True or false? Python is not a good programming language for security.

False

True or false? Spoofing your number can be untraceable

False

True or false? The OWASP Top 10 contains information on the top threat actors from the last 6 months.

False

True or false? We know exactly how Adobe was compromised and the steps the attackers took.

False

True or false? When performing a UNION SELECT, the tables do not need to have the same number of columns.

False

True or false? Windows Defender is a network firewall

False

What technology protects your network from external attackers?

Firewall

What does DNS translate?

Hostnames to L3 addresses

What can be used to attack remote protocols and logins?

Hydra, Medusa, and Ncrack

What command allows you to add data to a table?

INSERT

When did the NotPeyta attack occur?

June 2017

What does ARP translate?

L2 to L3 addresses

What do attackers typically perform after exploiting a system?

Lateral movement

Which Windows privilege type gives anyone initial access to the PC with limited privileges?

Local guest user

What's an example hash?

MD5, SHA256, SHA1

How is an XSS attack typically conducted?

Malicious code is stored in the web application's database or is sent directly to user in a URL

In NotPetya, what system was compromised first?

MeDoc

Ted was hired to perform penetration testing on a system. What platform can help him accomplish that?

MetaSploit

What technology can be used to identify anomalous network traffic?

NIDS

What tool can we use to pentest a web application?

OWASP ZAP and Burp Suite

When did the Adobe Cyber Attack occur?

October 2013

How could NotPeyta been prevented?

Regular patching and Restricting file/folder permissions

What database type links tables to other files stored in the database?

Relational database

What can you identify with a network scan?

Running services, live hosts, fingerprints, open ports

In NotPetya, what vulnerability and exploit were used for post-exploitation lateral movement?

SMB and EternalBlue

You performed a scan of a target system. Ports 80, 443, and 22 are open. What are these services?

SSH, HTTP, HTTPS

What is the correct order of a TCP 3-way handshake?

SYN SYN-ACK ACK Data exchange occurs

What are Metaploit's features?

Scanning and enumeration, vulnerability searching, exploitation, post-exploitation shell and session management

How is JavaScript typically defined in a webpage?

Script tag

How do you mitigate XSS and file inclusion attacks?

Secure code review and user input data sanitation/validation, Blocking the script on the browser, encoding the output URL in HTML entities

What type of operations are executed on the server?

Server-side

In the Adobe attack, what did the attackers gain access to?

Source code, customer personal information and customer credit card information

A reflected XSS attack is typically in what?

The URL sent to the victim

Tom is a cyber consultant. He used Nmap to map an organization and find open ports. For one scanned port, he received RST as a response. What is the port status?

The port is closed.

Why would you want to mirror a site during a social engineering attack?

To reduce your target's suspicions

True or false? Adding a "$" sign to a user account hides it from user list tools.

True

True or false? Adobe took several steps to strengthen their security controls.

True

True or false? In NotPetya, users were unable to decrypt their files

True

True or false? You can crack a password if it has a weak hash.

True

How can you mitigate brute-force password attacks?

Using strong passwords, Login attempt limits. Fail2Ban

What command can we use to identify the database version?

VERSION()

A reverse shell create a connection from the what?

Victim to the attacker (the attacker is listening)

What attack infects a victim's favorite website(s) with malware?

Waterholing

What is SSL Stripping?

When the attacker removes encryption communications to read data.

How do you secure HTTP traffic?

With a digital certificate

In a wireless environment, where do we (the attacker) need to be positioned to perform a MITM attack?

Within wireless range of the wireless network

What occurs during network scanning?

You map the network structure, collect critical information about the network, and identify devices on the network

David recently discovered a new security vulnerability in his software that wasn't known before. What is the correct term for his discovery?

Zero-day

When Linux is booting up, what should be the first process to receive a PID?

init

What tool can we use to create and encode a payload?

msfvenom

What command can be used to display a list of Administrator users?

net localgroup Administrators

What tool can we use to conduct network reconnaissance?

nmap

What tool can you use to perform network scanning?

nmap


Related study sets

Vocabulary Workshop Level F Unit 7 Synonyms

View Set

Advantages and Disadvantages of Major Types of Business Organisation

View Set

Chapter 12 - Capital Budgeting Decisions

View Set

AIC30 Claim Handling Principles and Practices Chapter 6

View Set

H9. Feelings About Work: Job Attitudes and Emotions. Industrial and organizational Psychology

View Set

Hate Small Talk? These 5 Questions Will Help You Work Any Room

View Set

childhood communicable diseases & immunizations

View Set