Which type of attack is port scanning?
A. Web server attack
B. Information gathering
C. Unauthorized access
D. Denial of service attack
You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where?
Select the best answer.
Explanations: %windir%\system32\drivers\etc\services is the correct place to look for this information.
One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?
Select the best answers.
A. John the Ripper can be used to crack a variety of passwords,but one limitation is that the output doesn’t show if the password is upper or lower case.
B. BY using NTLMV1,you have implemented an effective countermeasure to password cracking.
C. SYSKEY is an effective countermeasure.
D. If a Windows LM password is 7 characters or less,the hash will be passed with the following characters,in HEX- 00112233445566778899.
E. Enforcing Windows complex passwords is an effective countermeasure.
Explanations: John the Ripper can be used to crack a variety of passwords,but one limitation is that the output doesn’t show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However,one limitation is that the output doesn’t show if the password is upper or lower case. BY using NTLMV1,you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this,set Windows 9x and NT systems to “send NTLMv2 responses only”. SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM.
If a Windows LM password is 7 characters or less, the has will be passed with the following characters:
Enforcing Windows complex passwords is an effective countermeasure to password cracking.
Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case,lower case,special characters,and numbers.
In the following example, which of these is the “exploit”?
Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.
Select the best answer.
A. Microsoft Corporation is the exploit.
B. The security “hole” in the product is the exploit.
C. Windows 2003 Server
D. The exploit is the hacker that would use this vulnerability.
E. The documented method of how to use the vulnerability to gain unprivileged access.
Explanations: Microsoft is not the exploit,but if Microsoft documents how the vulnerability can be used to gain unprivileged access,they are creating the exploit. If they just say that there is a hole in the product,then it is only a vulnerability. The security “hole” in the product is called the “vulnerability”. It is documented in a way that shows how to use the vulnerability to gain unprivileged access,and it then becomes an “exploit”. In the example given,Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System,product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting it,but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer.
Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?
A. Spoof Attack
B. Smurf Attack
C. Man inthe Middle Attack
D. Trojan Horse Attack
E. Back Orifice Attack
To compromise the data,the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases,the data would be compromised either before encryption or after decryption,so IPsec is not preventing the attack.
What is a Trojan Horse?
A. A malicious program that captures your username and password
B. Malicious code masquerading as or replacing legitimate code
C. An unauthorized user who gains access to your user database and adds themselves as a user
D. A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity
A Trojan Horse is an apparently useful and innocent program containing additional hidden code which allows the unauthorized collection,exploitation,falsification,or destruction of data.
You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.
Which of the following commands accomplish this?
A. Machine A #yes AAAAAAAAAAAAAAAAAAAAAA | nc Ƀv Ƀv Ƀl Ƀp 2222 > /dev/null Machine B #yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null
B. Machine A cat somefile | nc Ƀv Ƀv Ƀl Ƀp 2222 Machine B cat somefile | nc othermachine 2222
C. Machine A nc Ƀl Ƀp 1234 | uncompress Ƀc | tar xvfp Machine B tar cfp – /some/dir | compress Ƀc | nc Ƀw 3 machinea 1234
D. Machine A while true : do nc Ƀv Ƀl Ƀs Ƀp 6000 machineb 2 Machine B while true ; do nc Ƀv Ƀl Ƀs Ƀp 6000 machinea 2 done
Machine A is setting up a listener on port 2222 using the nc command andthen having the letter A sent an infinite amount of times,when yes is used to send data yes NEVER stops until it recieves a break signal from the terminal (Control+C),on the client end (machine B),nc is being used as a client to connect to machine A,sending the letter B and infinite amount of times,while both clients have established a TCP connection each client is infinitely sending data to each other,this process will run FOREVER until it has been stopped by an administrator or the attacker.
After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem?
A. Install pactehs
B. Setup a backdoor
C. Cover your tracks
D. Install a zombie for DDOS
As a hacker you donot want to leave any traces that could lead back to you.
You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.
Which command would you execute to extract the Trojan to a standalone file?
A. c:> type readme.txt:virus.exe > virus.exe
B. c:> more readme.txt | virus.exe > virus.exe
C. c:> cat readme.txt:virus.exe > virus.exe
D. c:> list redme.txt$virus.exe > virus.exe
cat will concatenate,or write,the alternate data stream to its own file named virus.exe
You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.
What is the next step you would do?
A. Re-install the operating system.
B. Re-run anti-virus software.
C. Install and run Trojan removal software.
D. Run utility fport and look for the application executable that listens on port 6666.
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the ‘netstat -an’ command,but it also maps those ports to running processes with the PID,process name and path. Fport can be used to quickly identify unknown open ports and their associated applications