Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
List the five phases of hacking
|
Reconnaissance
Scanning Gaining Access Maintaining Access Clearing Tracks |
|
|
Give an example of of Passive Reconnaissance
|
Searching public records like Google or library records
|
|
|
Give an example of active reconnaissance
|
Interacting with company employees to solicit information
|
|
|
What types of information do attackers gather from the scanning phase?
|
computer names, IP addresses and user accounts
|
|
|
What is meant by a "shrink wrap code attack"
|
utilizing built in scripts in applications that were designed to make administrators jobs easier, which are inadvertantly left in during installation
|
|
|
What is entailed in open source or passive information gathering?
|
collecting information about a potential target from publicly available sources
|
|
|
What is entailed in active information gathering?
|
gathering information through social engineering, on-site visits, interviews and questionnaires.
|
|
|
What is entailed in anonymous footprinting?
|
Gathering information from sources where the author or source cannot be traced?
|
|
|
What is pseudonymous footprinting ?
|
collecting information that might be published under a different name in attempt to preserve privacy.
|
|
|
What is organizational or private footprinting?
|
collecting information from an organization's web-based calendar and email services
|
|
|
What is internet footprinting
|
collecting information about a target from in the internet.
|
|
|
What are the three objectives of footprinting?
|
collect network information, collect system information and collect organizational information
|
|
|
Name the eight steps in the footprinting methodology
|
Internet footprinting, competitive intelligence, whois footprinting, DNS footprinting, network footprinting, website footprinting, email footprinting, google hacking
|
|
|
Name three tools useful in extracting target information from the internet
|
web data extractor, spiderfoot, robtex
|
|
|
Name eight tools useful for finding information about people on the internet
|
yahoo people search, 123 people search, address.com, zaba search, wink people search, public people finder, people finders, people lookup
|
|
|
Name eight competitive intelligence tools
|
SEC info, business wire, c-span, choicepoint online, cnn money company research, web investigator, forbes 500, barrons
|
|
|
Name eight whois lookup tools
|
Sam Spade, My IP Suite, CountryWhois, LanWhois, NetRanger WhoIs, Lapshins Whois, Alchemy eye, WebFerret
|
|
|
Name eight online whois tools
|
whois, whois lookup, better whois, geek whois, arin whois database search, network solutions whois, domaintools, autowhois,
|
|
|
What is a DNS Type A record
|
Points to a host IP address
|
|
|
What is a DNS MX record
|
points to a domain's mail server
|
|
|
What is a DNS NS record
|
points to host's name server
|
|
|
What is a DNS CNAME record
|
canonical naming allows aliases to a host
|
|
|
What is a SOA DNS record
|
indicate authority for a domain
|
|
|
What is a SRV record?
|
service records
|
|
|
What is a PTR record
|
maps ip address to a host name
|
|
|
What is a RP record
|
responsible person
|
|
|
What is a HINFO record
|
host information record which includes CPU type and OS
|
|
|
Name eight DNS interrogation tools
|
netinspector, NSLookup, Digdug DNS Analyzer, MSR Strider URL Tracer, WhereISIP, DNSMap, Multiple Addresses, DNS Tool
|
|
|
Name eight DNS Interrogation tools online
|
Online DNS Tools, Better Whois, Professional Toolset, Geek Whois, DNS record, Mozzle Domain Name pro, Check DNS, Domain Information Groper
|
|
|
Name sixteen traceroute tools
|
VisualRoute Trace, GEOSpider, vTrace, Magic NetTrace, 3D Visual Trace Route, Visual IP Trace, Trout, Patrice Zwenger Traceroute, AnalogX HyperTrace, Layer Four Traceroute, TCP Trace Route, Ping Plotter, Network Systems Traceroute, Tracepath, Roadkil's Trace Route, Ping-Probe
|
|
|
Name eight website mirroring tools
|
Wget, Website Ripper Copier, Webripper, BlackWidow, WinWSD, Reamweaver, xaldon webspider 2, teleport pro
|
|
|
How can you use Website Watcher in reconnaissance
|
By watching changes on websites
|
|
|
Name twelve tools used for email tracking
|
emailTrackerPro, Read Notify, DidTheyReadIt, PoliteMail, VisualRoute Trace, GeoSpider, vTrace, Magic NetTrace, 3d Visual Trace Route, Visual IP Trace, Trout, Patrice Zwenger Traceroute
|
|
|
What is the purpose of a ping sweep?
|
to determine the live hosts from a range of IP addresses
|
|
|
Name the six TCP communication flags
|
SYN, ACK, FIN, PSH, RST, URG
|
|
|
What is the command string using hping 3 to perform an ICMP Ping?
|
hping3 -1 {IP Address}
|
|
|
What is the command string to perform an ACK scan on port 25?
|
hping3 -A {IP Address} -p 25
|
|
|
What is the command string to perform a UDP scan on port 337?
|
hping3 -2 {IP Address} -p 337
|
|
|
What is the command string to determine the initial packet sequence number in hping3?
|
hping3 {IP Address} -Q -p 139 -s
|
|
|
What is the command in hping3 to perform a SYN scan on port 20-50?
|
hping3 -8 20-50 -s {IP Address} -v
|
|
|
What is the command in hping3 to perform a FIN, PSH and URG scan on port 80?
|
hping3 -F -p -U {IP Address} -p 80
|
|
|
What is the command in hping3 to scan an entire subnet for a live host?
|
hping3 -1 10.0.0.x --rand-dest -I eth0
|
|
|
What is the command in hping3 to intercept all traffic containing HTTP signature?
|
hping3 -9 HTTP -I eth0
|
|
|
Using half open scanning, if a a client sends a SYN packet to a server and the server responds with a RST packet, is the port open or closed?
|
Closed
|
|
|
Using half open scanning, if a a client sends a SYN packet to a server and the server responds with a SYN/ACK packet, is the port open or closed?
|
Open
|
|
|
True or False: Using an XMAS Tree scan against Windows 7 is a good way to determine open port information?
|
False: XMAS tree scans do not work against any current version of MS Windows.
|
|
|
In an XMAS Tree scan what flags in the TCP frame are set?
|
URG, ACK, RST, SYN, FIN
|
|
|
In an XMAS tree scan if the remote device responds with a RST packet, is the port open or closed?
|
closed
|
|
|
What is the command string to perform an XMAS tree scan in NMAP?
|
nmap -sX {IP Address}
|
|
|
What is the command string to peform an NMAP FIN scan?
|
nmap -sF {IP Address}
|
