Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
what linux command is useful when nslookup dns zone transfers aren't working
|
dig
|
|
|
what is the dig syntax for a zone transfer?
|
dig @[server] [domain] -t AXFR
|
|
|
what is the dig syntax to perform an incremental zone transfer?
|
dig @ [server] [domain] -t IXFR=[N]
|
|
|
What is BiLE
|
an autoated recon tool that uses web crawling, dns lookups and google searches to find targets
|
|
|
What is SpiderFoot?
|
a windows GUI recon tool
|
|
|
What is the all keyword in Google searches
|
allow us to include all search terms in a search
|
|
|
What does the A. character mean in a Google search string
|
wildcard for a single character
|
|
|
What does ~ mean in a Google Search term
|
expand a search to use synonyms
|
|
|
what is SiteDigger?
|
A Windows tool that generates its searches from a user-provided domain and the contents of GHDB or Foundstone's FSDB to find flaws
|
|
|
What is wikto?
|
Runs on windows performs GHDB research against one or more domains and scans of target web servers.
|
|
|
What is GooScan?
|
A linux recon tool that doesn't require an API key.
|
|
|
What are AURA and EvilAPI?
|
Google query proxy tools that translate API keys to SOAP
|
|
|
What is the overarching goal of the scanning phase?
|
to learn more about the target environment and find openings by directly interacting with the target system
|
|
|
What is version scanning?
|
where the tester know which services are listening on which ports
|
|
|
Describe the workflow of the scanning phase
|
Network Sweep
Network Trace Port Scan OS fingerprinting Version Scan Vulnerability Scans |
|
|
Why would you use 10.10.20.16 as opposed to using www.target.tgt when port scanning?
|
Some networks use DNS to perform load balancing, this could affect the outcome of the port scan
|
|
|
What is tcpdump?
|
a free open source sniffer that is flexible & fast. runs natively on Linux but has been ported to Windump.
|
|
|
What does the -n option in tcpdump do?
|
use numbers for machines instead of the names
|
|
|
What does the -nn option in tcpdump do?
|
use numbers for machine names and numbers for ports
|
|
|
What does the -i option in tcpdump do?
|
set interface
|
|
|
What does the -v option in tcpdump do?
|
verbose
|
|
|
What does the -w option in tcpdump do?
|
write packets to a file
|
|
|
what does the -x option in tcpdump do?
|
Print out packet settings in hexadecimal form
|
|
|
What does the -X option tcpdump do?
|
print packet settings in hex & ASCII
|
|
|
What does the -A option in tcpdump do?
|
print packets settings in ASCII
|
|
|
What does the -s option in tcpdump do?
|
grab this many bytes from each packet instead of the default which is 68 bytes for most operating systems
|
|
|
What is Hping?
|
a general pupose packet generation tool. Used to conduct network scans with multiple protocols
|
|
|
What protocol does Hping use by default?
|
TCP with no control bits
|
|
|
How do most systems respond to a TCP packet with all control bits set to zero.
|
With a RST packet
|
|
|
What does the --keep option in Hping do?
|
tells Hping to use a fixed source port for all packets that it sends
|
|
|
What does the -f[N] option in traceroute do?
|
sets the initial TTL of the traceroute to an integer (N)
|
|
|
What does the -g[hotlist] option in traceroute do?
|
instead of having the network determine routing the use can specify the route path
|
|
|
What does the -I option in traceroute do?
|
use icmp instead of UDP
|
|
|
What does the -m[N] option in traceroute do?
|
set the maxium number of hops to measure
|
|
|
What is the default number of hops that traceroute does before exiting?
|
30
|
|
|
What does the -n option in traceroute do?
|
don't resolve domain names but print IP numbers instead
|
|
|
What does the -p[port] option do in traceroute?
|
set the base UDP port
|
|
|
What is the default UDP base port in traceroute?
|
33434
|
|
|
What does the -w[N] option in traceroute do?
|
wait for an ICMP response for up to N seconds
|
|
|
What is the default wait time for a response in traceroute?
|
5 secs
|
|
|
What does the -d option in tracert do?
|
Print IP addresses of discovered hops
|
|
|
What does the -h[N] option of the tracert command do?
|
measure only N number of hops
|
|
|
What is the default number of hops for the tracert command?
|
30
|
|
|
What does the -j[hotlist] option of the tracert command do?
|
set default route path
|
|
|
What does the -w[N] option of the tracert command do?
|
wait for N milliseconds for an ICMP TTL exceed in transit message before giving up
|
|
|
What is the default time in miliseconds that the tracert command will wait for an response?
|
4000 miliseconds (4 seconds)
|
|
|
What is LFT?
|
A linux/unix tool that is a more flexible traceroute tool. Supports UDP, TCP and ICMP
|
|
|
what does the -s swithc of the LFT tool do?
|
sets the source port
|
|
|
what does the -L switch of the LFT tools do?
|
sets the total length of the packet to be transmitted.
|
|
|
What does the -A switch of the LFT tool do?
|
performs a whois lookup to identify the autonomous system number
|
