Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
What is the command string in Nmap to perform a null scan?
|
nmap -sN {IP Address}
|
|
Describe the steps in a IDLE Scan
|
Send an IPID packet (SYN/ACK) to a zombie machine on the network. The zombie machine responds with its IPID. Send a SYN packet to the target spoofing the IP of the zombie machine. If the port is open the Zombie will respond with a SYN/ACK and increment its IPID by 2, if the port is closed the zombie will not send a packet in response and the IPID will not increment.
|
|
In a UDP scan if the port is open what response does the target system send?
|
None.
|
|
In a UDP scan if the port is closed what response does the target system send?
|
ICMP port unreachable
|
|
In an inverse TCP flag scan when a response of RST/ACK is received is the port open or closed?
|
Closed
|
|
In an ACK flag scan a response of RST means what?
|
That the port is not filtered and that a statefull firewall is not present
|
|
Name four IDS evasion techniques.
|
Use Fragmented IP packets
Spoof your IP address when launching attacks and sniff responses from server Use source routing Connect to proxy servers or compromised zombies |
|
What is fragtest
|
determines exactly which types of the fragmented ICMP messages are processed and responded to by the remote host
|
|
What is fragroute
|
Utility that intercepts, modifies, and rewrites egress traffic destined for a specific host, according to a predefined rule set
|
|
What four things can you use Nmap to determine?
|
live hosts, services, operating systems, type of packet filters/firewalls
|
|
What function does WarRvox and PhoneSweep perform?
|
war dialing tools
|
|
Name some war dialing countermeasures
|
Develop and implement security policies, conduct manual reconnaissance of your networks, use phone numbers in a different range than your PBX numbers, check your auto answer configurations, log all successful and failed login attempts, document floor plans and all your equipment
|
|
What is SandTrap
|
a tool used to detect war dialing attempts and notify administrators
|
|
What are the six steps in the CEH scanning methodology
|
Check for live systems
Check for open ports Banner grabbing Prepare proxies draw network diagrams scan for vulnerability |
|
Name 8 banner grab tools
|
serversiders.com
P0F banner Grabbing Tools NetworkMiner Satori PRADS SINFP XProbe THC-AMAP |
|
How would you change the banner information on an apache server
|
modify httpd.conf file to include fake information
|
|
Why would you use PageXchanger?
|
To hide file extentions on IIS servers
|
|
How would you hide file extensions?
|
Use mod_negotiations
|
|
Name 8 network vulnerability tools?
|
Retina, Core Impact, MBSA, Shadow Security Scanner, NSauditor, Network security inspector, OpenVAs,Security Manager Plus
|
|
Name 8 network mappers
|
LANState, CartoReso, Insightix Visibility, Lan-secure switch center, HP OpenView network Node Manager, Friendly Pinger, HP OpenView Network Node Manager, Ipsonar, Netmapper
|
|
What is Proxifier?
|
a program that allows network applications that do not support working through proxy servers to operate through an HTTP or SOCKS proxy or a chain of proxy servers
|
|
What is Psiphon?
|
a censorship circumvention tool that allows users to bypass firewalls and access blocked sites in countries where internet is censored
|
|
What is enumeration?
|
The process of extracting user names, machine names, network resources, shares, and services from a system
|
|
What do attackers use netbios enumeration to obtain?
|
List of computers that belong to a domain, list of shares on the individual hosts on the network, policies and passwords
|
|
Name 8 tools used for enumerating user accounts
|
PSExec, Psfile, PsGetSID, PsKill, PsInfo, PsList, Pslogged On, PsLoglist
|
|
Name 8 SNMP enumeration tools
|
getif SNMP MIB Browser, LoriotPro, OidView SNMP MIB Browser, SNMP Scanner, iReasoning MIB browser, Nsauditor Network Secuity Auditor, SNScan SoftPerfect Network Scanner
|
|
What UNIX command shows the shared directories on a machine?
|
showmount
|
|
What Unix command allows you to view a user's home directory, login time, idle times, office location and the last time they both received or read email?
|
finger
|
|
What Unix command helps to enumerate Remote Procedure protocol?
|
rpcinfo
|
|
What command can you use in Linux and OS X to enumerate user names?
|
rpcclient
|
|
What is JXplorer?
|
an LDAP enumeration tool
|
|
What port does NTP use?
|
UDP 123
|
|
What is the Men and Mice Suite?
|
A comprhesive DNS analysis and aD monitoring tool which performs over 80 different tests on the DNS configuration
|
|
List some SNMP enumeration countermeasures.
|
Remove the SNMP agent or turn off the service,
change the default public community string, Upgrade to SNMP v3, Implement the GP security option called "additional restrictions for anonymous connections, Restrict access to null session pipes, null session shares and IPSEC filtering |
|
Name some DNS enumeration countermeasures
|
configure all name servers to disallow the DSN zone transfer to the untrusted host,
ensure that nonpublic hostnames are not referenced to an IP address, ensure that HINFO and other records do not appear in the DNS zone files, provide standard contact details in network information center databases |
|
Name some SMTP enumeration countermeasures
|
Configure SMTP servers to ignroe email messages to unknown recipients or to send responses that do not include mail relay system details or internal IP/host information
|
|
List some LDAP enumeration countermeasures
|
Use NTLM or basic authentication to limit access to known users, use SSL, use different usernames than your email addresses and enable account lockout.
|
|
List some SMB enumeration countermeasures
|
Disable SMB or uninstall it
|
|
What are the system hacking goals?
|
Gain access, escalate priviledges, execute applications, hiding files, cover tracks
|
|
Describe the CEH hacking methodology (CHM)
|
Footprinting, Scanning, Enumeration, System Hacking (cracking passwords, escalating priviledges, execute applications, hiding files, cover tracks)
|
|
What is a pen test?
|
a clearly defined, full-scale test of the security controls of a system or network in order to identify security risks and vulnerabilities, and has three major phases
|
|
What are the three main phases of a pen test?
|
preparation, assessment, and conclusion
|
|
What is a shrink wrap attack?
|
attacks which take advantage of the built-in code and scripts most off-the-shelf applications come with
|
|
In Asymmetric cryptography which key is typically used to encrypt?
|
Public
|
|
What is the action of the following command is gifshuffle?
gifshuffle -C -m "I love CEH" -p "ethical" CEH.gif hacker.gif |
It embeds the message "I Love CEH" using compress (-C) and setting a password of "ethical" (-p)
|
|
In gifshuffle using the -Q switch does what?
|
runs the tools in quiet mode
|
|
What command would you use to retrieve a message from an encoded image using gifshuffle assuming it had a password of "ethical" and a file name of "hacker.gif"?
|
gifshuffle -C -p "ethical" hacker.gif
|
|
Name the parts of a digital certificate?
|
Version This identifies the certificate format. Over time, the actual format of the certificate has changed slightly, allowing for different entries. The most common version in use is 1.
Serial Number Fairly self-explanatory, the serial number is used to uniquely identify the certificate itself. Subject Whoever or whatever is being identified by the certificate. Algorithm ID (or Signature Algorithm) Shows the algorithm that was used to create the digital signature. Issuer Shows the entity that verifies the authenticity of the certificate. The issuer is the one who creates the certificates. Valid From and Valid To These fields show the dates the certificate is good through. Key Usage Shows for what purpose the certificate was created. Subject’s Public Key A copy of the subject’s public key is included in the digital certificate, for obvious purposes. Optional fields These fields include Issuer Unique Identifier, Subject Alternative Name, and Extensions. |
|
What port is DNS?
|
53
|
|
Name the types of DNS records...
|
NS
A HINFO MX TXT CNAME SOA RP PTR SRV |