14-2 D1

Question 1

Windows Situational Awareness Commands:

___ - Displays local user accounts.

Answer 1

net user

Question 2

Windows Situational Awareness Commands:

___ - Displays local group accounts.

Answer 2

net localgroup

Question 3

Windows Situational Awareness Commands:

___ - Lists scheduled tasks to run at a specific time and date.

Answer 3

schtasks

Question 4

SMB2 Negotiate Function Index
Windows version: \_\_\_
Port#: \_\_\_
Logs: \_\_\_ 
Exploit: \_\_\_

Answer 4

version: WIN 2K8
port#: 445
Logs: Yes; 2. Guest/Admin.
exploit/windows/smb/ms09_050_smb2_negotiate_func_index

Question 5

Windows Situational Awareness Commands:
\_\_\_ - Manipulates routing table
options:
\_\_\_ - adds one
\_\_\_ - deletes one
\_\_\_ - prints routing table

Answer 5

route
ADD
DELETE
PRINT

Question 6

Windows Situational Awareness Commands:

___ - Lists all running processes by name and process ID.

Answer 6

tasklist

Question 7

Windows Situational Awareness Commands:
___ - Displays all active connections and listening ports, showing numerical addresses and ports only, and displays PID that owns the socket.

Answer 7

netstat -ano

Question 8

Windows Situational Awareness Commands:

___ - Displays detailed configuration and processor information.

Answer 8

systeminfo

Question 9

Windows Situational Awareness Commands:

___ - Displays remote shares and their associated connections.

Answer 9

net use

Question 10

Windows Situational Awareness Commands / Powershell Commands:
___ - Display groups.

Answer 10

get-WmiObject -class win32_group

Question 11

Windows Situational Awareness Commands / Powershell Commands:
___ - Display users.

Answer 11

get-WmiObject -class win32_useraccount

Question 12

Netapi Exploit ms08_067
Windows version: \_\_\_
Port#: \_\_\_
Logs: \_\_\_ 
Exploit: \_\_\_

Answer 12

version: WIN 2K3
port#: 445
Logs: No
exploit/windows/smb/ms08_067/netapi

Question 13

Windows hosts are often exploited using code-based remote exploits by using ___ or ___ exploits.

Answer 13

service-side

client-side

Question 14

Windows Situational Awareness Commands / Powershell Commands:
___ - Lists running processes.

Answer 14

get-process

Question 15

RPC/DCOM Exploit ms03_026
Windows version: \_\_\_
Port#: \_\_\_
Logs: \_\_\_
Exploit: \_\_\_

Answer 15

version: WIN XP
port#: 135
Logs: No
exploit/windows/dcerpc/ms03_026_dcom

Question 16

Meterpreter Privilege Escalation:

___ - Releases impersonated privileges.

Answer 16

drop_token

Question 17

Windows Situational Awareness Commands:

___ - Lists scheduled commands and programs to run at specific time and date.

Answer 17

at

Question 18

Meterpreter Privilege Escalation:

___ - Elevate privileges to SYSTEM via one of three methods.

Answer 18

getsystem

Question 19

Windows Situational Awareness Commands:

___ - Lists services.

Answer 19

net start

Question 20

Meterpreter Privilege Escalation:

___ - Get all privileges from current process owner.

Answer 20

getprivs

Question 21

Meterpreter Privilege Escalation:

___ - Injects meterpreter session into another running process.

Answer 21

migrate

Question 22

Windows Situational Awareness Commands / Powershell Commands:
___ - Query the software Registry Key

Answer 22

get-ChildItem HKLM:\software

Question 23

Windows Situational Awareness Commands:

___ - Prints the ARP table.

Answer 23

arp

Question 24

Windows Situational Awareness Commands:

___ - Displays the Windows environment variables.

Answer 24

set

Question 25

Windows Situational Awareness Commands:

___ - Displays the Windows version.

Answer 25

ver

Question 26

Meterpreter Privilege Escalation:

___ - Impersonates privileges of running process.

Answer 26

steal_token

Question 27

Windows Situational Awareness Commands:

___ - Lists all installed device drivers and their properties.

Answer 27

driverquery