4.0 - Operations & Incident Response Flashcards
Explain this command:
traceroute
- determine the route a packet tackes to a destination
- maps the entire path
- In Unix/Linux: traceroute
- In Windows: tracert
Explain this command:
nslookup
- Query a DNS server to look up names and IP addresses
- deprecated (use dig instead)
- Found in both Windows and Linux/Unix
Explain this command:
dig
- Domain Information Groper
- replaced nslookup
- More advanced domain information
- Not included in Windows but can be installed
Explain this command:
pathping
- Included in Windows NT and later
- combines ping and traceroute
- first builds a map via traceroute
- then measures each hop’s round trip time and packet loss
- takes a number of minutes to run
Explain this command:
netstat
- Network Statistics
- -a shows all active connections
- -b shows binaries (in Windows)
- -n prevents resolving names; shows IP addresses only
- present in many different OSs
Explain this command:
arp -a
• view local ARP table
Command to view device’s routing table?
- Windows: route print
* Linux / Unix: netstat -r
Explain this command:
curl
- “Client URL”
* Grabs raw data from web pages, FTP, emails, databases, etc.
Explain this command:
hping
- A ping that can be customized to send almost anything
* Can modify all IP, TCP, UDP, and ICMP values
Define
Nmap
- Network Mapper
- Port scan to find devices and identify open ports
- Discover OS without logging into device
- Scan services available, with name, version, and details
- NSE (Nmap Scripting Engine) provides extended capabilities via additional scripts
Explain
theHarvester
- Command line tool for gathering OSINT
- Scarpes information from search engines
- Find associated IP addresses, e-mail addresses, names, titles, etc.
- DNS brute force assists in finding unknown hosts
Explain
sn1per
- Combines multiple reconnaissance tools into a single framework
- Allows you to search a single query and receive a single output that combines various tools’ results
- including dnsenum, metasploit, nmap, theHarvester, and much more
- Can run in non-intrusive or very intrusive modes, and anything in-between
Explain
scanless
- command line tool for running port scans from a different host (port scan proxy)
- allows your own device to not be detected as the source of the scan
- You specify the scan origination, and your IP is hidden as the scan source
Define
dnsenum
- Enumerate DNS information
- view host and service information from DNS servers
- Find host names in Google○ (more hosts can probably be found in the index than what is listed on a DNS server)
Define
Nessus
- Industry leader in vulnerability scanning tools
- Extensive support; both free and commercial options
- Scans system, identifies known vulnerabilities, provides extensive reporting
- Graphic interface
Define
Cuckoo
- A sandbox for malware
- test a file in a safe, virtualized sandbox environment
- Environment can be Windows, Linux, macOS, Android, etc.
- Tracks and trace activity of the executable you are running in it.
Explain this command:
head
- like cat, but views only the first part / beginning of a file
- use -n to specify the number of lines
Explain this command:
tail
- like cat, but views only the last part / ending of a file
* use -n to specify the number of lines
Explain this command:
grep
- finds text in a file and displays all lines that contain it
- can search through multiple files at a time
Explain this command:
chmod
- “Change Mode” of permissions on a file or folder
- r=read, w=write, e=execute
- permissions are displayed in order for owner (u), the group (g), others (o), or all (a)
How are file/folder permissions displayed in CLI?
- if the first character is a d, it is a directory.
- if the first character is a -, it is a file
- the next set of three characters indicate user permissions.
- the following three characters indicate group permissions.
- the last three characters indicate permissions for all others.
- Ex: -rwe-r—- indicates a file, where a user as Read/WriteExecute, the group as read-only, and all others have no permissions.
What are the octal notations for setting permissions?
- read, write, and execute (rwx)
- read and write (rw-)
- read and execute (r-x)
- read only (r–)
- write and execute (-wx)
- write only (-w-)
- execute only (–x)
- none (—)
Explain this command:
logger
- adds entries to the system log
* either the local or a remote syslog file
Explain
OpenSSL
- A library of utilities for SSL/TLS communication
- Create X.509 certificates
- Manage CSRs and CRLs
- Has crypto librarys to perform hashing functions, encryption/decryption
- Extensively used today