All Appendix 3

Question 1

What is the character length of an MD5 hash

Answer 1

32 characters

Question 2

What is the character length of an SHA1 hash

Answer 2

40 characters

Question 3

What does NetBIOS stand for

Answer 3

Network Basic Input/Output System

Question 4

What does SOAP stand for

Answer 4

Simple Object Access Protocol

Question 5

NetBIOS Session Service Port

Answer 5

139

Question 6

Port 139

Answer 6

NetBIOS Session Service Port

Question 7

NetBIOS Datagram Service port

Answer 7

138

Question 8

Port 138

Answer 8

NetBIOS Datagram Service port

Question 9

What can you do if you have write permissions on a chrontab

Answer 9

Adding an entry will run it as root

Question 10

What happens when execute permission is set to “s”

Answer 10

The set user ID is set meaning the person that runs the file has access to system resources as though they are the owner of the file

Question 11

How can we list processes and their associated network sockets

Answer 11

lsof -l

Question 12

Where does the finger daemon information derive from

Answer 12

By doing an exact match on the username field in the /etc/passwd file and a partial match in the GECOS field of the /etc/passwd file

Question 13

How to identify DES algorithm digest

Answer 13

A series of 13 printable ASCII characters (the first two represent the salt itself), max password length is 8 characters

Question 14

How to identify MD5 algorithm digest

Answer 14

Printable form of MD5 password hashes start with $1$

Question 15

How to identify SHA1 algorithm digest

Answer 15

Printable form of SHA1 password hashes start with $5$ or $6$ (depending on variant used)

Question 16

How can we check patch levels on Linux

Answer 16

-rpm -qa

Question 17

How can we check patch levels on Debian based Linux

Answer 17

dpkg –list

Question 18

How can we check patch levels on Solaris

Answer 18

pkginfo -x

Question 19

What port does X11 listen on

Answer 19

6000 to 6063 (depending on the number of concurrent displays)

Question 20

Port 6000-6063

Answer 20

X11

Question 21

How can we identify Windows hosts and servers

Answer 21

ntbscan

Question 22

What is RID Cycling

Answer 22

A technique used in the enumeration of user accounts in Windows environments

Question 23

What is a RID

Answer 23

A part of the SID in Windows that identifies user or group accounts within a domain

Question 24

What does RID stand for

Answer 24

Relative Identifier

Question 25

What does SID stand for

Answer 25

Security Identifier

Question 26

What is the RID in this SID and where is it located (S-1-5-21-XXXXXXXXXX-YYYYYYYYYY-ZZZZZZZZZZ-500)

Answer 26

RID is 500 and is located at the end of the SID

Question 27

How can we enumerate users with RID cycling

Answer 27

By incrementing the RID value to discover other accounts

Question 28

How do we begin RID cycling

Answer 28

We need to establish a NULL session to the host

Question 29

How to establish a NULL session to a host

Answer 29

net use \\ipc$ “” /u:””

Question 30

How can we enumerate users with SNMP

Answer 30

If a community string can be found (default, dictionary, bruteforced) then user names on hosts can be enumerated (community strings should be treated like passwords)

Question 31

How can we enumerate users with LDAP

Answer 31

Load ldap.exe, connect/bind to the server using anonymous credentials, select VIEW > TREE and we get a drop down of users

Question 32

What is WSUS

Answer 32

A Windows patching manager which provides integration with AD and a web interface to manage deployment of patches

Question 33

MSSQL Default SA Password

Answer 33

Default installations of MSSQL do not have a default password for the sa user

Question 34

What command can be used to execute commands within MSSQL

Answer 34

XP_CMDSHELL

Question 35

How to get the byte length of IPv4, IPv6, MAC Address, MD5 and SHA1

Answer 35

If we remember the Bit length we can divide by 8 to get the Byte length

Question 36

IPv4 Bit length

Answer 36

32

Question 37

IPv6 Bit length

Answer 37

128

Question 38

MAC Address Bit length

Answer 38

48

Question 39

MD5 Bit length

Answer 39

128

Question 40

SHA1 Bit length

Answer 40

160

Question 41

IPv4 Byte length

Answer 41

32/8 = 4

Question 42

IPv6 Byte length

Answer 42

128/8 = 16

Question 43

MAC Address Byte length

Answer 43

48/8=6

Question 44

MD5 Byte length

Answer 44

128/8= 16

Question 45

SHA1 Byte length

Answer 45

160/8 = 20