All Appendix 33 Flashcards

1
Q

What is the character length of an MD5 hash

A

32 characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the character length of an SHA1 hash

A

40 characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does NetBIOS stand for

A

Network Basic Input/Output System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does SOAP stand for

A

Simple Object Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NetBIOS Session Service Port

A

139

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Port 139

A

NetBIOS Session Service Port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NetBIOS Datagram Service port

A

138

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Port 138

A

NetBIOS Datagram Service port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can you do if you have write permissions on a chrontab

A

Adding an entry will run it as root

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens when execute permission is set to “s”

A

The set user ID is set meaning the person that runs the file has access to system resources as though they are the owner of the file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can we list processes and their associated network sockets

A

lsof -l

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where does the finger daemon information derive from

A

By doing an exact match on the username field in the /etc/passwd file and a partial match in the GECOS field of the /etc/passwd file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to identify DES algorithm digest

A

A series of 13 printable ASCII characters (the first two represent the salt itself), max password length is 8 characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to identify MD5 algorithm digest

A

Printable form of MD5 password hashes start with $1$

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How to identify SHA1 algorithm digest

A

Printable form of SHA1 password hashes start with $5$ or $6$ (depending on variant used)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can we check patch levels on Linux

A

-rpm -qa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How can we check patch levels on Debian based Linux

A

dpkg –list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can we check patch levels on Solaris

A

pkginfo -x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What port does X11 listen on

A

6000 to 6063 (depending on the number of concurrent displays)

20
Q

Port 6000-6063

A

X11

21
Q

How can we identify Windows hosts and servers

A

ntbscan

22
Q

What is RID Cycling

A

A technique used in the enumeration of user accounts in Windows environments

23
Q

What is a RID

A

A part of the SID in Windows that identifies user or group accounts within a domain

24
Q

What does RID stand for

A

Relative Identifier

25
Q

What does SID stand for

A

Security Identifier

26
Q

What is the RID in this SID and where is it located (S-1-5-21-XXXXXXXXXX-YYYYYYYYYY-ZZZZZZZZZZ-500)

A

RID is 500 and is located at the end of the SID

27
Q

How can we enumerate users with RID cycling

A

By incrementing the RID value to discover other accounts

28
Q

How do we being RID cycling

A

We need to establish a NULL session to the host

29
Q

How to establish a NULL session to a host

A

net use \\ipc$ “” /u:””

30
Q

How can we enumerate users with SNMP

A

If a community string can be found (default, dictionary, bruteforced) then user names on hosts can be enumerated (community strings should be treated like passwords)

31
Q

How can we enumerate users with LDAP

A

Load ldap.exe, connect/bind to the server using anonymous credentials, select VIEW > TREE and we get a drop down of users

32
Q

What is WSUS

A

A Windows patching manager which provides integration with AD and a web interface to manage deployment of patches

33
Q

MSSQL Default SA Password

A

Default installations of MSSQL do not have a default password for the sa user

34
Q

What command can be used to execute commands within MSSQL

A

XP_CMDSHELL

35
Q

How to get the byte length of IPv4, IPv6, MAC Address, MD5 and SHA1

A

If we remember the Bit length we can divide by 8 to get the Byte length

36
Q

IPv4 Bit length

A

32

37
Q

IPv6 Bit length

A

128

38
Q

MAC Address Bit length

A

48

39
Q

MD5 Bit length

A

128

40
Q

SHA1 Bit length

A

160

41
Q

IPv4 Byte length

A

32/8 = 4

42
Q

IPv6 Byte length

A

128/8 = 16

43
Q

MAC Address Byte length

A

48/8=6

44
Q

MD5 Byte length

A

128/8= 16

45
Q

SHA1 Byte length

A

160/8 = 20