Aula 2

Question 1

Footprinting via job sites, viable?

Answer 1

Yes, it is.

Question 2

TTL near 128 = ?

Answer 2

Windows machine

Question 3

TTL ~64 = ?

Answer 3

Linux machine

Question 4

TTL ~255 = ?

Answer 4

Mac OS/ Solaris

Question 5

Which hacking phase “scanning” process is?

Answer 5

PRE-ATTACK

Question 5

Which hacking phase “scanning” process is?

Answer 5

PRE-ATTACK

Question 6

nmap -p IP

-p = ????

Answer 6

specific (s) port (s) scanning

Question 7

nmap -sV IP

-p = ????

Answer 7

Conteudo + versão, o que está rodando (serviço) e versão instalada/em execução

Question 8

IP + Port + Protocol = ????????????

Answer 8

SOCKET

Question 9

nmap -sn- PE network ???????????

Answer 9

Ping Sweep - a method to discover devices within a network as long as they are turned on and connected

Question 10

nmap default scanning

Answer 10

HALF OPEN is the standard, it send SYN and receives an ACK, it doesn´t perform a THREE-WAY HANDSHAKE

Question 11

TCP CONNECT/ FULL OPEN SCAN = ???

Answer 11

nmap with “-sT”

Question 12

how to scan udp in nmap?

Answer 12

nmap with “-sU”, there is no 3-way handshake, it is DATAGRAM, needs to add WHICH PORT you want to scan, example:

nmap -sU -p 53 IP

port 53 = DNS

Question 13

INVERSE TCP flag scan

Answer 13

Probe Packet FIN, URG, PSH, NULL, instead of SYN

Port Open? - NO response

Port Closed? - RST/ACK

Question 14

hping3 -X - which flags?

Answer 14

FIN/URG/PSH = MERRY XMAS/ XMAS SCAN

Question 15

XMAS SCAN works in a WIN machine?

Answer 15

NOOO, it works only in UNIX/LINUX machines, windows didn’t implement correctly RFC 793

Question 16

nmap -O = ???????

Answer 16

descobrir SO do alvo

Question 17

Packet fragmentantion with nmap

Answer 17

nmap “-f”

Question 18

Source port manipulation with nmap

Answer 18

nmap “-g” IP or “source port”

Question 19

nmap IP Address Decoy

Answer 19

nmap “-D” RND:10

or

nmap “-D” decoy1,decoy2…

used to evade IDS or Firewall

Question 20

TCP/UDP 53

Answer 20

Domain Name System (DNS) Zone Transfer

Question 21

TCP/UDP 135

Answer 21

Microsoft PC Endpoint Mapper

Question 22

UDP 137

Answer 22

NetBIOS Name Service (NBNS)

Question 23

TCP 139

Answer 23

NetBiOs Session Service (SMB ONr NeROS)

Question 24

TCP/UDP 445

Answer 24

SMB Over TOP (Direct Host)

Question 25

UDP 161

Answer 25

Simple Network Managiment Protocol (SNMP)

Question 26

TCP/UDP 389

Answer 26

Lightweigh: Diroctory Access Protocol (LDAP)

Question 27

TCP 2049

Answer 27

Network File System (NFS)

Question 28

TCP 25
587 (Brazil)

Answer 28

Simple Mail Transfer Protocol (SMTP)

Question 29

TCP/UDP 162

Answer 29

SNMP Trap

Question 30

UDP 500

Answer 30

ISAKMP/internet Key Exchange (IKE)

Question 31

TCP 22

Answer 31

Secure Shell (SSH)

Question 32

Tree-based Vulnerability assessment approach

Answer 32

Indica: escaneia o alvo sem incorporar qualquer informação durante o scanning