CH 7 - System Hacking

Question 1

What are the three times that are typically stored as part of file metadata?

A. Moves, adds, changes
B. Modified, accessed, deleted
C. Moved, accessed, changed
D. Modified, accessed, created

Answer 1

D.
Modified, accessed, created

Question 2

What is it called when you obtain administrative privileges from a normal user account?

A. Privilege escalation
B. Account migration
C. Privilege migration
D. Account escalation

Answer 2

A.
Privilege escalation

Question 3

What does John the Ripper’s single crack mode, the default mode, do?

A. Checks every possible password
B. Uses known information and mangling rules
C. Uses a built‐in wordlist
D. Uses wordlist and mangling rules

Answer 3

B.
Uses known information and mangling rules

Question 4

What is the trade‐off for using rainbow tables?

A. Disk space prioritized over speed
B. Accuracy prioritized over disk space
C. Speed prioritized over accuracy
D. Speed prioritized over disk space

Answer 4

D.
Speed prioritized over disk space

Question 5

Which of these is a reason to use an exploit against a local vulnerability?

A. Pivoting
B. Log manipulation
C. Privilege escalation
D. Password collection

Answer 5

C.
Privilege escalation

Question 6

What is it called when you manipulate the time stamps on files?

A. Time stamping
B. Timestomping
C. Meta stomping
D. Meta manipulation

Answer 6

B.
Timestomping

Question 7

What would an attacker use an alternate data stream on a Windows system for?

A. Hiding files
B. Running programs
C. Storing PowerShell scripts
D. Blocking files

Answer 7

A.
Hiding files

Question 8

Which of these techniques might be used directly to maintain access to a system?

A. Run key in the Windows Registry
B. Alternate data stream
C. .vimrc file on Linux
D. PowerShell

Answer 8

A.
Run key in the Windows Registry

Question 9

If you were looking for reliable exploits you could use against known vulnerabilities, what would you use?

A. Tor network
B. Meterpreter
C. msfvenom
D. Exploit‐DB

Answer 9

D.
Exploit‐DB

Question 10

What might an attacker be trying to do by using the clearev command in Meterpreter?

A. Run an exploit
B. Manipulate time stamps
C. Manipulate log files
D. Remote login

Answer 10

C.
Manipulate log files

Question 11

You find after you get access to a system that you are the user www‐data. What might you try to do shortly after getting access to the system?

A. Pivot to another network
B. Elevate privileges
C. Wipe logs
D. Exploit the web browser

Answer 11

B.
Elevate privileges

Question 12

You’ve installed multiple files and processes on the compromised system. What should you also look at installing?

A. Registry keys
B. Alternate data streams
C. Rootkit
D. Root login

Answer 12

C.
Rootkit

Question 13

What does pivoting on a compromised system get you?

A. Database access
B. A route to extra networks
C. Higher level of privileges
D. Persistent access

Answer 13

B.
A route to extra networks

Question 14

What would you use the program rtgen for?

A. Generating wordlists
B. Generating rainbow tables
C. Generating firewall rules
D. Persistent access

Answer 14

B.
Generating rainbow tables

Question 15

Which of these would be a way to exploit a client‐side vulnerability?

A. Sending malformed packets to a web server
B. Sending large ICMP packets
C. Sending a crafted URL
D. Brute-force password attack

Answer 15

C.
Sending a crafted URL

Question 16

What is one outcome from process injection?

A. Hidden process
B. Rootkit
C. Alternate data streams
D. Steganography

Answer 16

A.
Hidden process

Question 17

Which tool would you use to compromise a system and then perform post‐exploitation actions?

A. nmap
B. John the Ripper
C. searchsploit
D. Metasploit

Answer 17

D.
Metasploit

Question 18

What application would be a common target for client‐side exploits?

A. Web server
B. Web browser
C. Web application firewall
D. Web pages

Answer 18

B.
Web browser

Question 19

What are two advantages of using a rootkit?

A. Installing alternate data streams and Registry keys
B. Creating Registry keys and hidden processes
C. Hiding processes and files
D. Hiding files and Registry keys

Answer 19

C.
Hiding processes and files

Question 20

What could you use to obtain password hashes from a compromised system?

A. John the Ripper
B. mimikatz
C. Rainbow tables
D. Process dumping

Answer 20

B.
mimikatz

Question 21

What technique would you use to prevent understanding of PowerShell scripts that had been logged?

A. Encoding
B. Obfuscation
C. Rainbow tables
D. Kerberoasting

Answer 21

B.
Obfuscation

Question 22

What technique might be mostly likely to be used to gather credentials from a remote system on a Windows network?

A. Kerberoasting
B. Fuzzing
C. Rootkits
D. Powershell Scripting

Answer 22

A.
Kerberoasting

Question 23

What language might be most likely to be used by attackers who want to live off the land on Windows systems?

A. Ruby
B. Python
C. cmdlets
D. PowerShell

Answer 23

D.
PowerShell

Question 24

If you wanted to identify vulnerabilities previously undiscovered in an application, including a network service, what tool might you use?

A. Rubeus
B. Ophcrack
C. John the Ripper
D. Peach

Answer 24

D.
Peach

Question 25

What operating system–agnostic interface might you use if you had compromised a system?

A. Rubeus
B. Meterpreter
C. Empire
D. Ophcrack

Answer 25

B.
Meterpreter