Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH Exam Guide 3rd Ed, for CEH Exam v9 > Chapter 2 - Reconnaissance (Footprinting and Reconnaissance) > Flashcards

Chapter 2 - Reconnaissance (Footprinting and Reconnaissance) Flashcards

1
Q

4 Focuses and Benefits of Footprinting

A

Know the security posture

Reduce the focus area (network range, # of targets , etc)

Identify vulnerabilities

Draw a network map

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Active vs Passive Footprinting

A

Active - requires attacker to touch the device, network or resource. ie social engineering, scanning IP addresses

Passive - collecting information from public sources. Checking websites, looking at DNS records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CEH Defined examples of passive footprinting

A 
dumpster diving
gathering competitive intelligence 
using search engines
browsing social media
gaining network ranges
raiding DNS for information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sources of competitive information

A

EDGAR - www.sec.gov/edgar.shtml
Hoovers - www.hoovers.com
LexisNexis
Businesswire.com

secinfo. com
experian. com
marketwatch. com
twst. com
euromonitor. com
alexa. com for traffic statistics
finance. google.com for stock performance (milestones)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CEH Examples of Active Footprinting

A

social engineering
human interaction
anything that requires hacker to interact with the organization

it involves expositing your information gathering to discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Google Hacking

http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302

site digger (www.mcafee.com)

metagoofil (www.edge-security.com)

A

using a search string with specific operators to search for vulnerabilities

filetype:xxxx
index of /string
info:string
intitle:string
inurl:string
link:string
related:webpagename
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Google Hacking

http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302

site digger (www.mcafee.com)

metagoofil (www.edge-security.com)

A

using a search string with specific operators to search for vulnerabilities

filetype:xxxx
index of /string
info:string
intitle:string
inurl:string
link:string
related:webpagename
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Email Tracking Methods

A

view email header

use email tracking tools like mailtracking.com or emailtracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DNS Footprinting

A

Can tell attacker where your services are located

which servers hold your DNS records
which servers run your email
which severs run your websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DNS Record Types

SRV
SOA
PTR
NS
MX
CNAME
A
A

SRV - Service, defines hostname and port number

SOA - Start of Authority. ID’s primary name server for the zone.

PTR - Pointer. Maps IP address to hostname providing for reverse DNS lookups. Not required for each entry in DNS but usually found with email server records

NS - Name Server. Defines name servers in your namespace

MX - Mail Exchange. ID’s your email servers

CNAME - Canonical Name. Provides domain name aliases in your zone. i.e. you may have an FTP service and Web service on the same IP address. CNAME records could be used to list both

A - Address. maps an IP address to a hostname, mostly used for DNS lookups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DNS Record Types

SRV
SOA
PTR
NS
MX
CNAME
A
A

SRV - Service, defines hostname and port number

SOA - Start of Authority. ID’s primary name server for the zone. Contains loads of useful information to the pen tester.

PTR - Pointer. Maps IP address to hostname providing for reverse DNS lookups. Not required for each entry in DNS but usually found with email server records

NS - Name Server. Defines name servers in your namespace

MX - Mail Exchange. ID’s your email servers

CNAME - Canonical Name. Provides domain name aliases in your zone. i.e. you may have an FTP service and Web service on the same IP address. CNAME records could be used to list both

A - Address. maps an IP address to a hostname, mostly used for DNS lookups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DNS Poisoning

A

Attacker changes the cache on the local name server to redirect users to a server he controls

Mitigates by DNSSEC extensions in 1999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Using nslookup as an attacker

A

find name servers for the target
type nslookup to get into interactive mode
type ‘server servername’ to change to target’s server
perform dns queries, zone transfer, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Additional Footprinting Tools

web spiders

Maltego

Social Engineering Framework (SEF)

A

web spiders

Maltego - OSINT and forensics

Social Engineering Framework
can extract email addresses from websites, perform general prep for SE. Can tie into Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What port does DNS Zone Transfer use?

A

TCP 53

not UDP 53 like DNS lookups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Note to self

Know the common google hacking commands and practice them

A

allintitle operator allows for combination of strings in the title.

inurl looks only in the URL of the stie

filetype:xxxx
index of /string
info:string
intitle:string
inurl:string
link:string
related:webpagename

CEH Exam Guide 3rd Ed, for CEH Exam v9 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions