Chapter 2.2 Flashcards
Kerberos
Kerberos is the preferred method in a Windows domain using a ticket granting system to login and access resources on the network.
Zenmap
Zenmap is the GUI (Graphical User Interface) version for Nmap. Also known as Nmap Security Scanner, it uses diverse methods of host discovery.
–traceroute
Using the –traceroute switch with Zenmap, the GUI can record the path to an IP target address and present the route in a graphical view, like a map.
nmap
The basic syntax of an nmap command is to give the IP subnet (or IP address) to scan. When used without switches, it pings and sends a TCP ACK packet to ports 80 and 443 to determine whether a host is present. This is a command line view.
-sn
Nmap, by default, does a host discovery and port scan. Using a -sn switch suppresses the port scanning.
%SystemRoot%\NTDS\NTDS.DIT file
The %SystemRoot%\NTDS\NTDS.DIT file stores domain user passwords and credentials. Employees commonly use their domain credentials to login to do work and gain access to corporate information.
netstat
The netstat command allows the admin to check the state of ports on the local machine (Windows or Linux). He or she may also be able to identify suspect remote connections to services on the local host or from the host to remote IP (Internet protocol) addresses.
netcat
The netcat (or nc for short) is a remote access software that is available for both Windows and Linux. It can be used as a backdoor to other servers. Netcat (nc) is a remote access trojan (RAT) that is available for both Windows and Linux.
ipconfig
The ipconfig command only provides network adapter information such as the IP address of the server.
ip
The ip command is a replacement to the ifconfig command that is used on Linux servers. It serves the same functionality as the ipconfig command used on the Windows operating system.
Microsoft Policy Analyzer
Microsoft’s Policy Analyzer is part of the Security Compliance Toolkit (SCT). It compares scanned hosts with a template of controls and configuration settings to determine system compliance.
CVE
VEs (Common Vulnerabilities and Exposures) can be used by Nessus scanner to compare and find vulnerabilities in commonly used systems. Vulnerability scans and security compliance audits can be gathered all at once with Nessus.
ping switches
The -t switch pings the specified server name or IP (Internet protocol) address until stopped. Typing CTL+C on the keyboard will stop the pings.
The -n switch sets the number of echo requests to send. The standard send count is four. The number can be specified after the -n switch.
The -S switch, which is a capital S, is used to specify a source address to use that is different from the server that the admin is initiating the ping command from.
The -r switch records route for count hops. This is used for IPv4 addresses.
banner grabbing
Banner grabbing refers to probing a server like OS fingerprinting; however, it also involves opening random connections to common port or network protocols and gathering information from banner or error responses.
OS fingerprinting
OS (operating system) fingerprinting is a method used by Nmap to probe hosts for running OS type and version, and even application names and device type (e.g., laptop or virtual machine).
Meterpreter
Meterpreter is a very advanced and dynamic exploit module (or payload) that uses in-memory DLL injection stagers. Stagers create a network connection between the hacker and the target. Since the stagers are in memory and never written to disk, any trace can be removed with a restart of the server.
Nessus
Nessus is a vulnerability scanner from Tenable. A hacker may use a vulnerability scanner to seek out easy targets (e.g., open ports) to plan for an attack.
Nexpose
Managed by Rapid7 along with Metasploit, Nexpose is a vulnerability scanner that is similar to Nessus.
credential scans
A credentialed scan is given a user account with logon rights to various hosts. This method allows much more in-depth analysis, especially in detecting when applications or security settings may be misconfigured.
non-credential scans
A non-credentialed scan is one that proceeds without being able to log on to a host. Consequently, the only view obtained is the one that the host exposes to the network.
John the Ripper
John the Ripper is compatible with multiple platforms such as Windows, MAC OS X, Solaris, and Android, and is primarily used as a password hash cracker.
Cain and Abel
Cain and Abel is used to recover Windows passwords and includes a password sniffing utility.
THC Hydra
THC Hydra is often used against remote authentication using protocols such as Telnet, FTP (file transfer protocol), HTTPS (hypertext transfer protocol secure), SMB (server message protocol), etc.
Aircrack
Aircrack-ng is a suite of utilities designed for wireless network security testing. The specific tool, which is also called aircrack-ng, can decode the authentication pre-shared key or password for WEP, WPA, and WPA2 using a dictionary word or a relatively short key.
Microsoft Security Compliance Toolkit
The Microsoft Security Compliance Toolkit includes the Policy Analyzer Tool and the Local Group Policy Object (LGPO) Tool. Both are necessary to assess the local policies from a baseline and automate changes where needed.
SCCM
Microsoft System Center Configuration Manager (SCCM) is a software management suite to manage a large amount of systems on multiple platforms. It does not include a policy analyzer tool and a LGPO tool.
UPS
In general, the first step in restoring services involves enabling and testing power delivery systems, such as a power grid, generators, and even UPSs (uninterruptible power supplies). Without power, IT systems and network equipment cannot run.
OUI Grabbing
OUI (Organizationally Unique Identifier) grabbing is like banner grabbing or OS fingerprinting. The OUI can identify the manufacturer of the network adapter and therefore, conclude other assumptions related to system type and/or purpose.
inSSIDer
inSSIDer is a software that can survey Wi-Fi networks to determine SSID, BSSID (wireless access point MAC address), frequency band, and radio channel.