Chapter 5 - 8

Question 1

SAM Files

Answer 1

Security Accounts Manager File - Windows store credential in SAMs File. C:\windows\system32\config v

Question 2

LM Authentication

Answer 2

DES

Question 3

NTLM

Answer 3

DES and MD4 (V2 MD5)

Question 4

WINDOWS registry

Answer 4

is a collection of all the setting and configurations that make the system run - made up of keys and values

Question 5

Hacking Steps

Answer 5

Reconnaissance, Scanning , Gaining Access, Maintaining Access, Clearing Tracks

Question 6

Net view /domain:domainname

Answer 6

Show all systems on a domain

Question 7

net view \systemname

Answer 7

provide a list of open shares on the system named

Question 8

net use \target\ipc$ “” /u: ‘’

Answer 8

set up a null sessions

Question 9

Passive online attack

Answer 9

Sniffing a wire in the hopes of either intercepting a password in clear text or replay attack or a man in the middle attack

Question 10

Vertical Escalation

Answer 10

When a lower level user executes code at a high privilege level than they should have access to

Question 11

Horizontal Escalation

Answer 11

Excuting code at the same user

Question 12

Kerberos

Answer 12

Uses both Symmetric and Asymmetric encryption. technologies to securely transmit passwords and keys across a network. (TGT TGS AS KDC)

Question 13

Important Keys

Answer 13

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\RunServiceOnce ( RunServices RunOnce Run)

Question 14

Attack types

Answer 14

Non- Electronic, Active Online, Passive online , Offline

Question 15

DLL Hijacking

Answer 15

Replacing legitimate DLL with malicious copies in the application root folder

Question 16

New Technology File System

Answer 16

NTFS file streaming allows you to hide files virtually behind any other file.

Question 17

Types of Logs

Answer 17

Application, Security, Systems

Question 18

Rootkit

Answer 18

Collection of software put in place by an attacker that is designed to obscure system compromise (backdoor)

Question 19

Type of Rootkits

Answer 19

Hypervisor Level, Hardware, Boot loader level, application Level, Kernel Level and Library Level

Question 20

IETF

Answer 20

Internet Engineering Task Force - Create engineering documents to help improve the internet

Question 21

W3C

Answer 21

World Wide Web Consortium - International Community working together to develop web standards

Question 22

OWASP

Answer 22

Open Web Application Security Project - Focused on improve the security of software

Question 23

Apache configuration

Answer 23

http.conf

Question 24

IIS configuration

Answer 24

Spawns shells as LOCAL_SYSTEM

Question 25

N-tier architecture

Answer 25

Distributes processes across multiple servers - Each tier consists of a single role carried out by one

Question 26

Three Tier Architecture

Answer 26

Presentation Tier, Logic Tier and Data Tier

Question 27

HTML entity

Answer 27

Way of telling the browser to display certain character it would otherwise look at as a tag or part of the programming itself and

Question 28

HTTP request methods

Answer 28

GET, HEAD, POST, PUT, DELETE,TRACE and CONNECT§

Question 29

DNS Amplification

Answer 29

Attack manipulating recursive DNS to DoS a target

Question 30

Web 2.0

Answer 30

Different method of creating website and applications (dynamic web pages) web 1.0 using static HTML

Question 31

LDAP Injection

Answer 31

)(&) after username then any password

Question 32

SOAP Injection

Answer 32

Inject malicious queries

Question 33

Buffer Overflow

Answer 33

Also known as Smashing the stack is an attempt to write more data into an application prebuilt buffer to overwrite adjacent memory, execute code or crash a system

Question 34

CSRF

Answer 34

Cross Site Request Forgery - Get user to execute unwanted actions on a web application on which they are currently authenticated

Question 35

HTTP Response Splitting

Answer 35

Adding header response data to an input field so the server splits the response in a couple directions - second header can be controlled and used for malicious reasons

Question 36

802.11i

Answer 36

WLAN

Question 37

802.16

Answer 37

Global development of broadband wireless metropolitan area network

Question 38

modulation

Answer 38

the practice of manipulating properties of a waveform

Question 39

OFDM Wavelength

Answer 39

Orthogonal Frequency-Division Multiplexing - Works with several waveforms, simultaneously carrying messages back and forth

Question 40

DSS

Answer 40

Direct-sequence spread spectrum - combing all wavelengths into a single purpose

Question 41

Ad hoc mode

Answer 41

Wireless systems connect directly to other systems as if a cable were strung between the two

Question 42

Infrastructure mode

Answer 42

Uses an access point (AP) to funnel all wireless connections through

Question 43

BSS (Basic Service Area)

Answer 43

Single AP and its client is known as a basic service sent

Question 44

ESS

Answer 44

As client move from one AP in your subnet to another - dissociated with one AP and (re)associate with another seamlessly

Question 45

Omnidirectional Antenna

Answer 45

360 degrees from sourse

Question 46

Directional Antenna

Answer 46

Focusses in a specific direction

Question 47

Dipole

Answer 47

Two signal towers and work omnidirectional

Question 48

SSID

Answer 48

Service set identifier - text word (32 characters or less) that distinguishes wireless networks (part of the header in every packet)

Question 49

WEP

Answer 49

Wireless equivalent privacy - 40 bits to 232-bit keys in RC4 encryption algorithm - reuses initialisation vectors

Question 50

WPA

Answer 50

Wifi Protected Access (WPA or WPA2) - Uses TKIP 128 - bit key - changes key every 10000 packets

Question 51

WPA2

Answer 51

Can tie Extensible Authentication Protocol (EAP) - Uses AES for encryption

Question 52

Untethered

Answer 52

Kernel will remain patched

Question 53

Semi-tethered

Answer 53

Reboot no longer trains the patched kernel but the software has already been added to the device, there for if admin privileges are required the installed jail breaking tool can be used)

Question 54

tethered

Answer 54

Reboot removes all jailbreaking patched and the phone may be stuck in a perpetual loop on start up, requiring a system connection, such as a usb to repair)