Chapter 5 Tools of the trade Flashcards
What is a GUI in the context of operating systems?
A GUI, or graphical user interface, allows users to interact with the system through graphical elements like windows, icons, and buttons.
Why might one need to use the command line interface (CLI) instead of a GUI?
The CLI allows for more advanced and detailed control over the system, which may be necessary for certain tasks that GUIs cannot handle.
What is CMD in Windows?
CMD, or Command Prompt, is the classic command shell in Windows for executing commands and running scripts.
What is PowerShell and how is it different from CMD?
PowerShell is a more advanced shell in Windows that allows for more complex commands and scripting compared to CMD.
What is a shell in the context of operating systems?
A shell is a user interface for accessing an operating system’s services, typically through a command-line interface.
What is a bash shell?
The bash shell is a Unix shell and command language that is the default shell on many Linux distributions and macOS.
What is SSH used for?
SSH, or Secure Shell, is used to securely connect to a remote system’s shell over a network.
How does the ping command help in network diagnostics?
Ping checks the connectivity to another system by sending packets and measuring the response time, verifying that the systems are physically connected and can communicate.
What is the purpose of the ping -t command in Windows?
The ping -t command sends continuous ping requests to a specified address until stopped, unlike the default four pings.
What does the ipconfig command do in Windows?
ipconfig displays network configuration details such as IP addresses, subnet masks, and default gateways for all network adapters.
What additional information does ipconfig /all provide?
ipconfig /all provides detailed network information, including the physical (MAC) address and DHCP details.
What is the difference between ipconfig and ifconfig?
ipconfig is used in Windows, while ifconfig is used in Unix-based systems like Linux and macOS to configure and display network interface parameters.
How do you release and renew a DHCP lease using ipconfig?
Use ipconfig /release to release the current DHCP lease and ipconfig /renew to request a new lease.
What does the ipconfig /flushdns command do?
ipconfig /flushdns clears the DNS resolver cache, which can help resolve DNS-related issues.
Why is ping considered a fundamental networking tool?
Ping is simple, widely available on all systems, and provides quick verification of network connectivity and basic troubleshooting.
What can cause ping to fail even if the target system is operational?
A firewall on the target system might block ping requests, preventing responses.
What command would you use to verify that DNS resolution is working?
Use ping followed by a domain name to see if it resolves to an IP address, indicating that DNS resolution is functioning.
What is a common use of the ping command for security professionals?
Security professionals use ping to verify connectivity and network paths, and to troubleshoot network issues.
What are the benefits of using a command line interface (CLI)?
The CLI allows for scripting and automation of repetitive tasks, providing more detailed control and efficiency compared to GUIs.
What are the common types of shells in Windows?
CMD (Command Prompt) and PowerShell.
What is the primary use of PowerShell?
PowerShell is used for advanced system administration tasks, automation, and configuration management in Windows.
Name some shells available in Linux.
Bash, Zsh, and other Unix-like shells.
What is the Python shell used for?
The Python shell is used for executing Python commands and scripts directly.
How can using shells benefit system administrators?
Shells enable system administrators to automate tasks, manage systems efficiently, and perform complex configurations.
What is a reverse shell?
A reverse shell allows an attacker to remotely access and control a victim’s machine by reversing the connection back to the attacker’s machine.
What tool is commonly used to create reverse shells?
Netcat (nc).
What is Netcat and how is it used in reverse shells?
Netcat is a networking utility used for reading and writing data across network connections. In reverse shells, it can be used to listen on a port and execute commands remotely.
How can attackers trick victims into executing a reverse shell?
Attackers may use phishing emails or other social engineering tactics to trick victims into downloading and running malicious scripts.
What are some methods to prevent reverse shell attacks?
Educating users about phishing, using antivirus and anti-malware tools, implementing strong network security measures, and monitoring network traffic.
What are advanced persistent threats (APTs)?
APTs are long-term targeted attacks where attackers maintain a persistent presence on a network, often using techniques like reverse shells and backdoors.
What are some tools that can be used for penetration testing and exploiting vulnerabilities?
Metasploit Framework and Cobalt Strike.
What are legitimate uses of shells in system administration?
Running system commands, scripting for automation, managing network configurations, and troubleshooting issues.
Why is scripting important in the context of shells?
Scripting allows for automation of repetitive tasks, ensuring consistency and saving time for system administrators.
How do you spawn the Windows command line interface?
By using cmd.exe.
How can you open the command prompt with administrative privileges?
Go to the Start menu, type cmd, right-click on the command prompt, and select “Run as administrator.”
What command returns the name of your computer in Windows?
hostname
What command shows the current user in the command prompt?
whoami
How can you create and run a simple batch file in Windows?
Use Notepad to write commands (e.g., hostname and whoami), save the file with a .bat extension, and run it from the command prompt.
What command displays all the environment variables and their values?
set
How do you set a new environment variable in the command prompt?
set FaveColor=”Yellow”
How can you start PowerShell from within the command prompt?
Type powershell and press Enter.
How do you return to the regular command prompt from PowerShell?
Type exit in PowerShell.
Why might you need to use the command line instead of the GUI?
For tasks that require elevated privileges or for scripting and automating repetitive tasks.
What is the prefix in Windows 10 that indicates you are in a PowerShell prompt?
PS
What is the benefit of creating batch files?
Batch files allow you to automate repetitive tasks and create complex scripts to manage the system more efficiently.
How can environment variables be useful?
They can be used to store configuration values that applications may need to reference.
Can you run PowerShell commands from the regular command prompt?
Yes, by starting PowerShell from within the command prompt
What is Microsoft PowerShell?
An object-oriented scripting language and command-line shell designed for system and network administrators
On which platforms can Microsoft PowerShell run?
Windows, macOS, and Linux.
What is the file extension for PowerShell scripts?
ps1
How do you start PowerShell with administrative privileges?
Type PowerShell in the Start menu, right-click, and select “Run as administrator.”
What does it mean that PowerShell is object-oriented?
Outputs in PowerShell are objects with properties and methods, unlike text-based outputs in older shells.
How can you list all the modules available in PowerShell?
Use Get-Module -ListAvailable.
How can you get a list of all physical disks in a machine using PowerShell?
Use the Get-PhysicalDisk cmdlet.
What does piping do in PowerShell?
Piping (|) passes the output of one cmdlet to another for further processing.
How do you filter a list of running services in PowerShell?
Get-Service | Where-Object { $_.Status -eq ‘Running’
How do you select specific properties of an object in PowerShell?
Use the Select-Object cmdlet, e.g., Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size.
What command retrieves the current execution policy in PowerShell?
Get-ExecutionPolicy
How do you change the execution policy in PowerShell?
Use the Set-ExecutionPolicy cmdlet.