Chapter 6 - Enumeration Flashcards
What are RPCs primarily used for?
A. Interprocess communications
B. Interprocess semaphores
C. Remote method invocation
D. Process demand paging
A.
Remote procedure calls are a way for processes on one system to communicate with processes on another system. This does not preclude two processes on the same system com- municating, of course. Semaphores are another concept in computer science that can enable interprocess communication. Remote method invocation is a way for Java programs to implement interprocess communications. Process demand paging isn’t a thing.
What would you be trying to enumerate if you were to use enum4linux?
A. Procedures
B. Linux-based services
C. Shares and/or users
D. Memory utilization
C.
enum4linux is a tool that makes use of other, underlying tools to scan systems that have implemented SMB. This means enum4linux can be used to enumerate shares or users, as well as other information. None of the other options is valid.
How do you authenticate with SNMPv1?
A. Username/password
B. Hash
C. Public string
D. Community string
D.
SNMPv3 implemented username and password authentication. With version 1, you used a cleartext community string. SNMP doesn’t use hashes, and while the word public is often used to describe a community string, a public string is not a way to authenticate with SNMPv1.
What SMTP command would you use to get the list of users in a mailing list?
A. EXPD
B. VRFY
C. EXPN
D. VRML
C.
The SMTP command used to expand a mailing list alias to get the underlying email addresses that belong to that mailing list or group is EXPN. The command VRFY is verify, and the other two are not valid SMTP commands.
What type of enumeration would you use the utility dirb for?
A. Directory listings
B. Directory enumeration
C. Brute-force dialing
D. User directory analysis
B.
The utility dirb uses a word list to attempt to enumerate directories available through a web server that may not be available by looking at all the pages and links in the site.
What are data descriptions in SNMP called?
A. Management-based information
B. Data structure definition
C. Extensible markup language
D. Management information base
D.
SNMP can be used to retrieve information from remote systems. This information has to be described, including the different data types. All of the information available is described in a management information base (MIB). The Extensible Markup Language (XML) is a way of packaging data in a structured way, but it is not used in SNMP.
What is the process Java programs identify themselves to if they are sharing procedures over
the network?
A. RMI registry
B. RMI mapper
C. RMI database
D. RMI process
A.
Interprocess communications across systems using a network is called remote method invocation. The process with which programs have to communicate to get a dynamic port allocation is the RMI registry. This is the program you query to identify services that are available on a system that has implemented RMI.
You are working with a colleague, and you see them interacting with an email server using the VRFY command. What is it your colleague is doing?
A. Verifying SMTP commands
B. Verifying mailing lists
C. Verifying email addresses
D. Verifying the server config
C.
The extended SMTP (ESMTP) protocol has a command that is abbreviated VRFY that is used to verify email addresses. A mail server may or may not have exposed this command, even if the server software supports ESMTP. Expanding mailing lists is EXPN. You wouldn’t use VRFY for a mailing list in that same sense. The other two don’t have specific commands that are specified in the SMTP protocol definition.
What is the SMB protocol used for?
A. Data transfers using NFS
B. Data transfers on Windows systems
C. Data transfers for email attachments
D. Data transfers for Windows Registry updates
B.
The Server Message Block (SMB) protocol is used for multiple functions on Windows networks. One of them is to transfer files (data) from one system to another. Email attach- ments would be transmitted using SMTP. NFS manages its own data transfer when files are being copied from one system to another. There are no data transfers specifically for Win- dows Registry updates.
Which of these is a built-in program on Windows for gathering information using SMB?
A. nmblookup
B. smbclient
C. Metasploit
D. nbtstat
D.
The program nmblookup can be used on Linux systems. smbclient is a program that comes with a Samba installation that can be used to interact with a system using SMB. Metasploit has a lot of functions, but it’s not built into Windows. The program nbtstat, though, can be used to gather information using SMB, and it is a program that is installed with Windows.
What status code will you get if your attempt to use the VRFY command fails?
A. 550
B. 501
C. 250
D. 200
A.
The status code you would get if your VRFY command failed against an SMTP server is 550. 200 is the status code for success with a web server. The other codes are not valid in this context.
What program would you use to enumerate services? A. smbclient
B. Nmap
C. enum4linux
D. snmpwalk
B.
The programs smbclient and enum4linux may be used to enumerate information using SMB. The program snmpwalk can be used to enumerate information over SNMP. nmap, though, can be used to enumerate services running on all the systems on a network.
What version of SNMP introduced encryption and user-based authentication?
A. 1
B. 2
C. 2c
D. 3
D.
Version 1 of SNMP used community strings. Version 2c also used community strings. Version 2 improved version 1, but it was version 3 that implemented user-based authentica- tion as well as encryption.
Which of these could you enumerate on a WordPress site using wpscan?
A. Plugins
B. Posts
C. Administrators
D. Versions
A.
The program wpscan can be used to enumerate themes, users, and plugins. It can’t be used to enumerate administrators, specifically. It also can’t be used to enumerate posts, and since there would be only a single version, you wouldn’t enumerate versions.
Which of these tools allows you to create your own enumeration function based on ports being identified as open?
A. Metasploit
B. nmap
C. Netcat
D. nbtstat
B.
Metasploit can be extended with user-created programs. However, you wouldn’t call a Metasploit module based on ports being open. Netcat doesn’t do any enumeration, and nbt- stat is a Windows program that can’t be extended. nmap can be extended with user-written scripts. An nmap script includes a port registration so nmap knows to call that script when specific ports are found to be open.