CMP 210 - Penetration Testing

Question 1

What is the purpose of Footprinting?

Answer 1

To gather information essential to an attack and enable an attacker to complete a profile of an organisation

Question 2

Name a physical method of Footprinting

Answer 2

Dumpster Diving
Freedom of Information Act
Social Engineering

Question 3

Name online based techniques of Footprinting

Answer 3

Browsing Anonymously using proxies
DNS Recon
Finding the mail server

Question 4

Name web based tools of Footprinting

Answer 4

Advanced Google Search
Shodan - Google but for IP address activity
GreyNoise - Finds people who are trying to scan the internet

Question 5

What is the 4 step Methodology of Penetration Testing

Answer 5

Footprinting
Scanning
Enumeration
System Hacking

Question 6

What are some things we attempt to discover about our target?

Answer 6

Is our targets computer on?
What is the OS?
What is the version of the OS?
Is there a firewall

Question 7

Which is connection oriented, TCP or UDP?

Answer 7

TCP

Question 8

Which is a connectionless protocol, TCP or UDP?

Answer 8

UDP

Question 9

When it comes to protocols, which is most like a letter and which is most like a phone?

TCP - ?
UDP -?

Answer 9

TCP - Phone
UDP - Letter

Question 10

List 2 application protocols

Answer 10

HTTPs
SSH

Question 11

What protocol is the ping utility apart of?

Answer 11

ICMP

Internet Control Message Protocol

Question 12

How does pinging a target verify a host is active?

Answer 12

Sends an ICMP echo request packet to the host.

If the host is active, it responds by echoing the packet back.

Question 13

What layer in the OSI Model is the ping utility conducted at?

Answer 13

Layer 3 - Network

Question 14

What does OSI stand for

Answer 14

Open Systems Interconnection

Question 15

What is the OSI Model

Answer 15

A model which represents how network communications work.

Question 16

What are the 7 layers in the OSI model?

Answer 16

PDNTSPA

1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

Question 17

What is another name for a ping scan?

Answer 17

ICMP sweep

Question 18

What type of scans are often blocked by firewalls.

Answer 18

Ping Scans

Question 19

What is the main restriction with ARP scans?

Answer 19

Can only perform then on your local network.

Question 20

Which layer in the OSI Model are ARP scans conducted at?

Answer 20

Layer 2 - Data Link

Question 21

Define how you know if a port is open

Answer 21

If the machine has a networked service running

Question 22

What is a network service

Answer 22

connects users in working offices

Question 23

What is on port 80

Answer 23

HTTP (HyperText Transfer Protocl)

Question 24

What is on port 21

Answer 24

FTP (File Transfer Protocl)

Question 25

What is on Port 23

Answer 25

SMTP (Simple Mail Transfer Protocol)

Question 26

What is on Port 53.

Answer 26

DNS (Domain Name System) UDP

Question 27

What is on Port 135 / 445

Answer 27

“Windows Networking”

Question 28

What does the U / URG Flag mean?

Answer 28

Urgent

Question 29

What does the A / ACK Flag mean?

Answer 29

Acknowledgement number valid

Question 30

What does the P / PSH Flag mean?

Answer 30

Push

Question 31

What does the R/RST Flag mean?

Answer 31

Reset Connection Flag

Question 32

What does the S/SYN qFlag mean?

Answer 32

Synchronize sequence number flag

Question 33

What is the 3 Way Connection Procedure in terms of TCP

Answer 33

SYN
SYN/ACK
ACK

Question 34

What does the F/FIN Flag mean?

Answer 34

End of data flag.

Question 35

How are ISNs used? (Initial Sequence Numbers)

Answer 35

Sequence number will be a large random number
Acknowledgement will be the large number + 1

Question 36

Is acknowledgement is required for a data transfer process to continue in TCP?

Answer 36

Yes

Question 37

Is acknowledgement is required for a data transfer process to continue in UDP?

Answer 37

no

Question 38

What is TCP windowing and why does it exist?

Answer 38

There is a receipt for every piece of data transfer, so sending packets individually leads to low throughput.

Therefore windowing sends numerous packets each time instead of one.

It is part of the TCP header.

Question 39

Can you change TCP window size during a data transfer?

Answer 39

Yes they are variable

Question 40

What does a window size of 3 mean?

Answer 40

Sending 3 packets at once, 1 ACK back.

Question 41

Describe the TCP process of closing a connection

Answer 41

FIN
FIN/ACK
ACK

Question 42

What is the 3 purposes of port scanning?

Answer 42

Look for open ports, and hence running services
Look for closed ports
Look for firewalled ports

Gives us more information about what we are dealing with.

Question 43

What are the 3 easiest/most common scans?

Answer 43

TCP Connect Scan
SYN Connect Scan
Fin Connect Scan

Question 44

Describe the TCP Connect Scan

Answer 44

SYN
SYN/ACK
ACK

Question 45

Describe the SYN Connect Scan

Answer 45

SYN
SYN/ACK

Question 46

Describe the Fin Connect Scan

Answer 46

FIN

Question 47

If the port is closed on a TCP connect scan, what is the response?

Answer 47

SYN

RST

Question 48

If the port is open on a TCP connect scan, what is the response?

Answer 48

SYN

SYN ACK

ACK

Question 49

If the port is open on a SYN scan, what is the response?

Answer 49

SYN

SYN ACK

Question 50

If the port is closed on a SYN scan, what is the response?

Answer 50

SYN

RST

Question 51

If the port is closed on a FIN scan, what is the response?

Answer 51

FIN

RST

Question 51

If the port is open on a FIN scan, what is the response?

Answer 51

FIN

No response

Question 52

When scanning a port, if nothing comes back, what does that mean?

Answer 52

Firewall is in place.

Question 53

If the port is open on a UDP port scan, what is the response?

Answer 53

No response

Question 54

If the port is closed on a UDP port scan, what is the response?

Answer 54

“Unreachable” (ICMP)