Deck 1 Flashcards
(138 cards)
1
Q
What should you do if a script is missing in the local scripts directory?
A
You can fix this by running ‘sudo apt update && sudo apt install nmap’ or by manually downloading the script from Nmap and updating the script.db file.
2
Q
What command can you run to manually install a missing NSE script?
A
You can run ‘sudo wget -O /usr/share/nmap/scripts/.nse https://svn.nmap.org/nmap/scripts/.nse’ to download and install the script.
3
Q
What command should you run after manually installing an NSE script to update the script.db file?
A
You should run ‘nmap –script-updatedb’ to update the script.db file after manually installing a script.
4
Q
Where does Nmap store its scripts on Linux?
A
/usr/share/nmap/scripts
5
Q
What is the purpose of the /usr/share/nmap/scripts/script.db file?
A
To search for installed scripts in Nmap.
6
Q
Where can you find a list of all official scripts for Nmap?
A
On the Nmap website.
7
Q
What is the content stored in the script.db file?
A
Filenames and categories for each available script.
8
Q
What is the command to activate NSE scripts from the vuln category?
A
To activate NSE scripts from the vuln category, the command is –script=vuln.
9
Q
What is the command to run multiple scripts simultaneously?
A
To run multiple scripts simultaneously, the command is –script=,.
10
Q
How can arguments be given to NSE scripts using the Nmap switch?
A
Arguments can be given to NSE scripts using the –script-args Nmap switch.
11
Q
How can the built-in help menu for Nmap scripts be accessed?
A
The built-in help menu for Nmap scripts can be accessed using the command nmap –script-help .
12
Q
What language are NSE Scripts written in?
A
NSE Scripts are written in the Lua programming language.
13
Q
What are some categories of NSE Scripts?
A
Some categories of NSE Scripts include safe, intrusive, vuln, exploit, auth, brute, and discovery.
14
Q
What can NSE Scripts be used for?
A
NSE Scripts can be used for scanning for vulnerabilities, automating exploits, reconnaissance, bypassing authentication, and querying running services for further information about the network.
15
Q
What is the purpose of using a ping sweep with Nmap?
A
The purpose of using a ping sweep with Nmap is to obtain a map of the network structure by identifying active hosts based on ICMP echo responses.
16
Q
What does the -sn switch do in Nmap?
A
The -sn switch in Nmap tells it not to scan any ports and rely primarily on ICMP echo packets to identify targets during a ping sweep.
17
Q
What additional packets does the -sn switch cause Nmap to send during a ping sweep?
A
In addition to ICMP echo requests, the -sn switch causes Nmap to send a TCP SYN packet to port 443 and a TCP ACK (or TCP SYN if not run as root) packet to port 80 of the target during a ping sweep.
18
Q
How can you specify IP ranges when performing a ping sweep with Nmap?
A
You can specify IP ranges using either a hyphen (-) or CIDR notation when performing a ping sweep with Nmap.
19
Q
What are NULL scans used for?
A
NULL scans are used to send TCP requests with no flags set at all.
20
Q
What is the expected behavior if a port is protected by a firewall during a NULL, FIN, or Xmas scan?
A
If a port is protected by a firewall during a NULL, FIN, or Xmas scan, the scan will identify the port as open|filtered, closed, or filtered.
21
Q
What is the purpose of FIN scans?
A
FIN scans send a request with the FIN flag and expect a RST response if the port is closed.
22
Q
What is the reason for most modern IDS solutions being savvy to NULL, FIN, and Xmas scan types?
A
Most modern IDS solutions are savvy to NULL, FIN, and Xmas scan types because they are designed to detect these scan techniques and prevent firewall evasion.
23
Q
What is the expected response from network hosts for closed ports according to RFC 793?
A
According to RFC 793, network hosts should respond to malformed packets with a RST TCP packet for closed ports.
24
Q
Why are Xmas scans called Xmas scans?
A
Xmas scans are called Xmas scans because the flags it sets (PSH, URG, and FIN) give it the appearance of a blinking Christmas tree when viewed as a packet capture in Wireshark.
25
What is the main characteristic of UDP connections?
UDP connections are stateless and do not require a handshake.
26
What is one reason why UDP scans tend to be slower compared to TCP scans?
UDP scans tend to be slower due to the difficulty in identifying whether a UDP port is actually open.
27
What is the switch for performing a UDP scan in Nmap?
The switch for performing a UDP scan in Nmap is -sU.
28
What is a good practice when running an Nmap scan with UDP?
A good practice is to run an Nmap scan with --top-ports enabled to scan the top commonly used UDP ports.
29
What type of requests does Nmap usually send when scanning UDP ports?
Nmap usually sends completely empty requests (raw UDP packets) when scanning UDP ports.
30
How does Nmap identify an open UDP port?
When a packet is sent to an open UDP port, there should be no response, and Nmap refers to the port as being open|filtered.
31
What are the advantages of SYN scans over TCP Connect scans?
SYN scans are faster than TCP Connect scans and require sudo permissions to work correctly in Linux.
32
What does it mean if a port is considered filtered?
If a port is considered filtered, it means that it is open but hidden behind a firewall, and the firewall is configured to drop incoming packets.
33
How can a firewall be configured to respond with a RST TCP packet?
A firewall can be configured to respond with a RST TCP packet by using commands such as 'iptables -I INPUT -p tcp --dport -j REJECT --reject-with tcp-reset' in IPtables for Linux.
34
What does it mean when Nmap sends a TCP SYN request and receives nothing back?
When Nmap sends a TCP SYN request and receives nothing back, it indicates that the port is being protected by a firewall and the port is considered to be filtered.
35
What makes it difficult to get an accurate reading of the target when a firewall is configured to respond with a RST TCP packet?
When a firewall is configured to respond with a RST TCP packet, it can make it extremely difficult, if not impossible, to get an accurate reading of the target(s) using Nmap.
36
How does Nmap determine if a port is closed?
Nmap sends a TCP request with the SYN flag set to the closed port, and if the server responds with a TCP packet with the RST flag set, Nmap establishes that the port is closed.
37
What happens when Nmap sends a TCP request to an open port?
If Nmap sends a TCP request to an open port, the target server will respond with a TCP packet with the SYN/ACK flags set.
38
How does Nmap mark a port as open?
Nmap marks a port as open when it receives a TCP packet with the SYN/ACK flags set in response to its TCP request.
39
What is the purpose of the TCP packet with the RST flag set?
The TCP packet with the RST (Reset) flag set is sent by the target server to indicate that the connection does not exist and that the port is closed.
40
What is the purpose of a TCP Connect scan?
The purpose of a TCP Connect scan is to determine whether a TCP port on a target server is open or closed.
41
How does a TCP Connect scan work?
A TCP Connect scan works by performing the three-way handshake with each target port, attempting to establish a connection and determine if the service is open or closed.
42
What are the three stages of the TCP three-way handshake?
The three stages of the TCP three-way handshake are: 1) Sending a TCP request with the SYN flag set, 2) Acknowledging the packet with a TCP response containing the SYN and ACK flags, 3) Sending a TCP request with the ACK flag set to complete the handshake.
43
What are the three basic scan types when port scanning with Nmap?
The three basic scan types when port scanning with Nmap are TCP Connect Scans (-sT), SYN 'Half-open' Scans (-sS), and UDP Scans (-sU).
44
What are some less common port scan types covered in the content?
Some less common port scan types covered in the content are TCP Null Scans (-sN), TCP FIN Scans (-sF), and TCP Xmas Scans (-sX).
45
What is one notable difference between UDP scans and the other scan types discussed?
One notable difference between UDP scans and the other scan types discussed is that UDP scans work differently compared to TCP Connect Scans, SYN 'Half-open' Scans, TCP Null Scans,
TCP FIN Scans, and TCP Xmas Scans.
46
How can you access the help menu for nmap?
By typing nmap -h in the terminal command line.
47
What are switches in nmap?
Command arguments which tell a program to do different things.
48
What tool is commonly used for port scanning?
nmap
49
What is the purpose of port scanning?
The purpose of port scanning is to determine which ports on a target system are open, closed, or filtered by a firewall.
50
What is the purpose of performing a port scan before attacking a target?
To determine which ports are open on the target server.
51
What is the industry standard tool for port scanning?
The industry standard tool for port scanning is Nmap.
52
What is the standard port for HTTP Webservice?
Port 80.
53
What makes Nmap a powerful tool for port scanning?
Nmap is a powerful tool for port scanning because it has extensive functionality and a scripting engine that can be used to scan for vulnerabilities and perform exploits.
54
Why is proper enumeration important before attempting exploitation?
Proper enumeration is important before attempting exploitation because it provides knowledge about the target system or network, allowing for better informed exploitation attempts.
55
What is the purpose of port scanning in the reconnaissance phase of hacking?
The purpose of port scanning is to identify which services are running on the target system or network, providing a map of the 'landscape' to be attacked.
56
What is a port in the context of networking?
A port is a networking construct used by a computer to open a connection and receive network services.
57
How are ports used to establish connections between web browsers and remote webservers?
Ports are used to establish connections between web browsers and remote webservers by connecting an open port listening on the server to a randomly selected port on your own computer.
58
Why are ports used in networking?
Ports are used in networking to direct traffic to the appropriate service when running multiple services on a server or when establishing connections between different network entities.
59
What is the purpose of using different ports when loading multiple webpages in a web browser?
The purpose of using different ports when loading multiple webpages in a web browser is to determine which tab is loading which webpage.
60
What is the purpose of a router?
A router's purpose is to connect networks and pass data between them.
61
What is routing?
Routing is the process of data traveling across networks by creating a path between them.
62
When is routing useful?
Routing is useful when devices are connected by multiple paths.
63
What are switches designed to aggregate?
Switches are designed to aggregate multiple other devices such as computers, printers, or any other networking-capable device using ethernet.
64
What is the main advantage of switches over hubs/repeaters?
Switches are much more efficient than hubs/repeaters as they keep track of what device is connected to which port and only send packets to the intended target, reducing network traffic.
65
Where are switches usually found?
Switches are usually found in larger networks such as businesses, schools, or similar-sized networks, where there are many devices to connect to the network.
66
What is the purpose of connecting switches and routers to each other in a network?
Connecting switches and routers increases the redundancy (reliability) of a network by adding multiple paths for data to take. If one path goes down, another can be used.
67
What is the main characteristic of a ring topology?
The main characteristic of a ring topology is that devices are connected directly to each other to form a loop.
68
How does data travel in a ring topology?
Data travels across the loop in a ring topology until it reaches the destined device, using other devices along the loop to forward the data.
69
In a ring topology, when will a device send received data from another device?
A device in a ring topology will only send received data from another device if it does not have any data to send itself.
70
What is a potential disadvantage of a ring topology when it comes to data traveling?
A potential disadvantage of a ring topology is that data may have to visit many multiple devices before reaching the intended device, making it less efficient for data traveling across a network.
71
What is a disadvantage of the bus topology?
A disadvantage of the bus topology is that there is little redundancy in place in case of failures.
72
What is the backbone cable in a bus topology?
The backbone cable in a bus topology is a single connection that all devices in the topology stem from.
73
What happens if the backbone cable in a bus topology breaks?
If the backbone cable in a bus topology breaks, devices can no longer receive or transmit data along the bus.
74
What is the main issue with the bus topology when devices simultaneously request data?
The main issue with the bus topology is that it quickly becomes slow and bottlenecked if devices within the topology are simultaneously requesting data.
75
What is the main premise of a star topology?
The main premise of a star topology is that devices are individually connected via a central networking device such as a switch or hub.
76
What is the advantage of a star topology?
One advantage of a star topology is that it is very easy to add more devices as the demand for the network increases.
77
What is a disadvantage of a star topology?
One disadvantage of a star topology is that if the centralised hardware that connects devices fails, these devices will no longer be able to send or receive data.
78
What is the most commonly found topology today?
The most commonly found topology today is the star topology.
79
What does the term 'topology' refer to in networking?
The term 'topology' refers to the design or look of the network at hand.
80
What is the importance of network topology?
Network topology is important as it determines how devices are connected and how data flows within a network.
81
What command can be used to map the path a request takes as it heads to a target machine?
traceroute
82
What protocol does the Windows traceroute utility (tracert) use by default?
ICMP
83
What is the purpose of the ping command?
The ping command is used to test whether a connection to a remote resource is possible.
84
What layer of the OSI Model does the ICMP protocol work on?
The ICMP protocol works on the Network layer of the OSI Model.
85
Which protocol does the ping command use?
The ping command uses the ICMP protocol.
86
What is the basic syntax for the ping command?
The basic syntax for ping is ping .
87
What is the ping command commonly used for?
The ping command is commonly used to test the connectivity to a website on the internet or a computer on a local network.
88
What can ping be used for besides testing network connectivity?
Ping can be used to determine the IP address of a server hosting a website.
89
What is the purpose of the three-way handshake in TCP?
The three-way handshake establishes a stable connection between two computers before data transmission.
90
What are the two most important protocols in the TCP/IP suite?
The two most important protocols in the TCP/IP suite are the Transmission Control Protocol (TCP) and the Internet Protocol (IP).
91
What does TCP stand for?
TCP stands for Transmission Control Protocol.
92
What does the SYN bit indicate in the three-way handshake?
The SYN bit indicates the request to initialize a connection in the three-way handshake.
93
What does IP stand for?
IP stands for Internet Protocol.
94
What does the ACK bit indicate in the three-way handshake?
The ACK bit acknowledges the received SYN bit and confirms the successful setup of the connection in the three-way handshake.
95
How many layers does the TCP/IP model consist of?
The TCP/IP model consists of four layers.
96
What are the four layers of the TCP/IP model?
The four layers of the TCP/IP model are Application, Transport, Internet, and Network Interface.
97
What is the purpose of the OSI model in networking?
The OSI model is used for learning the initial theory of networking.
98
How do encapsulation and de-encapsulation work in the TCP/IP model?
In the TCP/IP model, a header is added during encapsulation and removed during de-encapsulation at each layer.
99
Why are encapsulation and de-encapsulation important in networking?
Encapsulation and de-encapsulation are important in networking because they provide a standardized method for sending data and ensure that all transmissions consistently follow the same methodology, allowing any network-enabled device to send a request to any other reachable device and be sure that it will be understood, regardless of manufacturer, operating system, or other factors.
100
What is the purpose of encapsulation in networking?
The purpose of encapsulation in networking is to wrap data with headers and trailers, allowing it to be transmitted over a network in a structured format that can be understood by receiving devices.
101
What is the process of de-encapsulation in networking?
The process of de-encapsulation in networking involves removing the headers and trailers from encapsulated data, allowing the original data to be extracted and processed by the receiving device.
102
What is the process called when the message is received by the second computer?
De-encapsulation.
103
What is the purpose of encapsulation in the OSI model?
Add information at each layer.
104
What happens when a computer receives data in the OSI model?
De-encapsulation occurs, starting from the physical layer and moving up to the application layer.
105
What is the data referred to as in layers 7, 6, and 5 of the OSI model?
The data is referred to as 'data' in layers 7, 6, and 5 of the OSI model.
106
What is the encapsulated data referred to as at the Network Layer?
The encapsulated data is referred to as a 'packet' at the Network Layer.
107
What is the encapsulated data referred to as at the Data Link layer?
The encapsulated data is referred to as a 'frame' at the Data Link layer.
108
What does the header added by the Network Layer include?
The header added by the Network Layer includes things like the source and destination IP addresses.
109
What is the purpose of the data link layer's addition at the end of the transmission?
The addition at the end of the transmission by the data link layer is used to verify that the data has not been corrupted on transmission.
110
What is the process called when data is sent from one computer to another?
The process is called encapsulation.
111
What kind of information does the Transport Layer header include?
The Transport Layer header includes information specific to the protocol being used.
112
What is the role of the physical layer in a network?
The physical layer is responsible for converting binary data into signals and transmitting them across the network, as well as receiving incoming signals and converting them back into binary data.
113
Which layer of the network is responsible for converting binary data into signals and transmitting them across the network?
The physical layer is responsible for converting binary data into signals and transmitting them across the network.
114
What does the data link layer focus on?
The physical addressing of the transmission.
115
What information does the data link layer add to a packet received from the network layer?
The physical (MAC) address of the receiving endpoint.
116
What is the main function of the data link layer?
The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer (that includes the IP address for the remote computer) and adds in the physical (MAC) address of the receiving endpoint. Inside every network enabled computer is a Network Interface Card (NIC) which comes with a unique MAC (Media Access Control) address to identify it.
117
What is a MAC address and how is it set?
A MAC address is a unique physical address assigned to a Network Interface Card (NIC) by the manufacturer. It is burnt into the card and cannot be changed.
118
What is the responsibility of the network layer?
The network layer is responsible for locating the destination of a request and figuring out the best route to take.
119
What is logical addressing?
Logical addressing refers to the use of IP addresses to provide order to networks and categorize them.
120
What is the most common format of logical addressing?
The most common format of logical addressing is the IPV4 format.
121
What is an example of a common IPV4 address for a home router?
An example of a common IPV4 address for a home router is 192.168.1.1.
122
What are the two most common protocols in the transport layer?
The two most common protocols in the transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
123
In TCP, is the transmission connection-based or connectionless?
In TCP, the transmission is connection-based.
124
What is the purpose of using UDP in the transport layer?
UDP is used in situations where speed is more important.
125
What are the bite-sized pieces called in TCP and UDP?
In TCP, the bite-sized pieces are called segments; in UDP, they are called datagrams.
126
What is the role of the session layer in networking?
The session layer is responsible for setting up, maintaining, and synchronizing communication sessions between computers across a network.
127
What is the uniqueness of the session created by the session layer?
The session created by the session layer is unique to the communication in question, allowing multiple requests to different endpoints simultaneously without data getting mixed up.
128
Which layer does the session layer pass the data down to once it has successfully logged a connection?
The session layer passes the data down to Layer 4: the transport layer.
129
What happens if the session layer cannot establish a connection with the remote computer?
If the session layer cannot establish a connection with the remote computer, it sends back an error and the communication process does not proceed further.
130
What does the application layer of the OSI model provide?
The application layer provides networking options to programs running on a computer.
131
What is the role of the presentation layer in the OSI model?
The presentation layer translates data into a standardized format and handles encryption, compression, and other transformations.
132
Which layer of the OSI model receives data from the application layer?
The presentation layer receives data from the application layer.
133
What model is used to demonstrate the theory behind computer networking?
The OSI (Open Systems Interconnection) Model.
134
How many layers does the OSI model consist of? Cite the name of each one of them.
The OSI model consists of seven layers. They are: - Application
- Presentation
- Session
- Transport
- Network
- Data Link
- Physical
135
What is the mnemonic you can use to remember the layers of the OSI model?
Anxious Pale Shakespeare Treated Nervous Drunks Patiently
136
What is the aim of this room?
The aim of this room is to provide a beginner's introduction to the basic principles of networking.
137
What are the topics covered in this room?
The topics covered in this room are: The OSI Model, The TCP/IP Model, How these models look in practice, and An introduction to basic networking tools.
138
What is the OSI Model?
The OSI Model is a conceptual framework that standardizes the functions of a communication system into seven distinct layers.
