Deck 1 Flashcards

Question 1

Q

What should you do if a script is missing in the local scripts directory?

Answer

A

You can fix this by running ‘sudo apt update && sudo apt install nmap’ or by manually downloading the script from Nmap and updating the script.db file.

Question 2

Q

What command can you run to manually install a missing NSE script?

Answer

A

You can run ‘sudo wget -O /usr/share/nmap/scripts/.nse https://svn.nmap.org/nmap/scripts/.nse’ to download and install the script.

Question 3

Q

What command should you run after manually installing an NSE script to update the script.db file?

Answer

A

You should run ‘nmap –script-updatedb’ to update the script.db file after manually installing a script.

Question 4

Q

Where does Nmap store its scripts on Linux?

Answer

A

/usr/share/nmap/scripts

Question 5

Q

What is the purpose of the /usr/share/nmap/scripts/script.db file?

Answer

A

To search for installed scripts in Nmap.

Question 6

Q

Where can you find a list of all official scripts for Nmap?

Answer

A

On the Nmap website.

Question 7

Q

What is the content stored in the script.db file?

Answer

A

Filenames and categories for each available script.

Question 8

Q

What is the command to activate NSE scripts from the vuln category?

Answer

A

To activate NSE scripts from the vuln category, the command is –script=vuln.

Question 9

Q

What is the command to run multiple scripts simultaneously?

Answer

A

To run multiple scripts simultaneously, the command is –script=,.

Question 10

Q

How can arguments be given to NSE scripts using the Nmap switch?

Answer

A

Arguments can be given to NSE scripts using the –script-args Nmap switch.

Question 11

Q

How can the built-in help menu for Nmap scripts be accessed?

Answer

A

The built-in help menu for Nmap scripts can be accessed using the command nmap –script-help .

Question 12

Q

What language are NSE Scripts written in?

Answer

A

NSE Scripts are written in the Lua programming language.

Question 13

Q

What are some categories of NSE Scripts?

Answer

A

Some categories of NSE Scripts include safe, intrusive, vuln, exploit, auth, brute, and discovery.

Question 14

Q

What can NSE Scripts be used for?

Answer

A

NSE Scripts can be used for scanning for vulnerabilities, automating exploits, reconnaissance, bypassing authentication, and querying running services for further information about the network.

Question 15

Q

What is the purpose of using a ping sweep with Nmap?

Answer

A

The purpose of using a ping sweep with Nmap is to obtain a map of the network structure by identifying active hosts based on ICMP echo responses.

Question 16

Q

What does the -sn switch do in Nmap?

Answer

A

The -sn switch in Nmap tells it not to scan any ports and rely primarily on ICMP echo packets to identify targets during a ping sweep.

Question 17

Q

What additional packets does the -sn switch cause Nmap to send during a ping sweep?

Answer

A

In addition to ICMP echo requests, the -sn switch causes Nmap to send a TCP SYN packet to port 443 and a TCP ACK (or TCP SYN if not run as root) packet to port 80 of the target during a ping sweep.

Question 18

Q

How can you specify IP ranges when performing a ping sweep with Nmap?

Answer

A

You can specify IP ranges using either a hyphen (-) or CIDR notation when performing a ping sweep with Nmap.

Question 19

Q

What are NULL scans used for?

Answer

A

NULL scans are used to send TCP requests with no flags set at all.

Question 20

Q

What is the expected behavior if a port is protected by a firewall during a NULL, FIN, or Xmas scan?

Answer

A

If a port is protected by a firewall during a NULL, FIN, or Xmas scan, the scan will identify the port as open|filtered, closed, or filtered.

Question 21

Q

What is the purpose of FIN scans?

Answer

A

FIN scans send a request with the FIN flag and expect a RST response if the port is closed.

Question 22

Q

What is the reason for most modern IDS solutions being savvy to NULL, FIN, and Xmas scan types?

Answer

A

Most modern IDS solutions are savvy to NULL, FIN, and Xmas scan types because they are designed to detect these scan techniques and prevent firewall evasion.

Question 23

Q

What is the expected response from network hosts for closed ports according to RFC 793?

Answer

A

According to RFC 793, network hosts should respond to malformed packets with a RST TCP packet for closed ports.

Question 24

Q

Why are Xmas scans called Xmas scans?

Answer

A

Xmas scans are called Xmas scans because the flags it sets (PSH, URG, and FIN) give it the appearance of a blinking Christmas tree when viewed as a packet capture in Wireshark.

Question 25

Q

What is the main characteristic of UDP connections?

Answer

A

UDP connections are stateless and do not require a handshake.

Question 26

Q

What is one reason why UDP scans tend to be slower compared to TCP scans?

Answer

A

UDP scans tend to be slower due to the difficulty in identifying whether a UDP port is actually open.

Question 27

Q

What is the switch for performing a UDP scan in Nmap?

Answer

A

The switch for performing a UDP scan in Nmap is -sU.

Question 28

Q

What is a good practice when running an Nmap scan with UDP?

Answer

A

A good practice is to run an Nmap scan with –top-ports enabled to scan the top commonly used UDP ports.

Question 29

Q

What type of requests does Nmap usually send when scanning UDP ports?

Answer

A

Nmap usually sends completely empty requests (raw UDP packets) when scanning UDP ports.

Question 30

Q

How does Nmap identify an open UDP port?

Answer

A

When a packet is sent to an open UDP port, there should be no response, and Nmap refers to the port as being open|filtered.

Question 31

Q

What are the advantages of SYN scans over TCP Connect scans?

Answer

A

SYN scans are faster than TCP Connect scans and require sudo permissions to work correctly in Linux.

Question 32

Q

What does it mean if a port is considered filtered?

Answer

A

If a port is considered filtered, it means that it is open but hidden behind a firewall, and the firewall is configured to drop incoming packets.

Question 33

Q

How can a firewall be configured to respond with a RST TCP packet?

Answer

A

A firewall can be configured to respond with a RST TCP packet by using commands such as ‘iptables -I INPUT -p tcp –dport -j REJECT –reject-with tcp-reset’ in IPtables for Linux.

Question 34

Q

What does it mean when Nmap sends a TCP SYN request and receives nothing back?

Answer

A

When Nmap sends a TCP SYN request and receives nothing back, it indicates that the port is being protected by a firewall and the port is considered to be filtered.

Question 35

Q

What makes it difficult to get an accurate reading of the target when a firewall is configured to respond with a RST TCP packet?

Answer

A

When a firewall is configured to respond with a RST TCP packet, it can make it extremely difficult, if not impossible, to get an accurate reading of the target(s) using Nmap.

Question 36

Q

How does Nmap determine if a port is closed?

Answer

A

Nmap sends a TCP request with the SYN flag set to the closed port, and if the server responds with a TCP packet with the RST flag set, Nmap establishes that the port is closed.

Question 37

Q

What happens when Nmap sends a TCP request to an open port?

Answer

A

If Nmap sends a TCP request to an open port, the target server will respond with a TCP packet with the SYN/ACK flags set.

Question 38

Q

How does Nmap mark a port as open?

Answer

A

Nmap marks a port as open when it receives a TCP packet with the SYN/ACK flags set in response to its TCP request.

Question 39

Q

What is the purpose of the TCP packet with the RST flag set?

Answer

A

The TCP packet with the RST (Reset) flag set is sent by the target server to indicate that the connection does not exist and that the port is closed.

Question 40

Q

What is the purpose of a TCP Connect scan?

Answer

A

The purpose of a TCP Connect scan is to determine whether a TCP port on a target server is open or closed.

Question 41

Q

How does a TCP Connect scan work?

Answer

A

A TCP Connect scan works by performing the three-way handshake with each target port, attempting to establish a connection and determine if the service is open or closed.

Question 42

Q

What are the three stages of the TCP three-way handshake?

Answer

A

The three stages of the TCP three-way handshake are: 1) Sending a TCP request with the SYN flag set, 2) Acknowledging the packet with a TCP response containing the SYN and ACK flags, 3) Sending a TCP request with the ACK flag set to complete the handshake.

Question 43

Q

What are the three basic scan types when port scanning with Nmap?

Answer

A

The three basic scan types when port scanning with Nmap are TCP Connect Scans (-sT), SYN ‘Half-open’ Scans (-sS), and UDP Scans (-sU).

Question 44

Q

What are some less common port scan types covered in the content?

Answer

A

Some less common port scan types covered in the content are TCP Null Scans (-sN), TCP FIN Scans (-sF), and TCP Xmas Scans (-sX).

Question 45

Q

What is one notable difference between UDP scans and the other scan types discussed?

Answer

A

One notable difference between UDP scans and the other scan types discussed is that UDP scans work differently compared to TCP Connect Scans, SYN ‘Half-open’ Scans, TCP Null Scans,
TCP FIN Scans, and TCP Xmas Scans.

Question 46

Q

How can you access the help menu for nmap?

Answer

A

By typing nmap -h in the terminal command line.

Question 47

Q

What are switches in nmap?

Answer

A

Command arguments which tell a program to do different things.

Question 48

Q

What tool is commonly used for port scanning?

Question 49

Q

What is the purpose of port scanning?

Answer

A

The purpose of port scanning is to determine which ports on a target system are open, closed, or filtered by a firewall.

Question 50

Q

What is the purpose of performing a port scan before attacking a target?

Answer

A

To determine which ports are open on the target server.

Question 51

Q

What is the industry standard tool for port scanning?

Answer

A

The industry standard tool for port scanning is Nmap.

Question 52

Q

What is the standard port for HTTP Webservice?

Question 53

Q

What makes Nmap a powerful tool for port scanning?

Answer

A

Nmap is a powerful tool for port scanning because it has extensive functionality and a scripting engine that can be used to scan for vulnerabilities and perform exploits.

Question 54

Q

Why is proper enumeration important before attempting exploitation?

Answer

A

Proper enumeration is important before attempting exploitation because it provides knowledge about the target system or network, allowing for better informed exploitation attempts.

Question 55

Q

What is the purpose of port scanning in the reconnaissance phase of hacking?

Answer

A

The purpose of port scanning is to identify which services are running on the target system or network, providing a map of the ‘landscape’ to be attacked.

Question 56

Q

What is a port in the context of networking?

Answer

A

A port is a networking construct used by a computer to open a connection and receive network services.

Question 57

Q

How are ports used to establish connections between web browsers and remote webservers?

Answer

A

Ports are used to establish connections between web browsers and remote webservers by connecting an open port listening on the server to a randomly selected port on your own computer.

Question 58

Q

Why are ports used in networking?

Answer

A

Ports are used in networking to direct traffic to the appropriate service when running multiple services on a server or when establishing connections between different network entities.

Question 59

Q

What is the purpose of using different ports when loading multiple webpages in a web browser?

Answer

A

The purpose of using different ports when loading multiple webpages in a web browser is to determine which tab is loading which webpage.

Question 60

Q

What is the purpose of a router?

Answer

A

A router’s purpose is to connect networks and pass data between them.

Question 61

Q

What is routing?

Answer

A

Routing is the process of data traveling across networks by creating a path between them.

Question 62

Q

When is routing useful?

Answer

A

Routing is useful when devices are connected by multiple paths.

Question 63

Q

What are switches designed to aggregate?

Answer

A

Switches are designed to aggregate multiple other devices such as computers, printers, or any other networking-capable device using ethernet.

Question 64

Q

What is the main advantage of switches over hubs/repeaters?

Answer

A

Switches are much more efficient than hubs/repeaters as they keep track of what device is connected to which port and only send packets to the intended target, reducing network traffic.

Answer 63

A

Switches are usually found in larger networks such as businesses, schools, or similar-sized networks, where there are many devices to connect to the network.

Answer 64

A

Connecting switches and routers increases the redundancy (reliability) of a network by adding multiple paths for data to take. If one path goes down, another can be used.

Answer 65

A

The main characteristic of a ring topology is that devices are connected directly to each other to form a loop.

Answer 66

A

Data travels across the loop in a ring topology until it reaches the destined device, using other devices along the loop to forward the data.

Answer 67

A

A device in a ring topology will only send received data from another device if it does not have any data to send itself.

Answer 68

A

A potential disadvantage of a ring topology is that data may have to visit many multiple devices before reaching the intended device, making it less efficient for data traveling across a network.

Answer 69

A

A disadvantage of the bus topology is that there is little redundancy in place in case of failures.

Answer 70

A

The backbone cable in a bus topology is a single connection that all devices in the topology stem from.

Answer 71

A

If the backbone cable in a bus topology breaks, devices can no longer receive or transmit data along the bus.

Answer 72

A

The main issue with the bus topology is that it quickly becomes slow and bottlenecked if devices within the topology are simultaneously requesting data.

Answer 73

A

The main premise of a star topology is that devices are individually connected via a central networking device such as a switch or hub.

Answer 74

A

One advantage of a star topology is that it is very easy to add more devices as the demand for the network increases.

Answer 75

A

One disadvantage of a star topology is that if the centralised hardware that connects devices fails, these devices will no longer be able to send or receive data.

Answer 76

A

The most commonly found topology today is the star topology.

Answer 77

A

The term ‘topology’ refers to the design or look of the network at hand.

Answer 78

A

Network topology is important as it determines how devices are connected and how data flows within a network.

Answer 79

A

traceroute

Answer 80

A

The ping command is used to test whether a connection to a remote resource is possible.

Answer 81

A

The ICMP protocol works on the Network layer of the OSI Model.

Answer 82

A

The ping command uses the ICMP protocol.

Answer 83

A

The basic syntax for ping is ping .

Answer 84

A

The ping command is commonly used to test the connectivity to a website on the internet or a computer on a local network.

Answer 85

A

Ping can be used to determine the IP address of a server hosting a website.

Answer 86

A

The three-way handshake establishes a stable connection between two computers before data transmission.

Answer 87

A

The two most important protocols in the TCP/IP suite are the Transmission Control Protocol (TCP) and the Internet Protocol (IP).

Answer 88

A

TCP stands for Transmission Control Protocol.

Answer 89

A

The SYN bit indicates the request to initialize a connection in the three-way handshake.

Answer 90

A

IP stands for Internet Protocol.

Answer 91

A

The ACK bit acknowledges the received SYN bit and confirms the successful setup of the connection in the three-way handshake.

Answer 92

A

The TCP/IP model consists of four layers.

Answer 93

A

The four layers of the TCP/IP model are Application, Transport, Internet, and Network Interface.

Answer 94

A

The OSI model is used for learning the initial theory of networking.

Answer 95

A

In the TCP/IP model, a header is added during encapsulation and removed during de-encapsulation at each layer.

Answer 96

A

Encapsulation and de-encapsulation are important in networking because they provide a standardized method for sending data and ensure that all transmissions consistently follow the same methodology, allowing any network-enabled device to send a request to any other reachable device and be sure that it will be understood, regardless of manufacturer, operating system, or other factors.

Answer 97

A

The purpose of encapsulation in networking is to wrap data with headers and trailers, allowing it to be transmitted over a network in a structured format that can be understood by receiving devices.

Answer 98

A

The process of de-encapsulation in networking involves removing the headers and trailers from encapsulated data, allowing the original data to be extracted and processed by the receiving device.

Answer 99

A

De-encapsulation.

Answer 100

A

Add information at each layer.

Answer 101

A

De-encapsulation occurs, starting from the physical layer and moving up to the application layer.

Answer 102

A

The data is referred to as ‘data’ in layers 7, 6, and 5 of the OSI model.

Answer 103

A

The encapsulated data is referred to as a ‘packet’ at the Network Layer.

Answer 104

A

The encapsulated data is referred to as a ‘frame’ at the Data Link layer.

Answer 105

A

The header added by the Network Layer includes things like the source and destination IP addresses.

Answer 106

A

The addition at the end of the transmission by the data link layer is used to verify that the data has not been corrupted on transmission.

Answer 107

A

The process is called encapsulation.

Answer 108

A

The Transport Layer header includes information specific to the protocol being used.

Answer 109

A

The physical layer is responsible for converting binary data into signals and transmitting them across the network, as well as receiving incoming signals and converting them back into binary data.

Answer 110

A

The physical layer is responsible for converting binary data into signals and transmitting them across the network.

Answer 111

A

The physical addressing of the transmission.

Answer 112

A

The physical (MAC) address of the receiving endpoint.

Answer 113

A

The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer (that includes the IP address for the remote computer) and adds in the physical (MAC) address of the receiving endpoint. Inside every network enabled computer is a Network Interface Card (NIC) which comes with a unique MAC (Media Access Control) address to identify it.

Answer 114

A

A MAC address is a unique physical address assigned to a Network Interface Card (NIC) by the manufacturer. It is burnt into the card and cannot be changed.

Answer 115

A

The network layer is responsible for locating the destination of a request and figuring out the best route to take.

Answer 116

A

Logical addressing refers to the use of IP addresses to provide order to networks and categorize them.

Answer 117

A

The most common format of logical addressing is the IPV4 format.

Answer 118

A

An example of a common IPV4 address for a home router is 192.168.1.1.

Answer 119

A

The two most common protocols in the transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Answer 120

A

In TCP, the transmission is connection-based.

Answer 121

A

UDP is used in situations where speed is more important.

Answer 122

A

In TCP, the bite-sized pieces are called segments; in UDP, they are called datagrams.

Answer 123

A

The session layer is responsible for setting up, maintaining, and synchronizing communication sessions between computers across a network.

Answer 124

A

The session created by the session layer is unique to the communication in question, allowing multiple requests to different endpoints simultaneously without data getting mixed up.

Answer 125

A

The session layer passes the data down to Layer 4: the transport layer.

Answer 126

A

If the session layer cannot establish a connection with the remote computer, it sends back an error and the communication process does not proceed further.

Answer 127

A

The application layer provides networking options to programs running on a computer.

Answer 128

A

The presentation layer translates data into a standardized format and handles encryption, compression, and other transformations.

Answer 129

A

The presentation layer receives data from the application layer.

Answer 130

A

The OSI (Open Systems Interconnection) Model.

Answer 131

A

The OSI model consists of seven layers. They are: - Application
- Presentation
- Session
- Transport
- Network
- Data Link
- Physical

Answer 132

A

Anxious Pale Shakespeare Treated Nervous Drunks Patiently

Answer 133

A

The aim of this room is to provide a beginner’s introduction to the basic principles of networking.

Answer 134

A

The topics covered in this room are: The OSI Model, The TCP/IP Model, How these models look in practice, and An introduction to basic networking tools.

Answer 135

A

The OSI Model is a conceptual framework that standardizes the functions of a communication system into seven distinct layers.

Brainscape's Knowledge GenomeTM

Deck 1 Flashcards

Brainscape's Knowledge Genome^TM