Ethical Hacking

Question 1

Malware

Answer 1

Any malicious software. Created to inflict damage, steal info

Question 2

Virus

Answer 2

Malicious software that needs user to execute it

Question 3

Worm

Answer 3

Malware that spreads copies of itself from one computer to another

Question 4

Ransomware

Answer 4

Encrypts system data and hacker requests cryptocurrency to decrypt it

Question 5

Trojan Horse

Answer 5

Malicious software that often arrives via email or is pushed to users when
they visit an infected website

Question 6

Botnet

Answer 6

Combination of the words robot and network. Refers to computers on a private network that were infiltrated with malicious software that the attacker uses for nefarious purposes

Question 7

Common Attack Flow

Answer 7

Reconnaissance (scan for vulnerabilities)
Weaponization (Generate payload - Deliver)
Exploit and Execute (Run command upon execution)
Command and Control (possible full system access)

Question 8

Network Scanning

Answer 8

Reconnaissance step for mapping the network structure. Identify devices on a network

Question 9

Nmap

Answer 9

Network mapper/scanning tool

Question 10

Fingerprinting

Answer 10

Detect services using nmap

Question 11

Firewall & IDS Evasion

Answer 11

Proxies, Timing (-T flag), Fragmentation (-f flag), Decoys (-D flag)

Question 12

Netdiscover

Answer 12

Uses ARP…networks without DHCP. Sniffs ARP replies

Question 13

Masscan

Answer 13

Performs large scale scans on thousands of IPs in seconds

Question 14

Zenmap

Answer 14

Nmap GUI version. Enables creation of customized profile scans

Question 15

On-Path Attack

Answer 15

Man-in-the-Middle Attacks: Eavesdropping on communication
Used to obtain info secretly
Allows control over network traffic

Question 16

ARP Poisoning

Answer 16

ARP resolves IP addresses to MAC addresses
Layer 2 protocol on LAN
Exploits lack of ARP packet validation

Question 17

Arpspoof

Answer 17

Tool used for ARP poisoning attack
Forged packet is sent to numerous times on the network
The victim ARP table is updated with the false entry

Question 18

DNS Poisoning Process

Answer 18

Use ARP poisoning to position the machine in the middle
Configure host file
Capture victim’s DNS request
Redirect the victim to a target IP

Question 19

Bettercap

Answer 19

Tool for On-Path attacks
Can initiate ARP poisoning and DNS spoofing
Sends false DNS responses to the victim

Question 20

Port Stealing

Answer 20

Populating the forwarding table
Uses victim’s MAC address
Works only on LANs

Question 21

SSL Stripping

Answer 21

Downgrades HTTPS to HTTP
Provides plain text view of the data

Question 22

John

Answer 22

Linux tool for password cracking

Question 23

Crunch

Answer 23

Password list generator that forms passwords based on length and charsets
Useful when partial knowledge of the victim has been obtained
Can be used to generate lists of passwords according to templates

Question 24

Cupp

Answer 24

Creates a wordlist based on word victims may use
Social engineering on the victim may help the attacker build the list
Victim may use an easy to remember password based on personal information

Question 25

Munge

Answer 25

Crates a modified wordlist based on Munge Level
Using a predefined wordlist, Munge helps that attacker build a 1337 list of passwords

Question 26

Hydra

Answer 26

Tool/login cracker that supports many remote protocols

It continuously attacks while the server sends and access denied response
-l [user name], -P [path to wordlist],

Question 27

Ncrack

Answer 27

Fastest and most reliable tool for remote authentication
Has built-in support for Nmap output formats and other advantages

Question 28

SE

Answer 28

Social Engineering
Based on human interaction and behavior
Involves the use of psychological manipulation

Question 29

SE Process

Answer 29

Preparation, Deceive to Connect, Winning Information, Cover the Tracks

Question 30

Self-Extracting Archive

Answer 30

Fake executable documents can be created using a WinRAR feature called SFX

Question 31

SFX Flow

Answer 31

Preparation, Icon Change, Create SFX, Hide Modules, Modify File Name

Question 32

MetaSploit

Answer 32

Vulnerability, Payload, Exploit

Question 33

Net.exe Utility

Answer 33

Windows software component…done in cmd
Manages users, groups, and services
Can also manage network connections

Question 34

Flow of PE via WinLogon

Answer 34

OS: choose suitable OS
Mount: mount live OS
Edit: Override ethc.exe with cmd.exe
CMD: Execute cmd.exe with high-level privileges
PE: Add user, change a password

Question 35

Offline Mitigations of Windows PE

Answer 35

BIOS Password
Encrypt the Drive
Physical Access

Question 36

Online Mitigation of Windows PE

Answer 36

Principle of Least Privilege, Removing Local Admin Rights, Account Audits, User Account Controls, Applocker, Software, Code, Tokens

Question 37

Burp Suite

Answer 37

Software tool used for pen testing web apps

Question 38

Fiddler

Answer 38

Web debugging proxy that enables HTTP traffic examination for development

Question 39

OWASP Zap

Answer 39

Combined Zap’s pen testing project with OWASP projects for a complete solution

Question 40

JavaScript

Answer 40

JS code can be added to HTML pages. Can affect the page’s behavior.

Question 41

XSS

Answer 41

Cross Site Scripting-client side
Affects other users by storing code. Exploits vulnerability in web app.

Question 42

Cookies

Answer 42

String of letters or numbers that verify, track, and store user information.
XSS attack can acquire a cookie to steal a session.

Question 43

LFI

Answer 43

Local File Inclusion
Common in PHP-based websites. Uses the include() function

Question 44

RFI

Answer 44

Remote File Inclusion. Accesses remote servers to deliver files

Question 45

Vulnerability Assessments

Answer 45

Manual Scans-performed by PT experts to find complicated vulnerabilities
Automated Scans- performed to locate simple and more obvious bugs