Ethical hacking 4 Flashcards
What statement regarding a null session is accurate?
A null session can’t be used for encrypted data transmission.
As part of securing a host from null sessions, you have been asked to block ports on the corporate firewall. What port is not a port used by NetBIOS?
TCP 443
Your client has asked you to deploy SNMP enumeration countermeasures for a Windows server running legacy software. Due to the nature of the software, the server must use an SNMPv1 agent. What is a valid method for carrying out the cleint’s request?
Configure IPSec policies to authenticate and encrypt SNMPv1 Traffic.
Which UNIX command lists user information including the username, terminal name, and login time?
Finger
In Windows, what two tools can be used to query SAM and search for SID values for a given account, or find an account for a given SID, respectively?
sid2user
user2sid
Which protocols uses management information bases to define the information that a managed system offers?
SNMP
Which null session enumeration technique exploits a hidden share that allows communication between two processes on the same system?
IPC$ Share Exploitation
What is generally the first step taken by a hacker to compromise a system in which information about the system is obtained?
Enumeration
Which of the following can be described as pseudo account that has no username or password, but can be used to access certain information on the network?
null user
You have enumerated the administrator account of a remote machine and have all the information needed to escalate a guest account to the administrato’s group. What command should you use?
sid2user \remotemachine:
What utility in the PsTools suite can be used to start a remote command prompt session on a target Windows computer on the network?
PsExec
What can an attacker change via the guest account in Windows to escalate to he administratos’ group?
RID
What protocols is used to access directory listings within Active Directory or other directory services?
LDAP
Which command can be used to enumerate basic user information for UNIX network resources?
Finger
What purpose does the HOSTMIB.MIB included with the Windows resource kit serve?
It monitors and manages host resources.
The server administrator for a system you have targeted as part of an audit has told you that he has secured his system from enumeration by changing the “RestrictAnonymous” setting to “1”. What can you do to attempt enumeration anonymously?
You can use the GetAcct utility to aviod the setting configured by the administrator and enumerate the accounts on the server
What is an attacker’s objective when performing enumeration?
Find user accounts and groups that will provide anonymous access once a system has been compromised/
Which type of enumeration takes advantage of vulnerabilities in the application layer protocol used to maintain and manage routers, hubs, and switches on an IP network?
SNMP enumeration
Which command-line tool identifies and reports the protocol statistics of current TCP/IP connections using NetBIOS over TCP/IP?
Nbtstat
After monitoring a network via packet capture, you discover an SNMP community used on a host you’ve been attempting to target. What OID can you use to potentially discover running services information on the target?
.server.svSvcTable.svSvcEntry.svSvcName
