Ethical hacking 4

Question 1

What statement regarding a null session is accurate?

Answer 1

A null session can’t be used for encrypted data transmission.

Question 2

As part of securing a host from null sessions, you have been asked to block ports on the corporate firewall. What port is not a port used by NetBIOS?

Answer 2

TCP 443

Question 3

Your client has asked you to deploy SNMP enumeration countermeasures for a Windows server running legacy software. Due to the nature of the software, the server must use an SNMPv1 agent. What is a valid method for carrying out the cleint’s request?

Answer 3

Configure IPSec policies to authenticate and encrypt SNMPv1 Traffic.

Question 4

Which UNIX command lists user information including the username, terminal name, and login time?

Answer 4

Finger

Question 5

In Windows, what two tools can be used to query SAM and search for SID values for a given account, or find an account for a given SID, respectively?

Answer 5

sid2user

user2sid

Question 6

Which protocols uses management information bases to define the information that a managed system offers?

Answer 6

SNMP

Question 7

Which null session enumeration technique exploits a hidden share that allows communication between two processes on the same system?

Answer 7

IPC$ Share Exploitation

Question 8

What is generally the first step taken by a hacker to compromise a system in which information about the system is obtained?

Answer 8

Enumeration

Question 9

Which of the following can be described as pseudo account that has no username or password, but can be used to access certain information on the network?

Answer 9

null user

Question 10

You have enumerated the administrator account of a remote machine and have all the information needed to escalate a guest account to the administrato’s group. What command should you use?

Answer 10

sid2user \remotemachine:

Question 11

What utility in the PsTools suite can be used to start a remote command prompt session on a target Windows computer on the network?

Answer 11

PsExec

Question 12

What can an attacker change via the guest account in Windows to escalate to he administratos’ group?

Answer 12

RID

Question 13

What protocols is used to access directory listings within Active Directory or other directory services?

Answer 13

LDAP

Question 14

Which command can be used to enumerate basic user information for UNIX network resources?

Answer 14

Finger

Question 15

What purpose does the HOSTMIB.MIB included with the Windows resource kit serve?

Answer 15

It monitors and manages host resources.

Question 16

The server administrator for a system you have targeted as part of an audit has told you that he has secured his system from enumeration by changing the “RestrictAnonymous” setting to “1”. What can you do to attempt enumeration anonymously?

Answer 16

You can use the GetAcct utility to aviod the setting configured by the administrator and enumerate the accounts on the server

Question 17

What is an attacker’s objective when performing enumeration?

Answer 17

Find user accounts and groups that will provide anonymous access once a system has been compromised/

Question 18

Which type of enumeration takes advantage of vulnerabilities in the application layer protocol used to maintain and manage routers, hubs, and switches on an IP network?

Answer 18

SNMP enumeration

Question 19

Which command-line tool identifies and reports the protocol statistics of current TCP/IP connections using NetBIOS over TCP/IP?

Answer 19

Nbtstat

Question 20

After monitoring a network via packet capture, you discover an SNMP community used on a host you’ve been attempting to target. What OID can you use to potentially discover running services information on the target?

Answer 20

.server.svSvcTable.svSvcEntry.svSvcName