Hacking Tools

Question 1

Web attack tools

Answer 1

Burp Suite, WebScarab, HTTPrint, BeeF

Question 2

Mimikatz

Answer 2

Pass the hash tool. Allows you to extract passwords in plain text. Included in metasploit as a module

Question 3

Link-local Multicast Name Resolution/ NetBios Name Service attack

Answer 3

Victim uses service to find resource. Attacker broadcasts that they are the resource and poisons Victims service. This is multicast. If the interaction require authentication victim sends NTLNv2 user name and hash. offline cracking.

Question 4

LLMNR/NBT-NS attack tools

Answer 4

NBNSpoof, Responder, Pupy

Question 5

Mitigations for LLMNR/NBT-NS attack

Answer 5

Disable LLMNR/NBT-NS services in computer security setting or Group Policy. Other security software NOS
Can monitor for at HKLM\software\policies\microsoft\windowsNT\DNSClient “DWORD” = 0 means it is disabled. Watch port 5355 (llmnr) and 137 (NTBIOS)

Question 6

Password recovery tools

Answer 6

CHNTPW (Linux utility), Stellar Phoenix, Windows Password Recovery Ultimate, ISeePassword, Windows Password Recovery Tool, Passware Kit, PCUnlocker

Question 7

Password Attacking tools

Answer 7

Cain and Abel (also network sniffer, Password sniffer, arp spoofer, Hamster proxy), ScoopLM (captures LM and NTLM and has a cracker), KerbCrack (sniffer and cracker), THC Hydra (dictionary attack)

Question 8

remote execution tools

Answer 8

RemoteExec, PDQDeploy, Dameware, Remote support, psEXEC

Question 9

Six stages of web server attack methodology

Answer 9

Information gathering, web server foot printing, website mirroring, vulnerability scanning, session hijacking, password cracking

Question 10

Trojan and virus making program

Answer 10

Dark Horse trojan virus maker
    Senna Spy Generator
    Trojan Horse Construction Kit
    Progenic mail Trojan Construction Kit
    Pandora's Box

Question 11

net view /domian:domianname

Answer 11

Shows all systems in the domain name provided

Question 12

net view \systemname

Answer 12

Displays a list of domains, computers, or resources that are being shared by the specified computer

Question 13

net use

Answer 13

List all network drives and mapped shares

Question 14

net use \target\ipc$ “” /u:”

Answer 14

Sets up a Null session

Question 15

net use Z: \somename\fileshare

Answer 15

Mounts Z: folder onto the machine if persistent:yes is added mount will stay after reboot

Question 16

Password recovery tools 7

Answer 16

CHNTPW (Linux utility), Stellar Phoenix, Windows Password Recovery Ultimate, ISeePassword, Windows Password Recovery Tool, Passware Kit, PCUnlocker

Question 17

Password Attacking tools

Answer 17

Cain and Abel (also network sniffer, Password sniffer, arp spoofer, Hamster proxy), ScoopLM (captures LM and NTLM and has a cracker), KerbCrack (sniffer and cracker), THC Hydra (dictionary attack)

Question 18

remote execution tools

Answer 18

RemoteExec, PDQDeploy, Dameware, Remote support

Question 19

Hyena

Answer 19

Windows enumeration tool with GUI

Question 20

Forbidden Attack

Answer 20

The forbidden attack is a type of man-in-the-middle attack using hijacked HTTPS sessions. It seeks to exploit reusing the cryptographic nonce used during the TLS handshake. After hijacking the session, an attacker may inject malicious code and forged content in order to obtain sensitive information from the victim such as bank information or social security numbers.

Question 21

FREAK attack

Answer 21

“Factoring RSA Export Keys”) is a security exploit of a cryptographic weakness in the SSL/TLS protocols

Question 22

CRIME attack

Answer 22

CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression.[1] When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks