INFO Flashcards

1
Q

is a command that queries the Domain Name System servers for resource records.

       - Can be used on Windows and Linux OS’s
A

Nslookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

allows a user to execute queries back-to-back without typing the entire command for each query

A

Interactive mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

involves typing the entire command for each query. With a known domain name, nslookup will enumerate all IP’s correlated to that IP, aka DNS query.

A

Non-interactive mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

There is a browser based version of nslookup as well

A

nslookup.io

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

nslookup www.<domain>.com</domain>

Example: nslookup www.virustotal.com

A

syntax (Nslookup)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When you just type in “___________” into your terminal you will enter the interactive mode

A

nslookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

nslookup: this simply Translates an IP address into DNS

A

“ reverse nslookup” or a “reverse DNS”

Example: nslookup 8.8.8.8 (google)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

nslookup: This provides mail exchange records

A

nslookup -query=MX microsoft.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

nslookup: This provides start of authority records

A

nslookup -query=SOA microsoft.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

nslookup: This provides name server records

A

nslookup -query=NS microsoft.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

nslookup: This provides all related records

A

nslookup -query=any microsoft.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False

When conducting a Reverse DNS lookup nslookup command, it would look like nslookup www.google.com

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What nslookup command provides mail server information?

A

-query=MX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

is a command that queries the Domain Name System servers for records relating to IP addresses, mail exchanges, and name servers

A

Dig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The results from queries can be utilized to troubleshoot network issues.
The dig command resolves names through the resolver libraries that are located on the OS.

A

Dig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When a DNS query is made, information is gathered from the DNS server indicated.

If the indicated server is not found then it will go through the list below until it identifies a source to query:

  1. Specified DNS server
  2. OS’s default resolver (I.e. resolv.conf)
  3. Local host
A

more options, and more verbose answers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

dig <dns> <type></type></dns>

Example: dig virustotal.com

A

Syntax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Dig Query Types:

A

ANY = All Pertinent Records

A = IPV4 Records

AAAA = IPv6 Records

CNAME = Canonical Name Records

MX = Mail Exchange Records

SOA = Start of Authority Records

NS = Name Server Records

PTR = pointer resource record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The results above indicate the following:

A
  1. Version of utility installed: 9.11.3-1
  2. Header indicates 1 query was made and 0 errors (NOERROR) occurred; and “id” indicates this query’s identification #.
  3. The DNS server replied with the results within “ANSWER SECTION,” which includes google.com.’s IPV4 address (indicated by “A” and the IPV)
  4. “184” indicates the time to live (TTL) and “IN” represents internet class query
  5. Multiple IP’s may represent a load balancer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Dig Query Mod: This example provides Mail Exchange Server Record Types:

A

Example: $ dig microsoft.com MX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Query Mod: This example provides IPV4 Record Types:

A

Example: $ dig microsoft.com A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Dig Query Mod: This example provides Name Server Record Types

A

Example: $ dig microsoft.com NS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Query Mod: This example provides Start of Authority Record Types:

A

Example: $ dig microsoft.com SOA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Query Mod: This example provides IPV6 Record Types:

A

Example: $ dig microsoft.com AAAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Query Mod: This example provides ALL Record Types:
Example: $ dig microsoft.com ANY
26
Dig Options: Place this behind any request will display just the desired info.
+short (Ex: DIG apple.com MX +short or DIG apple.com NS +short)
27
Dig Options: Turn off comment lines
+no comments
28
Dig Options: Turn off the authority section
+noauthority
29
Dig Options: Turn off all sections
+noall
30
Dig Options: Turn off the additional section
+noadditional
31
Dig Options: Turn off the answer section
+noanswer
32
Dig Options: Turn off the stats section
+nostats
33
Dig Options: Trace the nameservers the queries are going to
+trace
34
Dig Options: Turn on the answer section
+answer
35
Dig Options: Perform a DNS Zone transfer (This is commonly disabled due to security concerns)
-Axfr
36
Dig Options: Perform a reverse lookup
-X
37
Dig Errors: no errors
NO ERROR
38
Dig Errors: Name queried exists, but no data or invalid data for that name at the requested authority
SERVFAIL
39
What dig command provides name server information?
dig domain NS
40
Dig Errors: Name queried does not exist and no authoritative DNS data to be served
NXDOMAIN
41
What option performs a reverse lookup?
-X
42
Dig Errors: Zone does not exist at the request authority and their infrastructure is not serving things that don’t exist at all
REFUSED
43
command is a diagnostic tool that is built into most operating systems and uses ICMP echo packets with variable time to live (TTL) values to print the trace between two points. The trace is given by reporting all of the IPs of the routers that were pinged in between the source and destination points. _________ will allow a user to see the gateways a packet passes through to reach its destination.
traceroute
44
man traceroute Syntax: traceroute Example: traceroute www.google.com
For help syntax Example
45
What command is used to print the trace between two point
traceroute
46
What type of messages does traceroute use?
ICMP
47
command is used to verify that a remote host is able to respond to network connections. While in some ways the _______ command is similar to the traceroute command, the ping command will only tell us if the server is reachable and the time that it takes to transmit and receive data. Traceroutes on the other hand, will provide detailed and precise route information, router by router, and the time it took for each hop.
ping
48
ping Example: ping 8.8.8.8
syntax
49
True or false: The ping command tells us if the server is reachable and the time that it takes to transmit and receive data
True
50
True or false: Ping commands provide more accurate information that traceroutes.
False
51
The methodology of performing penetration testing or cyber-attacks have been broken down by many organizations. One example of this is the
Cyber Kill Chain framework
52
* Reconnaissance * Weaponization * Delivery * Exploitation * Installation * Command & Control (C2) * Action on Objectives
7 steps of Cyber Kill Chain framework
53
____________ is a technique that establishes a numeric understanding of the target and enables the identification and collection of important information about the target devices, users, networks and network resources; among other things
Enumeration
54
_____________ involves gathering as much data as possible pertaining to a target(s). The amount of information gathered may determine the number of attack vectors that can be exploited.
Information gathering
55
The key term for information gathering is _________, i.e. to establish or indicate the who’s and the what’s. These factors are the building blocks that drive offensive cyber operations. Without accurate and actionable intelligence, we cannot appropriately carryout offensive attacks.
identify
56
Information gathering can involve the following data to be enumerated
* IP Addresses * Protocols * Users Credentials * Scheduled Tasks / Cron Jobs * Services * Programs * Functions/dll * Files * Opportunities * Vulnerabilities
57
Target development includes the following:
* Understanding potential vulnerabilities to develop a method to obtain access, privilege escalate, D4M (deny, degrade, destroy, disrupt, manipulate), exfiltrate, obfuscation, persistence, and etcetera. * It is critical to know WHO and WHAT your target is intimately. The more information we have on the target, the better we can plan operations and reach our end state mission requirements and goals.
58
Target development includes the following 2:
* Understanding potential vulnerabilities in order to gain access, or perform one of the D4M’s, deny, degrade, destroy, disrupt, or manipulate. * Obtaining or developing scripts, programs, functions/dlls, tools, or other methods to exploit vulnerabilities * Planning when, where, and how to execute exploit * Testing the tools and exploit/s in a controlled environment, other than the target. As a result, minimizing potential problems that may occur with the target during mission.
59
___________ is to take advantage of a flaw/s or vulnerabilities within an OS
Exploit
60
The different types of exploitation include: _________ taking advantage of a flaw within a program’s instructions and manipulating it in a manner that was not intended by the creators
Code
61
The different types of exploitation include: ________ a system’s setting that allows it to be manipulated by an unintended source
Misconfiguration
62
The different types of exploitation include: poor OPSEC, cyber training, or restrictions in place?
Human
63
True or False: Opportunities is one of the 7 phases of the Cyber Kill Chain
False
64
What type of exploitation consists of poor cyber training?
Human