INFO Flashcards
is a command that queries the Domain Name System servers for resource records.
- Can be used on Windows and Linux OS’s
Nslookup
allows a user to execute queries back-to-back without typing the entire command for each query
Interactive mode
involves typing the entire command for each query. With a known domain name, nslookup will enumerate all IP’s correlated to that IP, aka DNS query.
Non-interactive mode
There is a browser based version of nslookup as well
nslookup.io
nslookup www.<domain>.com</domain>
Example: nslookup www.virustotal.com
syntax (Nslookup)
When you just type in “___________” into your terminal you will enter the interactive mode
nslookup
nslookup: this simply Translates an IP address into DNS
“ reverse nslookup” or a “reverse DNS”
Example: nslookup 8.8.8.8 (google)
nslookup: This provides mail exchange records
nslookup -query=MX microsoft.com
nslookup: This provides start of authority records
nslookup -query=SOA microsoft.com
nslookup: This provides name server records
nslookup -query=NS microsoft.com
nslookup: This provides all related records
nslookup -query=any microsoft.com
True or False
When conducting a Reverse DNS lookup nslookup command, it would look like nslookup www.google.com
False
What nslookup command provides mail server information?
-query=MX
is a command that queries the Domain Name System servers for records relating to IP addresses, mail exchanges, and name servers
Dig
The results from queries can be utilized to troubleshoot network issues.
The dig command resolves names through the resolver libraries that are located on the OS.
Dig
When a DNS query is made, information is gathered from the DNS server indicated.
If the indicated server is not found then it will go through the list below until it identifies a source to query:
- Specified DNS server
- OS’s default resolver (I.e. resolv.conf)
- Local host
more options, and more verbose answers
dig <dns> <type></type></dns>
Example: dig virustotal.com
Syntax
Dig Query Types:
ANY = All Pertinent Records
A = IPV4 Records
AAAA = IPv6 Records
CNAME = Canonical Name Records
MX = Mail Exchange Records
SOA = Start of Authority Records
NS = Name Server Records
PTR = pointer resource record
The results above indicate the following:
- Version of utility installed: 9.11.3-1
- Header indicates 1 query was made and 0 errors (NOERROR) occurred; and “id” indicates this query’s identification #.
- The DNS server replied with the results within “ANSWER SECTION,” which includes google.com.’s IPV4 address (indicated by “A” and the IPV)
- “184” indicates the time to live (TTL) and “IN” represents internet class query
- Multiple IP’s may represent a load balancer
Dig Query Mod: This example provides Mail Exchange Server Record Types:
Example: $ dig microsoft.com MX
Query Mod: This example provides IPV4 Record Types:
Example: $ dig microsoft.com A
Dig Query Mod: This example provides Name Server Record Types
Example: $ dig microsoft.com NS
Query Mod: This example provides Start of Authority Record Types:
Example: $ dig microsoft.com SOA
Query Mod: This example provides IPV6 Record Types:
Example: $ dig microsoft.com AAAA
Query Mod: This example provides ALL Record Types:
Example: $ dig microsoft.com ANY
Dig Options: Place this behind any request will display just the desired info.
+short
(Ex: DIG apple.com MX +short or DIG apple.com NS +short)
Dig Options: Turn off comment lines
+no comments
Dig Options: Turn off the authority section
+noauthority
Dig Options: Turn off all sections
+noall
Dig Options: Turn off the additional section
+noadditional
Dig Options: Turn off the answer section
+noanswer
Dig Options: Turn off the stats section
+nostats
Dig Options: Trace the nameservers the queries are going to
+trace
Dig Options: Turn on the answer section
+answer
Dig Options: Perform a DNS Zone transfer (This is commonly disabled due to security concerns)
-Axfr
Dig Options: Perform a reverse lookup
-X
Dig Errors: no errors
NO ERROR
Dig Errors: Name queried exists, but no data or invalid data for that name at the requested authority
SERVFAIL
What dig command provides name server information?
dig domain NS
Dig Errors: Name queried does not exist and no authoritative DNS data to be served
NXDOMAIN
What option performs a reverse lookup?
-X
Dig Errors: Zone does not exist at the request authority and their infrastructure is not serving things that don’t exist at all
REFUSED
command is a diagnostic tool that is built into most operating systems and uses ICMP echo packets with variable time to live (TTL) values to print the trace between two points.
The trace is given by reporting all of the IPs of the routers that were pinged in between the source and destination points.
_________ will allow a user to see the gateways a packet passes through to reach its destination.
traceroute
man traceroute
Syntax: traceroute <domain name/IP address>
Example: traceroute www.google.com
For help
syntax
Example
What command is used to print the trace between two point
traceroute
What type of messages does traceroute use?
ICMP
command is used to verify that a remote host is able to respond to network connections.
While in some ways the _______ command is similar to the traceroute command, the ping command will only tell us if the server is reachable and the time that it takes to transmit and receive data.
Traceroutes on the other hand, will provide detailed and precise route information, router by router, and the time it took for each hop.
ping
ping <IP>
Example: ping 8.8.8.8</IP>
syntax
True or false: The ping command tells us if the server is reachable and the time that it takes to transmit and receive data
True
True or false: Ping commands provide more accurate information that traceroutes.
False
The methodology of performing penetration testing or cyber-attacks have been broken down by many organizations. One example of this is the
Cyber Kill Chain framework
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command & Control (C2)
- Action on Objectives
7 steps of Cyber Kill Chain framework
____________ is a technique that establishes a numeric understanding of the target and enables the identification and collection of important information about the target devices, users, networks and network resources; among other things
Enumeration
_____________ involves gathering as much data as possible pertaining to a target(s). The amount of information gathered may determine the number of attack vectors that can be exploited.
Information gathering
The key term for information gathering is _________, i.e. to establish or indicate the who’s and the what’s. These factors are the building blocks that drive offensive cyber operations. Without accurate and actionable intelligence, we cannot appropriately carryout offensive attacks.
identify
Information gathering can involve the following data to be enumerated
- IP Addresses
- Protocols
- Users Credentials
- Scheduled Tasks / Cron Jobs
- Services
- Programs
- Functions/dll
- Files
- Opportunities
- Vulnerabilities
Target development includes the following:
- Understanding potential vulnerabilities to develop a method to obtain access, privilege escalate, D4M (deny, degrade, destroy, disrupt, manipulate), exfiltrate, obfuscation, persistence, and etcetera.
- It is critical to know WHO and WHAT your target is intimately. The more information we have on the target, the better we can plan operations and reach our end state mission requirements and goals.
Target development includes the following 2:
- Understanding potential vulnerabilities in order to gain access, or perform one of the D4M’s, deny, degrade, destroy, disrupt, or manipulate.
- Obtaining or developing scripts, programs, functions/dlls, tools, or other methods to exploit vulnerabilities
- Planning when, where, and how to execute exploit
- Testing the tools and exploit/s in a controlled environment, other than the target. As a result, minimizing potential problems that may occur with the target during mission.
___________ is to take advantage of a flaw/s or vulnerabilities within an OS
Exploit
The different types of exploitation include: _________ taking advantage of a flaw within a program’s instructions and manipulating it in a manner that was not intended by the creators
Code
The different types of exploitation include: ________ a system’s setting that allows it to be manipulated by an unintended source
Misconfiguration
The different types of exploitation include: poor OPSEC, cyber training, or restrictions in place?
Human
True or False: Opportunities is one of the 7 phases of the Cyber Kill Chain
False
What type of exploitation consists of poor cyber training?
Human
