Module 6 - System Hacking Flashcards
Cracking Passwords:
Searching for sensitive information in the user’s trash-bins, printer trash bins, and user desk for sticky notes.
a. Social Engineering
b. Shoulder Surfing
c. Dumpster Diving
d. Tailgating
c. Dumpster Diving
Cracking Passwords:
The program tries every combination of characters until the password is broken.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
d. Brute Force Attack
Cracking Passwords:
The attacker creates a list of all possible passwords from the information collected through social engineering or any other way and tries them manually on the victim’s machine to crack the passwords.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
e. Password Guessing
Cracking Passwords:
Uses a combination of dictionary file and every combination of characters until the password is broken.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
a. Hybrid Attack
Cracking Passwords:
A dictionary file is loaded into the cracking application that runs against user accounts.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
c. Dictionary Attack
Cracking Passwords:
Is a password supplied by the manufacturer with new equipment (e.g. switches, hubs, routers) that is password protected.
Default Password
Cracking Passwords:
In a ______ attack, the attacker acquires access to the communication channels between victim and server to extract the information.
a. Replay Attack
b. Man-in-the-Middle Attack
b. Man-in-the-Middle Attack
Cracking Passwords:
- Windows stores user password in ___, or in the Active Directory database in domains.
- Passwords are never stored in clear text; passwords are hashed and the results are stored in the ___.
a. Kerberos Authentication
b. NTLM Aughentication
c. Security Accounts Manager (SAM) Database
c. Security Accounts Manager (SAM) Database
Cracking Passwords:
- Password _______ is a technique where random string of characters are added to the password before calculating their hashes.
- Makes it more difficult to reverse the hashes and defeat pre-computed hash attacks.
a. Extensions
b. Padding
c. Salting
d. Hashing
c. Salting
Cracking Passwords:
This software cracks hashes with ranbow tables. It uses time-memory tradeoff algorithm to crack hashes.
a. Cain & Abel
b. RainbowCrack
c. Windows Password Key
d. hashcat
b. RainbowCrack
Escalating Privileges:
Refers to acquiring the same level of privileges that already has been granted but assuming the identity of another user with the similar privileges.
a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation
b. Horizontal Privilege Escalation
Escalating Privileges:
Refers to gaining higher privileges than the existing.
a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation
a. Vertical Privilege Escalation
Escalating Privileges:
Windows Application Compatibility Framework, ____ is used to provide compatibility between the older and newer versions of Windows operating system.
a. Access Token Manipulation
b. Application Shimming
c. File System Permissions Weakness
d. Path Interception
e. Scheduled Task
b. Application Shimming
Executing Applications:
Attackers execute malicious applications in this stage. This is called ______ the system.
a. Owning
b. Logging
c. Cracking
d. Running
a. Owning
Executing Applications:
- It allows attacker to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
- Physical ones are placed between the keyboard hardware and the operating system.
a. Spyware
b. Backdoors
c. Crackers
d. Keyloggers
d. Keylogger
Executing Applications:
- Is a stealthy program that records user’s interaction with the computer and internet without the user’s knowledge and sends them to the remote attackers.
-
Hides its process, files, and other objects in order to avoid detection and removal.
a. Spyware
b. Backdoors
c. Crackers
d. Keyloggers
a. Spyware
Hiding Files:
- Programs that hide their presence as well as attacker’s malicious activities, granting them full access to the server or host at that time and also in future.
- Replace certain operating system calls and utilities with its own modified versions of those routines that in turn undermine the security of the target system causing milicious functions to be executed.
- A typical one comprises of backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, IRC bots, etc.
a. Backdoor
b. Rootkit
c. Spyware
d. Keylogger
e. Crackers
b. Rootkit
Hiding Files:
Adds malicious code or replaces original OS kernel and device driver codes.
a. Hypervisor Level Rootkit
b. Hardware/Firmware Rootkit
c. Kernel Level Rootkit
d. Boot Loader Level Rootkit
e. Library Level Rootkit
c. Kernel Level Rootkit
Hiding Files:
____ is the ability to fork data into existing files without changing or altering their functionality, size, or display to file browsing utilities.
Alternate Data Stream (ADS)
Hiding Files:
-A technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.
Steganography
Hiding Files:
- Is the art of discovering and rendering covert messages using steganography.
- It detects the hidden messages embedded in images, text, audio, and video carrier mediums using steganography.
Staganalysis
Covering Tracks:
Attacker uses which of the following techniques to cover tracks on the target system. (Choose 2)
a. Hiding Files
b. Steganography
c. Disable Auditing
d. Clearing Logs
e. Wiping Computer
c. Disable Auditing
d. Clearing Logs
