Module 6 - System Hacking Flashcards
Cracking Passwords:
Searching for sensitive information in the user’s trash-bins, printer trash bins, and user desk for sticky notes.
a. Social Engineering
b. Shoulder Surfing
c. Dumpster Diving
d. Tailgating
c. Dumpster Diving
Cracking Passwords:
The program tries every combination of characters until the password is broken.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
d. Brute Force Attack
Cracking Passwords:
The attacker creates a list of all possible passwords from the information collected through social engineering or any other way and tries them manually on the victim’s machine to crack the passwords.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
e. Password Guessing
Cracking Passwords:
Uses a combination of dictionary file and every combination of characters until the password is broken.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
a. Hybrid Attack
Cracking Passwords:
A dictionary file is loaded into the cracking application that runs against user accounts.
a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing
c. Dictionary Attack
Cracking Passwords:
Is a password supplied by the manufacturer with new equipment (e.g. switches, hubs, routers) that is password protected.
Default Password
Cracking Passwords:
In a ______ attack, the attacker acquires access to the communication channels between victim and server to extract the information.
a. Replay Attack
b. Man-in-the-Middle Attack
b. Man-in-the-Middle Attack
Cracking Passwords:
- Windows stores user password in ___, or in the Active Directory database in domains.
- Passwords are never stored in clear text; passwords are hashed and the results are stored in the ___.
a. Kerberos Authentication
b. NTLM Aughentication
c. Security Accounts Manager (SAM) Database
c. Security Accounts Manager (SAM) Database
Cracking Passwords:
- Password _______ is a technique where random string of characters are added to the password before calculating their hashes.
- Makes it more difficult to reverse the hashes and defeat pre-computed hash attacks.
a. Extensions
b. Padding
c. Salting
d. Hashing
c. Salting
Cracking Passwords:
This software cracks hashes with ranbow tables. It uses time-memory tradeoff algorithm to crack hashes.
a. Cain & Abel
b. RainbowCrack
c. Windows Password Key
d. hashcat
b. RainbowCrack
Escalating Privileges:
Refers to acquiring the same level of privileges that already has been granted but assuming the identity of another user with the similar privileges.
a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation
b. Horizontal Privilege Escalation
Escalating Privileges:
Refers to gaining higher privileges than the existing.
a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation
a. Vertical Privilege Escalation
Escalating Privileges:
Windows Application Compatibility Framework, ____ is used to provide compatibility between the older and newer versions of Windows operating system.
a. Access Token Manipulation
b. Application Shimming
c. File System Permissions Weakness
d. Path Interception
e. Scheduled Task
b. Application Shimming
Executing Applications:
Attackers execute malicious applications in this stage. This is called ______ the system.
a. Owning
b. Logging
c. Cracking
d. Running
a. Owning
Executing Applications:
- It allows attacker to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
- Physical ones are placed between the keyboard hardware and the operating system.
a. Spyware
b. Backdoors
c. Crackers
d. Keyloggers
d. Keylogger