Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYBF 662 - Quiz 4 > Module 7 - Exploitation > Flashcards

Module 7 - Exploitation Flashcards

1
Q

Undesired Effects of Exploitation

A

crash a service or server

cause a server to hang

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Web Servers (Common Ones)

A

Microsoft Internet Information Services
Apache
Tomcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Web Server Misconfigurations

A

directory browsing
read/write/execute permissions
enabled parent paths

  • not necessarily identified as vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SQL Injection

A

Web application doesn’t check input
‘1=1
allows processing of command
most popular and effective to attack websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cross Site Scripting (XSS)

A

injecting scripts into web applications

forces redirection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Content Management Servers

A

Joomla

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Symantec’s Top 5 Web App Vulnerabilities

A
  1. Remote Code execution
  2. SQL Injection
  3. Format string vulnerabilities
  4. Cross Site Scripting (XSS)
  5. Username enumeration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Physical Security

A

Conference Rooms - open network drops
Unlocked LAN closets
Unlocked server rooms
Unattended - unlocked - desktop computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

User Accounts

A

Download from SAM or AD
Create user accounts
Change group memberships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

User Accounts -> File Access

A

Cain and Abel
John the Ripper
SAMinside
Elcomsoft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Metasploit

A

~300 exploits
2003 Perl -> Ruby
Rapid7

Metasploit Express
Metasploit Pro

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Metasploit Framework Commands

A 
USE
SHOW PAYLOADS
SET PAYLOAD
SHOW OPTIONS
SET RHOST
SET LHOST
EXPLOIT
HELP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

BIND Connection

A

Establishes direct connection from Tester to the Target

Bind does not work if going through external firewall due to NATing. (works if already on the network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Reverse Shell

A

When not already inside the network
Machine calls back to IP that is identified

there is evidence on target computer: TCP 4444

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Meterpreter

A

interface for executing commands in Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Gain Persistence

A
  • gain user names and passwords to accounts
  • install malware with autorun location
  • install netcat and set to restart
  • install a device, such as WAP
17
Q

Creating Account (Windows)

A

NET USER

18
Q

Permissions (Windows)

A

NET LOCALGROUP /ADD

19
Q

CSVDE

A

command line tool
%windir%/system32
available for AD LDS (local directory services)

csvde -r objectClass=user -f usersonly.csv (outputs users)
csvde -i -f input.csv (imports)

20
Q

psexec

A

Sysinternals

telnet tool to execute processes

CYBF 662 - Quiz 4 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions