PenTest+ concepts Flashcards

1
Q

Which tools are used for password cracking?

A
  • Hydra
  • John the Ripper
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What tool is used for SQL injection attacks?

A
  • Sqlmap
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What tool is used to automate exploit development and execution against a vulnerable target system?

A
  • Metasploit is a framework used for developing and executing exploits against remote targets.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What technique is best to maintain access to a compromised system after a reboot or if the initial exploit is closed?

A
  • Setting up a cron job is a common post-exploitation technique used to maintain persistence by ensuring a reverse shell or another method of access is re-established at regular intervals.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What techniques are useful for covering tracks or gaining further access?

A
  • Clear system logs
  • Escalate privileges
  • Use PsExec for lateral movement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the types of Nmap commands?

A
  • -sV = Displays open ports to determine service and version running [i.e. Operating system (OS) of a target]
  • -PA = Sends only a TCP ACK ping command and not wait for the echo request
  • -sU = Displays UDP ports that are open [DNS, SNMP, and DHCP]. UDP are slower than TCP ports
  • -PS = Discovers open ports by sending out only TCP SYN ping
  • -Pn = Foregoes host discovery and will assume all hosts are online [useful if host appears offline]
  • -O = Fingerprints an OS of a device [to target vulnerabilities based on OS]
  • -a = Used for OS detection, version detection, script scanning, and traceroute
  • -PR = Used to gather MAC addresses by doing an ARP ping
  • -ST = Nmap switch that does a TCP connect scan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If you see a “../” in a question, what is the most likely answer?

A
  • Directory Traversals
  • Local file inclusion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you identify a Cross-site scripting attack on a question?

A
  • A log snippet or captured URLs that have the script or any kind of JavaScript inside
  • If you see “Like document.cookie” or “document.write” it is a DOM-based Cross-site Scripting Attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If you see a “‘OR 1=1” in a question, what is the most likely answer?

A
  • SQL injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you prevent an SQL injection?

A
  • Input validation
  • Web application firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly