Random Recon/ scan Flashcards

Question 1

Q

Name Packet Crafting tools (npow +2)

Answer

A

NetScan, PackEth, Ostinato, WAN Killer, Lan Forge Fire, Colasofts- Packet Builder (has three windows packet list, code builder and hex view) Packet builders can fragment packages to get past IDS’s

Question 2

Q

netstat -an

Answer

A

displays all connections and listening ports with addresses and port numbers in numerical form

Question 3

Q

netstat -b

Answer

A

when run with admin privileges you can see executable tied to open port.

Question 4

Q

ping sweep tools

Answer

A

Nmap, angry ip, Solar Winds Engineer Toolset, Network Ping, OPUtils, Superscan, Advanced IP Scanner, Pinkie

Question 5

Q

Steps in scanning methodology (7)

Answer

A

check for live systems
check for open ports
scan beyond IDS
perform banner grabbing
scan for vulnerabilities
draw network map
prepare proxies

Question 6

Q

hping2 -1 ipaddr

Answer

A

hping2 syntax to icmp ping

Question 7

Q

hping2 -2

Answer

A

hping3 syntax to set up udp mode

Question 8

Q

-8 eg. hping2 -8 2-80

Answer

A

hping3 flag to set scan mode scans ports 2 thru 80

Question 9

Q

–flood hping2 -S -a -p 22

Answer

A

hping3 flag for for flood -send syn flood to port 22

Question 10

Q

Port scanning tools- regular (3)

Answer

A

Nmap, PRTG network Monitor, MegaPing

Question 11

Q

Port scanning- Mobile (fzips)

Answer

A

ip scanner, fing, zANTi, PORT droid, Super Scan

Question 12

Q

What is active OS fingerprinting

Answer

A

Sending crafted, non standard packets to remote host and analyzing replies

Question 13

Q

What is passive OS fingerprinting

Answer

A

Sniffing packets and analyzing TTL, window sizes, Don’t Fragment flags and ToS (Type of Service) fields

Question 14

Q

Tools that allow IP spoofing (4) (SHaNK)

Answer

A

Nmap, Hping, Scapy, Komodia

Question 15

Q

What is gzapper

Answer

A

Clears Google cookies

Question 16

Q

Vulnerability Scanning

Answer

A

Running a tool against a target to see what vulnerabilities it may have

Question 17

Q

Where are Windows Passwords stored

Answer

A

C:\windows\System 32\config\SAM. Machines that are part of a domain passwords are stored and managed by the domain controller

Question 18

Q

Linux enumeration CMD line tools

Answer

A

finger (provides info on the user and host machine), rpcinfo and rpcclient (provide info on the rpc enviornment) and showmount (displays shared directories on the machine.

Question 19

Q

Active banner grabbing

Answer

A

send crafted packets to remote systems and comparing responses to determine OS

Question 20

Q

Passive banner grabbing

Answer

A

Reading error messages (telnet connect to port 80 or nc and response), sniffing network traffic or looking at page extensions

Question 21

Q

SNMP MIB

Answer

A

Management Information Base hold information on devices on a subnet arranged by the OID object identifiers. MIB entries can identify what device is, os, usage stats and even change setting on devices. retrieval of info is a GET request. Change of of config is a SET request. trap (alert) port 162

Question 22

Q

What version of SNMP offers encryption and auth and integrity

Question 23

Q

What version of ntp offers encryption and auth and integrity

Question 24

Q

LDAP general info

Answer

A

session started by client on port 389. Hierarchical database return queries using BER Basic Encoding Rules. Can retrieve usernames, domain info address telephone, system data etc.

Question 25

Q

LDAP enumeration tools (SJL +2)

Answer

A

Softerra, JXplorer, Lex, LDAP Admin, Active Directory Explorer

Question 26

Q

NetScan, PackEth, Ostinato, WAN Killer, Lan Forge Fire, Colasofts- Packet Builder (has three windows packet list, code builder and hex view) Packet builders can fragment packages to get past IDS’s

Answer

A

Packet Crafting tools

Question 27

Q

Nmap, angry ip, Solar Winds Engineer Toolset, Network Ping, OPUtils, Superscan, Advanced IP Scanner, Pinkie

Answer

A

ping sweep tools NANSOAP

Question 28

Q