Real Practice

Question 1

Light scan

Answer 1

nmap IP –top-ports 10 –open

Question 2

SSH port

Answer 2

22

Question 3

HTTP Port

Answer 3

80

Question 4

Heavy Scan

Answer 4

nmap IP -p- -sV

Question 5

How to check version of ssh remotely by netcat?

Answer 5

nc -nv IP 22

Question 6

How to check up headers from the web server?

Answer 6

curl -i IP

Question 7

How to get robots.txt from web server?

Answer 7

curl IP/robots.txt -s | html2text

Question 8

vulnerability

Answer 8

A vulnerability is flaw in a system which COULD provide an attacker with a way into the software itself, in a
unattended manner.
It is not an open door, but a weak door, which MIGHT allow an attacker a way in.

Question 9

exploit

Answer 9

A exploit is the way INTO the system. An attacker turns the vulnerability into a method into the system.
An exploit is the tool used to bust down the door - allowing the attacker to walk through the door.

Question 10

0day

Answer 10

0day means the exploit has been known about for less than a day. So the software authors didn’t have any
notice/chance to create a patch, to protect from the vulnerability.
Someone has found a way to bust down a door without giving the chance to put up any protections,
stopping the attack from happening.

Question 11

1day

Answer 11

1day means the vulnerability is publicly known about, allowing for the software authors to create a patch. However,
there isn’t yet any public exploit code.
Able to protect a door from being busted down even though there isn’t yet a known way to open the
door.

Question 12

CVE

Answer 12

CVE is a standard, for making a list of vulnerabilities, using a certain naming format and terms. It makes it easier to
identity and reference vulnerabilities.
Able to identity what the issue is.

Question 13

Feature

Answer 13

A “feature” is using the software how it was designed in order to perform an action
Such as allowing file uploads on a web site, to share pictures, might also allow for web shells to be
uploaded.