Scanning and Enumeration Flashcards

1
Q

What type an attack is DNS Bruteforcing? (Active or Passive)

A

Passive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP Flag

What is SYN (Synchronize) flag used for?

A

Set during initial communication. Negotiating of parameters and sequence numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TCP Flag

What is ACK (Acknowledgment) flag used for?

A

Set as an acknowledgement to the SYN flag. Always set after initial SYN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TCP Flag

What is RST (Reset) flag used for?

A

Forces the termination of a connection (in both directions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCP Flag

What is FIN (Finish) flag used for?

A

Ordered close to communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TCP Flag

What is PSH (Push) flag used for?

A

Forces the delivery of data without concern for buffering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TCP Flag

What is URG (Urgent) flag used for?

A

Data inside is being sent out of band. Example is cancelling a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the 3 step TCP handshake?

A
  1. SYN
  2. SYN-ACK
  3. ACK
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does ICMP stand for?

A

Internet Control Message Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What ICMP message type is 0?

A

0: Echo Reply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What ICMP message type is 3?

A

3: Destination Unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What ICMP message type is 4?

A

4: Source Quench

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What ICMP message type is 5?

A

5: Redirect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What ICMP message type is 8?

A

8: Echo Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What ICMP message type is 11?

A

11: Time Exceeded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Nmap

How do you initiate Full Connect Scan?

A

nmap -sT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Nmap

How do you initiate Stealth (SYN )Scan?

A

nmap -sS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Nmap

How do you initiate ACK Scan?

A

nmap -sA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Nmap

How do you initiate FIN scan?

A

nmap -sF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Nmap

How do you initiate IDLE (Zombie) Scan

A

nmap -sI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Nmap

How do you initiate DNS List Scan?

A

nmap -sL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Nmap

How do you initiate NULL Scan?

A

nmap -sN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Nmap

How do you initiate Protocol Scan?

A

nmap -sO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Nmap

How do you initiate Ping Scan?

A

nmap -sP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Nmap How do you initiate RPC scan?
nmap -sR
26
Nmap How do you initiate Window scan?
nmap -sW
27
Nmap How do you initiate Xmas scan?
nmap -sX
28
Nmap How do you initiate ICMP ping?
nmap -PI
29
Nmap How do you initiate No ping?
nmap -Pn
30
Nmap How do you initiate SYN ping?
nmap -PS
31
Nmap How do you initiate TCP ping?
nmap -PT
32
Nmap How do you set packet fragmentation flag?
nmap -f
33
Nmap How do you set Decoy flag?
nmap -D
34
Hping How do you initiate ICMP mode?
hping3 -1
35
Hping How do you initiate UDP mode?
hping3 -2
36
Hping How do you initiate Scan mode?
hping3 -8
37
Hping How do you initiate Listen mode?
hping3 -9
38
Hping How do you initiate Flood mode?
hping3 --flood
39
Hping How do you collect sequence numbers?
hping -Q
40
Hping How do you set port number?
hping3 -p
41
Hping How do you set FIN flag?
hping3 -F
42
Hping How do you set SYN flag?
hping3 -S
43
Hping How do you set RST flag?
hping3 -R
44
Hping How do you set PSH flag?
hping3 -P
45
Hping How do you set ACK flag?
hping3 -A
46
Hping How do you set URG flag?
hping3 -U
47
Hping How do you set Xmas flag?
hping3 -X
48
SNMP: What is the read-only string?
public
49
SNMP: What is the read-write string?
private
50
What is meant by the following command? ping -t 1.1.1.1
Continuos ping until manually stopeed
51
What is meant by the following command? ping -a 1.1.1.1
Resolve hostname to IP
52
What is meant by the following command? ping -n 6 1.1.1.1
Ping specified amount of times (6).
53
What is mean by the following command? ping -i 12 1.1.1.1
-i specified Time to Live
54
What records does a zone file contain?
SOA NS A MX
55
What tool would you use to fingerprint VPN firewalls?
ike-scan
56
What is ping of death?
Sending packets that exceeds the byte limit (65,535)
57
What is the proper response for a NULL scan if the port is closed?
RST
58
What is a Smurf Attack?
DDoS attack, floods the target network with infinite ICMP request packets with spoofed address of the networks broadcast address.
59
What is the pattern to identify LM hashes that are below 8 characters long?
The hashes will end with AAD3B435B51404EE
60
What are the 3 Access Vector Metrics used in Nessus reports?
1. Local (L) 2. Adjacent Network (A) 3. Network (N)
61
What is a Fraggle attack?
DoS attack that uses UDP protocol
62
What is a Tear Drop attack?
DoS attack that exploits a packet fragment bug
63
What is a SYN Flood attack?
Sending a SYN request to host ports and leaving incomplete TCP handshakes so other users are unable to connect.
64
What is a SYN Attack?
Floods SYN packets to the target with spoofed source IP
65
What is a ICMP Flood attack?
ICMP Echo requests with spoofed source IP
66
What is a Peer-to-peer attack?
Redirect peer-to-peer connections to the target host
67
What is a LAND attack?
Sending SYN packet to the target host with same source IP as the target, crashing the system if Vulnerable.
68
What is purpose of Low Ordbit Ion Cannon (LOIC) tools?
TCP, UDP, HTTP DDoS tool
69
What type of tools is Trinity on Linux?
DDoS Tool
70
What is a Tribe Flood Network?
Voluntary hosts of a botnet, used for DDoS.
71
Which service is NBTSTAT used against?
To discover information from NetBios, ports 137, 138, 139
72
What is Blind/Anonymous FTP?
Allows users to go directly to a specific directory as long as they use the correct path and file name.
73
Nmap How do you initiate default script engine scan?
nmap -sC or nmap --script=default
74
nmap script options
nmap --script=default nmap --script-args= : provides arguments to script nmap --script-args-file= : provides nse script args in a file nmap --script-trace : shows all data sent and received nmap --script-updatedb : updates script database nmap --script-help : shows help