Scanning and Enumeration Flashcards
What type an attack is DNS Bruteforcing? (Active or Passive)
Passive.
TCP Flag
What is SYN (Synchronize) flag used for?
Set during initial communication. Negotiating of parameters and sequence numbers
TCP Flag
What is ACK (Acknowledgment) flag used for?
Set as an acknowledgement to the SYN flag. Always set after initial SYN
TCP Flag
What is RST (Reset) flag used for?
Forces the termination of a connection (in both directions)
TCP Flag
What is FIN (Finish) flag used for?
Ordered close to communications
TCP Flag
What is PSH (Push) flag used for?
Forces the delivery of data without concern for buffering
TCP Flag
What is URG (Urgent) flag used for?
Data inside is being sent out of band. Example is cancelling a message
What is the 3 step TCP handshake?
- SYN
- SYN-ACK
- ACK
What does ICMP stand for?
Internet Control Message Protocol
What ICMP message type is 0?
0: Echo Reply
What ICMP message type is 3?
3: Destination Unreachable
What ICMP message type is 4?
4: Source Quench
What ICMP message type is 5?
5: Redirect
What ICMP message type is 8?
8: Echo Request
What ICMP message type is 11?
11: Time Exceeded
Nmap
How do you initiate Full Connect Scan?
nmap -sT
Nmap
How do you initiate Stealth (SYN )Scan?
nmap -sS
Nmap
How do you initiate ACK Scan?
nmap -sA
Nmap
How do you initiate FIN scan?
nmap -sF
Nmap
How do you initiate IDLE (Zombie) Scan
nmap -sI
Nmap
How do you initiate DNS List Scan?
nmap -sL
Nmap
How do you initiate NULL Scan?
nmap -sN
Nmap
How do you initiate Protocol Scan?
nmap -sO
Nmap
How do you initiate Ping Scan?
nmap -sP
Nmap
How do you initiate RPC scan?
nmap -sR
Nmap
How do you initiate Window scan?
nmap -sW
Nmap
How do you initiate Xmas scan?
nmap -sX
Nmap
How do you initiate ICMP ping?
nmap -PI
Nmap
How do you initiate No ping?
nmap -Pn
Nmap
How do you initiate SYN ping?
nmap -PS
Nmap
How do you initiate TCP ping?
nmap -PT
Nmap
How do you set packet fragmentation flag?
nmap -f
Nmap
How do you set Decoy flag?
nmap -D
Hping
How do you initiate ICMP mode?
hping3 -1
Hping
How do you initiate UDP mode?
hping3 -2
Hping
How do you initiate Scan mode?
hping3 -8
Hping
How do you initiate Listen mode?
hping3 -9
Hping
How do you initiate Flood mode?
hping3 –flood
Hping
How do you collect sequence numbers?
hping -Q
Hping
How do you set port number?
hping3 -p
Hping
How do you set FIN flag?
hping3 -F
Hping
How do you set SYN flag?
hping3 -S
Hping
How do you set RST flag?
hping3 -R
Hping
How do you set PSH flag?
hping3 -P
Hping
How do you set ACK flag?
hping3 -A
Hping
How do you set URG flag?
hping3 -U
Hping
How do you set Xmas flag?
hping3 -X
SNMP: What is the read-only string?
public
SNMP: What is the read-write string?
private
What is meant by the following command?
ping -t 1.1.1.1
Continuos ping until manually stopeed
What is meant by the following command?
ping -a 1.1.1.1
Resolve hostname to IP
What is meant by the following command?
ping -n 6 1.1.1.1
Ping specified amount of times (6).
What is mean by the following command?
ping -i 12 1.1.1.1
-i specified Time to Live
What records does a zone file contain?
SOA
NS
A
MX
What tool would you use to fingerprint VPN firewalls?
ike-scan
What is ping of death?
Sending packets that exceeds the byte limit (65,535)
What is the proper response for a NULL scan if the port is closed?
RST
What is a Smurf Attack?
DDoS attack, floods the target network with infinite ICMP request packets with spoofed address of the networks broadcast address.
What is the pattern to identify LM hashes that are below 8 characters long?
The hashes will end with AAD3B435B51404EE
What are the 3 Access Vector Metrics used in Nessus reports?
- Local (L)
- Adjacent Network (A)
- Network (N)
What is a Fraggle attack?
DoS attack that uses UDP protocol
What is a Tear Drop attack?
DoS attack that exploits a packet fragment bug
What is a SYN Flood attack?
Sending a SYN request to host ports and leaving incomplete TCP handshakes so other users are unable to connect.
What is a SYN Attack?
Floods SYN packets to the target with spoofed source IP
What is a ICMP Flood attack?
ICMP Echo requests with spoofed source IP
What is a Peer-to-peer attack?
Redirect peer-to-peer connections to the target host
What is a LAND attack?
Sending SYN packet to the target host with same source IP as the target, crashing the system if Vulnerable.
What is purpose of Low Ordbit Ion Cannon (LOIC) tools?
TCP, UDP, HTTP DDoS tool
What type of tools is Trinity on Linux?
DDoS Tool
What is a Tribe Flood Network?
Voluntary hosts of a botnet, used for DDoS.
Which service is NBTSTAT used against?
To discover information from NetBios, ports 137, 138, 139
What is Blind/Anonymous FTP?
Allows users to go directly to a specific directory as long as they use the correct path and file name.
Nmap
How do you initiate default script engine scan?
nmap -sC
or
nmap –script=default
nmap script options
nmap –script=default
nmap –script-args= : provides arguments to script
nmap –script-args-file= : provides nse script args in a file
nmap –script-trace : shows all data sent and received
nmap –script-updatedb : updates script database
nmap –script-help : shows help