Section 4: Active Reconnaissance

Question 1

“Living Off The Land” Commands - Windows

Answer 1

arp
o Used when enumerating a Windows host
o Address Resolution Protocol (ARP) Cache
▪ Provides a list of all the other machine’s MAC
addresses that have recently communicated with
the host you are currently on

ipconfig
o Determines the IP address of the machine you are
currently on

ipconfig /displaydns
▪ Displays any DNS names that have recently been
resolved

Get-NetDomain
▪ Lists the current logged in user’s domain

Get-NetGroupMember
● Lists the domain members belonging to a given group

▪ net user
● Lists all the users on the machine

▪ net groups
● Lists the groups on the machine

Question 2

“Living Off The Land” Commands - Linux

Answer 2

finger
o Used to view a user’s home directory, their login, and their
current idle time

uname -a
o Shows the OS’s name, version, and other relevant details
displayed to the terminal

Gives a list of all of the environment variables on a Linux
system

Question 3

“lbd” tool

Answer 3

Load Balance Detector

Question 4

“lbd” tool

Answer 4

Load Balance Detector

Question 5

CeWL

Answer 5

Custom Word List Generator (CeWL)
● A Ruby app that can crawl a given URL up to a specified depth and return a list of words that can be used with a password cracker

Question 6

Packet Crafting Tools

Answer 6

hping and Scapy