section 4.1 Flashcards
Used to determine the route a packet takes to a destination
- Will map the entire path
- Time in TTL (Time To Live) is in hops
traceroute (POSIX)
tracert (Windows)
Lookup names and IP addresses
- If deprecated use dig instead
nslookup
- More advanced domain information
- Does the same as nslookup just more advanced than nslookup
dig or DIG
- Domain Information Groper
Helps determine TCP/IP and network adapter information
- additional IP details
- ping your IP address
ipconfig for Windows
ifconfig for Linux
What are the Nmap abilities and give a description of each of them.
Network mapper - Find and learn more about network devices Port scan - Find devices and identify open ports OS scan - Discover the OS w/o loggin in to a device Service scan - What service is available on a device NMAP scripting - external capabilities, vulnerabulites
- What command test reach ability, determines round-trip time
- Uses Internet Control Message Protocal (ICMP)
Ping
Name the command that combines ping and traceroute and also describe the steps of the process and what happens in each step
pathping
First: run traceroute
- Build a map
Second: run ping
- Measure round trip time and packet loss at each hop
This command is a TCP/IP packet assembler/ analyzer
Sends crafted frames
- Modify all IP, TCP, UDP, and ICMP values
hping
Network command to show all active connections.
netstat -a
Network command shows binaries
netstat -b
Network command to not resolve names on the network
netstat -n
This command allows you to read and write to the network.
List some functions that this command can do
netcat - Listen on a port number - Transfer data - Scan ports and send data to a port Go as far as to run a shell from a remote device
This network scanner will search a network for IP addresses
- Locate active devices
- Avoids doing work on an IP address that is not there
IP scanners
List some IP scanner techniques
ARP
ICMP
TCP ACK
ICMP timestamp requests
What do you call a determination of a MAC address bases on an IP address
Address Resolution Protocol (ARP)
arp -a command
Lets the user view local ARP table
Purpose of the route command
View the device’s routing table
-Find out which way the packets will go
Windows command: route print
Linux & macOS: netstat -r
What is the curl command
Client URL
- Retrieve data using a URL
- Uniform Resources Locator
- Grab the raw data
Name some functions of the theHarvester command
- Gather OSINT
- Scrape information from Google or Bing
- Find PGP keys by email domain
- DNS bruteforce
- Find those unknown hosts, vpn, chat, mail, partner, and etc.
List some functions of the sniper command
- Combine many recons tools into a single framework
- dnesum, metasploit, nmap, theHarvester
- Both intrusive and non-intrusive scanning options
- Another tool that can cause problems
ex. Brute force and server scanning
What does the dnesum command do?
- Enumerate DNS information: find host names
- View host information from DNS servers
- Find host names in Google
What is Nessus
- Industry leader in vulnerability scanning
- Identify known vulnerabilities
- Extensive reporting
- a checklist of issues
- filter out false positives
What is Cuckoo
- a sandbox for malware
- a virtualized environment
- a track and trace
- API calls, network traffic, memory analysis
- Traffic captures
- Screenshots
This is a file manipulation to view the first part of the file
head [option] [file]
This File manipulation tool allows you to view the bottom of the file
tail [option] [file]
What does the cat command do?
Concatenate
- copy a file/files to the screen
ex: cat file.txt file2.txt - copy a file/files to another file
ex: cat file1.txt file2.txt > both.txt
What does grep do?
Find text in a file
grep PATTERN [FILE]
What is the chmod command. What are some options to set permissions and modes
- Change mode of a file system object
- Also use octal notation
ex. 7 4 4 - r = read, w = write, x = execute
- Setting permissions:
file owner: u
the group: g
others: o
all: a
What does the logger command do?
- Add entries to the system log
- syslog
- Adding to the local syslog file
What is Toreplay? What does it do?
a suite of packet replay utilities
Test security devices
Test and tune IP Flow/NetFlow devices
Evaluate the performance of security devices
This command captures packets from the command line
tcpdump
Name this graphical packet analyzer. Also, name some other functions
Wireshark
Gathers frames on the network
Extensively decodes
- View the application traffic
This is a reference to the DD command. What does it do?
dd
create a bit-by-bit copy of a drive
create a disk image
restore from an image
What does memdump do?
Copy information in system memory to the standard output stream
Copy to another host across the network
What is Winhex?
Universal hexadecimal editor for Window OS
- Edit disks, files, RAM
- Disk cloning
- Secure wipe
What does FTK imager do?
AccessData forensic drive imaging tool
- includes file utilites and read-only image mounting
- Windows executable
What does Autopsy do?
Perform digital forensics of hard drives, smartphones
- View and recover data from storage devices
Extract many different data types:
- Downloaded files
- Brows history and cache
- Email messages
Exploitation frameworks
pre-built toolkit for exploitations - Build custom attacks metasploit - attack known vulnerabilities The Social-Engineer Toolkit (SET) - Spear phishing, infectious media generator
Password Crackers
Find the passwords online cracking - Try username/password combinations offline cracking - Brute force a hash file
Data sanitization
Completely remove data
Many different use cases
A one-way trip
- permanent
