TestOut Ethical Hacker Pro Q&A Chapter 8 System Hacking
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| What non-technical password attacks do organizations need to guard themselves against? | show 🗑
|
||||
| show |
🗑
|
||||
| What are rainbow table attacks? | show 🗑
|
||||
| show |
🗑
|
||||
| show |
🗑
|
||||
| Brute force attack | show 🗑
|
||||
| Rainbow attack | show 🗑
|
||||
| show | A password cracking technique that tests for words from a dictionary, but can include additional common password phrases and symbol substitutions that are added to the database.
🗑
|
||||
| Password salting | show 🗑
|
||||
| show | Hardware or software that captures every keystroke on the computer.
🗑
|
||||
| Dumpster diving | show 🗑
|
||||
| show | The social engineering attack relies on human error. The hacker convinces an employee or other authorized person to give him a password.
🗑
|
||||
| show | This technique involves watching and recording a password, pin, or access code that is being entered by someone in close proximity.
🗑
|
||||
| Pass the hash | show 🗑
|
||||
| Sniffing | show 🗑
|
||||
| show | rtgen generates rainbow tables based on parameters specified by user.
The command line syntax of rtgen program is:
rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index
🗑
|
||||
| show | A rainbow table is an array of rainbow chains. Each rainbow chain has a start point and an end point. The rtsort program sorts the rainbow chains by end point to make a binary search possible. Use the rtsort . command to sort all .rt rainbow tables in current directory. Please be aware that after rtsort, the command includes a space and then a period.
🗑
|
||||
| show | RainbowCrack is software that cracks hashes by rainbow table lookup. The rtgen program generates rainbow tables, and the rtsort program sorts them. The following table describes these two programs.
🗑
|
||||
| show | Program options for rtgen: A rainbow table is hash algorithm specific. A rainbow table for a certain hash algorithm helps to crack only hashes of that type. The rtgen program natively support lots of hash algorithms, like lm, ntlm, md5, sha1, mysqlsha1, halflmchall, ntlmchall, oracle-SYSTEM, and md5-half. In the example above, we generated md5 rainbow tables that speed up the cracking of md5 hashes.
🗑
|
||||
| charset | show 🗑
|
||||
| show | Program options for rtgen: These two parameters limit the plain text length range of the rainbow table. In the example above, the plain text length range is 1 to 7. So plain texts such as abcdefg are likely contained in the rainbow table generated. But plain text abcdefgh with length 8 will not be contained.
🗑
|
||||
| table_index | show 🗑
|
||||
| chain_len | show 🗑
|
||||
| show | Program options for rtgen: The number of rainbow chains to generate. A rainbow table is simply an array of rainbow chains. The size of each rainbow chain is 16 bytes.
🗑
|
||||
| part_index | show 🗑
|
||||
| show | Is a hash types and its possible characters or values is: [0123456789]
🗑
|
||||
| alpha | show 🗑
|
||||
| alpha-numeric | show 🗑
|
||||
| lower alpha | show 🗑
|
||||
| lower alpha-numeric | show 🗑
|
||||
| mix alpha | show 🗑
|
||||
| mix alpha-numeric | show 🗑
|
||||
| ascii-32-95 | show 🗑
|
||||
| show | Is a hash types and its possible characters or values is: [ !"
🗑
|
||||
| show | Is a hash types and its possible characters or values is: [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@
🗑
|
||||
| show | 1. Password salting adding random bits of data to a password before it is stored as a hash.
2. complex a password, Use 8 to 12 character, numbers, uppercase and lowercase letters, and special symbols.
3. Never share your passwords.
4. If asked to routinely change your password, do not reuse your current password.
5. No dictionary words
6. Change every 30 days.
7. Never store a password in an unsecure location.
8. No default password.
9. Never store in a weak encryption or clear text.
🗑
|
||||
| show | Keystrokes on the computer keyboard are logged or recorded to obtain passwords and other important data. This can be done through either hardware devices or software programs on an individual computer or on a whole network. The user cannot detect the keylogger software, and the information can be recorded before it is encrypted.
A hardware keylogger is a physical device that looks like a regular USB drive. It is installed between a keyboard plug and a USB port.
🗑
|
||||
| What are the types of keylogger attacks | show 🗑
|
||||
| How are software keylogger attacks installed | show 🗑
|
||||
| show |
🗑
|
||||
| show |
🗑
|
||||
| show | It combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. You can run it against many encrypted password formats, including several password hash types commonly found in Linux and Windows. You can also run John the Ripper against access passwords for compressed ZIP files and documents.
🗑
|
||||
| What is L0phtCrack | show 🗑
|
||||
| show | /etc/shadow
🗑
|
||||
| Where do you get scripts for John the ripper | show 🗑
|
||||
| show | John the ripper
🗑
|
||||
| show | John the ripper
Let's type 'pdf2john password.pdf > pdfhash' and press Enter.
Now let's crack the password, just like we did for the zipped file password, by typing 'john - -format=pdf pdfhash - -wordlist=words.txt' and pressing Enter. There's the password! It's the word 'secret". Let's try it to make sure it works.
🗑
|
||||
| show | is a speedy brute-force login tool. It has many modules, including FTP, HTTP, and MySQL.
🗑
|
||||
| xHydra | show 🗑
|
||||
| What are the steps to configure Account Password Policies on windows server. | show 🗑
|
||||
| You have just run the John the Ripper command Which of the following was this command used for? zip2john secure.zip > secure.txt -To extract the password from a rainbow hash and save it in the secure.txt file. -To extract the password and save it in a rainbow table named secure.txt. -To extract the password hashes and save them in the secure.txt file. -To extract the password and save it in the secure.txt file. | show 🗑
|
||||
| Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occured? | show 🗑
|
||||
| You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? | show 🗑
|
||||
| Which of the following best describes shoulder surfing? | show 🗑
|
||||
| show | Password salting
Password salting is adding random bits of data to a password before it is stored as a hash, making password cracking much more difficult.
🗑
|
||||
| show | Ascii-32-95
🗑
|
||||
| show | Charset
🗑
|
||||
| Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose? | show 🗑
|
||||
| You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash? | show 🗑
|
||||
| show | Brute force
🗑
|
||||
| Sam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use? | show 🗑
|
||||
| show | is when an attacker accesses the network as a non-administrator-level user and then gains access to administrative-level privileges. An attacker seeks privilege escalation to access sensitive information, delete files, or install programs like worms, viruses, or Trojan horses.
🗑
|
||||
| How do attackers escalate privileges? | show 🗑
|
||||
| What are escalation tools? | show 🗑
|
||||
| show |
🗑
|
||||
| show | An offline brute force to crack a Kerberos ticket to reveal the service account password in plain text. There is no risk of detection and no need for escalated privileges, and the attack is easy to perform.
🗑
|
||||
| show | Loading a malicious DLL in the application directory so that when the application executes, it will choose the malicious DLL.
🗑
|
||||
| cPasswords | show 🗑
|
||||
| show | The database that authenticates local and remote users. In Windows, this database stores user passwords as an LM hash or an NTLM hash.
🗑
|
||||
| Local Security Authority Subsystem Service (LSASS) | show 🗑
|
||||
| cPassword | show 🗑
|
||||
| show | Data transferred unencrypted or in clear text is vulnerable to hackers. Beware, however, most domain controllers allow clear text credentials to be transmitted over the network, even to and from the local directory. You can check for clear text transfers by using the unsecure LDAP bind script in PowerShell. PowerShell will deliver a CSV file as output, showing you which accounts are vulnerable.
🗑
|
||||
| show | In Microsoft Windows, the local security authority sub-system service (LSASS) is a file in the directory that performs the system's security protocol. It's an essential part of the security process as it verifies user logins, creates access tokens, and handles password changes.
🗑
|
||||
| Unattended installation | show 🗑
|
||||
| show | DLL hijacking can happen during an application installation. When loading an external DLL library, Windows usually searches the application directory from which the application was loaded before attempting a fully qualified path. If an attacker has installed a malicious DLL in the application directory before the application installation has begun, then the application will choose the malicious DLL.
🗑
|
||||
| Trinity Rescue Kit | show 🗑
|
||||
| ERD Commander | show 🗑
|
||||
| show | tools hackers can use to elevate privilages. A tool for cracking Windows login passwords. It uses rainbow tables and has the capability to crack hashes from many formats. It is an open-source program and free to download.
🗑
|
||||
| show | is to tighten privileges to make sure that users have only the privileges that they need. Once privileges are tightened, focus on these steps:
• Encrypt
• multi-factor authentication and authorization.
• Restrict interactive logon privileges.
• Scan the OS for bugs and errors.
• updates on the OS and applications.
• continuously monitor file system permissions.
• Use fully qualified paths in Windows applications.
• Select Always Notify in the UAC settings.
🗑
|
||||
| Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privelige? | show 🗑
|
||||
| Which of the following is used to remove files and clear the internet browsing history? | show 🗑
|
||||
| Which of the following is a protocol that allows authentication over a non-secure network by using tickets or service principal names (SPNs)? | show 🗑
|
||||
| show | A database that stores user passwords in Windows as an LM hash or a NTLM hash.
🗑
|
||||
| show | DLL hijacking
🗑
|
||||
| Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows? | show 🗑
|
||||
| Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after? | show 🗑
|
||||
| A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this? | show 🗑
|
||||
| show | Ophcrack
🗑
|
||||
| How do hackers maintain access to the systems they exploit? | show 🗑
|
||||
| What are writable services? | show 🗑
|
||||
| show |
🗑
|
||||
| Path interception | show 🗑
|
||||
| show | An installed program that grants continued access to a previously hacked system.
🗑
|
||||
| show | Malware that works by stealth to capture information and send it to a hacker to help them gain remote access.
🗑
|
||||
| show | Software programs that crack code and passwords to gain unauthorized access to a system.
🗑
|
||||
| show | A service with permissions that allow anyone to change the service's execution.
🗑
|
||||
| show |
🗑
|
||||
| show | Path interception
Writable services
Unsecure file and folder permissions
Backdoors
crackers
Spyware
Scheduled tasks
🗑
|
||||
| Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access? | show 🗑
|
||||
| Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system? | show 🗑
|
||||
| Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method? | show 🗑
|
||||
| Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it? | show 🗑
|
||||
| A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor? | show 🗑
|
||||
| How can an attacker prevent being detected? | show 🗑
|
||||
| How is evidence such as files, data, and programs hidden? | show 🗑
|
||||
| What are rootkits? How can you detect them? And how can you protect systems from them? | show 🗑
|
||||
| What is steganography? Why is it so difficult to detect? | show 🗑
|
||||
| Rootkit | show 🗑
|
||||
| show | A method of embedding data into legitimate files like graphics, music, video, and plain text messages to hide it from everyone except the intended receiver.
🗑
|
||||
| show | One data stream stores the attributes, another stores the data. Additional data streams, which can be hidden, are allowed.
🗑
|
||||
| show | The unused portion of an existing file that has been defined.
🗑
|
||||
| System file logs | show 🗑
|
||||
| show | • SECEVENT.EVT logs failed logins and file access without privileges.
• SYSEVENT.EVT logs anomalies in system operations and driver failure.
• APPEVENT.EVT logs application variants.
🗑
|
||||
| show | Another way to cover tracks is to hide the evidence. Following are methods a hacker can use to hide files.
• hidden option in the file attributes
• Placing a period at the beginning of a Linux, Unix, and OS X file name
• Placing the file in the unused or slack space of an existing file can hide a file.
• Incorporating the file in the ADS can hide it.
• Using executables that can be activated from the command line,
🗑
|
||||
| show | Timestomp
Touch
ctime
Meterpreter
🗑
|
||||
| show | Timestomp is a tool for modifying or deleting a file's timestamp in order to hide when the file was created, accessed, or modified. Hackers change times and dates to blend in with existing timestamps so as to not alert digital forensic investigators of access or exploitation.
🗑
|
||||
| Touch | show 🗑
|
||||
| show | ctime is a header file that contains definitions of functions to get and manipulate date and time information.
🗑
|
||||
| show | Meterpreter is Metasploit's payload. It has many features for covering tracks, including the ability to launch a fileless attack.
🗑
|
||||
| show | disable auditing, a hacker can use the Auditpol.exe command line utility to remotely change the audit security settings. AuditPol can be used to disable security auditing on either local or remote systems. It can also be used to enable auditing after the attack is over to avoid suspicion. A hacker can use Auditpol.exe to alter the audit criteria for categories of security procedures.
🗑
|
||||
| How can the hacker clear online tracks? | show 🗑
|
||||
| show | Ccleaner is a cleaning tool that can remove files and clears internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.
🗑
|
||||
| What is Clear My History | show 🗑
|
||||
| What is Dump event log | show 🗑
|
||||
| Rootkit | show 🗑
|
||||
| show | A rootkit tool that runs within the Windows operating system. It contains hidden storage and has invisible command execution. GrayFish isn't flagged in anti-rootkit scans because it sets no hooks on Window kernel functions and doesn't register callback functions.
🗑
|
||||
| Sirefef | show 🗑
|
||||
| show | used to detect and identify rootkits: Integrity-based detection works by running a tool to scan a clean system to create a database. The integrity-based detection scans the system and compares the current scan to the clean database. Any dissimilarities between the clean baseline database and the current scan are flagged and a notification is sent.
🗑
|
||||
| Signature-based detection | show 🗑
|
||||
| show | used to detect and identify rootkits: Heuristic or behavior-based detection searches for deviations in normal behaviors and patterns of an operating system. One of the patterns it searches for is execution path hooking which allows a function value in an accessible environment to be changed. This is a behavior used by rootkits.
🗑
|
||||
| show | used to detect and identify rootkits: Runtime execution path profiling checks for variations in the runtime execution path of all executable files and system processes.
🗑
|
||||
| show | used to detect and identify rootkits: Cross view-based detection uses an algorithm as it goes through the system files, processes, and registry keys to create a baseline that is compared to the data returned by the operating system's APIs.
🗑
|
||||
| show | To prevent rootkits:
• Back up critical data and reinstall the OS and applications.
• Install and routinely update firewalls.
• Patch and regularly update the OS and applications.
• Keep a record of automated installation procedures.
• Harden servers and network stations.
• Train users to confirm that downloads are from a trusted source.
• Check for rootkits through a kernel memory dump analysis.
🗑
|
||||
| What is NTFS Data Streaming | show 🗑
|
||||
| show | move suspect files to a partition or device that is formatted using FAT. Since FAT doesn't support alternate data streams, the alternate file streams will be removed when the file is moved. Remember to keep your antivirus software updated. Some tools that detect and remove infected ADS include LADS, Stream Detector, LNS, and Forensic Toolkit.
🗑
|
||||
| show | The most common form of steganography is hiding information in image files.
🗑
|
||||
| show | Files with extensions can be hidden in video files such as .MPG4, .AVI, and .WMV.
🗑
|
||||
| Document or whitespace steganography | show 🗑
|
||||
| show | The data is hidden in a digital sound format through least signification bit (LSB) manipulation.
🗑
|
||||
| Web steganography | show 🗑
|
||||
| C++ source code steganography | show 🗑
|
||||
| show | Data is embedded in an email.
🗑
|
||||
| show | A steganography tool that allows a file to be hidden within any image, audio, or video file, even in PDFs and EXE files.
🗑
|
||||
| OpenStego | show 🗑
|
||||
| OmniHide Pro | show 🗑
|
||||
| show | A tool for hiding data in audio files and extracting files from audio tracks. It also has the option to encrypt the files.
🗑
|
||||
| Spam Mimic | show 🗑
|
||||
| How to detect steganography | show 🗑
|
||||
| Discover the Hidden | show 🗑
|
||||
| StegoHunt | show 🗑
|
||||
| show | Scans for known steganography files created by tools such as BlindSide, S-tool, and WeavWav.
🗑
|
||||
| StegAlyzerSS | show 🗑
|
||||
| Virtual Steganographic Laboratory (VSL) | show 🗑
|
||||
| show | Detects steganographic content in images.
🗑
|
||||
| You believe your system has been hacked. Which of the following is the first thing you should check? | show 🗑
|
||||
| Who would be most likely to erase only parts of the system logs file? | show 🗑
|
||||
| show | auditpol
🗑
|
||||
| show | Hiding evidence
🗑
|
||||
| show | Touch
🗑
|
||||
| show | A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.
🗑
|
||||
| Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of? | show 🗑
|
||||
| show | Can modify the operating system and the utilities of the target system.
🗑
|
||||
| Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components? | show 🗑
|
||||
| Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using? | show 🗑
|
||||
| Which of the following best describes the heuristic or behavior-based detection method? | show 🗑
|
||||
| The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called: | show 🗑
|
||||
| Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using? | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
jacobth