Term
| what is Passive information gathering in footprinting? |
|
Definition
| collecting info from target publicly - staying off radar |
|
|
Term
| what is active information gathering in footprinting? |
|
Definition
| gather info from social engineering and on-site visits, interviews, calls, telnet banner grabbing. |
|
|
Term
|
Definition
| instructs sending system to send all buffered data now. |
|
|
Term
|
Definition
| states this data packet should be processed asap. |
|
|
Term
|
Definition
| tells system there will be no more transmissions. |
|
|
Term
|
Definition
| used to reset the connection. |
|
|
Term
|
Definition
| used to acknowledge the receipt of a packet. |
|
|
Term
|
Definition
| used to initiate a connection between two hosts. session setup only. |
|
|
Term
|
Definition
|
|
Term
| hping3 -F -P -U 10.0.0.25 -p 80 |
|
Definition
| FIN, PUSH and URG scan on port 80 |
|
|
Term
| hping3 -1 10.0.1.x --rand-dest -I eth0 |
|
Definition
| scan entire subnet for live host |
|
|
Term
| hping3 -2 10.0.0.25 -p 80 |
|
Definition
|
|
Term
| hping3 -A 10.0.0.25 -p 80 |
|
Definition
|
|
Term
| hping3 -8 50-56 -S 10.0.0.25 -V |
|
Definition
|
|
Term
| you send a SYN packet to a host to determine if it's alive. It responds with an RST. Why? |
|
Definition
|
|
Term
| you send a SYN packet to a server. It responds with SYN/ACK. Why? |
|
Definition
|
|
Term
| URG, ACK, RST, SYN, FIN flags set on the TCP packet. What type of scan is this? |
|
Definition
|
|
Term
| you send an Xmas packet to a Unix box. You get nothing back. Why? |
|
Definition
| port is open. it doesn't respond to xmas if port is open. |
|
|
Term
| you send an Xmas packet to a Unix box. You get an RST. Why? |
|
Definition
|
|
Term
| you send an Xmas packet to a Windows box. You get an RST. Why? |
|
Definition
| Xmas packets don't work with Windows. They will always send an RST packet either for open or closed ports. |
|
|
Term
| Is the FIN scan the same as Xmas scans in regards to responses from Unix or Windows boxes? |
|
Definition
|
|
Term
| What are the three inverse scans? |
|
Definition
|
|
Term
| You send an inverse scan to a Unix box. No response. Why? |
|
Definition
|
|
Term
| Do inverse scans work with Windows boxes for determining if ports are open? (FIN, Xmas, NULL) |
|
Definition
|
|
Term
| In a NULL scan, which flags are set? |
|
Definition
|
|
Term
| in an IDLE scan, what are you probing the zombie for? |
|
Definition
|
|
Term
| In an IDLE scan, once you have the zombie's IPID and send a SYN packet using his IP to the target server for probing a port, you find his IPID has incremented by 2. What does this mean? |
|
Definition
|
|
Term
| In an IDLE scan, once you have the zombie's IPID and send a SYN packet using his IP to the target server for probing a port, you find his IPID has incremented by 1. What does this mean? |
|
Definition
|
|
Term
| A list scan generates a list of IP/Names and then does what query? |
|
Definition
|
|
Term
| in a UDP scan, if the port is open what will you receive? |
|
Definition
|
|
Term
| in a UDP scan, what you receive if the port is closed? |
|
Definition
| ICMP port unreachable message. |
|
|
Term
| Generally if probing a Unix box for open ports receiving a RST/ACK means? |
|
Definition
|
|
Term
| Generally if probing a Unix box for open ports receiving no response means? |
|
Definition
|
|
Term
| What does IIS Lockdown Tool do? |
|
Definition
| disables or changes the server banner in Microsoft's IIS product. |
|
|
Term
| Nessus is what type of scanner for the windows environment? |
|
Definition
|
|
Term
| SAINT/SATAN/SARA is what type of scanning tool for the Unix environment? |
|
Definition
|
|
Term
| GFI Languard/Nessus/Core Impact/MBSA is what type of scanner? |
|
Definition
|
|
Term
| LANsurveyor/IPsonar/CartoReso/NetMapper does what? |
|
Definition
| draws a network diagram based on the topology. |
|
|
Term
| what is the process of extracting data such as user names, machine names, network resources, shares, services, banners? |
|
Definition
|
|
Term
| What is this command doing? "ls -d ebay.com" |
|
Definition
|
|
Term
| nslookup and Men & Mice suite perform what type of enumeration? |
|
Definition
|
|
Term
| superscan, netbios enumerator, pstools suite perform what type of enumeration? |
|
Definition
|
|
Term
| NULL sessions use which two ports? |
|
Definition
|
|
Term
| SNMPUtil and SNScan can do what over the network? |
|
Definition
|
|
Term
| What does the sid2user program do? |
|
Definition
| takes the 500 user account SID and outputs the username associated with it. |
|
|
Term
| Would creating a NULL session allow a hacker to enumerate users and shares on a network? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| You ACK scan a host. You receive an RST. Is the port open or closed? |
|
Definition
|
|
Term
| How to determine an LM hash if the password is less than 8 chars? |
|
Definition
| rightmost portion ends in "4EE" |
|
|
Term
| You ACK scan a host. You receive an RST. Is the port open or closed? |
|
Definition
|
|
Term
| What is the Microsoft SID for the admin? |
|
Definition
|
|
Term
| What is the Microsoft SID for the guest? |
|
Definition
|
|
Term
| the tool macof performs which utility? |
|
Definition
| port to mac address table (CAM table) overflow on switches. will put the switch into hub mode broadcasting all packets. |
|
|
Term
| What two things should the network admin do to prevent attackers from capturing SNMP data? |
|
Definition
| change default community strings. enable encryption. |
|
|
Term
| the tool filesnarf sniffs what type of data over the network? |
|
Definition
|
|
Term
| packet signing is good protection against session hijacking? |
|
Definition
| Yes. it authenticates each packet, defeating a takeover. |
|
|
Term
| server has received packet #120 from client. server has a receive window of 250. what's the range of packet sequence numbers that would be accepted by the server? |
|
Definition
|
|
Term
| server has received packet #120 from client. server has a receive window of 250. what's the range of packet sequence numbers that would be accepted by the server? |
|
Definition
|
|
