Privilege & Access Control
This principle ensures users and processes only have the minimum rights necessary, and in practice requires careful auditing of sudo privileges and group memberships.
What is the principle of least privilege?
This command provides a dynamic view of running processes, but can also be used to identify suspicious processes consuming unusual resources on a compromised Fedora server.
What is top or htop?
This Kali tool demonstrated in class can brute-force hidden directories and parameters on web applications, often used in CTFs to uncover attack surfaces.
What is ffuf?
This Bash feature allows commands to be executed in the background at start, often leveraged in automation scripts to run multiple tasks simultaneously.
What is background execution &?
This Fedora tool manages firewall rules using a simplified interface, potentially used to harden servers in a CTF styled game.
What is firewalld?
This Linux framework provides a way to integrate multiple authentication methods, such as password, biometrics, or smart cards, into a unified system.
What is PAM (Pluggable Authentication Modules)?
This parsing and search command in linux can monitor failed login attempts by parsing authentication logs, useful for detecting brute-force attacks.
What is grep "Failed password" /var/log/auth.log?
This Metasploit module type is used to gather information about a target system without exploiting it, such as scanning SMB shares on Metasploitable2.
What are auxiliary modules?
This scheduling system not only runs scripts at set times, but can be abused by attackers who gain access to user accounts to establish persistence.
What is cron used for persistence?
This GPU‑accelerated tool is favored for cracking complex password hashes quickly.
What is Hashcat?
This Linux security module enforces mandatory access control policies, and on Fedora Server it can block unauthorized Apache access to files.
What is SELinux?
The command is used to more granularly set file permissions in Linux.
What is setfacl?
This Metasploit module feature runs a lightweight test against the target to determine whether it is likely vulnerable before launching a full exploit.
What is the check function in Metasploit modules?
This Python module allows execution of system commands within scripts, and can be leveraged to automate privilege escalation checks.
What is subprocess?
This type of Metasploit module is used to maintain long‑term access, often by installing backdoors or persistence mechanisms after initial exploitation.
What is a persistence module (a subset of post‑exploitation)?
This AppArmor mode allows administrators to see what actions would have been denied by a profile without actually blocking them, making it useful for testing and auditing.
What is complain mode?
This tool audits Linux systems for compliance and hardening, and on Fedora can flag weak SSH configurations.
What is Lynis?
This type of vulnerability occurs when user input is executed without proper sanitization, often exploited in poorly written shell scripts.
What is command injection?
This linux shell script snippet loops through all users in /etc/passwd, useful for auditing accounts on a Fedora server.
Note: What does the for loop look like if we only want to get the username?
What is for user in $(cut -d: -f1 /etc/passwd)?
During a CTF against Metasploitable2, you gain a basic reverse shell on a target system. While functional, this shell lacks advanced features like file upload/download, process migration, and pivoting. Metasploit provides a way to upgrade this simple shell into a fully interactive Meterpreter session by injecting a payload into the existing connection. What is this process called, and why is it significant for penetration testers?
What is session upgrading (using sessions -u to migrate a reverse shell into Meterpreter)?
Question Format Change:
What happens when pam_permit.so is placed before pam_deny.so in the authentication stack?
The module returns success for all login attempts and effectively bypassing password verification.
This daemon records security-related events, including system calls, and can be configured to alert on privilege escalation attempts.
What is auditd?
This fuzzing tool demonstrated in class uses genetic algorithms (a seed) to mutate inputs and discover crashes in binaries, making it a staple for vulnerability research.
What is afl?
In Metasploit, this post‑exploitation module can be scripted to automatically gather system information, user accounts, and network configuration from a compromised host, streamlining the process of situational awareness after gaining access.
What is the post/windows/gather/system_info module?
When configuring an exploit module, this option determines which payload will be delivered, and can be set globally so multiple exploits inherit the same configuration.
What is the set PAYLOAD option (with global scope via setg)?