Category 1
What are some of the advantages of Nping over ping?
Nping can be used as a raw packet generator
What are three logs found in a Windows system?
Application
System
Security
What command-line tools help you scan to determine open ports?
nmap
netcat
How would you connect to an FTP server?
ftp <ip>
nc <ip> 21
What is a command-line utility that allows you to search the ExploitDB offline?
searchsploit
What tools can be used for Active or Passive Reconnaissance?
ACTIVE= nmap, nessus, openvas, wireshark, etc..
PASSIVE= Shodan, Maltego, Metagoofil, theHarvester, Recon-ng, ThreatMiner, etc..
How can you alter the "Last Modified Time" on a file?
timestomp
touch
What is the general order of a SPIKE script?
s_readline(); - Reads a single line from the server response
s_string(“COMMAND “) - Sends string at the beginning of each fuzz attempt.
s_string_variable(“SOMETHING”) - string is sent first along with the s_string.
What exploit helped create the infamous "WannaCry" ransomware attack?
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0144
What damage could be done if an attacker had "Remote Code Execution"?
Complete compromise or control the server
(Using RCE we can create a reverse shell to send with our exploit then use the reverse shell to interact with the target.)
How do you start the Metasploit Framework command-line utility?
msfconsole
What is the general syntax for an SSH forward tunnel?
ssh root@<ip> -L <local_port>:<dest_ip>:<dest_port>
What do you do to encode your shellcode with msfvenom?
Use the "-e " switch to specify the type of encoding to use as in:
-e x86/shikata_ga_nai
What forms of encoding have seeming randomly capitalization and trailing equals signs?
Base64
What general recommendations would you give to an organization, had they suffered a breach?
- hardening or reconfiguring services
- Updates and patching veulnerable services
- Review code and audit applications
- NIST or other guidance
Which social engineering tactic uses background stories and/or scenarios to trick victims?
Pretexting
What command-line utilities can be used to transfer files securely?
scp, ncat, ssh, ftps, others
If you saw logs of an attacker sending multiple AAAA's to a program, what attack could they be attempting to exploit?
buffer overflow
What command-line utilities can retrieve DNS records?
whois
nslookup
dig
host
What tool includes more “out-of-the-box” functionality than Mimikatz version 1?
kiwi
What Metasploit post-exploitation scripts can help you uncover plaintext passwords?
Mimikatz
Why do attackers use "fuzzing" techniques?
Identify crashes to discover coding errors
What command within Metasploit will show your current variable/parameter settings?
options
OR
show options
Upon discovering a service, what is the most valuable information you could use to search in the ExploitDB?
Version Number of running services
Needed to narrow down results to potential exploits and attack scripts to take advantage of known vulnerabilitiesFrom a meterpreter session, what is the command to download a file called test.txt located in the folder c:\Users\administrator\Desktop using absolute path?
download C:\\Users\\administrator\\Desktop\\test.txt