Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 68

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:
Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106
Protocol:TCP
Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?

 

Port scan targeting 192.168.1.106

Teardrop attack targeting 192.168.1.106

Denial of service attack targeting 192.168.1.103

Port scan targeting 192.168.1.103 SHOW ANSWER

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?
Starting NMAP 5.21 at 2011-03-15 11:06
NMAP scan report for 172.16.40.65
Host is up (1.00s latency).
Not shown: 993 closed ports
PORT STATE SERVICE 21/tcp open
ftp 23/tcp open
telnet 80/tcp open
http 139/tcp open
netbios-ssn 515/tcp open
631/tcp open
ipp 9100/tcp open
MAC Address: 00:00:48:0D:EE:8

 

The host is likely a printer.

The host is likely a Windows machine.

The host is likely a Linux machine.

The host is likely a router.

SHOW ANSWER

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.
route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
route add 0.0.0.0 mask 255.0.0.0 199.168.0.1
What is the main purpose of those static routes?

Both static routes indicate that the traffic is external with different gateway.

The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.

Both static routes indicate that the traffic is internal with different gateway.

 The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway. SHOW ANSWER

The network in ABC Company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124.
An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:
nmap 192.168.1.64/28
Why he cannot see the servers?

He needs to add the command “”ip address”” just before the IP address

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range

The network must be down and the nmap command and IP address are ok

He needs to change the address to 192.168.1.0 with the same mask

SHOW ANSWER

Look at the following output. What did the hacker accomplish?
<<<>; DiG 9.7.-P1 >>>>< axfr domam.com @192.168.1.105
;; global options: +cmd
domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600
domain.com. 600 IN A 192.168.1.102
domain.com. 600 IN A 192.168.1.105
domain.com. 3600 IN NS srv1.domain.com.
domain.com. 3600 IN NS srv2.domain.com.
vpn.domain.com. 3600 IN A 192.168.1.1
server.domain.com. 3600 IN A 192.168.1.3
office.domain.com. 3600 IN A 192.168.1.4
remote.domain.com. 3600 IN A 192.168. 1.48
support.domain.com. 3600 IN A 192.168.1.47
ns1.domain.com. 3600 IN A 192.168.1.41
ns2.domain.com. 3600 IN A 192.168.1.42
ns3.domain.com. 3600 IN A 192.168.1.34
ns4.domain.com. 3600 IN A 192.168.1.45
srv1.domain.com. 3600 IN A 192.168.1.102
srv2.domain.com. 1200 IN A 192.168.1.105
domain.com. 3600 INSOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600;; Query time: 269 msec
;; SERVER: 192.168.1.105#53(192.168.1.105)
;; WHEN: Sun Aug 11 20:07:59 2013
;; XFR size: 65 records (messages 65, bytes 4501)

 

The hacker used whois to gather publicly available records for the domain

.

The hacker used the “fierce” tool to brute force the list of available domains.

.

 The hacker listed DNS records on his own domain.

The hacker successfully transferred the zone and enumerated the hosts. SHOW ANSWER

The company ABC recently contract a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

The CFO can use a hash algorithm in the document once he approved the financial statements

The document can be sent to the accountant using an exclusive USB for that document

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

The CFO can use an excel file with a password

SHOW ANSWER

In cryptanalysis and computer security, ‘pass the hash’ is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user’s password, instead of requiring the associated plaintext password as is normally the case. Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbow tables to crack those hash values. Which of the following is true hash type and sort order that is using in the psexec module’s smbpass’?

NT:LM

 LM:NT

LM:NTLM

NTLM:LM

SHOW ANSWER

What attack is used to crack passwords by using a precomputed table of hashed passwords?

   Brute Force Attack

 Hybrid Attack

Rainbow Table Attack

Dictionary Attack

SHOW ANSWER

How can rainbow tables be defeated?

Password salting

Lockout accounts under brute force password cracking attempts

All uppercase character passwords

Use of non-dictionary words

SHOW ANSWER

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?

Session hijacking

Man-in-the-middle attack

Brute-force attack

Dictionary attack SHOW ANSWER

You have gained physical access to a Windows 2008 R2 server, which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

 

Cain &amp; Abel

SET

John the Ripper

CHNTPW

SHOW ANSWER

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd How can he use it?

   He can open it and read the user ids and corresponding passwords.

The password file does not contain the passwords themselves.

He cannot read it because it is encrypted

The file reveals the passwords to the root user only.

SHOW ANSWER

There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is?

Collision

Collusion

Polymorphism

Escrow

SHOW ANSWER

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’. What technique is Ricardo using?

  Public-key cryptography

RSA algorithm

Steganography

Encryption

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in