ddd

1.

Which of these tools are used for DNS lookup?

Question 1 of 50

2.

What is OSINT?

Question 2 of 50

3.

Write down a Google dorking/hacking query that looks up all files of the type PDF on the website apple.com

Question 3 of 50

4.

Create a chain of Nmap commands that go from simple and wide to complex and narrow when attempting to analyze a target system.

  • nmap -Pn -p PORTS --script safe,discover,vuln,exploit -T4 TARGET
  • nmap -Pn -sU -T4 TARGET
  • nmap -Pn -p- -sS -T4 TARGET
  • nmap -Pn -p PORTS -sV -T4 TARGET
  • nmap -Pn -p PORTS -A -T4 TARGET
  • nmap -Pn -sUV -p PORTS -T4 TARGET

Question 4 of 50

5.

Which of these is an industry standard network sniffing tool?

Question 5 of 50

6.

How can you invoke Nmap Scripting Engine (NSE)?

Question 6 of 50

7.

What’s the difference between TCP and UDP packets?

Question 7 of 50

8.

Is it possible to run Nessus as root?

Question 8 of 50

9.

What does the Nmap’s -A switch do?

Question 9 of 50

10.

What tool can be use to conclusively identify the presence of a firewall on a target?

Question 10 of 50

11.

What’s the name for the premier online resource for finding publicly available exploits?

Question 11 of 50

12.

Besides hosting exploits, what other useful information is hosted on Packet storm website?

Question 12 of 50

13.

What’s the difference between ARP and DNS spoofing/poisoning?

Question 13 of 50

14.

Which of these tools can be used for offline password cracking?

Question 14 of 50

15.

What is MAC?

Question 15 of 50

16.

How would you run Metasploit Framework for the first time (after an OS start/reboot)?

Question 16 of 50

17.

Which of these tools can be used as a reverse shell listener?

Question 17 of 50

18.

What “feature” of a web application allows us to infer that there is potentially an SQL injection vulnerability on the target?

Question 18 of 50

19.

XSS and SQLi are what type of web application vulnerabilities?

Question 19 of 50

20.

Which of these are the most popular web proxies in the cyber security industry?

Question 20 of 50

21.

Using SQLMap is it possible to gain shell access to a target vulnerable to SQLi?

Question 21 of 50

22.

Write a command that would create a wordlist from all the words found on website https://www.apple.com with the length of at least 6 characters, including numbers, and store it in a file called apple_wordlist.

Question 22 of 50

23.

What is social engineering?

Question 23 of 50

24.

Create a chain of options/settings found within Social Engineering Toolkit to facilitate a watering hole attack.

  • 2) Website Attack Vectors
  • setoolkit
  • 1) Social-Engineering Attacks
  • 2) Site Cloner
  • 3) Credential Harvester Attack Method

Question 24 of 50

25.

Is it safe to use default credentials when working with BeEF, or any vulnerability assessment/exploitation framework for that matter?

Question 25 of 50

26.

Which of these tools is designed for Windows post exploitation?

Question 26 of 50

27.

Mimikatz, a post exploitation tool, is integrated into which of the following frameworks?

Question 27 of 50

28.

BloodHound relies on which graph database management system?

Question 28 of 50

29.

Is it possible to compromise a Windows target using an uncracked hash?

Question 29 of 50

30.

How would you identify a restricted shell?

Question 30 of 50

31.

Which of the following tools can be used to create Trojans?

Question 31 of 50

32.

What is the main difference between a bind and a reverse shell?

Question 32 of 50

33.

How do we utilize SUID binaries to achieve privilege escalation?

Question 33 of 50

34.

Which of the following should be checked on a Linux system to ensure you’ve cleared your tracks after a penetration test?

Question 34 of 50

35.

What is steganography?

Question 35 of 50

36.

Write a loop in Python that will print out all the numbers between 5 and 65 in increments of 3.

Question 36 of 50

37.

What would be the output of the following code written in Python:

sharks = ['hammerhead', 'great white', 'dogfish', 'frilled', 'bullhead', 'requiem'] for shark in sharks:   if shark == ‘requiem’:
    print(“This shark has an interesting name!”, shark)   else:
    print(“This shark is boring!”, shark)

Question 37 of 50

38.

Which of these are web application vulnerability scanners?

Question 38 of 50

39.

In Wapiti what is included in the scope called “folder”?

Question 39 of 50

40.

What is the purpose of the WPScan tool?

Question 40 of 50

41.

What are the most common switches used with Hashcat?

Question 41 of 50

42.

Create a chain of parameters to perform an SSH bruteforce attack using THC-Hydra.

  • ssh://TARGET
  • -l
  • WORDLIST
  • USERNAME
  • hydra
  • -P

Question 42 of 50

43.

Which of the following are industry standard debuggers?

Question 43 of 50

44.

What is the most common attack used against WPA/WPA2 wireless protection?

Question 44 of 50

45.

A tool called Wash is a part of what other wireless cracking tool?

Question 45 of 50

46. Write the command to perform a secure copy of the /etc/passwd file from a remote machine called TARGET, with the username USER, to our attacking machine.

Question 46 of 50

47.

What is, in the most basic (but computer science oriented) sense, a proxy?

Question 47 of 50

48.

Which of the following tools can be used for Windows information gathering, code execution and credential harvesting?

Question 48 of 50

49.

What is Responder used for?

Question 49 of 50

50.

What Windows service is it possible to access using Impacket?

Question 50 of 50


 

Leave a comment