ISSC362 Lab 4 Assessment
ISSC362 Week 2 Lab #4:
Compromise and Exploit a Vulnerable Microsoft® Workstation
Instructor Name: ________________
Lab Assessment Questions
1. What are the five steps of a hacking attack?
1—Reconnaissance
2—Scanning
3—Gaining Access
4—Maintaining Access
5—Covering Tracks
2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting. It sends commands to the platform-specific nmap executable and pipes the output back. Zenmap uses Profiles which are basically nmap parameter presets to specify how scans are performed.
3. 2
3. What step in the hacking attack process uses Zenmap GUI?
System Hacking
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
Enumeration
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”?
Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. The MS08-067 vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.
6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?
MS Server Service Relative Path Stack Corruption and Metasploit
7. What do If you were a member of a security penetration testing team, and you identified vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploiting the known vulnerability?
Yes if you do not attain written permission from the owner then it is illegal hacking and can result in fines and/or jail time.
8. What does the tool Ettercap do?
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the
Compromise and Exploit a Vulnerable Microsoft® Workstation
Instructor Name: ________________
Lab Assessment Questions
1. What are the five steps of a hacking attack?
1—Reconnaissance
2—Scanning
3—Gaining Access
4—Maintaining Access
5—Covering Tracks
2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting. It sends commands to the platform-specific nmap executable and pipes the output back. Zenmap uses Profiles which are basically nmap parameter presets to specify how scans are performed.
3. 2
3. What step in the hacking attack process uses Zenmap GUI?
System Hacking
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
Enumeration
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”?
Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. The MS08-067 vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.
6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?
MS Server Service Relative Path Stack Corruption and Metasploit
7. What do If you were a member of a security penetration testing team, and you identified vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploiting the known vulnerability?
Yes if you do not attain written permission from the owner then it is illegal hacking and can result in fines and/or jail time.
8. What does the tool Ettercap do?
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the