Lab 4
1. What are the five steps of a hacking attack.
Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks 2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive os fingerprinting.
It sends commands to the platform-specific nmap executable and pipes the output back. Zenmap uses Profiles which are basically nmap parameter presets to specify how scans are performed.
3. What step in the hacking attack process uses Zenmap GUI?
System Hacking
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
Enumeration
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft vulnerabilities identified. What is vulnerability ''MSO8-067"?
MS08-067: Vulnerability in Server service could allow remote code execution.
6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft 2003 XP SP2 Workstation?
Microsoft Server Service Relative Path Stack Corruption and Metasploit
7. If you were a member of a security penetration testing team, and you identified vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploiting the known vulnerability?
Yes.
8. What does the tool Ettercap do?
Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
9. The most important step in the five-step hacking process is step 5, where the security practitioner must remediate the vulnerability and eliminate the exploit. What is the name and number of the
Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks 2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive os fingerprinting.
It sends commands to the platform-specific nmap executable and pipes the output back. Zenmap uses Profiles which are basically nmap parameter presets to specify how scans are performed.
3. What step in the hacking attack process uses Zenmap GUI?
System Hacking
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
Enumeration
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft vulnerabilities identified. What is vulnerability ''MSO8-067"?
MS08-067: Vulnerability in Server service could allow remote code execution.
6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft 2003 XP SP2 Workstation?
Microsoft Server Service Relative Path Stack Corruption and Metasploit
7. If you were a member of a security penetration testing team, and you identified vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploiting the known vulnerability?
Yes.
8. What does the tool Ettercap do?
Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
9. The most important step in the five-step hacking process is step 5, where the security practitioner must remediate the vulnerability and eliminate the exploit. What is the name and number of the