LATEST GCIH - Book 4 EXAM WITH SOLUTION

Store only encrypted or hashed passwords - ANSWER Passwords representations Windows stores passwords in the BLANK database and in the BLANK directory - ANSWER SAM database and Active Directory Linux systems typically store passwords in the... - ANSWER /etc/shadow file Password spraying - ANSWER Attempting a couple common passwords on every possible account. THC Hydra - ANSWER a Unix/Linux friendly password guessing tool. It supports dictionary based guessing but not full brute force guessing and can guess passwords for more than a dozen protocols password cracking - ANSWER the process of trying to guess or determine someone's plaintext password when you have only their encrypted password Dictionary Attack - ANSWER this is the fastest method. It is done by testing all the words in a dictionary or word file against the password hashes. Brute-Force attack - ANSWER This is the most powerful cracking method. Always recovers the password but takes time. It involves trying every possible password until you successfully crack it Hybrid Attack - ANSWER Builds on the dictionary attack method by adding numerals and symbols to dictionary words. Hashcat - ANSWER a fast password cracker that uses CUDA video drivers to greatly speed up password cracking Hybrid attacks are sometimes referred to as.... - ANSWER word mangling John the Ripper - ANSWER password cracker By default, all Windows NT/2000/XP/2003 machines store two representations of each password: - ANSWER LAMNAM hash and the NT hash if an account has a password of 15 or more on Windows NT SP4+, 2000, XP and 2003, the account won't have a LAMNAN hash - ANSWER True No matter what the LANMAN hash is it can be cracked in BLANK days - ANSWER Five Salt passwords - ANSWER is a random number used to seed the crypto algorithm. Windows does not have this, though Linux does Rainbow Tables - ANSWER Large pregenerated data sets of encrypted passwords used in password attacks. Cain and Abel - ANSWER a dynamic duo of security tools that you can use for either attacking systems or administering them. fgdump - ANSWER Temporarily shuts down various antivirus tools, dumps password hashes and then reactivates the AV tool Metasploit's hashdump - ANSWER grab hashes from the machine to pull hashes from the registry or the run this command to pull the hashes from memory. Provides an extra level of 128-bit encryption of the SAM database when it is stored in the registry in the file system - ANSWER SYSKEY Password length is often more important than complexity - ANSWER True Windows Credential Editor (WCE) - ANSWER A windows tool for passing the hash Metaspolit psexec module - ANSWER supports pass the hash Mimikatz - ANSWER one of the tools to gather credential data from Windows systems. Mimikatz It's now well known to extract plaintext password, hash, PIN code, and kerberos tickets from memory. Worms - ANSWER Attack tools that spread across a network, moving from system to system exploiting weaknesses. They are self-replicatingsegment Each instance of a worm is called a BLANK - ANSWER Segment Nimda, Sasser, and Conficker targeted BLANK operating systems - ANSWER Windows Ramen targeted BLANK operating systems - ANSWER Linux IIS/Sadmind - ANSWER a worm that targeted Windows and Solaris cross platform machines Stuxnet - ANSWER a worm that targeted Windows and aletered messages to manipulated SCADA systems Warhol/Flash Technique - ANSWER an attacker pre-scans the internet from a fixed system looking for machines that are vulnerable to the exploit code that will later be loaded into the worm. Polymorphic Worms - ANSWER dynamically change their appearance each time they run, by scrambling their software code. These worms, only the appearance is altered, no the function of the code Metamorphic Worms - ANSWER These worms change their entire functionality. Bots - ANSWER are software programs that perform some action on behalf of a human, typically with little or no human intervention A collection of bots under the control of a single attacker are called - ANSWER Botnets People controlling the bots - ANSWER Botherders Attackers often communicate with their bots using... - ANSWER IRC on standard ports (TCP 6667) Pluggable Authentication Modules (PAM) - ANSWER used in Linux, various BSD platforms, Solaris, and HP-UX to extend the authentication functionality of the system. they can link to a Radius Server and forces users to select passowrds difficult to guess OWASP - ANSWER A nonprofit organization focused on improving the security of software. Account Harvesting - ANSWER the ability to discern valid userIDs based on how the application responds when the user tries to authenticate. two commands useful in determining if there is a command injection vulnerability - ANSWER ping and nslookup SQL injection: two most popular statement types - ANSWER select and update Various tools automate scanning for SQL injection flaws include - ANSWER Nmap Scripting Engine Zed Attack Proxy