UPDATED 2024 GCIH - Book 2 SOLUTIONS

Hacker - ANSWER a highly intelligent individual who wants to explore technology to learn cracker - ANSWER is someone who maliciously breaks into a system Script Kiddies - ANSWER The less informed hackers. They look for low hanging fruit. AKA Ankle Biters. Hacktivism - ANSWER Launching Computer attacks to make a political point Ways hackers can make money on malicious code.... - ANSWER -sell the code -spam and web-based advertising -pump and dump stock schemes -Phishing -DoS extortion -Keystroke loggers -Rent out armies of infected systems -RAM scrapers pulling CC numbers on POS terminals ISR-Evilgrade Tool - ANSWER A tool used for undermining the automatic update process used by some software. This tool listens for requests for software upgrades and injecting malware as the response. Currently it can undermine the update process for the Java plug-in for various browsers, WinZip, WinAmp, Mac Os X, OpenOffice, iTunes, etc. not been updated since 2010 md5sum, md5summer, and md5deep - ANSWER examples of checksum tools Reconnaissance - ANSWER helps an attacker get a feel for your network before ever firing a packet in anger. The attacker will attempt to gather as much info as possible When Registering a domain name, the registrar requests.... - ANSWER -postal addresses -phone numbers -name of PoC -Authoritative domain name servers Domain name information can be used in what types of attacks? - ANSWER Social engineering (contact names), war dialing (phone numbers), war driving (postal addresses), scanning (IP addresses) InterNIC - ANSWER a website that is currently operated and maintained by ICANN. Contains info about the particular registrar used for .ero, .arpa, .biz, .com, .coop, .edu, .info, .int, .museum, .net and .org ARIN - ANSWER American Registry for Internet Numbers RIPE NCC - ANSWER Reseaux IP Europeans APNIC - ANSWER Asia Pacific Network Information Centre LACNIC - ANSWER Latin America and Caribbean Network Information Centre AfriNIC - ANSWER African Network Info Center; Africa DoDNIC - ANSWER Department of Defense NIC Nslookup - ANSWER a program that can be used to interrogate DNS servers. Unfortunately, you cannot perform zone transfers on UNIX. You dig instead Zone Transfers allow... - ANSWER an attacker to connect to your DNS server and grab all records associated with a particular domain. Can determine which machines are accessible on the internet nslookup server [authoritative_server_IP_or_name] set type=any ls -d [target domain] - ANSWER This command will perform a Zone Transfer on Windows dig @[DNS_Server_IP] [target_domain] -t AXFR - ANSWER Dig command on UNIX. Used for Zone transfers DNS Recon Defenses - ANSWER -limit zone transfers -use split DNS (external vs internal DNS servers) -harden DNS servers -identify zone transfers by looking for packets going to and from TCP port 53 on your DNS servers. Zone Transfers use which port? - ANSWER TCP Port 53. Normal DNS queries and responses use UDP port 53 SEC's Edgar database - ANSWER database for publicly traded U.S companies namechk - ANSWER a site that identifies which social-networking sites a target user account may be using. It checks for more than 100 social networking sites Pushpin - ANSWER A recon tool by Tim Tomes that pulls all Flicker, Twitter, and Picasa posts from specific location and a radius. Provides two sets of data: a map with posts and a list of each social media post. Google Hacking Database - ANSWER With more than 1,000 different useful searches to locate many problems and target domains "site:" i.e.: site: - ANSWER searches only within a given domain. "link" i.e. link: - ANSWER shows all sites linked to a given site "intitle:" - ANSWER shows pages whose title matches the search criteria "inurl" - ANSWER shows pages who URL matches the search criteria "related:" - ANSWER shows similar pages "info" - ANSWER finds cached page, related pages, pages that link to it, pages that contain the term (this is not useful) Google Cache is useful for... - ANSWER finding recently removed pages and limiting the target site's knowledge of what you are doing. However, it's not useful to anonymously surf FOCA - ANSWER a tool used to easily identify which files are being hosted on your site. It automates the process by searching for various files, downloads them and extracts their metadata (usernames, vulnerable versions of software, directory paths). It can also incorporate the Google Hacking Database, basic web-vulnerability scanning, and interface with shodan and robtex ext:rdp: rdp - ANSWER This search turns up systems that can be remotely managed by Windows Remote Desktop Protocol. intitle:"parent directory" - ANSWER this search is useful for discovering indexable directories that someone has left on a website Bishop Fox's SEarchDiggity - ANSWER a fantastic suite that includes Google Diggity, Bing Diggity, and other websearch capabilities discussed in book 2