GCIH Test Exam Questions And Answers Verified 100%
Correct
How to automate google recon? - ANSWER * Sensepost Wikto
* Foundstone SiteDigger
Google Recon defenses? - ANSWER * Look at google yourself
* Remove unwanted items
- website: robots.txt
- individual pages: NOINDEX,NOFOLLOW meta tag
- snippets: NOSNIPPET meta tag
- cached pages NOARCHIVE meta tag
- remove image from image search
How to remove phone numbers from google? - ANSWER * use form at
google.com/help/pbremoval.html
* removing a business number requires a written request via postal service
What is Maltego? - ANSWER * intelligence-gathering tool that searches through a
variety of public information sources
* gathers information about relationships between people, social network, companies,
websites, etc
Defenses against Maltego - ANSWER * Preparation
- Ensure public information is accurate
- Check your own recon and request inaccurate or damaging information be removed
What are war dialers? - ANSWER * dial sequences of telephone numbers attempting
to locate modem carriers or secondary dial tone
* demon dialers dial a single number to conduct a brute force attack against passwords
* Often, unprotected modems provide the easiest way to penetrate a network.
What is The Hacker's Choice Scanner? - ANSWER * full featured war dialing tool
* written to allow for highly distributed war dialing attack with 10 to 10,000+ bots
What are some scan features of THC - ANSWER * carrier mode and tone mode
* dial random, sequential, or list of numbers
* scans through a modem out dial
,* break up work across multiple machines
* supports separate dialing program
* nudging
* random waits between calls
* rudimentary jamming
What is WarVOX? - ANSWER * conducts war dialing using voip
* can dial 1,000 numbers per hour
* supports caller ID spoofing
What are some goals of wardialing? - ANSWER * review logs and look for login
prompts or banners
* connect to each modem
* start guessing userID and passwords
What are some war dialer defenses? - ANSWER * Inventory all dialup lines
* Conduct war dialing exercises against the network
* Identification
- consider voice IPS like securelogix
- activate pbx scanning detection if available
* Containment
- shut off modems when they are discovered
- know who to call from telecom to isolate a modem
* Erad and Recovery
- remove renegade modems
- change phone number and secure it with strong auth (token, crypto)
What are some ways wireless devices are misconfigured? - ANSWER * many AP's are
configured with blank or default SSID
* by default, most AP broadcast beacon packets with their SSID ten times per second
* Even with SSID cloaking, SSIDs are still sent in cleartext when anyone uses the LAN
* WEP and LEAP have significant flaws
What are some tools for war driving? - ANSWER * netstumbler
* inSSIDer
* Wellenreiter - no longer in development
What are some benefits of Wellenreiter? - ANSWER * Sniffs while capturing into
a tcpdump compatible file * can run entirely passive
* gathers DHCP and ARP traffic to generate IPs
* far less noisy than netstumbler
What is ASLEAP? - ANSWER * dictionary attacker for LEAP authentication
, * attacks Windows password hashed based on sniffed LEAP challenger and response *
can determine users password to gain access through a LEAP protected LAN
What are some issues with WEP? - ANSWER * Attacker can sniff encrypted packets
and if enough packets are captured, the WEP key can be determined
What is CoWPAtty? - ANSWER * Dictionary based cracking tool for WPA1 and 2
preshared keys
* four-way handshake must be sniffed
* due to complex protocols, cracking is very slow
10 to 50 guess, encrypt, compare cycles per second
What is Karma? - ANSWER * wireless sniffer that looks for probe
requests
* responds to probes pretending to be the AP the client
seeks
* once the client joins the network, it provides DHCP, DNS, POP3, HTTP,
and SAMBA
for the
client
* it logs any and all
information
How does Karma exploit? - ANSWER * you add your own exploits
* can exploit browsers, mail readers, Windows file sharing, and more
What are some war driving defenses? - ANSWER * Set SSID so it doesn't attract
attention
* use WPA or WPA2
* use AES for crypto in WPA2
* use VPN
* disable Aggressive Mode IKE
* use wireless IDS
* remove renegade access points
How does nmap identify which addresses are in use? - ANSWER Nmap sends these
four packets to each address in a target range:
* ICMP Echo Request
* TCP SYN to 443
* TCP ACK to 80
* ICMP Timestamp request
How does traceroute work? - ANSWER * Sends packets with small TTL values and
Correct
How to automate google recon? - ANSWER * Sensepost Wikto
* Foundstone SiteDigger
Google Recon defenses? - ANSWER * Look at google yourself
* Remove unwanted items
- website: robots.txt
- individual pages: NOINDEX,NOFOLLOW meta tag
- snippets: NOSNIPPET meta tag
- cached pages NOARCHIVE meta tag
- remove image from image search
How to remove phone numbers from google? - ANSWER * use form at
google.com/help/pbremoval.html
* removing a business number requires a written request via postal service
What is Maltego? - ANSWER * intelligence-gathering tool that searches through a
variety of public information sources
* gathers information about relationships between people, social network, companies,
websites, etc
Defenses against Maltego - ANSWER * Preparation
- Ensure public information is accurate
- Check your own recon and request inaccurate or damaging information be removed
What are war dialers? - ANSWER * dial sequences of telephone numbers attempting
to locate modem carriers or secondary dial tone
* demon dialers dial a single number to conduct a brute force attack against passwords
* Often, unprotected modems provide the easiest way to penetrate a network.
What is The Hacker's Choice Scanner? - ANSWER * full featured war dialing tool
* written to allow for highly distributed war dialing attack with 10 to 10,000+ bots
What are some scan features of THC - ANSWER * carrier mode and tone mode
* dial random, sequential, or list of numbers
* scans through a modem out dial
,* break up work across multiple machines
* supports separate dialing program
* nudging
* random waits between calls
* rudimentary jamming
What is WarVOX? - ANSWER * conducts war dialing using voip
* can dial 1,000 numbers per hour
* supports caller ID spoofing
What are some goals of wardialing? - ANSWER * review logs and look for login
prompts or banners
* connect to each modem
* start guessing userID and passwords
What are some war dialer defenses? - ANSWER * Inventory all dialup lines
* Conduct war dialing exercises against the network
* Identification
- consider voice IPS like securelogix
- activate pbx scanning detection if available
* Containment
- shut off modems when they are discovered
- know who to call from telecom to isolate a modem
* Erad and Recovery
- remove renegade modems
- change phone number and secure it with strong auth (token, crypto)
What are some ways wireless devices are misconfigured? - ANSWER * many AP's are
configured with blank or default SSID
* by default, most AP broadcast beacon packets with their SSID ten times per second
* Even with SSID cloaking, SSIDs are still sent in cleartext when anyone uses the LAN
* WEP and LEAP have significant flaws
What are some tools for war driving? - ANSWER * netstumbler
* inSSIDer
* Wellenreiter - no longer in development
What are some benefits of Wellenreiter? - ANSWER * Sniffs while capturing into
a tcpdump compatible file * can run entirely passive
* gathers DHCP and ARP traffic to generate IPs
* far less noisy than netstumbler
What is ASLEAP? - ANSWER * dictionary attacker for LEAP authentication
, * attacks Windows password hashed based on sniffed LEAP challenger and response *
can determine users password to gain access through a LEAP protected LAN
What are some issues with WEP? - ANSWER * Attacker can sniff encrypted packets
and if enough packets are captured, the WEP key can be determined
What is CoWPAtty? - ANSWER * Dictionary based cracking tool for WPA1 and 2
preshared keys
* four-way handshake must be sniffed
* due to complex protocols, cracking is very slow
10 to 50 guess, encrypt, compare cycles per second
What is Karma? - ANSWER * wireless sniffer that looks for probe
requests
* responds to probes pretending to be the AP the client
seeks
* once the client joins the network, it provides DHCP, DNS, POP3, HTTP,
and SAMBA
for the
client
* it logs any and all
information
How does Karma exploit? - ANSWER * you add your own exploits
* can exploit browsers, mail readers, Windows file sharing, and more
What are some war driving defenses? - ANSWER * Set SSID so it doesn't attract
attention
* use WPA or WPA2
* use AES for crypto in WPA2
* use VPN
* disable Aggressive Mode IKE
* use wireless IDS
* remove renegade access points
How does nmap identify which addresses are in use? - ANSWER Nmap sends these
four packets to each address in a target range:
* ICMP Echo Request
* TCP SYN to 443
* TCP ACK to 80
* ICMP Timestamp request
How does traceroute work? - ANSWER * Sends packets with small TTL values and
