you use to identify vulnerabilities on a website?
(A) SQLdict
(B) Nmap
(C) Nikto
(D) Hydra
12. You have obtained the password hash for the administrator account on a system. What tool would you use to crack the password hash?
(A) Hashdump
(B) Nmap
(C) Aircrack-ng
(D) Hashcat
13. During an authorized penetration test, you have used Nmap to locate systems on the network running RDP. What command would you use to perform password cracking using RDP traffic to the system?
(A) mimikatz
(B) hashcat
(C) hydra
(D) hashdump
14. What language was used to write the following code?
startTime = datetime.now() try: for port in range(1,1024): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) result = sock.connect_ex((remoteSystemIP, port)) if result == 0: print "Port {}: Open".format(port) sock.close()
(A) PowerShell
(B) Python
(C) Ruby
(D) Bash
15. While performing a penetration test for a customer, you notice there is evidence of a previous security compromise on the web server. What should you do?
(A) Make a note of it and continue the pentest
(B) Continue the pentest and add evidence to the report
(C) Patch the system and continue the pentest
(D) Halt the pentest and discuss the findings with the stakeholder
Answers
1 D. The information gathering and vulnerability identification phase uses tools to discover systems, services running on those systems, and vulnerabilities that exist on those systems. See Chapter 1.
2 C. Customers should have penetration testers sign a non-disclosure agreement (NDA) before starting the penetration test. See Chapter 2.
3 B, E. Recon-ng and Maltego are examples of OSINT tools used to discover public information about a customer. See Chapter 3.
4 A. You can use the -Pn parameter on Nmap to disable ping operations when performing a port scan. See Chapter 3.
5 A, B. OpenVAS and Nessus are examples of vulnerability scanners that can be used to discover vulnerabilities on a system. See Chapter 4.
6 C. arpspoof is an example of a tool that can be used during a MiTM attack. arpspoof is used to poison the ARP cache of systems so that the attacker can place themselves in the middle of the communication. See Chapter 5.
7 B. Aireplay-ng is a tool used to generate different types of wireless traffic, including a deauthentication packet that is used to instruct clients to disconnect. See Chapter 6.
8 C. Reaver is a command-line tool in Kali Linux that allows you to perform a brute force attack on the WPS pin. See Chapter 6.
9 D. When looking at the URL that is used in the attack, you want to identify what is being injected. Choice D is injecting the cat command from the operating system so it is considered a command-injection attack. See Chapter 7.
10 A. The hashdump command is used during post-exploitation to retrieve a list of password hashes that can then be used in other attacks such as password cracking or a pass-the-hash attack. See Chapter 8.
11 C. Nikto is an example of a web application vulnerability scanner. See Chapter 9.
12 D. Hashcat is a command-line tool in Kali Linux that can be used to crack the password hash. See Chapter 9.
13 C. Hydra is a tool used to crack passwords and can be used to crack passwords of a remote system using protocols such as RDP. See Chapter 9.
14 B. You can tell that the script was created in Python because of the comparison operator being used (==). PowerShell and Bash use -eq as the comparison operator. Also notice the use of the print statement (instead of echo) and the fact variables do not use $ in front of them. See Chapter 10.
15 D. If you notice evidence that a system has been hacked into already, you should halt the penetration test and discuss the finding with the stakeholders right away. See Chapter 11.
Part 1
Planning and Information Gathering
IN THIS PART …
Learn the basics of penetration testing and penetration testing terminology.
Explore the four major phases to CompTIA’s penetration testing process: planning and scoping; information gathering and vulnerability identification; attacks and exploits; and reporting and communication.
Understand the importance of planning for the penetration test and how not planning properly can result in crashing the customer’s systems or network and triggering intrusion detection systems, and create legal problems.
Learn how to scope the project, identify rules of engagement, define targets, and handle scope creep.
Discover the tools you can use to uncover information about the organization or company for which you are conducting a pentest, such as email addresses and phone numbers of employees, public IP addresses, target systems, and open ports.
Find out the difference between passive and active information gathering.
Learn how to perform vulnerability scans to identify the weaknesses that exist within your target systems and how to exploit them.
Chapter 1
Introduction to Penetration Testing
EXAM OBJECTIVES
Understanding penetration testing
Knowing penetration testing terminology
Being