- (Topic 23)
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

1. A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
2. B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly- paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
3. C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"
4. D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Correct Answer: B

- (Topic 5)
What does the following command in netcat do? nc -l -u -p 55555 < /etc/passwd

1. A. logs the incoming connections to /etc/passwd file
2. B. loads the /etc/passwd file to the UDP port 55555
3. C. grabs the /etc/passwd file when connected to UDP port 55555
4. D. deletes the /etc/passwd file when connected to the UDP port 55555

Correct Answer: C
-l forces netcat to listen for incoming connections.
-u tells netcat to use UDP instead of TCP
-p 5555 tells netcat to use port 5555
< /etc/passwd tells netcat to grab the /etc/passwd file when connected to.

- (Topic 18)
Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

1. A. Linux passwords can be encrypted with MD5
2. B. Linux passwords can be encrypted with SHA
3. C. Linux passwords can be encrypted with DES
4. D. Linux passwords can be encrypted with Blowfish
5. E. Linux passwords are encrypted with asymmetric algrothims

Correct Answer: ACD
Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM-based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory.

- (Topic 20)
You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions:

What kind of exploit is indicated by this script?

1. A. A buffer overflow exploit.
2. B. A SUID exploit.
3. C. A SQL injection exploit.
4. D. A chained exploit.
5. E. A buffer under run exploit.

Correct Answer: D

- (Topic 6)
Exhibit: * Missing*
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

1. A. Port 1890 (Net-Devil Trojan)
2. B. Port 1786 (Net-Devil Trojan)
3. C. Port 1909 (Net-Devil Trojan)
4. D. Port 6667 (Net-Devil Trojan)

Correct Answer: D
From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's.