Enumeration
🚩 CTFs & Labs 🧪¶
❔ Quizzes¶
Port Scanning with Auxiliary Modules¶
| Question | Answer |
|---|---|
| Why might you choose to use an auxiliary module for port scanning during a penetration test if you already have Nmap results? | Auxiliary modules can be run during the post-exploitation phase on internal networks |
| When setting up a port scan using Metasploit’s auxiliary modules, what is an important option you often need to configure? | Hosts and port range |
| What is an auxiliary module in the Metasploit framework primarily used for? | Scanning and network discovery |
FTP Enumeration¶
| Question | Answer |
|---|---|
| What might cause an FTP brute force attempt to temporarily disable the service? | Overwhelming the server with too many login attempts |
| What is the primary purpose of the FTP protocol? | To facilitate file sharing between a server and client |
| Which port is FTP typically hosted on? | Port 21 |
| What type of information can be gathered using FTP auxiliary modules in Metasploit? | FTP version and user credentials |
| Which Metasploit auxiliary module is used to check the FTP version? | auxiliary/scanner/ftp/ftp_version |
SMB Enumeration¶
| Question | Answer |
|---|---|
| What port is primarily used by SMB on modern Windows systems? | Port 445 |
| What is the main purpose of enumerating SMB versions? | To identify vulnerabilities and the target operating system |
| Which Linux utility allows Windows systems to access Linux shares and devices? | Samba |
| In SMB enumeration, why might it be useful to access shares on a target system? | To access potentially sensitive files |
| Which Metasploit auxiliary module is used to enumerate SMB users? | auxiliary/scanner/smb/smb_enumusers |
Web Server Enumeration¶
| Question | Answer |
|---|---|
| Which web server technology commonly uses port 80 for HTTP communication? | All of the these |
| What does a 401 HTTP response code indicate? | Unauthorized |
| Which HTTP request method is used to retrieve HTTP headers for enumeration purposes? | HEAD |
| Why is the robots.txt file significant in web server enumeration? | It lists directories that should not be indexed by search engines. |
MySQL Enumeration¶
| Question | Answer |
|---|---|
| Why might a company change the default MySQL port from 3306 to another port? | To avoid detection during attacks |
| What is the default TCP port used by MySQL? | 3306 |
| Which Metasploit module can be used to enumerate the version of MySQL running on a target? | mysql_version |
SSH Enumeration¶
| Question | Answer |
|---|---|
| Why is SSH preferred over Telnet for remote server connections? | SSH encrypts the communication channel, preventing man-in-the-middle attacks. |
| What is the advantage of using SSH key-based authentication over clear-text passwords? | Keys provide a more secure method of authentication. |
| How can Metasploit's SSH enum users module be helpful in the enumeration phase? | It finds and lists all usernames on the target system. |
SMTP Enumeration¶
| Question | Answer |
|---|---|
| What information does the SMTP enum module provide? | User accounts |
| Which TCP port is used by default for SMTP? | 25 |
| What does SMTP stand for? | Simple Mail Transfer Protocol |
| Which ports might SMTP use if SSL/TLS is configured for encryption? | 465 and 587 |