Enumeration
🚩 CTFs & Labs 🧪¶
❔ Quizzes¶
Port Scanning with Auxiliary Modules¶
Question | Answer |
---|---|
Why might you choose to use an auxiliary module for port scanning during a penetration test if you already have Nmap results? | Auxiliary modules can be run during the post-exploitation phase on internal networks |
When setting up a port scan using Metasploit’s auxiliary modules, what is an important option you often need to configure? | Hosts and port range |
What is an auxiliary module in the Metasploit framework primarily used for? | Scanning and network discovery |
FTP Enumeration¶
Question | Answer |
---|---|
What might cause an FTP brute force attempt to temporarily disable the service? | Overwhelming the server with too many login attempts |
What is the primary purpose of the FTP protocol? | To facilitate file sharing between a server and client |
Which port is FTP typically hosted on? | Port 21 |
What type of information can be gathered using FTP auxiliary modules in Metasploit? | FTP version and user credentials |
Which Metasploit auxiliary module is used to check the FTP version? | auxiliary/scanner/ftp/ftp_version |
SMB Enumeration¶
Question | Answer |
---|---|
What port is primarily used by SMB on modern Windows systems? | Port 445 |
What is the main purpose of enumerating SMB versions? | To identify vulnerabilities and the target operating system |
Which Linux utility allows Windows systems to access Linux shares and devices? | Samba |
In SMB enumeration, why might it be useful to access shares on a target system? | To access potentially sensitive files |
Which Metasploit auxiliary module is used to enumerate SMB users? | auxiliary/scanner/smb/smb_enumusers |
Web Server Enumeration¶
Question | Answer |
---|---|
Which web server technology commonly uses port 80 for HTTP communication? | All of the these |
What does a 401 HTTP response code indicate? | Unauthorized |
Which HTTP request method is used to retrieve HTTP headers for enumeration purposes? | HEAD |
Why is the robots.txt file significant in web server enumeration? | It lists directories that should not be indexed by search engines. |
MySQL Enumeration¶
Question | Answer |
---|---|
Why might a company change the default MySQL port from 3306 to another port? | To avoid detection during attacks |
What is the default TCP port used by MySQL? | 3306 |
Which Metasploit module can be used to enumerate the version of MySQL running on a target? | mysql_version |
SSH Enumeration¶
Question | Answer |
---|---|
Why is SSH preferred over Telnet for remote server connections? | SSH encrypts the communication channel, preventing man-in-the-middle attacks. |
What is the advantage of using SSH key-based authentication over clear-text passwords? | Keys provide a more secure method of authentication. |
How can Metasploit's SSH enum users module be helpful in the enumeration phase? | It finds and lists all usernames on the target system. |
SMTP Enumeration¶
Question | Answer |
---|---|
What information does the SMTP enum module provide? | User accounts |
Which TCP port is used by default for SMTP? | 25 |
What does SMTP stand for? | Simple Mail Transfer Protocol |
Which ports might SMTP use if SSL/TLS is configured for encryption? | 465 and 587 |