Network Based Attacks
๐ฉ CTFs & Labs ๐งช¶
โ Quizzes¶
Networking Fundamentals¶
| Question | Answer |
|---|---|
| What is a 'host' in computer networks? | A computer or device on a network |
| Which of the following best describes the OSI model? | A conceptual framework that standardizes networking functions |
| What is the role of the presentation layer in the OSI model? | To handle data format translation, encryption, and compression |
| What is contained in the header of a network packet? | Important information about the packet like source and destination |
| What is the primary goal of networking? | To allow different systems to communicate with one another |
| Which layer of the OSI model is responsible for logical addressing and routing? | The Network layer |
Firewall Detection & IDS Evasion¶
| Question | Answer |
|---|---|
| How can nmap be configured to appear as though a scan is originating from a DNS server? | By setting the source port to 53 using the '-g' option |
| What command can be used to disable DNS resolution in nmap? | -n |
| Why is it beneficial to specify a custom MTU size when fragmenting packets? | To control how packets are broken up and sent, making it harder for IDS to detect the patterns |
| What is the primary purpose of using the '-sA' scan in nmap? | To determine if ports are filtered or unfiltered by sending ACK packets |
| What is the benefit of using decoy IP addresses in an nmap scan? | To mask the originating IP address and add confusion for network defenders |
| Which nmap option can be used to fragment packets to evade IDS detection? | -f |
Network Enumeration¶
| Question | Answer |
|---|---|
| What should be the focus during service enumeration according to the penetration testing methodology? | Analyzing services running on open ports. |
| What is the primary goal of service enumeration in network penetration testing? | To gather detailed information about services running on open ports. |
| Why is enumeration one of the most important phases of a penetration test? | It helps in identifying service misconfigurations that could lead to exploitation. |
| How does enumeration differ from the initial host discovery and port scanning phases? | It involves deeper interaction with specific services. |
| Why is enumeration considered an active information gathering technique? | It involves direct interaction with target systems. |
| During the enumeration phase, which types of information are typically targeted? | Shares and account names |
SMB & NetBIOS Enumeration¶
| Question | Answer |
|---|---|
| Which tool is commonly used to perform basic NetBIOS enumeration? | nbtstat |
| Which port does SMB use for direct communication, bypassing NetBIOS? | 445 |
| Why do modern Windows networks primarily use SMB instead of NetBIOS? | SMB offers better performance and security |
| Why is SMBv1 considered insecure? | It allows anonymous logons and has several security vulnerabilities |
| What are the primary services offered by NetBIOS? | Name service, datagram service, and session service |
| What is the primary purpose of SMB in Windows networks? | To facilitate network file sharing and resource access |
SNMP Enumeration¶
| Question | Answer |
|---|---|
| What information can be gathered through SNMP enumeration? | All of the above |
| What is the primary security improvement introduced with SNMPv3? | Encryption and message integrity |
| What is the main purpose of the Simple Network Management Protocol (SNMP)? | To manage and monitor network devices |
| Which component of SNMP is responsible for querying and interacting with SNMP agents on network devices? | SNMP manager |
| Which UDP port is used for sending SNMP traps or notifications? | 162 |
| Which tool can be used to discover SNMP community strings via brute force? | Nmap with SNMP scripts |
SMB Relay Attack¶
| Question | Answer |
|---|---|
| Which technique is commonly used by attackers to intercept SMB traffic for a relay attack? | ARP spoofing |
| Why is DNS spoofing used in an SMB relay attack? | To redirect all SMB requests to the attacker's machine |
| What type of data does an attacker aim to capture during the authentication step of an SMB relay attack? | NTLM hashes |
| Which tool is often used in Metasploit for setting up SMB relay attacks? | smbrelay |
| In the final step of an SMB relay attack, what could an attacker potentially gain access to? | Administrative privileges on a server |
| What is an SMB relay attack primarily used for? | To intercept and relay SMB traffic to gain unauthorized access to resources |