Penetration Testing Exploitation
๐ฉ CTFs & Labs ๐งช¶
- Penetration Testing Exploitation CTF 1
- Penetration Testing Exploitation CTF 3
- Penetration Testing Exploitation CTF 2
โ Quizzes¶
Introduction To Exploitation¶
| Question | Answer |
|---|---|
| Which one of the following is not a phase of exploitation? | Privilege escalation |
Banner Grabbing¶
| Question | Answer |
|---|---|
| Which one of the following commands will enable verbose output with Netcat? | nc -v 192.168.1.1 21 |
Vulnerability Scanning With Nmap Scripts¶
| Question | Answer |
|---|---|
| Which one of the following Nmap commands can be used to perform service version detection and operating system detection? | nmap -sV -O 192.168.1.1 |
| What is the default path that contains all the Nmap scripts? | /usr/share/nmap/scripts |
Vulnerability Scanning With Metasploit¶
| Question | Answer |
|---|---|
| What type of MSF modules are typically used for scanning and vulnerability detection? | auxiliary modules |
Searching For Publicly Available Exploits¶
| Question | Answer |
|---|---|
| Exploit-db also hosts Metasploit exploit modules. | True |
| Exploits found online are completely safe and can be run without further analysis of the code. | False |
| Exploit-db allows you to filter exploits based on the target platform. | True |
Searching For Exploits With SearchSploit¶
| Question | Answer |
|---|---|
| Which one of the following SearchSploit commands can be used to copy an exploit in to your current working directory? | searchsploit -m /PATH |
| Which one of the following SearchSploit commands can be used to display the Exploit-db URL instead of the EDBID? | searchsploit -w vsftpd |
Fixing Exploits¶
| Question | Answer |
|---|---|
| In most cases, public exploit code will need to be modified in accordance with your requirements. | True |
Cross-Compiling Exploits¶
| Question | Answer |
|---|---|
| Windows exploit code developed in C can only be compiled on a Windows system. | False |
| Which one of the following compilers can be used to compile Linux exploit code developed in C? | gcc |
Netcat Fundamentals¶
| Question | Answer |
|---|---|
| Which one of the following Netcat commands can be used to connect to a specific port on a target? | nc -nv 192.168.1.1 22 |
| Netcat comes pre-installed on Windows systems. | False |
Bind Shells¶
| Question | Answer |
|---|---|
| Which one of the following Netcat commands can be used to setup a listener that executes cmd.exe when a client connects to the listener? | nc.exe -nvlp 1234 -e cmd.exe |
| A bind shell is a type of remote shell where the attacker connects to a listener on the target system. | True |
Reverse Shells¶
| Question | Answer |
|---|---|
| A reverse shell is a type of remote shell where the target system connects to a listener on the attackers system. | True |
Reverse Shell Cheatsheet¶
| Question | Answer |
|---|---|
| A reverse shell connection can be made to the listener on the attacker's system without Netcat. | True |
The Metasploit Framework (MSF)¶
| Question | Answer |
|---|---|
| Metasploit modules are developed in Perl | False |
| The Metasploit Framework can only be used for exploitation. | False |
PowerShell-Empire¶
| Question | Answer |
|---|---|
| PowerShell-Empire provides you with the ability to generate Windows executable stagers developed in C#. | True |
| Which one of the following commands can be used to install PowerShell-Empire on Kali Linux? | sudo apt-get install powershell-empire -y |
| Which one of the following PowerShell-Empire client commands can be used to interact with an agent called Win7? | interact Win7 |
Linux Black Box Penetration Test¶
| Question | Answer |
|---|---|
| A black box penetration test is used to test the security of a company from the perspective of an external attacker. | True |
Port Scanning & Enumeration - Linux¶
| Question | Answer |
|---|---|
| Which one of the following Nmap scans can be used to perform OS detection? | |
| nmap -sV -sC -O 192.168.1.1 |
Targeting vsFTPd¶
| Question | Answer |
|---|---|
| In some cases vulnerable services could be patched, consequently mitigating a potential exploit. | True |
Targeting PHP¶
| Question | Answer |
|---|---|
| Which one of the following PHP config files contains the version of PHP installed on the web server? | phpinfo.php |
Targeting SAMBA¶
| Question | Answer |
|---|---|
| Which one of the following MSF modules can be used to enumerate the version of SAMBA running on the target? | |
| auxiliary/scanner/smb/smb_version |
AV Evasion With Shellter¶
| Question | Answer |
|---|---|
| Shellter allows you to inject PowerShell-Empire shellcode in to portable executables. | True |
| Signature based detection can be bypassed by modifying the malware's byte sequence. | True |
Obfuscating PowerShell Code¶
| Question | Answer |
|---|---|
| Which one of the following PowerShell commands can be used to import a PowerShell module? | Import-Module module.psd1 |
| PowerShell can be installed and used on Linux. | True |