Skip to content

Penetration Testing Exploitation

๐Ÿšฉ CTFs & Labs ๐Ÿงช

โ” Quizzes

Introduction To Exploitation

Question Answer
Which one of the following is not a phase of exploitation? Privilege escalation
Question Answer
Which one of the following commands will enable verbose output with Netcat? nc -v 192.168.1.1 21

Vulnerability Scanning With Nmap Scripts

Question Answer
Which one of the following Nmap commands can be used to perform service version detection and operating system detection? nmap -sV -O 192.168.1.1
What is the default path that contains all the Nmap scripts? /usr/share/nmap/scripts

Vulnerability Scanning With Metasploit

Question Answer
What type of MSF modules are typically used for scanning and vulnerability detection? auxiliary modules

Searching For Publicly Available Exploits

Question Answer
Exploit-db also hosts Metasploit exploit modules. True
Exploits found online are completely safe and can be run without further analysis of the code. False
Exploit-db allows you to filter exploits based on the target platform. True

Searching For Exploits With SearchSploit

Question Answer
Which one of the following SearchSploit commands can be used to copy an exploit in to your current working directory? searchsploit -m /PATH
Which one of the following SearchSploit commands can be used to display the Exploit-db URL instead of the EDBID? searchsploit -w vsftpd

Fixing Exploits

Question Answer
In most cases, public exploit code will need to be modified in accordance with your requirements. True

Cross-Compiling Exploits

Question Answer
Windows exploit code developed in C can only be compiled on a Windows system. False
Which one of the following compilers can be used to compile Linux exploit code developed in C? gcc

Netcat Fundamentals

Question Answer
Which one of the following Netcat commands can be used to connect to a specific port on a target? nc -nv 192.168.1.1 22
Netcat comes pre-installed on Windows systems. False

Bind Shells

Question Answer
Which one of the following Netcat commands can be used to setup a listener that executes cmd.exe when a client connects to the listener? nc.exe -nvlp 1234 -e cmd.exe
A bind shell is a type of remote shell where the attacker connects to a listener on the target system. True

Reverse Shells

Question Answer
A reverse shell is a type of remote shell where the target system connects to a listener on the attackers system. True

Reverse Shell Cheatsheet

Question Answer
A reverse shell connection can be made to the listener on the attacker's system without Netcat. True

The Metasploit Framework (MSF)

Question Answer
Metasploit modules are developed in Perl False
The Metasploit Framework can only be used for exploitation. False

PowerShell-Empire

Question Answer
PowerShell-Empire provides you with the ability to generate Windows executable stagers developed in C#. True
Which one of the following commands can be used to install PowerShell-Empire on Kali Linux? sudo apt-get install powershell-empire -y
Which one of the following PowerShell-Empire client commands can be used to interact with an agent called Win7? interact Win7

Windows Black Box Penetration Test

Question Answer
A black box penetration test is a security assessment whereby the penetration tester is provided with information regarding the target system. False

Port Scanning & Enumeration - Windows

Question Answer
Which one of the following Nmap scans can be used to scan the port range ranging from port 80 to 3389? nmap -sV -p 80-3389 192.168.1.1
Which one of the following nmap scans can be used to output scan results in to a format that can be imported in to MSF? nmap -sV 192.168.1.1 -oX results

Targeting Microsoft IIS FTP

Question Answer
Which one of the following Nmap script scans can be used to identify if anonymous FTP logons are permitted? nmap -sV -p 21 --script=ftp-anon 192.168.1.1
Which one of the following commands can be used to upload a file to an FTP server with the FTP client? put file.txt

Targeting OpenSSH

Question Answer
Which one of the following MSF module can be used to perform a brute-force attack on SSH? auxiliary/scanner/ssh/ssh_login

Targeting SMB

Question Answer
Which one of the following tools can be used to perform a brute-force attack on SMB? hydra
After obtaining legitimate user account credentials, we can remotely obtain a command shell on a Windows target with Psexec. True

Targeting MySQL Database Server

Question Answer
What is the default TCP port used by MySQL? 3306
Which one of the following commands can be used to remotely authenticate to a MySQL database server? mysql -u root -p -h 192.168.1.1
### Linux Black Box Penetration Test
Question Answer
A black box penetration test is used to test the security of a company from the perspective of an external attacker. True

Port Scanning & Enumeration - Linux

Question Answer
Which one of the following Nmap scans can be used to perform OS detection?
nmap -sV -sC -O 192.168.1.1

Targeting vsFTPd

Question Answer
In some cases vulnerable services could be patched, consequently mitigating a potential exploit. True

Targeting PHP

Question Answer
Which one of the following PHP config files contains the version of PHP installed on the web server? phpinfo.php

Targeting SAMBA

Question Answer
Which one of the following MSF modules can be used to enumerate the version of SAMBA running on the target?
auxiliary/scanner/smb/smb_version

AV Evasion With Shellter

Question Answer
Shellter allows you to inject PowerShell-Empire shellcode in to portable executables. True
Signature based detection can be bypassed by modifying the malware's byte sequence. True

Obfuscating PowerShell Code

Question Answer
Which one of the following PowerShell commands can be used to import a PowerShell module? Import-Module module.psd1
PowerShell can be installed and used on Linux. True