Skip to content

System/Host Based Attacks


๐Ÿšฉ CTFs & Labs ๐Ÿงช


โ” Quizzes

Introduction To System/Host Based Attacks

Question Answer
System/Host based attacks are attacks that are targeted towards a specific system running a specific operating system? True

Windows

Overview Of Windows Vulnerabilities

Question Answer
An Information disclosure vulnerability is a type of vulnerability that could potentially allow an attacker to remotely execute arbitrary code on a target system. False

Frequently Exploited Windows Services

Question Answer
Which one of the following is not a frequently exploited Windows service? SAMBA
Which one of the following ports is used by RDP? 3389

Exploiting Microsoft IIS WebDAV

Question Answer
Which one of the following file extensions cannot be executed on a Microsoft IIS web server? .py
The cadaver utility can be used to upload files on to a WebDAV server. True

Exploiting WebDAV With Metasploit

Question Answer
Which one of the following commands can be used to upload malicious .asp payloads with cadaver? put /PATH-TO-FILE/payload.asp

Exploiting SMB With PsExec

Question Answer
PsExec authentication is performed via SMB. True
Which one of the following commands can be used to authenticate with a target system with PsExec? psexec.py Administrator@192.168.1.1

Exploiting Windows MS17-010 SMB Vulnerability (EternalBlue)

Question Answer
The EternalBlue exploit takes advantage of a vulnerability in SMBv1. True
Which one of the following CVEs was assigned to the EternalBlue vulnerability? CVE-2017-0144

Exploiting RDP

Question Answer
Which one of the following commands can be used to remotely access a Windows target via RDP with xfreerdp? xfreerdp /u:administrator /p:password123 /v:192.168.1.1
RDP can be configured to run on a different TCP port. True

Exploiting Windows CVE-2019-0708 RDP Vulnerability (BlueKeep)

Question Answer
The BlueKeep exploit could potentially allow an attacker to execute arbitrary code on a Windows target. True

Exploiting Windows CVE-2019-0708 RDP Vulnerability (BlueKeep)

Question Answer

Exploiting WinRM

Question Answer
Crackmapexec can be used to execute commands on a Windows target. True
Which one of the following evil-winrm commands can be used to obtain a remote PowerShell shell on a Windows target? evil-winrm.rb -u administrator -p 'password123' -i 192.168.1.1

Windows Kernel Exploits

Question Answer
Which one of the following Metasploit modules can be used to identify kernel exploits on a Windows target? multi/recon/local_exploit_suggester
Kernel exploits are completely stable and can be executed without any issues. False

Bypassing UAC With UACMe

Question Answer
In order to elevate privileges by bypassing UAC, you will need access to a user that is a member of the local administrators group. True
Which one of the following commands can be used to execute a malicious executable with elevated privileges with the Akagi tool? Akagi64.exe 23 C:\Temp\payload.exe

Access Token Impersonation

Question Answer
In order to impersonate an access token, you will need to have access to an account with the "SeImpersonatePrivilege"? True
Which one of the following meterpreter commands can be used to enumerate user privileges? getprivs

Alternate Data Streams

Question Answer
Alternate Data Streams is an NTFS and ext4 filesystem attribute. False

Windows Password Hashes

Question Answer
What hashing algorithm is used to hash NTLM passwords? MD4

Searching For Passwords In Windows Configuration Files

Question Answer
Which one of the following directories contains the Unattended Windows Setup utility configuration file? C:\Windows\Panther\Unattend.xml

Dumping Hashes With Mimikatz

Question Answer
Mimikatz makes a copy of the SAM database in order to extract NTLM hashes. False
Which one of the following Mimikatz commands can be used to extract NTLM hashes via the LSA? lsadump::sam

Pass-The-Hash Attacks

Question Answer
Which one of the following tools can be used to perform a Pass-The-Hash attack? (Choose Two) evil-winrm,crackmapexec

Linux

Exploiting Bash CVE-2014-6271 Vulnerability (Shellshock)

Question Answer
Bash is the default shell used by most Linux distributions. True
The Shellshock vulnerability affects both Windows & Linux. False

Exploiting FTP

Question Answer
In certain cases, FTP can be configured to allow anonymous connections. True

Exploiting SSH

Question Answer
SSH only supports username/password authentication. False

Exploting SAMBA

Question Answer
smbclient provides users with an ftp-like console interface. True
Which one of the following commands can be used to enumerate shares with SMBMap? smbmap -H 192.168.1.1 -u admin -p password123

Linux Kernel Exploits

Question Answer
Which one of the following compilers can be used to compile exploit code written in C? GCC
When identifying kernel exploits, the kernel version and distribution release version are the most important pieces of information. True

Exploiting Misconfigured Cron Jobs

Question Answer
Which one of the following commands can be used to display the list of scheduled cron jobs for the current user? crontab-l

Exploiting SUID Binaries

Question Answer
In order to elevate our privileges, we will need to identify an SUID binary that is owned by the "root" user. True

Dumping Linux Password Hashes

Question Answer
Encrypted Linux account passwords are stored in the /etc/passwd file. False
The /etc/shadow file can only be accessed by the "root" user. True