Introduction to System Hacking

Questions and Answers

What is the primary goal of system hacking?

To analyze software code for vulnerabilities

To create new applications

To gain access to a target system using previously obtained information (correct)

To improve system performance

What does the attack surface of a software product include?

Control and data entry and exit points (correct)

A measure of hardware components

Only the user interface

Only the database interface

How can an organization measure its attack surface effectively?

By ignoring changes in network configuration

By providing users with complex passwords only

By establishing a baseline and monitoring changes regularly (correct)

By reducing the number of software applications installed

What is one recommended best practice for attack surface reduction?

Start only necessary applications when needed (D)

What role does the Microsoft Attack Surface Analyzer serve?

To evaluate and analyze a software product's attack surface (B)

Which of the following is NOT a component of attack surface evaluation?

Performing random connectivity tests (D)

Why is it important to monitor changes to the attack surface regularly?

To determine if the attack surface has increased and if it can be reduced (C)

What types of attacks are included in the study of password attacks?

Attack techniques and existing cracking tools (A)

What does the damage potential of a method depend on?

The method’s privilege (D)

Which factor is NOT considered in estimating a channel’s damage potential?

Method’s Privilege (B)

How is a persistent data item’s damage potential evaluated?

By its type (A)

Which of the following is essential for an attacker to gain a method’s privilege?

Utilizing the method in an attack (B)

What contributes to a resource’s overall attack surface?

Both damage potential and access effort (B)

What is the primary function of the Microsoft Attack Surface Analyzer 2.0?

To highlight security issues in an application (C)

What is a significant step involved before checking a target app using the Microsoft Attack Surface Analyzer?

Run a baseline scan of the platform (C)

In the password system outlined, what is the role of the salt when hashing a password?

To randomize the hashed value of the password (A)

How does the password comparison process work in the outlined system?

The hashed password is compared to the stored salted hash (A)

What is generated to show the changes in the attack surface after installing a new app?

A scan report (D)

What technique is used to protect stored passwords in the password system?

Hashing with salt (D)

What is the primary characteristic of LM and NTLM hashed passwords?

They are unsalted and susceptible to attack. (B)

Why should the Microsoft Attack Surface Analyzer be repeated after a new app is installed?

To assess the new app's impact on security (C)

What is the bit-length of a SHA-1 hash?

160-bit (A)

What happens if the hashed password matches the stored hashed password during login?

The user is allowed access (B)

Which hashing algorithm superseded LM and NTLM?

MD5 (B)

Which of the following is considered a common password guessing technique?

Using dictionary words spelled backwards (C)

What does SHA-n refer to?

A class of hashing algorithms with varying output lengths (C)

What is a major risk associated with the use of default or weak passwords?

They can be easily recognized by attackers. (A)

Which SHA version is the most popular variant that produces a 256-bit hash?

SHA-2 (A)

Which technique would NOT typically be categorized as a password guessing strategy?

Examining DNS records for user information (A)

Which of the following types of hashes does John the Ripper support for user passwords?

MD5 (A)

Which type of traffic can John the Ripper analyze?

Network traffic captures (A)

Which of the following filesystems can John the Ripper handle?

macOS .dmg files (D)

What method does Ophcrack use for password recovery?

Rainbow tables (A)

What is the primary function of THC Hydra?

Parallelized network login cracking (C)

Which operating systems are compatible with Ophcrack?

Windows, Mac OSX, and Unix (D)

What is a necessary step before loading 'pass.txt' in Ophcrack?

Install rainbow tables (C)

What file format does John the Ripper require for analyzing DES-encrypted content?

.txt (D)

Study Notes

Introduction to System Hacking

• Gaining access to a target system using previously obtained information
• Attack surface: all points of entry and exit for a system (e.g., user interface, database interface, network interface)
• Ease of access depends on the target's attack surface

Attack Surface Evaluation

• What is a software product’s attack surface? Where are the control and data entry and exit points?
• How to measure it? Define a baseline and regularly measure and monitor changes.

Microsoft Attack Surface Analyzer

• Free tool for highlighting security issues in an application.
• Scans for open files, active apps, and Windows services.
• Compares scans against baselines to highlight potential vulnerabilities.

Password Attacks

• Password cracking techniques launched to crack encoded passwords.
• Password Salting adds randomness to passwords before hashing, making them harder to crack.
• Password Guessing Techniques include using dictionaries, names, addresses, and other personal information.

Password Security Risks

• Default or weak passwords are easily cracked, and often include easily guessed information like "admin".
• John the Ripper is a password cracking tool that supports many hashing algorithms and can crack various types of encrypted data.
• Ophcrack uses rainbow tables to crack passwords.
• THC Hydra is a fast password cracking tool that parallelizes network logins.

Description

This quiz covers essential concepts in system hacking, including attack surfaces, their evaluation, and tools like Microsoft Attack Surface Analyzer. It also touches on password attacks, such as salting and cracking techniques, providing a comprehensive overview of system vulnerabilities.