Network Security and Penetration Testing

Questions and Answers

What does the acronym SMB stand for in networking?

System Management Protocol

System Mail Block

Server Message Block (correct)

Server Management Block

Which of the following is NOT a common network service?

HTTP (correct)

SMB

FTP

SSH

What is the full form of IDPS?

Intrusion Detection and Provisioning System

Intrusion Detection and Prevention System (correct)

Intrusion Detection and Prevention Server

Internal Detection and Prevention Service

In the context of security, what does 'Protocol Evasion' refer to?

Manipulation of packet structures to avoid detection

Which of the following describes HID?

Human Interface Devices

To load Karmetasploit, which command would you use?

use auxiliary/server/karmetasploit

What does the abbreviation WPA stand for in networking?

Wi-Fi Protected Access

What is stored in a registry key?

Configuration settings and options for applications

What is the function of the upload command in Meterpreter?

To transfer files from the attacker's machine to the target system

Which of the following protocols does Meterpreter support for communication?

HTTP, HTTPS, and TCP

What is the main purpose of SMB relay attacks?

To relay messages between a client and server for unauthorized access

What is the primary role of the Meterpreter framework?

To gain access and control over compromised systems

Which command would you use to maintain persistence on a system using Meterpreter?

modify startup registry keys

What does the Karma Toolkit specialize in?

Wireless network attacks

What is the purpose of encryption in a communication channel?

To protect the connection from eavesdropping

What command is used to execute scripts with required parameters in Meterpreter?

run

What is the primary functionality of the Meterpreter API?

To enable interaction with compromised systems

Which method is commonly used to achieve remote access through VNC injection?

Employing a VNC injection payload

Which of the following is NOT a task that can be automated with Meterpreter?

Screen sharing

What advantage does sleep control with specific timing provide during exploitation?

Helps evade detection by reducing alert triggers

What is one of the measures to secure a VNC connection?

Enabling TLS for encryption

Why is the get-desktop command significant in the keystroke-sniffing process?

It provides a visual context for correlating keystrokes.

What does Meterpreter timeout control primarily manage?

Communication timeout to avoid session disconnections

Which of the following is a key capability of Meterpreter?

Escalating privileges and maintaining persistence

What is the primary function of Wireshark in network analysis?

To inspect and capture network traffic for analysis.

In a SMB relay attack, what role does the Responder play?

It relays captured SMB authentication requests to an SMB server.

Which version of SMB was introduced with Windows Vista?

SMB 2.0

What is one of the best practices for ensuring stealth in post-exploitation techniques?

Establish persistence through backdoors.

What tool can be used to execute a de-authentication attack?

aircrack-ng

Who are common targets in an Evil Twin attack for capturing credentials?

Unwitting users and Wi-Fi-enabled devices

What command is used to install Karmetasploit dependencies in Kali Linux?

sudo apt-get install libpcap-dev libsqlite3-dev

What is the primary purpose of Karmetasploit?

To perform wireless network attacks as a penetration testing tool.

What is the primary purpose of packet sniffing in a network?

To capture and analyze network packets

Which of the following is NOT a strategy to mitigate Evil Twin attacks?

Deploying wired connections only

Which tool is specifically designed for packet capture and analysis in wireless MITM attacks?

Wireshark

What role do Meterpreter resource scripts play in a penetration testing process?

They automate tasks within a Meterpreter session.

What is essential for preventing keystroke sniffing attacks?

Implementing strong encryption protocols like SSL/TLS

Which of the following tools can be utilized for creating fake access points during Evil Twin attacks?

Karma

What command is used to execute a Meterpreter resource script?

resource /path/to/script.rc

What type of attack can be executed by capturing and analyzing network packets?

Data exfiltration

What is a characteristic of an Evil Twin Attack?

It mimics a legitimate Wi-Fi access point to intercept data.

Which of the following is a step involved in conducting an SMB relay attack?

Gaining unauthorized access to a server by relaying captured credentials.

Which defense mechanism helps enhance security by requiring NTLMv2?

Enforcing NTLMv2 for SMB communications.

What command is used to load Karmetasploit in Metasploit?

use auxiliary/server/karmetasploit

Which of the following actions is part of Wireless Penetration Testing?

Identifying open or weak encrypted Wi-Fi networks.

Which technique is commonly used in a Deauthentication Attack?

Forcing users off a legitimate access point.

What is a primary use of the Metasploit Framework in wireless pen-testing?

To provide modules for exploiting Wi-Fi vulnerabilities.

Which of the following attacks manipulates ARP tables?

ARP Spoofing

Study Notes

Network Security

• Network segmentation isolates subnets, improving security, performance, and manageability.
• Application whitelisting allows only pre-approved applications to run, blocking harmful ones.
• Viruses require a host file to spread while worms spread autonomously.

Keystroke-Sniffing

• The dump keys command is used to capture keystrokes during a keystroke-sniffing attack.
• get_timeouts command displays current timeout configurations in Meterpreter.

SMB

• SMB (Server Message Block) is a common network service.
• Exploitable vulnerabilities in SMB can lead to attacks.
• SMB versions include 1.0, 2.0, 3.0, and 3.1.1.

Metasploit

• Metasploit is a penetration testing tool.
• Karma Toolkit combines with Metasploit for wireless network testing.
• Meterpreter supports various protocols (HTTP, HTTPS, TCP), enabling firewall bypass.

Wireless Penetration Testing

• Wireless penetration testing assesses wireless network security to identify vulnerabilities.
• Wireless penetration testing involves assessing wireless network security to identify vulnerabilities.
• A common method for VNC injection is using Metasploit to inject a VNC server.

Network Services

• Common exploitable network services include SMB, SSH, FTP, Telnet, HTTP/HTTPS, and RDP.

Security Concepts

• Intrusion Detection Prevention System (IDPS) are used to detect and block malicious activities.
• Indicators of Compromise (IOCs) are indicators of malicious activities.
• Security tools are used to detect Android Backdoors.

Social Engineering

• Social engineering exploits human psychology to deceive users into performing actions that compromise their systems, such as clicking malicious links.

Common PDF Vulnerabilities

• Malicious JavaScript can be embedded into PDF files to execute code when opened.
• Exploiting vulnerabilities in PDF readers can allow attackers to execute malicious code.
• PDF files can have embedded malicious files that execute upon opening.

Android Backdoors

• Unusual network traffic, unauthorized apps with elevated permissions, and battery drain or overheating are indicators of an Android backdoor.

Evil Twin Attacks

• Evil Twin attacks create fake Wi-Fi access points to deceive users.
• Evil Twin attacks involve creating a fake Wi-Fi access point to deceive users.
• Tools like airmon-ng, airbase-ng, Wireshark, and dnsmasq help perform this attack.

SMB Relay attacks

• SMB relay attacks have several stages to complete the attack.
• Tools for SMB relay attacks include Responder, Impacket, Metasploit, and NTLMRelayX.
• SMB relay attacks involves multiple targets or stages.

VNC Injection

• VNC injection injects a VNC server into a compromised system for remote access.
• Multiple security measures should be used for VNC connections to secure them.
• VNC injection can be used to bypass local authentication and gain remote control.

Protecting VNC Connections

• Use strong passwords.
• Enable encryption (like TLS).
• Restrict access by IP address.
• Use VPN/SSH tunneling.

Meterpreter Anti-Forensics

• Clearing logs, file deletion, persistence, and obfuscation.
• Meterpreter anti-forensics methods are used to hide malicious activity.

Keylogging and Screen Capture

• Keylogging tracks and records keystrokes.
• Screen capture involves taking snapshots or videos of a user's screen.
• Keylogging and screen capture tools are used to extract data.

Protecting PDF Files

• Avoid opening unknown or suspicious PDF files.
• Update PDF readers to patch vulnerabilities.

Description

This quiz covers essential topics in network security, including network segmentation, application whitelisting, and vulnerabilities related to SMB. It also delves into keystroke-sniffing techniques and the use of Metasploit for penetration testing. Test your knowledge on these critical aspects of securing networks and understanding attacks.