4_1_2 Section 4 – Operations and Incident Response - 4.1 – Security Tools - Reconnaissance Tools – Part 2

Questions and Answers

What is the primary function of the curl tool?

To perform FTP functions only

To retrieve emails from a website

To display graphical views of web pages

To grab raw data from websites and display it in a terminal screen (correct)

What is the meaning of the 'curl' acronym?

Cross-platform URL Reader

Common Utility for Resource Linking

Command URL Locator

Client URL or Uniform Resource Locator (correct)

What is the advantage of using curl to view a website?

It allows users to search through the website's source code (correct)

It is only available on Linux or Mac OS systems

It only works with secure websites using HTTPS

It provides a more graphical view of the website

What is the result of running the curl command on www.professormesser.com?

It shows a 301 moved permanently message and redirects to a secure website

What is an advantage of using a pre-configured Linux version like callie?

It has a number of pre-configured reconnaissance tools ready to run

What is the primary difference between viewing a website in a browser and using curl?

The graphical view versus raw HTML data

What is the primary function of the Nmap scripting engine?

To run vulnerability scans and other tests on a device

What is the term used to describe the information gathered from public websites?

OSINT (Open Source Intelligence)

What is the primary function of the Harvester tool?

To gather open source intelligence from public websites

What is the purpose of running a Nmap scan with the verbose option?

To gather more information about the scan process

What is the role of the Sniper tool in reconnaissance?

To combine the results of multiple reconnaissance tools

What type of scans can be run using the Nmap tool?

Vulnerability scans and service scans

What is the benefit of using the Harvester tool?

It reduces the time and effort required to gather information

What is the purpose of the Sniper tool's stealth mode?

To avoid detection by the target device

What type of information can be gathered using the Harvester tool?

A variety of information from public websites and sources

What is the risk of using reconnaissance tools like Sniper?

They may cause denial of service situations

What is the purpose of the curl command?

To view the source code of a website as HTML

What is the primary difference between the ping command and the hping command?

The hping command can modify almost everything about the packet

What is the potential risk of using IP scanning tools?

Denial of service to other devices on the network

What is the purpose of the sudo command in the hping command?

To run the command with elevated rights and permissions

What is the function of the Nmap tool?

To identify open ports on a device and the operating system

What is the result of running the hping command with the scan option and specifying ports 80 through 443?

Ports 80 and 443 are open on the device

What is the advantage of using hping over the ping command?

Hping can modify almost everything about the packet

What is the purpose of the ARP technique in IP scanning?

To find devices on a local subnet

What is the difference between hping and Nmap?

Hping is used for port scanning, while Nmap is used for identifying open ports and operating systems

What is the purpose of the ICMP timestamp request technique in IP scanning?

To identify devices on a network

What is a potential issue when performing a port scan?

The device performing the scan may be easily identified as the source.

What is the purpose of the scanless utility?

To perform a port scan through a proxy.

What is the dnsenum command used for?

To enumerate DNS information from a DNS server.

What is the purpose of the sniper query?

To gather information about a target domain using multiple tools.

What is the spider IP service used for?

To provide a proxy for port scanning.

What is the result of running a sniper query on example.com?

A set of information gathered from multiple tools and sources.

What is the purpose of the Nmap tool?

To perform a port scan on a target host.

What is the advantage of using a proxy service like scanless?

It hides the source of the scan.

What is the result of running a dnsenum query on example.com?

A set of DNS information gathered from the DNS server and other sources.

What is the purpose of the brute force feature in dnsenum?

To identify subdomains and hosts on a target domain.

What is the purpose of the Nessus scanner?

To scan a remote IP address for vulnerabilities

What was the result of running the Nessus scanner against a single IP address?

It found 71 informational vulnerabilities and some high and critical vulnerabilities

What is the purpose of the Cuckoo sandbox?

To run programs in a virtualized environment to identify malware

Why is it not recommended to run an executable on a production machine to test it?

It may contain malware or be malicious

What is the benefit of using Nessus to scan many different IP addresses or ranges of IP addresses?

It can create a database of vulnerabilities to identify safer systems

What was the critical vulnerability identified by Nessus regarding the Unix operating system?

Unsupported version detection

What type of analysis can Cuckoo perform on an executable?

API calls and memory analysis

What is the advantage of using Cuckoo to evaluate executables?

It can run executables safely without risking the production environment

What is the benefit of Nessus's extensive reporting and information?

It helps identify vulnerabilities and provides solutions to resolve them

What is the limitation of the Unix operating system vulnerability identified by Nessus?

It is no longer supported by the vendor