System Hacking Module 05 Quiz

Questions and Answers

What is the main goal of the 'Gaining Access' stage in system hacking?

To hide malicious activities

To escalate privileges

To gain unauthorized access to the system (correct)

To clear logs

Which technique is NOT typically used for hiding files during a hacking attempt?

Phishing (correct)

Trojans

Rootkits

Steganography

What type of password attack involves directly communicating with the victim machine?

Non-Electronic Attacks

Active Online Attacks (correct)

Social Engineering

Passive Online Attacks

Which of the following is an example of a Non-Electronic Attack?

Shoulder Surfing

Which of the following techniques is used in the 'Escalating Privileges' stage of system hacking?

Password cracking

What action can an attacker perform using a USB drive after exploiting PassView?

Store passwords in .TXT files

Which of the following describes a replay attack?

Capturing and reusing authentication tokens

What is a characteristic of wire sniffing as an attack method?

It captures data from the local area network

What is the main purpose of a rainbow table in password cracking?

To precompute hash values for potential passwords

Which of the following is NOT a recommended defense against password cracking?

Use cleartext protocols for convenience

What is a method to increase password security before encryption?

Adding a random string as a prefix or suffix

What type of privilege escalation refers to gaining higher privileges than currently possessed?

Vertical Privilege Escalation

Which of the following is a recommended defense against privilege escalation?

Performing regular system patches

What is the primary purpose of executing malicious applications during an attack?

To gather information for exploitation

Which password practice should be avoided to enhance security?

Using names of loved ones or pets

What is the primary method used in a dictionary attack?

Using a list of common passwords to guess the correct one

What does a brute forcing attack primarily rely on?

Systematic trial of all possible character combinations

Which of the following best describes the action performed during a password guessing attack?

Manually trying a list of possible passwords

What is a default password?

A manufacturer-supplied password provided with new equipment

How does a Trojan/Spyware/Keylogger attack typically operate?

By capturing user credentials during login

An attacker uses offline attacks to crack passwords on the victim's machine directly.

False

In a dictionary attack, the software attempts to crack passwords by using a pre-defined list of words.

True

Trojan/Spyware/Keylogger attacks do not require any action from the victim to collect user credentials.

False

Attackers often include default passwords in their lists for password guessing attacks.

True

Brute forcing attacks try every possible password combination until they find the correct one.

True

Hiding files is a goal of system hacking aimed at concealing an attacker's activities.

True

A passive online attack involves directly communicating with the victim machine.

False

Shoulder surfing is classified as a non-electronic password attack.

True

Brute forcing attacks are a type of passive online attack.

False

The goal of escalating privileges in system hacking is to maintain remote access to the system.

False

Wire sniffing is relatively easy to perpetrate.

False

A rainbow table contains precomputed hash values for passwords.

True

In a replay attack, the attacker captures packets and re-sends authentication tokens to gain access.

True

PassView stores passwords in an encrypted format on the attacker’s USB drive.

False

To defend against password cracking, it is recommended to use passwords that can be found in a dictionary.

False

Using a random string as a prefix or suffix with the password before encrypting is a recommended practice.

True

Vertical privilege escalation involves assuming the identity of another user with the same privileges.

False

Locking out an account after too many incorrect password guesses helps prevent brute force attacks.

True

Encrypting sensitive data is not a necessary defense against privilege escalation.

False

Attackers may execute malicious applications to gather information or maintain unauthorized access to systems.

True

Shoulder surfing is considered a type of active online password attack.

False

Brute forcing attacks are primarily based on pre-defined lists of words.

False

The primary method used in password guessing attacks involves direct communication with the victim's system.

True

A passive online attack allows an attacker to communicate with the authorizing party.

False

Encrypting sensitive data is a recommended defense against password cracking.

True

PassView executed from a USB drive stores passwords in .TXT files on the targeted computer.

False

Wire sniffing is considered relatively hard to perpetrate.

False

A rainbow table attack can crack passwords easily by comparing captured hashes to a precomputed table.

True

A replay attack involves sending previously captured packets back onto the network to gain access.

True

An offline attack involves the attacker trying to crack passwords on their own system after copying the target's password file.

True

In a brute forcing attack, the attacker makes educated guesses about the password based on prior knowledge.

False

To enhance security, it is advised to use system default passwords.

False

Trojan/Spyware/Keylogger attacks collect user credentials by running in the background and sending data to the attacker.

True

Password guessing attacks have a high success rate due to the wide range of passwords used.

False

Default passwords provided by manufacturers are often targeted in password guessing attacks.

True

Using encryption techniques to protect sensitive data is not a necessary defense against privilege escalation.

False

Horizontal privilege escalation refers to gaining higher privileges than currently possessed.

False

Locking out an account after too many incorrect password guesses is an effective measure to prevent brute force attacks.

True

Performing debugging using bounds checkers and stress tests is a recommended measure to defend against privilege escalation.

True

Attackers executing malicious applications is called 'owning' the system.

True

What is the primary goal during the 'Executing Applications' stage of system hacking?

To create and maintain remote access to the system.

Which technique is primarily associated with the 'Hiding Files' goal within system hacking?

Steganography.

What distinguishes passive online attacks from active online attacks in password cracking?

They don't involve direct communication with the victim machine.

Which type of attack is shoulder surfing categorized under?

Non-Electronic attack.

What is a primary method used in the escalation of privileges during hacking?

Exploit known system vulnerabilities.

What is a recommended method to limit potential privilege escalation in a system?

Implement multi-factor authentication and authorization

Which type of privilege escalation involves assuming the same privileges of another user?

Horizontal privilege escalation

Which password-related practice should be avoided to enhance security?

Using passwords that contain personal information

How can servers best defend against brute force attacks on user accounts?

Lock out an account after too many incorrect password guesses

What is one of the main purposes of executing malicious applications during an attack?

To gather intelligence for future attacks

What is a characteristic of a passive online attack such as wire sniffing?

It records raw network traffic to access sensitive information.

Which of the following is a key step in performing a rainbow table attack?

Comparing captured password hashes with a precomputed table.

What must an attacker typically possess to execute a Man-in-the-Middle (MITM) attack?

Trust from one or both communication parties.

What distinguishes a replay attack from other methods of password cracking?

It captures data and uses it without the need to crack passwords.

Which attack involves using a list of potential passwords that have been ranked based on probability?

Password Guessing

What is the main function of a rainbow table in the context of an offline attack?

To quickly match precomputed hash values with passwords

Which option best describes a brute forcing attack?

Systematically trying every possible combination of characters

In an active online attack using Trojan/Spyware/Keylogger, what is the first step taken by the attacker?

Attacker infects the victim's machine

What role do default passwords play in password guessing attacks?

They are often used as common entries in password lists

The primary goal of escalating privileges in system hacking is to bypass access controls to gain initial access to the system.

False

Wire sniffing is an example of an active online attack where the attacker communicates directly with the victim's machine.

False

Social engineering is classified as a non-electronic attack that requires technical knowledge.

False

Brute forcing attacks involve systematically trying every possible password combination until the correct one is found.

True

The clearing of logs is an activity aimed at covering tracks during system hacking.

True

Vertical privilege escalation refers to acquiring the same level of privileges that already has been granted.

False

Implementing multi-factor authentication and authorization can help defend against privilege escalation attacks.

True

Running users and applications on the least privileges is not a recommended strategy against privilege escalation.

False

An attacker may execute malicious programs remotely to maintain unauthorized access to a system by 'owning' it.

True

A privilege separation methodology is used to increase the scope of programming errors and bugs.

False

In a dictionary attack, the attacker relies solely on the specific knowledge of the target's password history to create the dictionary file.

False

The failure rate for password guessing attacks is typically low due to the structured approach the attacker takes in creating potential passwords.

False

Trojan/Spyware/Keylogger attacks necessitate active participation from the victim to collect user credentials successfully.

False

Using pre-computed hashes, such as those in a rainbow table, is not applicable in offline attacks as they rely on real-time interaction with the target's system.

False

Default passwords are commonly utilized by attackers in dictionary attacks to increase the success rate of their password guessing efforts.

True

In a wire sniffing attack, the captured data may include sensitive information such as passwords and emails, making it easy to recover them.

False

A replay attack is characterized by an attacker acquiring access to communication channels between the victim and server to extract information.

False

Setting a password change policy to 30 days is a recommended defense against password cracking.

True

PassView is designed to save passwords in an encrypted format, ensuring their security when stored on a USB drive.

False

Rainbow table attacks rely on precomputed tables containing a list of possible passwords and their hash values, making it easier to crack passwords.

True

Which of the following techniques is primarily used in the 'Hiding Files' stage of system hacking?

Rootkits

Shoulder surfing is an example of an active online attack.

False

What is the main goal of the 'Escalating Privileges' stage in system hacking?

To acquire the rights of another user or an admin.

In password cracking, _____ attacks involve the attacker trying to gain access without communicating with the victim machine.

passive online

Match the following types of password attacks with their descriptions:

Shoulder Surfing = Non-Electronic Attack Dictionary Attack = Active Online Attack Wire Sniffing = Passive Online Attack Social Engineering = Non-Electronic Attack

Which method allows an attacker to collect user credentials from a victim's machine without the victim's knowledge?

Trojan/Spyware/Keylogger

A dictionary attack relies on a predefined list of common passwords to attempt access.

True

What is a common use of default passwords by attackers?

Default passwords are used in password guessing attacks.

In a brute forcing attack, the software tries every possible __________ until the password is cracked.

combination of characters

Which of the following methods is used to gain access during a replay attack?

Re-sending captured packets

Match the following password attack methods with their descriptions:

Dictionary Attack = Uses a list of words to attempt access Brute Force Attack = Attempts every possible combination of characters Password Guessing = Creates a list of likely passwords based on information Trojan/Spyware/Keylogger = Stealthily collects user credentials in the background

Wire sniffing is considered easy to perpetrate.

False

What is the primary purpose of a rainbow table in relation to password cracking?

To compare captured password hashes to precomputed tables, making it easier to recover passwords.

The attacker executes _____ to extract stored passwords when using PassView.

pspv.exe

Match the type of attack with its description:

Wire Sniffing = Recording raw network traffic Replay Attack = Re-sending captured authentication tokens Man-in-the-Middle = Interception of communication channels Rainbow Table Attack = Using precomputed hash tables to crack passwords

What is a primary defense against privilege escalation?

Implement multi-factor authentication

Vertical privilege escalation allows an attacker to acquire the same level of privileges as another user.

False

What should be done to an account that has too many incorrect password attempts?

Lock out the account

Using a random string as a ______ or suffix with the password enhances security before encryption.

prefix

Match the types of privilege escalation with their definitions:

Vertical Privilege Escalation = Gaining higher privileges than currently possessed Horizontal Privilege Escalation = Assuming the identity of another user with similar privileges

Study Notes

System Hacking Module 05

• System hacking module 5 is titled "Unmask the Invisible Hacker"
• The module covers information gathered before the system hacking stage, system hacking goals, and CEH hacking methodology.
• Information at Hand Before System Hacking Stage:
  • Footprinting Module: IP Range, Namespace, Employees
  • Scanning Module: Target assessment, Identified systems, Identified services
  • Enumeration Module: Intrusive probing, User lists, Security flaws
• System Hacking Goals:
  • Gaining Access: Bypassing access controls to access the system using password cracking and social engineering techniques
  • Escalating Privileges: Acquiring the rights of another user or administrator through exploiting known system vulnerabilities
  • Executing Applications: Creating and maintaining remote access to the system using Trojans, spywares, backdoors, and keyloggers
  • Hiding Files: Hiding attackers' malicious activities and data theft via rootkits and steganography
  • Covering Tracks: Hiding evidence of compromise through clearing logs

CEH Hacking Methodology (CHM)

• Footprinting, scanning, enumeration are steps in the methodology
• Gaining access leads to cracking passwords, escalating privileges, executing applications, hiding files, and covering tracks
• Clearing logs is a step in CHM

Password Cracking

• Password cracking techniques are used to recover passwords from computer systems
• Attackers use these techniques to gain unauthorized access to vulnerable systems
• The success of most password cracking techniques is often attributed to weak or easily guessable passwords

Types of Password Attacks

• Non-Electronic Attacks: Attackers don't need technical knowledge to crack passwords, such as shoulder surfing, social engineering, and dumpster diving
• Active Online Attacks: Attackers directly communicate with the victim's machine to crack passwords, including dictionary and brute-force attacks, and hash injection and phishing
• Passive Online Attacks: Attackers crack passwords without direct communication with the victim, like password guessing, and wire sniffing
• Offline Attacks: Attackers copy the target's password file and crack passwords in their own system, such as rainbow table attacks

Active Online Attack: Dictionary, Brute Forcing, and Rule-based Attack

• Dictionary Attack: Uses a dictionary file to crack passwords, running against user accounts.
• Brute Forcing Attack: Tries different combinations of characters until the password is broken.
• Rule-based Attack: Used when the attacker has some information about the password to predict the password

Active Online Attack: Password Guessing

• Attackers create a list of possible passwords, often gathered through social engineering or other means
• The list is then used to try and crack passwords through manual attempts
• Passwords are ranked from high to low probability
• Attackers attempt to key in each password until they discover the correct password

Default Passwords

• Default passwords are those supplied by manufacturers on new equipment (e.g., switches, routers)
• Attackers use lists of default passwords in password-guessing attacks
• Online tools help identify default passwords

Active Online Attack: Trojan/Spyware/Keylogger

• Attackers install Trojan/Spyware/Keylogger on victims' machines to collect usernames and passwords
• These programs run in the background and send user credentials to the attacker
• Attacker perspective: Infects victim's device with Trojan/Spyware/Keylogger, sending login credentials
• Victim perspective: Logs on to a domain server with credentials
• Domain server perspective: Access granted

Example of Active Online Attack Using USB Drive

• Attacker inserts USB drive
• Autorun window pops up
• Contents of launch.bat run
• Password-cracking tool PassView executed in background
• Passwords stored in .TXT files on USB drive
• Download PassView password hacking tool
• Copy downloaded files to USB drive

Passive Online Attack: Wire Sniffing

• Attackers run packet sniffer tools to access and record raw network traffic
• Information like passwords and emails can be captured
• Sniffed credentials are used to gain unauthorized access

Passive Online Attacks: Man-in-the-Middle and Replay Attack

• MITM attack: Attacker intercepts communication channels between victim and server.
• Information is extracted during this process
• In replay attacks, packets and authentication tokens are captured and replayed to gain access

Offline Attack: Rainbow Table Attack

• Precomputed table storing password hashes to quickly decipher passwords.
• Hash values compared with precomputed hashes to recover passwords

How to Defend against Password Cracking

• Enable information security audits
• Use unique passwords during password change
• Avoid sharing passwords
• Never use easily guessable/dictionary passwords
• Avoid cleartext and protocols with weak encryption
• Implement complex password change policy, eg., 30 days
• Keep passwords in secure locations
• Do not use default passwords

How to Defend against Password Cracking (Cont'd)

• Use 8-12 alphanumeric characters
• Use uppercase and lowercase letters, numbers, and symbols
• Ensure apps don't save passwords in memory or disk
• Employ a random string (salt) for password encryption
• Enable SYSKEY for strong password encryption in SAM database
• Avoid sensitive passwords like DOB, names, etc.
• Monitor server logs for brute-force attacks
• Lock out accounts subject to too many incorrect guesses

Privilege Escalation

• Gaining administrative privileges on a network (non-admin account) after initial access
• Exploits design flaws, programming errors, network configuration issues
• Allows attackers to gain administrative access for critical/sensitive data, file deletions, malicious program installation

How to Defend Against Privilege Escalation

• Restrict interactive logon privileges
• Employ encryption to protect data.
• Minimize the amount of code that runs with privileges
• Use multi-factor authentication and authorization
• Implement services with reduced privileges
• Use debugging tools for bounds checkers
• Thoroughly test application code, eg., errors and bugs
• Implement privilege separation methodology to limit errors/bugs
• Patch/update systems regularly

Executing Applications

• Attackers execute various malicious applications to gain access to systems resources
• Techniques include keyloggers, spywares, backdoors, and crackers remotely in victim machines
• These programs may gather information, exploit vulnerabilities, gain access to system resources, and enable access to system resources

Keyloggers

• Keyloggers are programs/hardware devices that monitor keystrokes, logging onto files or transmitted to a remote location
• Keyloggers gather information like emails, passwords, credit card numbers, etc
• Legitimate uses include office/industrial monitoring
• Keyloggers can target chat sessions, IRC, and instant messaging

How to Defend Against Keyloggers

• Use pop-up blockers
• Install up-to-date antivirus/anti-spyware
• Install firewall software with anti-keylogging features
• Recognize and avoid phishing emails
• Use strong passwords, frequently changed, for various online accounts
• Avoid opening junk/doubtful emails

Spyware

• Spyware programs record user activities and interactions, sending information to remote attackers
• Hides processes, files to avoid detection/removal
• Similar to Trojan horses (malicious programs) which are bundled in free software/downloads
• Collects information like email addresses, passwords, credit card numbers, sensitive details, etc
• Attacker: installs spyware on victim system and receives information.
• Victim: unaware of spyware activities. This may compromise user credentials.

How to Defend Against Spyware

• Avoid potentially compromised computer systems
• Be wary of suspicious emails and websites.
• Update software/firewalls regularly
• Regularly check task manager and config manager reports
• Install and use anti-spyware software
• Carefully read privacy policies and license agreements before downloading or installing applications
• Avoid personal information input to unverified systems

Rootkits

• Rootkits hide their presence and attackers' malicious activity within systems
• Replaces OS calls/utilities with their own modified versions
• Compromises target system security
• Typically includes backdoors, DDoS programs, packet sniffers, log-wiping utilities, and more

Steganography

• Steganography is hiding a secret message within an ordinary message
• Utilizing graphics/images as primary method to conceal data

Covering Tracks

• Intrusive users try to hide their activities on the compromised system.
• Methods include disabling auditing, clearing logs, and manipulating logs to avoid detection

Disabling Auditing

• Intruders disable auditing immediately after gaining administrator privileges
• They then restore auditing using auditpol.exe if needed
• This method is to avoid tracking.

Clearing Logs

• Attackers use clearlogs.exe utility to erase security, system, and application logs.
• Metasploit: attacker can use the Metasploit's meterpreter shell to wipe out all logs via command prompt.

Description

Test your knowledge on 'Unmask the Invisible Hacker' from the System Hacking Module 05. This quiz covers essential topics such as pre-hacking information gathering, system hacking goals, and methodologies used in ethical hacking. Challenge yourself to see how well you understand the strategies employed by hackers and ethical hackers alike.