Which techniques are commonly used in the exploitation stage of penetration testing? Select all that apply.
Added by John B.
Step 1
This stage involves actively attempting to exploit vulnerabilities identified in the previous phases to gain unauthorized access or control over systems. Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 81 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Instructions Based on the information provided, use the dropdown selectors to identify the password attack and the tool used. Attacker 1 Technique Description Attacker obtains a database of password hashes for later use Password Attack Select Tool Used Select Attacker 2 Technique Description Attacker attempts every possible combination in the output space in order to match a captured hash and guess the plaintext Password Attack Select Tool Used Select Attacker 3 Technique Description Attacker uses a combination of dictionary and brute-force attacks to obtain a password. Password Attack Select Tool Used Select
Akash M.
Automation Exercise Up to this point, you have done many activities in the area of Footprinting and Scanning yourself (manually). This exercise will have you put your BASH and/or Python skills to the test. Many penetration testers automate mundane tasks (i.e. NMAP). Using your Kali VM, write a BASH script that will scan your VMware NAT network via ARP, collect those "live" IPs, place the IPs into a file, then run the following scans based on those "Live" IPs: 1. Scan all "Live" IPs for the following ports: a. 80 b. 443 c. 445 d. 21 e. 22 f. 23 g. 139 h. 3389 2. Output the results from this to a separate file.
Scenario You work for a PR and marketing company that handles highly sensitive information for its high-profile clients. Client records are stored in a database and file system hosted on your private corporate network. As well as client records, this includes media such as photos and videos. Most remote client communications and data transfers take place using a one-to-one encrypted messaging app, but you also accommodate some clients who prefer to use email. A high percentage of your staff work remotely, accessing data and services over a VPN. You are reviewing your security procedures in the light of some high-profile hacks of celebrity data. At this point, you want to understand the attack surface and attack vectors by which your private network could be compromised. 1. What remote access methods could an attacker exploit? 2. Focusing on email, think of how email is processed as it is sent by a remote user and received by your company. What are the attack vectors against the company's email servers? How can these be related to adversary capability, assuming the levels to be advanced (most capable), developed, and augmented (least capable)? 3. What comes next in the chain of processing incoming email, and what attack vectors can adversaries exploit? 4. What countermeasures can be deployed for each email attack vector?
Supreeta N.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD