Q. What protocol is commonly used for sending emails, operates on TCP port 25, and can be easily identified by telnetting to the service port?

View solution

Q. Which command can be used for information gathering on an SMTP server by connecting to it and using the EXPN and VRFY commands?

View solution

Q. Which protocol has been around since 1971, remains a plaintext, unencrypted protocol operating on TCP port 21, and can be exploited by capturing usernames and passwords on the wire?

View solution

Q. What is one potential avenue for FTP service exploitation?

View solution

Q. What is Kerberoasting?

View solution

Q. Why is Kerberoasting most effective against shorter, less complex passwords?

View solution

Q. What is the purpose of the Kerberoasting toolkit?

View solution

Q. How many steps are involved in the Kerberoasting process?

View solution

Q. What is the purpose of kirbi2john.py in Kerberoasting?

View solution

Q. What does the SambaCry exploit target?

View solution

Q. Why is fingerprinting the operating system important before attempting an Samba exploit?

View solution

Q. What is the purpose of Secure Shell (SSH)?

View solution

Q. Why is attacking systems with SSH services attractive for penetration testers?

View solution

Q. How can penetration testers validate SSH vulnerabilities in an organization?

View solution

Q. What is the purpose of THC Hydra in SSH attacks?

View solution

Q. Which Metasploit modules are used for testing SSH credentials?

View solution

Q. What is a dictionary attack?

View solution

Q. What is the main advantage of hash cracking attacks?

View solution

Q. What is the characteristic of password spraying attacks?

View solution

Q. What is stress testing, and why is it included in penetration tests?

View solution