Ethical Hacking Interview Quistions -2020

 Q1) Explain about Ethical Hacking?

Ethical Hacking is when the individual is allowed to hacks the systems with the permission to the merchandise owner to search out of weakness in an exceedingly system and the later fix them.

Q2) What is IP address and Mac address?

IP address: To every device to an IP address is assigned, so that device can be located to the network.

MAC (Machine Access Control) address: A MAC address is the unique serial number assigned to the every network interface on every device.

Q3) List out some of common tools used by Ethical hackers?
  • MetaSploit
  • WireShark
  • NMAP
  • John The Ripper
  • Maltego
Q4) What are the types of the ethical hackers?

The types of ethical hackers :

  • Grey Box hackers
  • Black Box penetration Testers
  • White BoxpenetrationTesters
Q5) What is the footprinting in ethical hacking? What is techniques used for the footprinting?

Footprinting refers to accumulating and uncovering as much as information about the target network before gaining to access into any network. Then approach adopted by hackers before hacking

  • Open Source Footprinting : It will be look for the contact information of administrators that will be used in the guessing password in Social engineering
  • Network Enumeration : The hacker tries to identify the domain names and network blocks of  target network
  • Scanning : Once the network is known, the second step is to spy of active IP addresses on  For identifying the active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses.
  • Stack Fingerprinting : Once of hosts and port have been mapped by the scanning to network, the final footprinting step can be performed.  This is called Stack fingerprinting.
Q6) Explain what is Brute Force Hack?

Brute force hack is a technique for the hacking password and get access to the system and network resources, it takes much time, it needs toa hacker to learn about the JavaScripts.  For this purpose, one can use of tool name is “Hydra”.

Q7) Explain what is the DOS (Denial of service) attack?

Denial of Service, is aamalicious attack on network that is done by flooding the network with useless to traffic.  Although, DOS does not cause any theft of the information or security breach, it can cost the website owner is great deal of money and time.

Q8) What are the common forms of the DOS attack?
  • Buffer Overflow Attacks
  • SYN Attacks
  • Teardrop Attacks
  • Smurf Attacks
  • Viruses
Q9) Explain what is the SQL injection?

SQL is one of the technique used to steal data from the organizations, it is a fault to created in the application code.  SQL injection happens to when you inject the content into an SQL query string and the result mode of content into a SQL query string, and the result modifies the syntax of your query in the ways you did not intend.

Q10) What are the types of computer based on social engineering attacks?

Computer based social engineering attacks is,

  • Phishing
  • Baiting
  • Online scams
Q11) what is Phishing?

Phishing technique involves sending of  false emails, chats or website to the impersonate real system with aim of stealing information from the original website.

Q12) Explain what is the Network Sniffing?

A network sniffer to monitors data flowing over the computer network links. By allowing you to capture and view the packet to level data on your network, sniffer tool can help you to the locate network problems. Sniffers can be used for both stealing information off the network and also for legitimate network management.

Q13) Explain what is the ARP Spoofing or ARP poisoning?

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet to LAN by changing the target computer’s ARP cache with a forged to ARP request and reply to  packets.

Q14) How you can be avoid or prevent ARP poisoning?

ARP poisoning can be prevented by following methods:

  • Packet Filtering : Packet filters are capable for the filtering out and blocking packets with an conflicting source address information
  • Avoid to trust relationship : Organization should be develop protocol that rely on the trust relationship as little as possible
  • Use ARP spoofing to detection software : There are programs that inspects and the certifies data before it is the transmitted and to blocks data that is spoofed
  • Use cryptographic the network protocols : By using secure an communications protocols like the TLS, SSH, HTTP secure to prevents ARP spoofing attack by the encrypting data prior to transmission and the authentication data when it is received
Q15) What is the Mac Flooding?

Mac Flooding is a technique of where the security of given to network switch is compromised. In Mac flooding the hacker or attacker floods to the switch with a large number of frames, then what an switch can handle. This make switch to behaving as a hub and transmits all the packets at all the ports. Taking the advantage of this attacker will try to send his packet inside the network to a steal the sensitive the information.

Q16) Explain what is the DHCP Rogue Server?

A Rogue DHCP server is a DHCP server on the  network which is not under the control of administration of the network staff. Rogue DHCP Server can be  router or modem.  It will offer to users IP addresses , default gateway, WINS servers as the soon as user’s logged in.  Rogue server can be sniff into all the traffic sent by a client to all other networks.

Q17) Explain what is the Cross-site scripting and what are the types of Cross site scripting?

Cross site scripting is done by the using of known vulnerabilities like web based on applications, their servers or plug-ins users rely upon.  Exploiting one of these by inserting malicious coding into the link which appears to be an trustworthy source.  When users click on this link of malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing the attacker to steal information.

There are three types of Cross-site scripting:

  • Non-persistent
  • Persistent
  • Server side versus DOM based vulnerabilities
Q18) Explain what is the Burp Suite?

Burp suite is an integrated platform used for the attacking web applications. It consists of all the Burp tools an required for attacking an applications.  Burp Suite tool has to same approach for the attacking web applications like framework for handling HTTP requests, upstream proxies, alerting, logging and so on.

Q19) what are the tools That Burp Suite consist of ?
  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer
Q20) Explain what is Pharming and Defacement?
  • Pharming: In this technique the attacker to compromises the DNS ( Domain Name System) servers or on the user to computers so that traffic is directed to a malicious site
  • Defacement: In this technique the attacker replace to organization website with a different to pages.  It contains the hackers name, images and may even to include messages and background musics
Q21) Explain how you can be stop your website getting hacked?

By adapting following method you can be stop your website from getting hacked,

  • Sanitizing and Validating users parameters: By a Sanitizing and Validating user the parameters before submitting them to the database can be reduce the chances of being attacked by SQL injection
  • Using Firewall: Firewall can be used to drop traffic from a suspicious IP address if attack is the simple DOS
  • Encrypting the Cookies: Cookie or Session poisoning can be prevented by a encrypting the content of cookies, associating cookies with a client IP address and timing out the cookies after some time
  • Validating and Verifying user input : This approach is ready to the prevent form tampering by verifying and validating the user input before processing it.
  • Validating and Sanitizing headers :  This techniques is a useful against cross site scripting or XSS, this technique includes to validating and sanitizing headers, parameters passed via to URL, form parameters and hidden values to the reduce XSS attacks
Q22) Explain what is Keylogger Trojan?

Keylogger Trojan is a malicious software that can be monitor your keystroke, logging them to a file and sending them off to remote attackers. When the desired to behaviour is observed, it will record to  keystroke and the captures your login username and password.

Q23) Explain what is the Enumeration?

The process of the extracting machine name, user names, network resources, shares and services from the  system. Under Intranet environment enumeration techniques is conducted.

Q24) Explain what is the NTP?

To synchronize clocks of the networked computers, NTP (Network Time Protocol) is used.  For its primary means of the communication UDP port 123 is used.  Over the public in internet NTP can be maintain time to within 10 milliseconds.

Q25) Explain what is the MIB?

MIB ( Management Information Base ) is the virtual databases.  It contains all the formal description about the network objects that can be managed using the SNMP.  The MIB database is the hierarchical and in MIB each managed objects is addressed through object identifiers (OID).

Q26) Mention what are the types of password cracking techniques?

The types of the password cracking technique includes:

  • Attack Brute Forcing
  • Attacks Hybrids
  • Attack Syllables
  • Attack Rules
Q27) Explain what are the types of the hacking stages?

The types of hacking stages are

  • Gaining Access Escalating
  • Privileges Executing
  • ApplicationsHidings
  • Files Covering Tracks
Q28) Explain what is the CSRF (Cross Site Request Forgery)? How you can to prevent this?

CSRF or Cross site request forgery is an attack from the malicious website that will send a request to an web application that a user is already authenticated against the from a different website. To prevent a CSRF you can append unpredictable challenge token to the each request and associate them with user’s session.  It will ensure the developer that the request received is the from a valid source.

Q29) What is the Cowpatty?

Cowpatty is the implemented on an offline dictionary attack against WPA/WPA2 networks utilizing a PSK-based verification (e.g. WPA-Personal). Cowpatty can be execute an enhanced attack if a recomputed PMK document is the accessible for SSID that is being assessed.

Q30) Why is Python utilize for hacking?

Most broadly utilized a scripting language for Hackers is Python. Python has some of very critical to highlights that make it especially to valuable for the hacking, most importantly, it has some pre-assembled is libraries that give some intense is functionality.

Q31) What are the hacking stages? Explain each stage?

Hacking, or targeting on an machine, should have the following 5 phases :

Surveillance : This is the principal stage where the hacker is endeavours to gather as much data is possible about the target.

Scanning : This stage of  includes exploiting the data accumulated amid Surveillance stage and utilizing it to the  inspect the casualty. The hacker can a utilize computerized devices amid the scanning stage which can be incorporate port scanners, mappers and vulnerability scanners.

Getting access : This is where the real hacking as  happens. The hacker attempts to the exploit data found amid the surveillance and the Scanning stage to get access.

Access Maintenance : Once access is gained, hackers need to a keep that access for future the exploitation and assaults by securing their exclusive access with a backdoors, rootkits and Trojans.

Covering tracks : Once hackers have a possessed the capacity to pick up and maintain to access, they cover their tracks and to keep away from getting is detected. This likewise enables them to be proceed with the utilization of the hacked framework and keep themselves away from legitimate activities.

Q32) What are the types of password attack?
  • Guessing. Simple, repeated attempts using a common passwords or known facts about the users.
  • Stealing. Physically or electronically acquiring a users passwords– can be include sniffing of the network communications.
  • Dictionary Attacks.
  • Brute Forces Attacks.
  • Rainbows Tables.
  • Hybrid Password Attacks.
  • Birthday Attacks.
Q33) What do you mean by ethical hacking?

The legal way of accessing the system to find the malicious activities.

Q34) Difference between hacking Vs. Ethical Hacking.
  • Hacking: it defines the illegal way of accessing the system (Unauthorized Access)
  • Ethical hacking: Legal way of accessing the system (Penetration testing)
Q35) Why ethical hacking?
  • To find flaws and vulnerabilities
  • To determine the risk to the organization
Q36) What are the different types of hackers are their?
  • Black hats: Using their skills for an offensive purpose
  • White hats: Using their skills to defend
Q37) What are the different phases of ethical hacking?
  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Clearing Tracks
Q38) What is foot printing?

Process of collecting information about system or network

Q39) Different types of reconnaissance?

Active & Passive

Q40) How do you do the network port scanning?

By using a predefined application like Nmap and command line utilities

Q41) What is Enumeration?

Extracting information from the system\files.

Q42) Types of password attacks

Brute force attack, dictionary attack and rainbow attack

Q43) What is Trojan?

Malicious code which harms the system

Q44) Types of penetration testing.
  • Black box: No previous knowledge of network
  • White box: Knowledge of remote network
Q45) What is DOS attack?

Affecting the availability factor (Resource unavailability for Authorized user)

Q46) What is sniffing?
  • Capturing of packets in the network
  • Tools: Wire shark & Pcap Analyzer
Q47) What is website defacement?

Changing the physical appearance of the website

Q48) What you meant by SQL Injection attack?
  • Flaws in database
  • Tools: SQL map
Q49) Tools for wireless hacking

Aircrack-ng, WiFi Sniffing Kismet

Q50) What are the countermeasures of wireless attack?
  • Changing of default SSID
  • Disable SSID
  • Router access password
Q51) How do you scan the network vulnerability in the system?

By using Nessus and Acunetix

Q52) How the exploitation does is possible?

Possible if the system has vulnerability so that exploitation can be done using Metasploit

Q53) How do you identify injection vulnerability?

Actually, we identify injection vulnerability using web application firewall and automated scanners like burpsuite, zap, etc..

Q54) What is HTTP splitting attack?

In Http splitting attack attacker sends multiple requests to the same page.

Q55) What is guidelines of owasp ASVS standard?

Authentication ,session management, access control,HTTP secure configuration

Q56) What is meant my authentication?

To prove our self to give the right credentials.

Q57) What is meant by access control?

To give permission to the user to access particular resources

Q58) What is HSTS??

To force the sire running in only HTTPS

Q59) What is Trojans?

Which is used for creating a remote connection which helps in performing malicious tasks? The attacker will create a stub, which he will bind with the different file such as pdf, video, pic, etc—- and will pass to the victim by any means necessary, and ask the victim to execute or run the particular file.

Q60) What is Phishing

This is the fraud attempt usually made via SMS, calls, emails, etc, just to collect credentials of the users.

Q61) What is Spear Phishing

Please see the example below for spear phishing

From:Security@facebook.com

To- Kumar.p@gmail.com

Subject: Security Alert

Hi Kumar,

Your account has been logged in from Russia (54.67.89.23)

If you want to stop this activity, please click on the link given below.

www.facebook.com/security-system

Regards:

Facebook Team

—————————————————-

You click on the link to stop the activity but your system is injected with the virus.

Q62) What is email spoofing?

It’s a way to copy someone’s identity and sent an email from copied ID. The receiver won’t be able to understand whether this is coming from the right source or wrong source.

Q63) How to gather information?

we use Maltego CE to gather information

Q64) Wifi Hacking and steps

Wifi Stands for Wireless Fidelity is a technology used to access communication over a network along with devices.

Steps:

  • airmon-ng :(Info and detects the wifi card whether its capable of hacking or not).
  • airodump-ng : It will dump the packets in air and used to collect the key (password) to be used later to know the real wifi password.
  • aircrack-ng : This is used to decrypt the key which we got from airodump.
Q65) What is Cyber Kill Chain?

The cyber kill chain is a process which defines primary steps of a cyber attack. Below is the 7 stages of cyber kill chain.

  • Reconnaissance- Passively( searching information on various search engines like google dork, shodan etc) gathering information about target.
  • Weaponization – Preparing remote access malware with an exploit into a deliverable payload.
  • Delivery – Transferring payload(any malicious application or script) to victims device by social engineering or by some other method.
  • Exploitation – Exploit vulnerable application to make use of delivered payload.
  • Installation – Installation of backdoor using payload for remote access.
  • Command & Control – After the successful installation of a backdoor device can be controlled remotely and various actions can be performed.( DDOS is the most common attack performed using CnC servers).
  • Actions on Objective – Attacker will work to achieve the objective for which attack is performed, which can include data exfiltration or destruction of data or attacking some other device.
Q66) What do you mean by CIA in Cybersecurity?

CIA are the 3 pillars of Information Security. CIA stands for:-

  • Confidentiality – Protecting data from getting shared or accessed by some unauthorized person.
  • Integrity- Protecting data from getting tampered by some unauthorized person.
  • Availability- As word defines itself, availability of data to authorized person whenever required.
Q67) Who are known as black hat, white hat or grey hat hackers?
  • Black hat- One who performing hacking(penetration or exploitation) without authority and with malicious intent.
  • White hat- Authorised penetration tester.
  • Grey hat- One who performing hacking(penetration or exploitation) without authority but without malicious intent. They perform the activity for bounty programs or security testing without getting authorized to do so.
Q68) How hashing is different from Encryption and where they are used?
  • Encryption is used to protect the data from losing its confidentiality and it is a reversible process.
  • Hashing is used to maintain the integrity of the data and it is irreversible.
Q69) What do you mean by sniffing and spoofing in cybersecurity?
  • Sniffing – It is a passive attack in which data packets are captured to get information, remaining away from the victim device.
  • Spoofing- It is an active attack pretending to be a trusted user and get connected to the network and gather information.
Q70) What is a Zero-day attack?

A vulnerability of system which is unknown to the responsible person and that has got exploited by attackers. The time difference in attack and getting aware of unknown vulnerability is called zero days.

Q71) What do you mean by Cyberextortionist?

It’s cybercrime where the exploit is performed for demanding money. For example- Ransomware.

Q72) Name top 10 vulnerability.

Given Below are the top 10 Vulnerability:-

  • Injection
  • Broken Authentication
  • Sensitive data exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with known vulnerabilities
  • Insufficient logging and monitoring
Q73) What is a Firewall?

A firewall is the First level of security it monitors all the traffic coming to and leaving from the organization, using firewall unauthorized access, malicious source and network traffic can be controlled.

Q74) What is CIA triad in information security?

CIA stands for Confidentiality, Integrity, and Availability. These are the 3 basic components for information security which stands to secure our data in an organization

  • Confidentiality – it ensures that the data should not be disclosed to unauthorized access, an attacker can breach confidentiality by network sniffing, shoulder surfing or stealing the password files during transmission of data. So, confidentiality can be provided by encrypting the data as it is stored or transmitted from client to server.
  • Integrity – It assures the accuracy and reliability of the information and prevents unauthorized modification. An attacker can insert a virus, backdoor or key logger into a system, so the system’s integrity can be compromised.
  • Availability – It ensures reliability and timely access to data and resource to authorized people, if resources is not available at the time when is required, it can lead to a huge business loss like which usually happen in DOS attack.
Q75) What is CSRF attack, and how can we mitigate this?

CSRF (Cross-site request forgery) is an attack where the attacker sends the legitimate request or HTML page to authenticate the user to perform some action inattentively. The only condition to perform this attack is a victim should be logged in.

We can mitigate is attack while implementing captcha in all form submitted pages and with CSRF token. And there is another option to mitigate this attack is implementing multi-factor authentication based on the criticality of the application.

Q76) What is Cross-site scripting attack?

Cross-site scripting (XSS) attack is a type of client-side injection attack in which an attacker tries to inject malicious scripts to the legitimate web application. This attack will lead to disclosing cookie information, website defacement, etc.

There are 3 types of Cross-site scripting:

  • Reflected XSS – In this type of XSS, the request with malicious scripts send to server and reflected into theclient side.
  • Stored XSS – In this type of XSS, malicious scripts stored permanently in server and whenever any user accesses that particular application, malicious script executes.
  • DOM-based XSS – In this type of XSS, the request of the malicious script does not send to the server, it executes in theclient sideitself.
Q77) What are the cookie attributes used in a web application?

There are different types of cookies attributes:

  • HTTP-only – It blocks the client-side scripts to access the cookie.
  • Secure – Secure flag ensures the cookie will be sent from client to server through an encrypted channel.
  • Domain – The domain for which cookie is valid will submit with every request for the same domain and its sub-domain.
  • Path – The cookie should be valid for a particular URL or path.
  • Expires – It is used to set a persistent cookie and when the cookie should be expired.
Q78) Explain Heartbleed attack.

Heartbleed is the vulnerability in OpenSSL library, Heartbeat is a component of TSL/SSL protocol when any system sends an encrypted piece of data is called heartbeat request to other systems, the other system will also send an exact same encrypted piece of data to maintain the connection. Now the system which receives the data never checked the size of data which was claimed, so attacker increase the size of data lets say 64kb but actual size of data is 40kb, now the receiving system will send back the data of 64kb in which 24kb is plus size taking form memory buffer whatever happens in next 24kb memory. This extra 24kb data an attacker can extract from a web server. So this is the way we can exploit heartbleed attack.

Q79) If you get a login page web application, what are the things which can be performed?

In the login page web application, we can perform the following task:

  • 1st we can try user enumeration, including observing the error getting from the application while giving input of wrong usernames and passwords.
  • We can perform SQL injection in all entry points.
  • We can perform Clickjacking.
  • We can try to login with default username and password
  • We can perform a Brute force attack to extract username and password.
  • Check for SSL certificate if the application is using weakly encrypted certificate, Man-in-the-middle attack can be performed.
Q80) Explain the difference between bind shell and reverse shell in Metasploit.

Bind and reverse shell are two different payloads which are used in Metasploit.

The basic difference between bind and reverse shell is, Bind shell uses when payload is sent in intranet for example, If an attacker is there in the same network, can send payload to anyone who has connected in same network and get access of their system, but Reverse shell payload used to access the system which has public IP and is there in internet and it is used to bypass firewall, get entered into any network and access the systems inside the particular network.

Q81) Explain the differences between encryption and hashing.

Encryption is a two-way process which is used to change the format of data from human-readable format to non-human readable format and vice-versa. we use some algorithm to encrypt the data.

Encryption also has two types:

  • Symmetric Encryption – In Symmetric encryption, we use the same key to encrypt and decrypt the data. Ex – 3DES, AES, RC4, etc
  • Asymmetric Encryption – In Asymmetric encryption, we use the public key to encrypt the data and private key to decrypt the data. Ex – RSA, DSA, etc.

Hashing is a unidirectional process which is used to store long string data in short length, mostly hashing algorithm uses to retrieve data in databases. Ex – MD5, SHA2, etc.

Q82) How can SQL injection be mitigated.

There is a different way to mitigate SQL injection

  • Using parameterized queries which forces the developer to define all sql codes and then passes in parameter to the queries.
  • keep up to date application server and database
  • Sanitize the inputs and keep input validation properly
  • Keep Web application firewall to filter malicious input
Q83) What is the difference between Vulnerability Assessment and Penetration testing.
Vulnerability Assessment is a process to identify the weaknesses a

Comments

Popular posts from this blog

Nmap

nslookup

metasploit Framework