Ethical Hacking Interview Quistions -2020
Q1) Explain about Ethical Hacking?
Ethical Hacking is when the individual is allowed to hacks the systems with the permission to the merchandise owner to search out of weakness in an exceedingly system and the later fix them.
IP address: To every device to an IP address is assigned, so that device can be located to the network.
MAC (Machine Access Control) address: A MAC address is the unique serial number assigned to the every network interface on every device.
- MetaSploit
- WireShark
- NMAP
- John The Ripper
- Maltego
The types of ethical hackers :
- Grey Box hackers
- Black Box penetration Testers
- White BoxpenetrationTesters
Footprinting refers to accumulating and uncovering as much as information about the target network before gaining to access into any network. Then approach adopted by hackers before hacking
- Open Source Footprinting : It will be look for the contact information of administrators that will be used in the guessing password in Social engineering
- Network Enumeration : The hacker tries to identify the domain names and network blocks of target network
- Scanning : Once the network is known, the second step is to spy of active IP addresses on For identifying the active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses.
- Stack Fingerprinting : Once of hosts and port have been mapped by the scanning to network, the final footprinting step can be performed. This is called Stack fingerprinting.
Brute force hack is a technique for the hacking password and get access to the system and network resources, it takes much time, it needs toa hacker to learn about the JavaScripts. For this purpose, one can use of tool name is “Hydra”.
Denial of Service, is aamalicious attack on network that is done by flooding the network with useless to traffic. Although, DOS does not cause any theft of the information or security breach, it can cost the website owner is great deal of money and time.
- Buffer Overflow Attacks
- SYN Attacks
- Teardrop Attacks
- Smurf Attacks
- Viruses
SQL is one of the technique used to steal data from the organizations, it is a fault to created in the application code. SQL injection happens to when you inject the content into an SQL query string and the result mode of content into a SQL query string, and the result modifies the syntax of your query in the ways you did not intend.
Computer based social engineering attacks is,
- Phishing
- Baiting
- Online scams
Phishing technique involves sending of false emails, chats or website to the impersonate real system with aim of stealing information from the original website.
A network sniffer to monitors data flowing over the computer network links. By allowing you to capture and view the packet to level data on your network, sniffer tool can help you to the locate network problems. Sniffers can be used for both stealing information off the network and also for legitimate network management.
ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet to LAN by changing the target computer’s ARP cache with a forged to ARP request and reply to packets.
ARP poisoning can be prevented by following methods:
- Packet Filtering : Packet filters are capable for the filtering out and blocking packets with an conflicting source address information
- Avoid to trust relationship : Organization should be develop protocol that rely on the trust relationship as little as possible
- Use ARP spoofing to detection software : There are programs that inspects and the certifies data before it is the transmitted and to blocks data that is spoofed
- Use cryptographic the network protocols : By using secure an communications protocols like the TLS, SSH, HTTP secure to prevents ARP spoofing attack by the encrypting data prior to transmission and the authentication data when it is received
Mac Flooding is a technique of where the security of given to network switch is compromised. In Mac flooding the hacker or attacker floods to the switch with a large number of frames, then what an switch can handle. This make switch to behaving as a hub and transmits all the packets at all the ports. Taking the advantage of this attacker will try to send his packet inside the network to a steal the sensitive the information.
A Rogue DHCP server is a DHCP server on the network which is not under the control of administration of the network staff. Rogue DHCP Server can be router or modem. It will offer to users IP addresses , default gateway, WINS servers as the soon as user’s logged in. Rogue server can be sniff into all the traffic sent by a client to all other networks.
Cross site scripting is done by the using of known vulnerabilities like web based on applications, their servers or plug-ins users rely upon. Exploiting one of these by inserting malicious coding into the link which appears to be an trustworthy source. When users click on this link of malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing the attacker to steal information.
There are three types of Cross-site scripting:
- Non-persistent
- Persistent
- Server side versus DOM based vulnerabilities
Burp suite is an integrated platform used for the attacking web applications. It consists of all the Burp tools an required for attacking an applications. Burp Suite tool has to same approach for the attacking web applications like framework for handling HTTP requests, upstream proxies, alerting, logging and so on.
- Proxy
- Spider
- Scanner
- Intruder
- Repeater
- Decoder
- Comparer
- Sequencer
- Pharming: In this technique the attacker to compromises the DNS ( Domain Name System) servers or on the user to computers so that traffic is directed to a malicious site
- Defacement: In this technique the attacker replace to organization website with a different to pages. It contains the hackers name, images and may even to include messages and background musics
By adapting following method you can be stop your website from getting hacked,
- Sanitizing and Validating users parameters: By a Sanitizing and Validating user the parameters before submitting them to the database can be reduce the chances of being attacked by SQL injection
- Using Firewall: Firewall can be used to drop traffic from a suspicious IP address if attack is the simple DOS
- Encrypting the Cookies: Cookie or Session poisoning can be prevented by a encrypting the content of cookies, associating cookies with a client IP address and timing out the cookies after some time
- Validating and Verifying user input : This approach is ready to the prevent form tampering by verifying and validating the user input before processing it.
- Validating and Sanitizing headers : This techniques is a useful against cross site scripting or XSS, this technique includes to validating and sanitizing headers, parameters passed via to URL, form parameters and hidden values to the reduce XSS attacks
Keylogger Trojan is a malicious software that can be monitor your keystroke, logging them to a file and sending them off to remote attackers. When the desired to behaviour is observed, it will record to keystroke and the captures your login username and password.
The process of the extracting machine name, user names, network resources, shares and services from the system. Under Intranet environment enumeration techniques is conducted.
To synchronize clocks of the networked computers, NTP (Network Time Protocol) is used. For its primary means of the communication UDP port 123 is used. Over the public in internet NTP can be maintain time to within 10 milliseconds.
MIB ( Management Information Base ) is the virtual databases. It contains all the formal description about the network objects that can be managed using the SNMP. The MIB database is the hierarchical and in MIB each managed objects is addressed through object identifiers (OID).
The types of the password cracking technique includes:
- Attack Brute Forcing
- Attacks Hybrids
- Attack Syllables
- Attack Rules
The types of hacking stages are
- Gaining Access Escalating
- Privileges Executing
- ApplicationsHidings
- Files Covering Tracks
CSRF or Cross site request forgery is an attack from the malicious website that will send a request to an web application that a user is already authenticated against the from a different website. To prevent a CSRF you can append unpredictable challenge token to the each request and associate them with user’s session. It will ensure the developer that the request received is the from a valid source.
Cowpatty is the implemented on an offline dictionary attack against WPA/WPA2 networks utilizing a PSK-based verification (e.g. WPA-Personal). Cowpatty can be execute an enhanced attack if a recomputed PMK document is the accessible for SSID that is being assessed.
Most broadly utilized a scripting language for Hackers is Python. Python has some of very critical to highlights that make it especially to valuable for the hacking, most importantly, it has some pre-assembled is libraries that give some intense is functionality.
Hacking, or targeting on an machine, should have the following 5 phases :
Surveillance : This is the principal stage where the hacker is endeavours to gather as much data is possible about the target.
Scanning : This stage of includes exploiting the data accumulated amid Surveillance stage and utilizing it to the inspect the casualty. The hacker can a utilize computerized devices amid the scanning stage which can be incorporate port scanners, mappers and vulnerability scanners.
Getting access : This is where the real hacking as happens. The hacker attempts to the exploit data found amid the surveillance and the Scanning stage to get access.
Access Maintenance : Once access is gained, hackers need to a keep that access for future the exploitation and assaults by securing their exclusive access with a backdoors, rootkits and Trojans.
Covering tracks : Once hackers have a possessed the capacity to pick up and maintain to access, they cover their tracks and to keep away from getting is detected. This likewise enables them to be proceed with the utilization of the hacked framework and keep themselves away from legitimate activities.
- Guessing. Simple, repeated attempts using a common passwords or known facts about the users.
- Stealing. Physically or electronically acquiring a users passwords– can be include sniffing of the network communications.
- Dictionary Attacks.
- Brute Forces Attacks.
- Rainbows Tables.
- Hybrid Password Attacks.
- Birthday Attacks.
The legal way of accessing the system to find the malicious activities.
- Hacking: it defines the illegal way of accessing the system (Unauthorized Access)
- Ethical hacking: Legal way of accessing the system (Penetration testing)
- To find flaws and vulnerabilities
- To determine the risk to the organization
- Black hats: Using their skills for an offensive purpose
- White hats: Using their skills to defend
- Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Clearing Tracks
Process of collecting information about system or network
Active & Passive
By using a predefined application like Nmap and command line utilities
Extracting information from the system\files.
Brute force attack, dictionary attack and rainbow attack
Malicious code which harms the system
- Black box: No previous knowledge of network
- White box: Knowledge of remote network
Affecting the availability factor (Resource unavailability for Authorized user)
- Capturing of packets in the network
- Tools: Wire shark & Pcap Analyzer
Changing the physical appearance of the website
- Flaws in database
- Tools: SQL map
Aircrack-ng, WiFi Sniffing Kismet
- Changing of default SSID
- Disable SSID
- Router access password
By using Nessus and Acunetix
Possible if the system has vulnerability so that exploitation can be done using Metasploit
Actually, we identify injection vulnerability using web application firewall and automated scanners like burpsuite, zap, etc..
In Http splitting attack attacker sends multiple requests to the same page.
Authentication ,session management, access control,HTTP secure configuration
To prove our self to give the right credentials.
To give permission to the user to access particular resources
To force the sire running in only HTTPS
Which is used for creating a remote connection which helps in performing malicious tasks? The attacker will create a stub, which he will bind with the different file such as pdf, video, pic, etc—- and will pass to the victim by any means necessary, and ask the victim to execute or run the particular file.
This is the fraud attempt usually made via SMS, calls, emails, etc, just to collect credentials of the users.
Please see the example below for spear phishing
From:Security@facebook.com
To- Kumar.p@gmail.com
Subject: Security Alert
Hi Kumar,
Your account has been logged in from Russia (54.67.89.23)
If you want to stop this activity, please click on the link given below.
www.facebook.com/security-system
Regards:
Facebook Team
—————————————————-
You click on the link to stop the activity but your system is injected with the virus.
It’s a way to copy someone’s identity and sent an email from copied ID. The receiver won’t be able to understand whether this is coming from the right source or wrong source.
we use Maltego CE to gather information
Wifi Stands for Wireless Fidelity is a technology used to access communication over a network along with devices.
Steps:
- airmon-ng :(Info and detects the wifi card whether its capable of hacking or not).
- airodump-ng : It will dump the packets in air and used to collect the key (password) to be used later to know the real wifi password.
- aircrack-ng : This is used to decrypt the key which we got from airodump.
The cyber kill chain is a process which defines primary steps of a cyber attack. Below is the 7 stages of cyber kill chain.
- Reconnaissance- Passively( searching information on various search engines like google dork, shodan etc) gathering information about target.
- Weaponization – Preparing remote access malware with an exploit into a deliverable payload.
- Delivery – Transferring payload(any malicious application or script) to victims device by social engineering or by some other method.
- Exploitation – Exploit vulnerable application to make use of delivered payload.
- Installation – Installation of backdoor using payload for remote access.
- Command & Control – After the successful installation of a backdoor device can be controlled remotely and various actions can be performed.( DDOS is the most common attack performed using CnC servers).
- Actions on Objective – Attacker will work to achieve the objective for which attack is performed, which can include data exfiltration or destruction of data or attacking some other device.
CIA are the 3 pillars of Information Security. CIA stands for:-
- Confidentiality – Protecting data from getting shared or accessed by some unauthorized person.
- Integrity- Protecting data from getting tampered by some unauthorized person.
- Availability- As word defines itself, availability of data to authorized person whenever required.
- Black hat- One who performing hacking(penetration or exploitation) without authority and with malicious intent.
- White hat- Authorised penetration tester.
- Grey hat- One who performing hacking(penetration or exploitation) without authority but without malicious intent. They perform the activity for bounty programs or security testing without getting authorized to do so.
- Encryption is used to protect the data from losing its confidentiality and it is a reversible process.
- Hashing is used to maintain the integrity of the data and it is irreversible.
- Sniffing – It is a passive attack in which data packets are captured to get information, remaining away from the victim device.
- Spoofing- It is an active attack pretending to be a trusted user and get connected to the network and gather information.
A vulnerability of system which is unknown to the responsible person and that has got exploited by attackers. The time difference in attack and getting aware of unknown vulnerability is called zero days.
It’s cybercrime where the exploit is performed for demanding money. For example- Ransomware.
Given Below are the top 10 Vulnerability:-
- Injection
- Broken Authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken Access control
- Security misconfigurations
- Cross Site Scripting (XSS)
- Insecure Deserialization
- Using Components with known vulnerabilities
- Insufficient logging and monitoring
A firewall is the First level of security it monitors all the traffic coming to and leaving from the organization, using firewall unauthorized access, malicious source and network traffic can be controlled.
CIA stands for Confidentiality, Integrity, and Availability. These are the 3 basic components for information security which stands to secure our data in an organization
- Confidentiality – it ensures that the data should not be disclosed to unauthorized access, an attacker can breach confidentiality by network sniffing, shoulder surfing or stealing the password files during transmission of data. So, confidentiality can be provided by encrypting the data as it is stored or transmitted from client to server.
- Integrity – It assures the accuracy and reliability of the information and prevents unauthorized modification. An attacker can insert a virus, backdoor or key logger into a system, so the system’s integrity can be compromised.
- Availability – It ensures reliability and timely access to data and resource to authorized people, if resources is not available at the time when is required, it can lead to a huge business loss like which usually happen in DOS attack.
CSRF (Cross-site request forgery) is an attack where the attacker sends the legitimate request or HTML page to authenticate the user to perform some action inattentively. The only condition to perform this attack is a victim should be logged in.
We can mitigate is attack while implementing captcha in all form submitted pages and with CSRF token. And there is another option to mitigate this attack is implementing multi-factor authentication based on the criticality of the application.
Cross-site scripting (XSS) attack is a type of client-side injection attack in which an attacker tries to inject malicious scripts to the legitimate web application. This attack will lead to disclosing cookie information, website defacement, etc.
There are 3 types of Cross-site scripting:
- Reflected XSS – In this type of XSS, the request with malicious scripts send to server and reflected into theclient side.
- Stored XSS – In this type of XSS, malicious scripts stored permanently in server and whenever any user accesses that particular application, malicious script executes.
- DOM-based XSS – In this type of XSS, the request of the malicious script does not send to the server, it executes in theclient sideitself.
There are different types of cookies attributes:
- HTTP-only – It blocks the client-side scripts to access the cookie.
- Secure – Secure flag ensures the cookie will be sent from client to server through an encrypted channel.
- Domain – The domain for which cookie is valid will submit with every request for the same domain and its sub-domain.
- Path – The cookie should be valid for a particular URL or path.
- Expires – It is used to set a persistent cookie and when the cookie should be expired.
Heartbleed is the vulnerability in OpenSSL library, Heartbeat is a component of TSL/SSL protocol when any system sends an encrypted piece of data is called heartbeat request to other systems, the other system will also send an exact same encrypted piece of data to maintain the connection. Now the system which receives the data never checked the size of data which was claimed, so attacker increase the size of data lets say 64kb but actual size of data is 40kb, now the receiving system will send back the data of 64kb in which 24kb is plus size taking form memory buffer whatever happens in next 24kb memory. This extra 24kb data an attacker can extract from a web server. So this is the way we can exploit heartbleed attack.
In the login page web application, we can perform the following task:
- 1st we can try user enumeration, including observing the error getting from the application while giving input of wrong usernames and passwords.
- We can perform SQL injection in all entry points.
- We can perform Clickjacking.
- We can try to login with default username and password
- We can perform a Brute force attack to extract username and password.
- Check for SSL certificate if the application is using weakly encrypted certificate, Man-in-the-middle attack can be performed.
Bind and reverse shell are two different payloads which are used in Metasploit.
The basic difference between bind and reverse shell is, Bind shell uses when payload is sent in intranet for example, If an attacker is there in the same network, can send payload to anyone who has connected in same network and get access of their system, but Reverse shell payload used to access the system which has public IP and is there in internet and it is used to bypass firewall, get entered into any network and access the systems inside the particular network.
Encryption is a two-way process which is used to change the format of data from human-readable format to non-human readable format and vice-versa. we use some algorithm to encrypt the data.
Encryption also has two types:
- Symmetric Encryption – In Symmetric encryption, we use the same key to encrypt and decrypt the data. Ex – 3DES, AES, RC4, etc
- Asymmetric Encryption – In Asymmetric encryption, we use the public key to encrypt the data and private key to decrypt the data. Ex – RSA, DSA, etc.
Hashing is a unidirectional process which is used to store long string data in short length, mostly hashing algorithm uses to retrieve data in databases. Ex – MD5, SHA2, etc.
There is a different way to mitigate SQL injection
- Using parameterized queries which forces the developer to define all sql codes and then passes in parameter to the queries.
- keep up to date application server and database
- Sanitize the inputs and keep input validation properly
- Keep Web application firewall to filter malicious input
Comments
Post a Comment