14 1

Question 1

___ - file that controls what and where facilities are logged. If remote logging is set, ‘@loghost’ syntax will be present

Answer 1

/etc/syslog.conf

Question 2

Unix/Linux Rootkits:
___ - Replaces system application with rooted system files (ls, find, ps, netstat, login, and passwd commands) and inetd daemon services.

Answer 2

User-Mode

Question 3

unix/linux syntax:
___ - outputs full, long list of active processes.
___ - prints current running processes
___ - prints processes in full list

Answer 3

ps

• e
• f

Question 4

___ - this file is referenced for hostname resolution.

Answer 4

/etc/hosts

Question 5

Unix/Linux Shell History File:

___ - History file is located in user’s home directory as .bash_history.

Answer 5

Bourne Again Shell (bash)

Question 6

unix/linux syntax:
___ - (solaris only) displays information on all users (logged in or not) and system accounts. Output contains user, UID, group name, GUID, and comments.

Answer 6

logins

Question 7

unix/linux syntax:
___ - prints network connections.
options:
___ - displays routing information
___ - displays IP instead of interface
___ - displays connections/listening ports
___ - display associated PID for connections/ports

Answer 7

netstat

• r
• n
• a
• o

Question 8

Overwrite the file with nothing, thereby clearing out all history file content. syntax = ___

Answer 8

echo “” .bash_history

Question 9

unix/linux syntax:

___ - displays logged in username, terminal, login time, and where user is logged in from.

Answer 9

who

Question 10

Tool to be used to conceal files within target system.

Answer 10

touch -t

Question 11

System Change Logs:

___ - searches inside text files for matching patterns.

Answer 11

grep

-v

Question 12

unix/linux syntax:
___ - manages job scheduling with cron jobs.
___ - edit job
___ - list jobs

Answer 12

crontab

• e
• l

Question 13

Unix/Linux Shell History File:

___ - No history file supported. Ideal shell; nothing is recorded or needs to be cleaned.

Answer 13

Bourne Shell (sh)

Question 14

unix/linux syntax:
___ - searches for files across the filesystem.
___ - filename to search for
___ - type of file
___ - modified file time range in minutes

Answer 14

find

• name
• type
• mmin

Question 15

Syntax; Unset history file variable in a bash shell.

Answer 15

unset HISTFILE

Question 16

Unix/Linux Rootkits:

___ - Modifies or replaces firmware to hide below the OS. Very hard to detect. Gets started before the OS.

Answer 16

Firmware

Question 17

unix/linux syntax:
___ - provides interactive monitoring of active processes on UNIX OSs. In Linux, ‘top’ provides the same output.
___ - print info about processes and users

Answer 17

prstat

-a

Question 18

Syntax; Clear the history file in a bash shell.

Answer 18

history -c

Question 19

command to use the unreal exploit

Answer 19

use exploit/unix/irc/unreal_ircd_3281_backdoor

Question 20

unix/linux syntax:

___ - prints ARP cache.

Answer 20

arp

Question 21

Unix/Linux Rootkits:

___ - Exploits functionality of Loadable Kernel Module (LKM) to hide itself below the Application Layer.

Answer 21

Kernel-Mode

Question 22

System Change Logs:

The ___ or ___ can be used to edit plaintext files.

Answer 22

vi editor
or
grep

Question 23

The ___ module exploits a buffer overflow vulnerability in the adm_build_path() function of sadmind.

Answer 23

sadmind_adm_build_path

Question 24

unix/linux syntax:
___ - Display processor (type,processor,chip) info
___ - verbose mode, extra info

Answer 24

psrinfo

-v

Question 25

unix/linux syntax: ___ - displays all system hardware and software revision info ___ - print only patch revision info

Answer 25

showrev | -p

Question 26

unix/linux syntax: | ___ - displays summary of system and user activity.

Answer 26

w

Question 27

___ removes user's last entry from WTMP, UTMP, LASTLOG, WTMPX, and UTMPX files. ___ attempts to remove a username from all possible files and binaries.

Answer 27

ZAP3

Question 28

unix/linux syntax: ___ - displays software package information ___ - list in long format

Answer 28

pkginfo | -l

Question 29

unix/linux syntax: ___ - display amount of disk space by file system ___ - prints block sizes

Answer 29

df | -k

Question 30

ZAP3: | ___ - uses /var/adm/wtmpx to display login/logout and system boot info; most recent entry at top.

Answer 30

last

Question 31

unix/linux syntax: ___ - display current system information ___ - prints all system info

Answer 31

uname | -a

Question 32

unix/linux syntax: ___ - (solaris only) displays logged in username, active process/CPU time owned by user, login time, machine name, and time of day.

Answer 32

whodo

Question 33

___ are software programs and files designed to provide continued unauthorized root access to a system and hide any evidence of compromise.

Answer 33

Rootkits

Question 34

Command to use the sadmind exploit

Answer 34

use exploit/solaris/sunrpc/sadmind_adm_build_path

Question 35

Unix/Linux Enumeration: ___ - Displays logged in users information. option: ___ - displays in long list format

Answer 35

finger | -l

Question 36

Unix/Linus Enumeration: ___ - Displays logged in user information (similar to finger) ___ - display in long list format

Answer 36

rusers | -l

Question 37

Unix/Linux Enumeration: ___ - Display target host RPC services by program, transport, service name, and owner. option: ___ - Display associated port numbers.

Answer 37

rpcinfo | -p

Question 38

Unix/Linux Enumeration: ___ - Displays a target hosts NFS exported file system. option: ___ - Prints the list of shared file systems.

Answer 38

showmount | -e

Question 39

___ (aka port forwarding) is the encapsulation of data for transmission through a network.

Answer 39

Tunneling

Question 40

Tunnel Types: ___ tunnel opens a port on the AP and sends data through the redirector (pivot), who then sends it to the targets vulnerable port.

Answer 40

Forward tunnel

Question 41

Tunnel Types: | ___ tunnel opens a port on the redirector (pivot) and returns data to the AP.

Answer 41

Reverse tunnel