Pen Tests

Question 1

Forceful Directory Browsing

Answer 1

Manually generate URLs designed to access files and folders on a separate host.
Format: IP/Directory
Example: 172.30.0.15/history
Example: 172.30.0.15/wwwroot

Question 2

FTP with FileZilla

Answer 2

• Host: IP address
• Username: anonymous
• Quick Connect
• Select the file to transfer

Question 3

SQL Injection

Answer 3

Enter 1’ OR 1=1;# into a textbox that reads data from a relational database.

Question 4

XSS Reflected

Answer 4

Enter < script >alert(‘This is an XSS exploit!’)</ script > (Remove spaces around script)

Question 5

Command Execution

Answer 5

Enter IP address & netstat -n into a textbox

Question 6

XSS Stored

Answer 6

Enter < script >document.write(“< H1 >You have been hacked!</ H1 >”)</ script > into a textbox. (Remove extra spaces)

Question 7

Ping Flood

Answer 7

Enter IP address ping -f into the command terminal

Question 8

Log Files

Answer 8

Using forceful browsing, search for the logs file.
http://IP address/logs

Question 9

FTP

Answer 9

Attempt to send files to a host using Filezilla.

Question 10

SMTP

Answer 10

Enter > netstat -an > Desktop\netstat_output.txt command into the command terminal. Search through the Notepad file created by the command for an entry associated with port number 25, 587, or 465. (These are the ports SMTP uses.)

Question 11

Loose Lipped Errors

Answer 11

Browse to http://IP address/fnf.html and look at the error message provided. If it displays too much information, then it is loose-lipped.