GIAC-GPEN

You are pen testing a Windows system remotely via a raw netcat shell. You want to get a listing of all the local users in the administrators group, what command would you use?

Analyze the screenshot below. What type of vulnerability is being attacked?

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the smss process. You want to dump the SAM database of the remote system so you can crack it offline. Which Meterpreter module would you need to load in addition to the defaults so that you can accomplish this?

Which of the following is the feature that separates the use of Rainbow Tables from other applications such as Cain or John the Ripper?

You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature could you add to the ' Rules of engagement' that could help your team test that part of the target organization?

Which of the following is a WEP weakness that makes it easy to Inject arbitrary clear text packets onto a WEP network?

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

What is the purpose of the following command?C:\>wmic /node:[target IP] /user:[admin-user]/password:[password] process call create [command]

Approximately how many packets are usually required to conduct a successful FMS attack onWEP?

A penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista She issues the following commands:A check of the remote host indicates that Windows Firewall is still running. Why did the command fail?

By default Active Directory Controllers store password representations in which file?

192.168.116.9 Is an IP address forvvww.scanned-server.com. Why are the results from the two scans, shown below, different?

You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1 200, which of the following would you see?

When a DNS server transfers its zone file to a remote system, what port does it typically use?

Which of the following modes describes a wireless interface that is configured to passively grab wireless frames from one wireless channel and pass them to the operating system?

Analyze the command output below. What information can the tester infer directly from the Information shown?

What command will correctly reformat the Unix passwordcopy and shadowcopy Tiles for input to John The Ripper?

You are performing a wireless penetration lest and are currently looking for rogue access points in one of their large facilities. You need to select an antenna that you can setup in a building and monitor the area for several days to see if any access points are turned on during the duration of the test. What type of antenna will you be selecting for this task?

Analyze the command output below. What information can the tester infer directly from the information shown?

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

Given the following Scapy information, how is default Layer 2 information derived?

While performing an assessment on a banking site, you discover the following link: hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company.You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer MisuseAct of 1990?

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data? select * from widgets where name = '[user-input]';

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

Which of the following is a method of gathering user names from a Linux system?

Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?

Why is OSSTMM beneficial to the pen tester?