You execute the following netcat command:
c:\target\nc -1 -p 53 -d -e cmd.exe
What action do you want to perform by issuing the above command?
A. Capture data on port 53 and performing banner grabbing.
B. Listen the incoming traffic on port 53 and execute the remote shel .
C. Listen the incoming data and performing port scanning.
D. Capture data on port 53 and delete the remote shel .
TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet
to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly
by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet wil
be ignored and the port wil drop the packet. Which of the following operating systems can be
easily identified with the help of TCP FIN scanning?
B. Red Hat
You work as a professional Ethical Hacker. You are assigned a project to perform blackhat
testing on www.we-are-secure.com. You visit the office of we-are-secure.com as an air-
condition mechanic. You claim that someone from the office called you saying that there is
some fault in the air-conditioner of the server room. After some inquiries/arguments, the
Security Administrator allows you to repair the air-conditioner of the server room.
When you get into the room, you found the server is Linux-based. You press the reboot button
of the server after inserting knoppix Live CD in the CD drive of the server. Now, the server
promptly boots backup into Knoppix. You mount the root partition of the server after replacing
the root password in the /etc/shadow file with a known password hash and salt. Further, you
copy the netcat tool on the server and install its startup files to create a reverse tunnel and move
a shell to a remote server whenever the server is restarted. You simply restart the server, pul
out the Knoppix Live CD from the server, and inform that the air-conditioner is working properly.
After completing this attack process, you create a security auditing report in which you mention
various threats such as social engineering threat, boot from Live CD, etc. and suggest the
countermeasures to stop booting from the external media and retrieving sensitive data. Which of
the following steps have you suggested to stop booting from the external media and retrieving
sensitive data with regard to the above scenario?
Each correct answer represents a complete solution. Choose two.
A. Encrypting disk partitions