eJPT - eLearnSecurity Junior Penetration Tester Host and Network Auditing Questions and Answers

Question 1

After gaining initial access to a Windows host, a penetration tester wants to audit the system for missing security patches that could be leveraged for privilege escalation.
Which of the following native Windows commands is most suitable for quickly listing the installed hotfixes?

Accepted Answer

wmic qfe list

Answer

systeminfo

Answer

netstat -ano

Answer

tasklist

Question 2

During a network audit, a junior penetration tester captures network traffic using Wireshark. They apply the display filter `http.request.method == "POST"`. What is the primary purpose of using this specific filter?

Accepted Answer

To identify potential login attempts or data submissions over HTTP.

Answer

To isolate all unencrypted web traffic.

Answer

To find DNS queries for HTTP servers.

Answer

To view only the responses from web servers.

Question 3

A penetration tester is auditing a Linux server and wants to review which commands a specific user, 'jdoe', has executed. Assuming the user's command history is being saved, which file should the tester examine?

Accepted Answer

~jdoe/.bash_history

Answer

/etc/passwd

Answer

/var/log/auth.log

Answer

/root/.profile

Question 4

While auditing a network, you identify a device responding on UDP port 161. You suspect it might be running the Simple Network Management Protocol (SNMP) with a default community string. Which of the following actions would be the most effective next step to confirm this and enumerate information?

Accepted Answer

Use a tool like `snmp-check` or `onesixtyone` with a list of common community strings.

Answer

Run an Nmap TCP scan using `nmap -sT -p 161 <IP>`.

Answer

Attempt to connect to the port using Netcat to grab the banner.

Answer

Perform a full UDP port scan on the host using `nmap -sU <IP>`.

Question 5

A penetration tester is performing an internal network audit and needs to check for null sessions on a Windows host at 192.168.1.50. A null session vulnerability could allow an unauthenticated user to enumerate information. Which of the following commands would be used to attempt to establish a null session?

Accepted Answer

rpcclient -U "" -N 192.168.1.50

Answer

smbclient //192.168.1.50/IPC$ -U ""

Answer

net view 192.168.1.50

Answer

nmap -sU --script smb-enum-shares.nse 192.168.1.50

Question 6

During a host audit of a Linux machine, you need to find all files that have the Set User ID (SUID) permission bit set, as these could be potential vectors for privilege escalation. Which of the following commands would accomplish this?

Accepted Answer

find / -perm -u=s -type f 2>/dev/null

Answer

ls -l / -R | grep 'r-s'

Answer

chmod -R u+s /

Answer

grep -r "suid" /etc

After gaining initial access to a Windows host, a penetration tester wants to audit the system for missing security patches that could be leveraged for privilege escalation.Which of the following native Windows commands is most suitable for quickly listing the installed hotfixes?

After gaining initial access to a Windows host, a penetration tester wants to audit the system for missing security patches that could be leveraged for privilege escalation.
Which of the following native Windows commands is most suitable for quickly listing the installed hotfixes?