UPDATED ACTUAL QUESTIONS AND
CORRECT ANSWERS
What R* services can be used for user enumeration? - CORRECT ANSWER rusers, rwho.
What does rwho do? - CORRECT ANSWER Reports information on logged on users on a
remote host.
What does rwho do? - CORRECT ANSWER Reports all users logged onto machines in the
local network.
How can users be enumerated with SMTP? - CORRECT ANSWER VRFY or RCPT TO
command.
What does finger do? - CORRECT ANSWER Finger is a program that can be used to find
information about users of a system. It usually lists the login name, the full name, and possibly other
details about the user you are fingering. This is a dated service that was used to determine who was
currently on a device. Gets it information from /etc/passwd.
What ports are used for FTP and for what reasons? - CORRECT ANSWER 20 - data and 21 -
command
What kind of access allows any users to interact with an FTP service? - CORRECT ANSWER
Anonymous
What could be risk of allowing anyone to write to FTP service? - CORRECT ANSWER
Potential upload into code execution, obtaining sensitive files, identifying vulnerable version.
What is a mail relay? - CORRECT ANSWER SMTP relay lets users send e-mails through
external servers. Spammers and hackers can use an e-mail server to send spam or malware through e-
mail under the guise of the unsuspecting open-relay owner.
, What is CVE-2003-0694? - CORRECT ANSWER The prescan function in Sendmail 8.12.9
allows remote attackers to execute arbitrary code via buffer overflow attacks.
What is CVE-2003-0161? - CORRECT ANSWER A buffer overflow has been reported in the
prescan() function of Sendmail versions 8.12.9 and earlier. The overflow can be exploited to execute
arbitrary code on the system.
What is CVE-2002-1337? - CORRECT ANSWER Buffer overflow in Sendmail 5.79 to 8.12.7
allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender
and recipient header comments as processed by the crackaddr function of headers.c.
What is NFS? - CORRECT ANSWER NFS is Network File System, a legacy protocol
providing network based file services. Allowing files to be accessed as they would be locally.
How can NFS be restricted? - CORRECT ANSWER The etcexports file can be altered to add a
policy restricting access to certain hosts or directories. The SUID bit can be disabled too.
What is Root Squash? - CORRECT ANSWER Root Squashing remaps the root user to an
anonymous user in NFS. The no_root_squash needs to be changed to root_squash to prevent this.
What options can be set to restrict what can be done to abuse NFS? - CORRECT ANSWER
NoExec - prevents execution of binaries on the system. NoSuid - prevents suid being used on
the system. This is when connecting via NFS.
How can restricted files be accessed via UID/GID manipulation in certain NFS setups? - CORRECT
ANSWER Auth relies on UID and GID from the OS. You can change the UID in a VM to
match that of the target and get their permissions.
What do the /etc/hosts.equiv and.rhosts files do and what are the differences? - CORRECT ANSWER
Gives a specified user(s) permission to log in remotely from the specified host without having
to supply a password. /etc/hosts.equiv is system-wide and applies to everyone, while .rhosts is specific
to the user (and is stored in their home directory).
What is rlogin? - CORRECT ANSWER The rlogin (remote login) utility enables a user to log
automatically into a remote machine without having to supply a username and a Password. Port 513
TCP.