CREST CPSA 4, CPSA 5 EXAM STUDY GUIDE ANSWERED GRADED A+

TCP - ANSWER Transmission Control Protocol UDP - ANSWER User Datagram Protocol Port 21 - ANSWER FTP FTP - ANSWER File Transfer Protocol Port 22 - ANSWER SSH SSH - ANSWER Secure Shell Port 23 - ANSWER Te ...

TCP - ANSWER Transmission Control Protocol UDP - ANSWER User Datagram Protocol Port 21 - ANSWER FTP FTP - ANSWER File Transfer Protocol Port 22 - ANSWER SSH SSH - ANSWER Secure Shell Port 23 - ANSWER Telnet Port 25 - ANSWER SMTP SMTP - ANSWER Simple Mail Transfer Protocol Port 49 - ANSWER TACACS TACACS - ANSWER Terminal Access Controller Access Control System Port 53 - ANSWER DNS DNS - ANSWER Domain Name System Port 67 (UDP) - ANSWER DHCP (Server) Port 68 (UDP) - ANSWER DHCP (Client) DHCP - ANSWER Dynamic Host Configuration Protocol Port 69 (UDP) - ANSWER TFTP TFTP - ANSWER Trivial File Transfer Protocol Port 80 - ANSWER HTTP HTTP - ANSWER Hypertext Transfer Protocol Port 88 - ANSWER Kerberos Kerberos - ANSWER A computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner Port 110 - ANSWER POP3 POP3 - ANSWER Post Office Protocol version 3 Port 111 - ANSWER RPC RPC - ANSWER Remote Procedure Call Port 123 - ANSWER NTP NTP - ANSWER Network Time Protocol Port 135 - ANSWER Windows RPC (EPM) Port 593 - ANSWER RPC over HTTPS Port 445 - ANSWER SMB SMB - ANSWER Server Message Block Port 137 (UDP) - ANSWER NetBIOS (name services) Port 138 (UDP) - ANSWER NetBIOS (datagram services) Port 139 - ANSWER NetBIOS (session services) NetBIOS - ANSWER Network Basic Input/Output System Port 143 - ANSWER IMAP IMAP - ANSWER Internet Message Access Protocol Port 161 (UDP) - ANSWER SNMP SNMP - ANSWER Simple Network Management Protocol Port 179 - ANSWER BGP BGP - ANSWER Border Gateway Protocol Border Gateway Protocol (BGP) - ANSWER A standardized exterior gateway protocol designed to exchange routing and reach-ability information among autonomous systems on the Internet. The protocol is classified as a path vector protocol. Port 201 - ANSWER AppleTalk Port 389 - ANSWER LDAP LDAP - ANSWER Lightweight Directory Access Protocol Port 443 - ANSWER HTTPS Port 500 (UDP) - ANSWER Internet Key Exchange (IKE) (used with IPSec) ISAKMP ISAKMP - ANSWER Internet Security Association and Key Management Protocol Port 514 (UDP) - ANSWER Syslog Port 520 - ANSWER RIP RIP - ANSWER Routing Information Protocol Port 546 - ANSWER DHCPv6 (client) Port 567 - ANSWER DHCPv6 (servers) Port 587 - ANSWER SMTP Port 902 - ANSWER VMWare Port 1080 - ANSWER Socks Proxy Port 636 - ANSWER LDAPS Port 1194 - ANSWER VPN Port 1433 - ANSWER MS-SQL Port 1434 - ANSWER MS-SQL (monitoring) Port 1521 - ANSWER Oracle Port 1629 - ANSWER DameWare Port 2049 - ANSWER NFS NFS - ANSWER Network File System Port 3128 - ANSWER Squid Proxy Port 3306 - ANSWER MySQL Port 3389 - ANSWER RDP (Remote Desktop Protocol) Port 5060 - ANSWER SIP SIP - ANSWER Session Initiation Protocol Port 5222 - ANSWER Jabber Port 5432 - ANSWER Postgres Port 5666 - ANSWER Nagios Postgres - ANSWER An object-relational database management system with an emphasis on extensibility and standards compliance Nagios - ANSWER Open source system monitoring service Port 5900 - ANSWER VNC VNC - ANSWER Virtual Network Computing Port 6000 - ANSWER X11 X11 - ANSWER A windowing system for bitmap displays, common on Unix-like operating systems. Provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting with a mouse and keyboard. Port 6129 - ANSWER DameWare DameWare - ANSWER Remote Access Software on port 6129 Port 6667 - ANSWER IRC (Internet Relay Chat) Port 9001 - ANSWER Tor Port 9001 - ANSWER HSQL Port 9090 - ANSWER Openfire Port 9100 - ANSWER Jet Direct Yersinia - ANSWER Layer 2 testing tool (STP, CDP, VLAN Trunking, etc) STP - ANSWER Spanning Tree Protocol CDP - ANSWER Cisco Discovery Protocol DTP - ANSWER Dynamic Trunking Protocol HSRP - ANSWER Hot Standby Router Protocol VTP - ANSWER VLAN Trunking Protocol fgdump - ANSWER A utility for dumping passwords on Windows NT/2000/XP/2003 machines Reserved Internal IPs - ANSWER 10.0.0.0/8 (10.0.0.0-10.255.255.255) : Private 127.0.0.0/8 (127.0.0.0-127.255.255.255) : Local Host Loopback 172.16.0.0/12 (172.16.0.0-172.31.255.255) : Private 192.168.0.0/16 (192.168.0.0-192.168.255.255) : Private Symmetric Encryption - ANSWER DES/3DES AES Twofish Blowfish Serpent IDEA RC4, RC5, RC6 CAST Asymmetric Encryption - ANSWER RSA El Gamal ECC Eliptic Curve Diffie-Helman (Key Exchange) Paillier Merkle-Helman Cramer-Shoup Hashes - ANSWER MD5 SHA1 MySQL < 4.1 MySQL5 MD5 (WP) MD5 (phpBB3) LM / NTLM Oracle Default Credentials - ANSWER --Username | Password-- SYSTEM | MANAGER ANONYMOUS | ANONYMOUS SCOTT | TIGER OLAPSYS | MANAGER SYS | CHANGE_ON_INSTALL Port 512 - ANSWER rexec (username / password) Port 513 - ANSWER rlogin (telnet) Port 514 - ANSWER rsh Port 514 - ANSWER rcp LM Hash - ANSWER Primary Windows LAN hash before Windows NT. 14 character limit. DES - ANSWER 56 bit key encryption (16 cycles of 48 bit subkeys) 3DES - ANSWER 168 bit key encryption (48 cycles) TTL for Windows - ANSWER 128 TTL for Linux - ANSWER 64 TTL for Networking Devices / Solaris - ANSWER 255 Cisco Password Encryption - ANSWER secret 4 : Crappy SHA256 secret 5 : Salted MD5 secret 7: Crappy Cisco encryption to prevent cleartext in the config secret 8 : PBKDF2 (Password-Based Key Derivation Function 2) *bruteforce target* secret 9 : scrypt (BINGO) SIP Requests - ANSWER INVITE ACK BYE CANCEL OPTIONS REGISTER PRACK SUBSCRIBE NOTIFY PUBLISH INFO REFER MESSAGE UPDATE SMTP Requests - ANSWER MAIL RCPT DATA SNMP Requests - ANSWER Get GetNext Set GetBulk Response Trap Inform HTTP Status Codes - ANSWER 1xx - Info 2xx - Success 3xx - Redirection 4xx - Error 5xx - Server Error HTTP Status Code 404 - ANSWER NOT FOUND the method is not available HTTP Status Code 301 - ANSWER Moved Permanently HTTP Status Code 302 - ANSWER Temporarily Moved HTTP Status Code 410 - ANSWER Gone SQL Injections (Escape Characters) - ANSWER ' OR '1' = '1' -- ' OR '1' = '1' { ' OR '1' = '1' /* SQL Injections (Type Handling) - ANSWER 1;DROPTABLE users Linux File Permissions - ANSWER drwxrwxrwx 2 user(owner) group size date filename d | rwx | rwx | rwx Filetype | User | Group | Everyone Linux Command : Change Password - ANSWER passwd Linux Command : Find Files of Type - ANSWER find . -type f -iname '*.pdf' locate '*.pdf' Linux File System Structure - ANSWER /bin - User Binaries /boot - Bootup related files /dev - Interface for system devices /etc - System Config Files /home - Base directory for user files /lib - Critical software libraries /opt - Third party software /proc - System and running processes /root - Home for root /sbin - Sys Admin binaries /tmp - Temporary Files /usr - Less critical files /var - Variable system files IPTables - ANSWER A user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores Wireshark and TCPdump - ANSWER Common packet analyzers. Allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached pfSense - ANSWER Open source firewall/router computer software distribution based on FreeBSD Solaris Command : Process Listing - ANSWER prstat -a Solaris Command : Services and Status - ANSWER svcs -a Solaris Command: Start Service (Admin) - ANSWER svcadm start NT 3.1 Versions - ANSWER Windows NT 3.1 (All) NT 3.5 Versions - ANSWER Windows NT 3.5 (All) NT 3.51 Versions - ANSWER Windows NT 3.51 (All) NT 4.0 Versions - ANSWER Windows NT 4.0 (All) NT 5.0 Versions - ANSWER Windows 2000 (All) NT 5.1 Versions - ANSWER Windows XP (Home, pro, MC, Tablet, PC, Starter, Embedded) NT 5.2 Versions - ANSWER Windows XP (64 bit, Pro 64 bit) Windows Server 2003 and R2 Windows Home Server NT 6.0 Versions - ANSWER Windows Vista (All) Windows Server 2008 (Foundation, Standard, Enterprise) NT 6.1 Versions - ANSWER Windows 7 (All) Windows Server 2008 R2 (All) NT 6.2 Versions - ANSWER Windows 8 Windows Phone 8 Windows Server 2012 %SYSTEMDRIVE%\boot.ini - ANSWER Contains the boot options for computers with BIOS firmware running NT-based operating system prior to Windows Vista %SYSTEMROOT%\repair\SAM %SYSTEMROOT%\System32\config\RegBack\SAM - ANSWER Stores Windows users' passwords in a hashed format (in LM hash and NTLM hash). These are backups of C:\windows\system32\config\SAM Windows Commands : System Info - ANSWER ver : OS Version sc query state=all : Services tasklist /svc : Processes and Services echo %USERNAME% : Current user Windows Command : Find Files of Type - ANSWER dir /a /s /n c:\*.pdf* Windows Commands : Add User, Make Admin - ANSWER net user /add net localgroup "Administrators" /add Linux Command : Add User, Make Sudoer - ANSWER useradd (adduser ) passwd sudo useradd sudo (sudo adduser sudo) Command : View Network Info - ANSWER Linux: ifconfig Windows: ipconfig /all Command : Display File Contents - ANSWER Linux: cat Windows: cat nslookup - ANSWER A network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record. IIS 1 Defaults - ANSWER Windows NT Addon IIS 2 Defaults - ANSWER NT 4.0 IIS 3 Defaults - ANSWER NT 4 Service Pack IIS 4 Defaults - ANSWER NT4 Option Pack IIS 5 Defaults - ANSWER Windows 2000 IIS 5.1 Defaults - ANSWER Windows XP IIS 6 Defaults - ANSWER Windows Server 2003, Windows XP Pro IIS 7 Defaults - ANSWER Windows Vista, Server 2008 IIS 7.5 Defaults - ANSWER Windows 7, 2008 R2 IIS 8 Defaults - ANSWER Windows Server 2012, Windows 8 IIS 8.5 Defaults - ANSWER Windows Server 2012 R2, Windows 8.1 IIS 10 v 1607 Defaults - ANSWER Windows Server 2016, Windows 10 Anniversary Update IIS 10 v 1709 Defaults - ANSWER Windows 10 Fall Creators, v1709 IIS 10 v 1809 Defaults - ANSWER Windows Server 2019, Windows 10 October Update Windows Command : Disable Firewall - ANSWER netsh advfirewall set currentprofile state off netsh advfirewall set allprofiles state off Sysinternals Suite - ANSWER A set of powerful Windows administration applications used to view, troubleshoot, and modify Windows functions WMCI - ANSWER Windows Management Instrumentation Command-Line WMCI Command : Execute Process - ANSWER wmci process call create "process_name"