#Quiz 4

1 messages · Page 1 of 1 (latest)

south nest
#

**1. Bob sends Alice a file that is encrypted using 3DES. What does Alice need to decrypt the file? **

a) Bob's private key
b) Alice's private key
c) Bob's public key
d) the encryption key

**2. The below command is executed. What will nmap do, in order? **

bob@kali:~# nmap -Pn -nvv 1.3.3.7 -sC -sV

a) Host discovery scan, TCP port scan of most common 1000 ports, service enumeration, run default scripts
b) Host discovery scan, TCP port scan of most common 1000 ports, run default scripts, service enumeration
c) Host discovery scan, TCP SYN port scan of most common 1000 ports, service enumeration, run default scripts
d) Host discovery scan, TCP SYN port scan of most common 1000 ports, run default scripts, service enumeration
e) TCP SYN port scan of most common 1000 ports, service enumeration, run default scripts
f) TCP SYN port scan of most common 1000 ports, run default scripts, service enumeration
g) TCP port scan of most common 1000 ports, service enumeration, run default scripts
h) TCP port scan of most common 1000 ports, run default scripts, service enumeration

**3. Based on the information below, what OS is the remote host most likely running? **

PING XX.XX.XXX.XXX (XX.XX.XXX.XXX): 56 data bytes 
64 bytes from XX.XX.XXX.XXX: icmp_seq=0 ttl=112 time=139.293 ms 
64 bytes from XX.XX.XXX.XXX: icmp_seq=1 ttl=112 time=139.423 ms

a) Ubuntu 18.04
b) Windows Server 2019
c) Solaris 11.4
d) Cisco IOS

Answers/discussion below! cattyping

desert ore
#

|| A, A/G???, A ||

south nest
desert ore
#

I can’t decide which.

#

Oh my god, duhhh idiot!

#

Final: || A, G, A ||

south nest
#

😆

silent sphinx
#

Here are my answers and lack of reasoning.

  1. I’ll have to say D. I am wrong but here’s my logic:
    IIRC 3DES is a symmetric encryption algorithm. Bob and Alice should previously agree on a common key for them to share so they can decrypt messages without Eve trying to ruin their lives.

  2. G. By default nmap scans the first 1000 unless you do -p-.
    -nvv is for service enumeration.

  • Pn is going to stop host discovery.
    -sC indicates to use default scripts.
  1. A. Windows is Ping packet size 32. From my ccna days I remember IOS is 100. Not clue about Solaris but I’ll go with Ubuntu.

Edit: my answers remained the same. I just elaborated a bit more.

#

Can’t wait for next week to see the answers!

surreal knoll
#

||1. C, 2. G, 3. A||

radiant cedar
#

||1.d 2.a 3.h||

south nest
valid hatch
#

||A||
||g|| Also skip pings?
||a||

radiant cedar
#

Alice will need her private key to decrypt the message but then encryption key to decrypt the 3DES.

silent sphinx
radiant cedar
#

Yeah I know, just saying in case people used ‘cheese’ for both public key and for encryption key in that case we can say that file can be ‘decrypted’ by the public key 😅 it was one of my standard poor attempts of humor.

silent sphinx
radiant cedar
#

Stealthsploit will kill me for posting food in quiz area but 🤫

#

He can guess which cheese is in the pizza as part of the quiz 🤣

south nest
south nest
radiant cedar
south nest
radiant cedar
#

So guess was correct haha!

south nest
ancient pawn
#

|| 1) D
2) G
3) B (Judging by TTL..) ||

silent sphinx
#

Can’t wait for the answers tomorrow!

south nest
#

Sorry! 😅

silent sphinx
south nest
#

<@&1044715184008204399>
The answers are 1D, 2G, 3B!

1D
3DES is a symmetric encryption algorithm. Unlike asymmetric cryptography where you have a public/private keypair (e.g. SSH, PGP), symmetric algorithms have a single key that's used to both encrypt and decrypt the data, so the first three answers were wrong as they referred to either public or private elements.

2G
-Pn (skip host discovery)
-nvv (-n is disable DNS resolution, -vv is medium verbosity (generally -vvv is best to use at all times) but they can be combined in this case)
-sC (run default scripts)
-sV (service enumeration/detection)
-Pn (skip host discovery)

We can immediately write off options A-D as these include host discovery

If you're running nmap as a privileged user (i.e. root), nmap will SYN scan by default (no need to add -sS)
If you're running nmap as a standard user (i.e. bob in this case), nmap can only do a normal TCP scan (sometimes referred to as a full connect scan, the -sT switch) as standard users don't have the privileges to manipulate TCP traffic (detailed explanation later)

So, knowing this, we can write off options E and F as we see a non-root user is running the scan.

This leaves G and H...

nmap will always do the following phases in order (if selected of course)
Host discovery, port scan, service detection, scripts

With this knowledge, we can exclude H which leaves us with the correct answer of G!

More detail following on from above:
Most of the time you'll run nmap as root and that'll default nmap to SYN scans, which (assuming target port is open) should do:

Kali   --SYN--> Target
Target --SYN/ACK--> Kali
Kali   --RST--> Target

After getting the SYN/ACK, nmap knows it's open and doesn't bother sending the final ACK to save time. Only a privileged user can send a RST after receiving a SYN/ACK.

If you're running nmap as non-root, it'll do a standard TCP scan, where after receiving the SYN/ACK nmap will send the final ACK and then send the RST to tear down the connection and move to the next port.

3B
Different OS's have different default ICMP TTL values (an example https://ostechnix.com/identify-operating-system-ttl-ping/). As a general statement, Linux is 64 and Windows is 128 (although different Linux variants do sometimes vary). A TTL oThe echo response indicates the packet has passed through 16 routers (hops) before being received. Although these TTL's can be modified, they're rarely seen to differ from the defaults.

south nest
desert ore
#

Hahahaah, I got 1 right. #winning

south nest
desert ore
#

100%. Just another day at the office