Hello readers , below i have listed some of the important Pentesting Interview Questions , Hope they may help you !!
1 what is penetration testing ?
A test to identify the security weakness in a website because of poor
configuration in a web, due to the vulnerabilities in the OS on which
the website is running, Instead of taking malicious advantage of it,
exposes the weakness in a way that will allow web owners to fix the
sensitive areas before it can be taken advantage by hackers
-----------------
1 Advantages of penetration testing :?
The advantage of penetration testing is that it gives you very
accurate information about the real security posture of your system.
Is my system secure?
How do I know it is secure?
What are the consequences if someone breaks into it?
----------------------------
1 difference between pentest and vulnerability assesment ?
A Penetration Test mainly consists of a VA, but it goes one step further..
A penetration test is a method of evaluating the security of a
computer system or network by simulating an attack by a malicious
hacker. The process involves an active analysis of the system for any
weaknesses, technical flaws or vulnerabilities. This analysis is
carried out from the position of a potential attacker, and can involve
active exploitation of security vulnerabilities. Any security issues
that are found will be presented to the system owner together with an
assessment of their impact and often with a proposal for mitigation or
a technical solution.
A vulnerability assesment is what most companies generally do, as the
systems they are testing are live production systems and can’t afford
to be disrupted by active exploits which might crash the system.
------------------------------ ---------
what you have done in pentest ?
say what modules r there in jsky and acunetix with two lines of
explanation with each module
very imp
http://www.acunetix.com/ vulnerabilities/
learn definitions for all modules in this link only 10-15 modules
------------------------------ --
Full path disclosure ?
By injecting unexpected data into a parameter. it's possible to
generate an error that will reveal the full path of the script.
--------------------------
sql injection ?
SQL injection is a vulnerability that allows an attacker to alter
backend SQL statements by manipulating the user input. An SQL
injection occurs when web applications accept user input that is
directly placed into a SQL statement and doesn't properly filter out
dangerous characters.
This is one of the most common application layer attacks currently
being used on the Internet. Despite the fact that it is relatively
easy to protect against, there is a large number of web applications
vulnerable.
-----------------
what is sniffing
Sniffers monitor network data. A sniffer can be a self-contained
software program or a hardware device with the appropriate software or
firmware programming. Sniffers usually act as network probes or
"snoops." They examine network traffic, making a copy of the data
without redirecting or altering it. Some sniffers work only with
TCP/IP packets, but the more sophisticated tools can work with many
other protocols and at lower levels including Ethernet frames.
very imp=
sniffer sniff the website traffic in a network from all computers and
shows webtraffiuc in one computer as
who visite which website and what is their password(i mean web paswords)
---------------------
where sniffing can be done
it can be done only in a lan
in switched network
in hub network
in hub network install cain and abel we can see packets of all
computers in a lan
very imp
but in switched network if we want to sniff the data between two people
then we change our mac address to one among two people
then can we can see traffic between them nothing but
conversation or packets between them
------------------------------ ------------------
how to block sniffing
to block sniffing we have to use switch to connect computers
but still sniffing can be done
so we can say as sniffing is possible we cant stop but we can trace
------------------------------
how to trace someone sniffed packets or not
we can trace him
if he tries to send arp request in network
then he is trying to get someone mac (we can detect this using network
moniter tool)
and also if he changes his mac then we can see in our server logs of
lan as he changed mac same computer nam , 2 mac ips
------------------------------ ----------------
what r the disadvantages of sniffing
others can see our passwords
without sending him any virus
------------------------------ -
what r the advantages of sniffing
others can see our passwords
without sending him any virus
------------------------------ -----------
what is mitm?
man in the middle attack
ut in switched network if we want to sniff the data between two people
then we change our mac address to one among two people
then can we can see traffic between them nothing but
conversation or packets between them
----------------------------
what is malware
why it has got specific name
it has got a name
it is used to steal personal information like
passwordsds
caard information
-----------------------------
what tools u used in penetration testing
nstealth
coreimpact
webinspect
jsky
acunetix
----------------------------
whjat r the difference between pentest tools
you have used
nstealth
coreimpact
webinspect
jsky
acunetix
tell modules names of each
------------------------------ ---------
tell me any realtime situyation which you have faced in the field of
network secutrity or pentest
tell any story that viruus came yoiun removed manually
or hacked a pc
you detected in strange way for 2-3 minutes
first i tried this
then i tried that any shit story
-------------------------
commonly used 10 tcp and udp ports
Commonly Used Port Numbers
The following port numbers are unofficial list of commonly used for
linux/unix based servers.
Port Number Protocol
Function
21 TCP FTP (File Transfer Protocol)
22 TCP/UDP SSH (ssh,scp copy or sftp)
23 TCP/UDP Telnet
25 TCP/UDP SMTP (for sending outgoing emails)
43 TCP WHOIS function
53 TCP/UDP DNS Server (Domain name service for DNS requests)
67
68
UDP
TCP DHCP Server
DHCP Client
70 TCP Gopher Protocol
79 TCP Finger protocol
110 TCP POP3 (for receiving email)
119 TCP NNTP (Network News Transfer Protocol)
143 TCP/UDP IMAP4 Protocol (for email service)
194 TCP IRC
389 TCP/UDP LDAP (light weight directory access)
443 TCP Secure HTTP over SSL (https)
465 TCP Secure SMTP (email) using SSL
990 TCP/UDP Secure FTP using SSL
993 TCP Secure IMAP protocol over SSL (for emails)
1433 TCP/UDP Microsoft SQL server port
2082 TCP Cpanel default port
2083 TCP Cpanel over SSL
2086 TCP Cpanel Webhost Manager (default)
2087 TCP Cpanel Webhost Manager (with https)
2095 TCP Cpanel Webmail
2096 TCP Cpanel secure webmail over SSL
2222 TCP DirectAdmin Server Control Panel
3306 TCP/UDP MySQL Database Server
4643 TCP Virtuosso Power Panel
5432 TCP PostgreSQL Database Server
8080 TCP HTTP port (alternative one for port 80)
8087 TCP Plesk Control Panel Port (default)
8443 TCP Plesk Server Control Panel over SSL
9999 TCP Urchin Web Analytics
10000 TCP Webmin Server Control Panel
19638 TCP Ensim Server Control Panel
--------------------------
difference between tcp and udp
very imp
Difference TCP vs UDP Protocol
TCP/IP Protocol
It is a connection oriented protocol
UDP Protocol
It is connectionless protocol which means it can send packets without
establishing connection with the receiver at first.
tcp
It has flow control and error correction
udp
------------------------------ -------------------------
what was your role in the field of network security
tell abt 10 mins
------------------------------ -----------------
why r u leaving this compnay
------------------------------ --------
on which site you have done pentest, what was the report
i have done on one site
it is vulnerable to say any 5- 7 points of jsky
------------------------------ ---------------
what was ur role in compnay
network security web security
------------------------------ -----------
where sql injection can be done ?
imp
website with login form (in form fields)
input variables which stores values (in urls)
----------------------------- -------------
what you can u do with sql injection
many things like
deface a site
download databvase
add user to database
login as ist user in ddatabase
and we can execute any sql command on website
------------------------------ -----------
how to fix sql injection
do not allow arbitary quotes like # ' --
and also dont allow sql commands like select update delete join union
in form fields
------------------------------ ----------
very imp
how can we say site is vvulnerable to sql injection
we cant say like if it doesnt generate sql error then it is not
vulnerable to sql injection
its all about the fate of the web developer
where the situation allows to enter sql commands or
sql doesnt understand arbitray quotes and reveals db name or direclt logins us
----------------------
very imp
types of layers in networking
http://www.waterwheel.com/ Guides/networking_basics_0002. htm
http://www.comptechdoc.org/ independent/networking/ protocol/protlayers.html
---------------
types of protocols
Compare the Network Protocols
Protocol Cable Speed Topology
Ethernet Twisted Pair, Coaxial, Fiber 10 Mbps Linear Bus, Star, Tree
Fast Ethernet Twisted Pair, Fiber 100 Mbps Star
LocalTalk Twisted Pair .23 Mbps Linear Bus or Star
Token Ring Twisted Pair 4 Mbps - 16 Mbps Star-Wired Ring
FDDI Fiber 100 Mbps Dual ring
ATM Twisted Pair, Fiber 155-2488 Mbps Linear Bus, Star, Tree
------------------
types of networks
* LAN (local area network)
* MAN (metropolitan area network)
* WAN (wide area network)
There are two other types of net
---------------------
types of flags
By now, you've already seen SYN, ACK, FIN, and RST flags. In addition
------------------------------ ------
types of protocols
IP (Internet Protocol)
TCP (Transmission Control Protocol)
UDP (User Datagram Protocol)
http://www.knowplace.org/ pages/howtos/firewalling_with_ netfilter_iptables/ip_ overview.php
-------------------
packet structure
http://www.freesoft.org/CIE/ Course/Section3/7.htm
----------------------
what does flag do???
The SYN and Fin flags are used when establishing and terminating a TCP
connection, respectively.
------------------
# The SYN and Fin flags are used when establishing and terminating a
TCP connection, respectively.
# The ACK flag is set any time the Acknowledgement field is valid,
implying that the receiver should pay attention to it.
# The URG flag signifies that this segment contains urgent data. When
this flag is set, the UrgPtr field indicates where the non-urgent data
contained in this segment begins.
--------------
what is syn flood
A SYN flood is a form of denial-of-service attack in which an attacker
sends a succession of SYN requests to a target's system
------------------
What is GPG/PGP?
PGP/GPG are tools for encrypting and signing files and e-mail messages
------------------------------ ---------
what is ssl certificate
The SSL certificate itself is a text file; it is encrypted data that
your web server will be able to understand when installed as a digital
certificate.
----------------------
how to create ssl certificate
using opensssh
A test to identify the security weakness in a website because of poor
configuration in a web, due to the vulnerabilities in the OS on which
the website is running, Instead of taking malicious advantage of it,
exposes the weakness in a way that will allow web owners to fix the
sensitive areas before it can be taken advantage by hackers
-----------------
1 Advantages of penetration testing :?
The advantage of penetration testing is that it gives you very
accurate information about the real security posture of your system.
Is my system secure?
How do I know it is secure?
What are the consequences if someone breaks into it?
----------------------------
1 difference between pentest and vulnerability assesment ?
A Penetration Test mainly consists of a VA, but it goes one step further..
A penetration test is a method of evaluating the security of a
computer system or network by simulating an attack by a malicious
hacker. The process involves an active analysis of the system for any
weaknesses, technical flaws or vulnerabilities. This analysis is
carried out from the position of a potential attacker, and can involve
active exploitation of security vulnerabilities. Any security issues
that are found will be presented to the system owner together with an
assessment of their impact and often with a proposal for mitigation or
a technical solution.
A vulnerability assesment is what most companies generally do, as the
systems they are testing are live production systems and can’t afford
to be disrupted by active exploits which might crash the system.
------------------------------
what you have done in pentest ?
say what modules r there in jsky and acunetix with two lines of
explanation with each module
very imp
http://www.acunetix.com/
learn definitions for all modules in this link only 10-15 modules
------------------------------
Full path disclosure ?
By injecting unexpected data into a parameter. it's possible to
generate an error that will reveal the full path of the script.
--------------------------
sql injection ?
SQL injection is a vulnerability that allows an attacker to alter
backend SQL statements by manipulating the user input. An SQL
injection occurs when web applications accept user input that is
directly placed into a SQL statement and doesn't properly filter out
dangerous characters.
This is one of the most common application layer attacks currently
being used on the Internet. Despite the fact that it is relatively
easy to protect against, there is a large number of web applications
vulnerable.
-----------------
what is sniffing
Sniffers monitor network data. A sniffer can be a self-contained
software program or a hardware device with the appropriate software or
firmware programming. Sniffers usually act as network probes or
"snoops." They examine network traffic, making a copy of the data
without redirecting or altering it. Some sniffers work only with
TCP/IP packets, but the more sophisticated tools can work with many
other protocols and at lower levels including Ethernet frames.
very imp=
sniffer sniff the website traffic in a network from all computers and
shows webtraffiuc in one computer as
who visite which website and what is their password(i mean web paswords)
---------------------
where sniffing can be done
it can be done only in a lan
in switched network
in hub network
in hub network install cain and abel we can see packets of all
computers in a lan
very imp
but in switched network if we want to sniff the data between two people
then we change our mac address to one among two people
then can we can see traffic between them nothing but
conversation or packets between them
------------------------------
how to block sniffing
to block sniffing we have to use switch to connect computers
but still sniffing can be done
so we can say as sniffing is possible we cant stop but we can trace
------------------------------
how to trace someone sniffed packets or not
we can trace him
if he tries to send arp request in network
then he is trying to get someone mac (we can detect this using network
moniter tool)
and also if he changes his mac then we can see in our server logs of
lan as he changed mac same computer nam , 2 mac ips
------------------------------
what r the disadvantages of sniffing
others can see our passwords
without sending him any virus
------------------------------
what r the advantages of sniffing
others can see our passwords
without sending him any virus
------------------------------
what is mitm?
man in the middle attack
ut in switched network if we want to sniff the data between two people
then we change our mac address to one among two people
then can we can see traffic between them nothing but
conversation or packets between them
----------------------------
what is malware
why it has got specific name
it has got a name
it is used to steal personal information like
passwordsds
caard information
-----------------------------
what tools u used in penetration testing
nstealth
coreimpact
webinspect
jsky
acunetix
----------------------------
whjat r the difference between pentest tools
you have used
nstealth
coreimpact
webinspect
jsky
acunetix
tell modules names of each
------------------------------
tell me any realtime situyation which you have faced in the field of
network secutrity or pentest
tell any story that viruus came yoiun removed manually
or hacked a pc
you detected in strange way for 2-3 minutes
first i tried this
then i tried that any shit story
-------------------------
commonly used 10 tcp and udp ports
Commonly Used Port Numbers
The following port numbers are unofficial list of commonly used for
linux/unix based servers.
Port Number Protocol
Function
21 TCP FTP (File Transfer Protocol)
22 TCP/UDP SSH (ssh,scp copy or sftp)
23 TCP/UDP Telnet
25 TCP/UDP SMTP (for sending outgoing emails)
43 TCP WHOIS function
53 TCP/UDP DNS Server (Domain name service for DNS requests)
67
68
UDP
TCP DHCP Server
DHCP Client
70 TCP Gopher Protocol
79 TCP Finger protocol
110 TCP POP3 (for receiving email)
119 TCP NNTP (Network News Transfer Protocol)
143 TCP/UDP IMAP4 Protocol (for email service)
194 TCP IRC
389 TCP/UDP LDAP (light weight directory access)
443 TCP Secure HTTP over SSL (https)
465 TCP Secure SMTP (email) using SSL
990 TCP/UDP Secure FTP using SSL
993 TCP Secure IMAP protocol over SSL (for emails)
1433 TCP/UDP Microsoft SQL server port
2082 TCP Cpanel default port
2083 TCP Cpanel over SSL
2086 TCP Cpanel Webhost Manager (default)
2087 TCP Cpanel Webhost Manager (with https)
2095 TCP Cpanel Webmail
2096 TCP Cpanel secure webmail over SSL
2222 TCP DirectAdmin Server Control Panel
3306 TCP/UDP MySQL Database Server
4643 TCP Virtuosso Power Panel
5432 TCP PostgreSQL Database Server
8080 TCP HTTP port (alternative one for port 80)
8087 TCP Plesk Control Panel Port (default)
8443 TCP Plesk Server Control Panel over SSL
9999 TCP Urchin Web Analytics
10000 TCP Webmin Server Control Panel
19638 TCP Ensim Server Control Panel
--------------------------
difference between tcp and udp
very imp
Difference TCP vs UDP Protocol
TCP/IP Protocol
It is a connection oriented protocol
UDP Protocol
It is connectionless protocol which means it can send packets without
establishing connection with the receiver at first.
tcp
It has flow control and error correction
udp
------------------------------
what was your role in the field of network security
tell abt 10 mins
------------------------------
why r u leaving this compnay
------------------------------
on which site you have done pentest, what was the report
i have done on one site
it is vulnerable to say any 5- 7 points of jsky
------------------------------
what was ur role in compnay
network security web security
------------------------------
where sql injection can be done ?
imp
website with login form (in form fields)
input variables which stores values (in urls)
-----------------------------
what you can u do with sql injection
many things like
deface a site
download databvase
add user to database
login as ist user in ddatabase
and we can execute any sql command on website
------------------------------
how to fix sql injection
do not allow arbitary quotes like # ' --
and also dont allow sql commands like select update delete join union
in form fields
------------------------------
very imp
how can we say site is vvulnerable to sql injection
we cant say like if it doesnt generate sql error then it is not
vulnerable to sql injection
its all about the fate of the web developer
where the situation allows to enter sql commands or
sql doesnt understand arbitray quotes and reveals db name or direclt logins us
----------------------
very imp
types of layers in networking
http://www.waterwheel.com/
http://www.comptechdoc.org/
---------------
types of protocols
Compare the Network Protocols
Protocol Cable Speed Topology
Ethernet Twisted Pair, Coaxial, Fiber 10 Mbps Linear Bus, Star, Tree
Fast Ethernet Twisted Pair, Fiber 100 Mbps Star
LocalTalk Twisted Pair .23 Mbps Linear Bus or Star
Token Ring Twisted Pair 4 Mbps - 16 Mbps Star-Wired Ring
FDDI Fiber 100 Mbps Dual ring
ATM Twisted Pair, Fiber 155-2488 Mbps Linear Bus, Star, Tree
------------------
types of networks
* LAN (local area network)
* MAN (metropolitan area network)
* WAN (wide area network)
There are two other types of net
---------------------
types of flags
By now, you've already seen SYN, ACK, FIN, and RST flags. In addition
------------------------------
types of protocols
IP (Internet Protocol)
TCP (Transmission Control Protocol)
UDP (User Datagram Protocol)
http://www.knowplace.org/
-------------------
packet structure
http://www.freesoft.org/CIE/
----------------------
what does flag do???
The SYN and Fin flags are used when establishing and terminating a TCP
connection, respectively.
------------------
# The SYN and Fin flags are used when establishing and terminating a
TCP connection, respectively.
# The ACK flag is set any time the Acknowledgement field is valid,
implying that the receiver should pay attention to it.
# The URG flag signifies that this segment contains urgent data. When
this flag is set, the UrgPtr field indicates where the non-urgent data
contained in this segment begins.
--------------
what is syn flood
A SYN flood is a form of denial-of-service attack in which an attacker
sends a succession of SYN requests to a target's system
------------------
What is GPG/PGP?
PGP/GPG are tools for encrypting and signing files and e-mail messages
------------------------------
what is ssl certificate
The SSL certificate itself is a text file; it is encrypted data that
your web server will be able to understand when installed as a digital
certificate.
----------------------
how to create ssl certificate
using opensssh
1 comments:
Hi
Tks very much for post:
I like it and hope that you continue posting.
Let me show other source that may be good for community.
Source: Security manager interview questions
Best rgs
David
Post a Comment