A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans:
SSH servers: 23
NTP servers: 4
Rsync servers: 5
LDAP servers: 2
Which of the following OSs is the organization most likely using?

• A.Mac OS X
• B.FreeBSD
• C.Microsoft Windows
• D.Linux

Comment: *

Name: *

Email: *

Verification: *

A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal
Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

• A.nc 127.0.0.1 5555
• B.ssh 127.0.0.1 5555
• C.ssh 10.10.1.2
• D.nc 10.10.1.2

Comment: *

Name: *

Email: *

Verification: *

A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

• A.Telnet
• B.DNS
• C.SMTP
• D.HTTP
• E.SNMP
• F.NTP

Comment: *

Name: *

Email: *

Verification: *

Which of the following best explains why a penetration tester would use ProxyChains during an assessment?

• A.To harvest credentials
• B.To fingerprint the organization
• C.To use remote access tools
• D.To automate protocols

Comment: *

Name: *

Email: *

Verification: *

A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?

• A./var/www/html/index.php;whoami
• B.<script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
• C.../../../../../../../../../../etc/passwd
• D.1 UNION SELECT 1, DATABASE(),3--

Comment: *

Name: *

Email: *

Verification: *