John works as a professional Ethical Hacker.
He has been assigned the project of testing the security of www.we-are-secure.com.
In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems Location of open ports and applications Now, which of the following tasks should he perform next?
Click on the arrows to vote for the correct answer
A. B. C. D.number of hops reveals the OS of the remote system.
Answer: D and B are incorrect.
John should perform OS fingerprinting first, after which it will be easy to.
John will perform OS fingerprinting on the We-are-secure network.
Fingerprinting is the easiest way to detect the Operating System (OS) of a remote system.
OS detection is important because, after knowing the target system's OS, it becomes easier to hack into the system.
The comparison of data packets that are sent by the target system is done by fingerprinting.
The analysis of data packets gives the attacker a hint as to which operating system is being used by the remote system.
There are two types of fingerprinting techniques as follows: 1.Active fingerprinting 2.Passive fingerprinting In active fingerprinting ICMP messages are sent to the target system and the response message of the target system shows which OS is being used by the remote system.
In passive fingerprinting the identify which services are running on the network since there are many services that run only on a specific operating system.
After performing OS fingerprinting, John install a backdoor.
As an ethical hacker, John's primary objective is to identify vulnerabilities in the target system without causing any damage or disrupting the operations of the organization. John has successfully completed the pre-attack phase, which includes information gathering, network range determination, identification of active systems, and location of open ports and applications.
The next step for John is to perform OS fingerprinting or service fingerprinting to gather more information about the target system. OS fingerprinting involves identifying the operating system of the target system, which can help in identifying the vulnerabilities specific to that operating system. Service fingerprinting involves identifying the applications and services running on the target system and their versions, which can help in identifying known vulnerabilities in those applications and services.
Option A, "Perform OS fingerprinting on the We-are-secure network," is a valid next step for John. This will help him identify the operating systems used by the target system and potentially identify vulnerabilities specific to those systems.
Option B, "Map the network of We-are-secure Inc.," is not necessary at this stage, as John has already determined the network range and identified active systems. Mapping the network would involve creating a detailed diagram of the network, which is useful for gaining a better understanding of the network topology, but it is not essential for identifying vulnerabilities.
Option C, "Install a backdoor to log in remotely on the We-are-secure server," is not an ethical approach and is not a valid next step for John. The objective of ethical hacking is to identify vulnerabilities and help organizations improve their security, not to gain unauthorized access to systems or networks.
Option D, "Fingerprint the services running on the we-are-secure network," is also a valid next step for John. Service fingerprinting can help identify known vulnerabilities in the applications and services running on the target system, which can help John focus his efforts on those specific areas.
In summary, the correct answer is either A or D, and both options involve performing fingerprinting techniques to gather more information about the target system.