Ethical Hacking Week 11 Assignment Answers

Course Link: https://onlinecourses.nptel.ac.in/noc23_cs44/course

Q1. Which of the following Metasploit module(s) can be used to establish communication channel
between Metasploit framework and target system?
a. Exploit
b. Payload
c. Auxiliary
d. Encoder
e. msfvenum

Q2. Which of the following command is used to launch Metasploit framework?
a. msfconsole
b. msfvenum
c. Metasploit
d. None of these.

Q3. In Metasploit to check the compatible target (OS) for any exploit, which of the following command (option) is used?
a. Show targets
b. Set payloads
c. Set targets
d. Show payloads
e. None of these.

Q4. We can execute basic commands and tools inside Metasploit console.
a. True
b. False

Q5. Which of the following commands can be used to get user account details in Metasploit framework?
a. getsystem
b. hashdump
c. getuser
d. msfvenum

Q6. Which of the following types of attacks are possible on a webservers/web applications?
a. Denial-of-Services
b. Cross-Site-Scripting
c. SQL Injection
d. Session Hijacking
e. None of these.

Q7. Which of the following tools uses brute-force attack to extract existing and hidden page of a webserver?
a. Dirb
b. sQL MAP
c. Hydra
d. Crunch
e. None of these

Q8. If any web page is vulnerable to error based sql injection, then which of the following is true?
a. It will print error message for incorrect user input.
b. It will not print anything for incorrect user input.

Q9. Which of the following SQLMAP options is used to list all users along with hashed password?
a. –users
b. — passwords
c. –user-pass
d. –user-privileges

Q10. What are some of the software-based countermeasures to prevent timing-based side-channel attack?
a. Use a structured programming language for implementation.
b. Mask the data representation.
c. Introduce redundant computations as required.
d. All of these