NPTEL Ethical Hacking Week 5 Assignment Answers 2024 (July-October)
Ethical Hacking and Network Security: NPTEL Week 5 Assignment Solutions
This article provides a comprehensive guide to solving Week 5: Assignment 5 from the NPTEL Ethical Hacking course. The assignment covers crucial topics such as NMAP options, DoS attacks, vulnerability scanning, and network security tools. By understanding these concepts, students can effectively learn how to identify, exploit, and mitigate security vulnerabilities within various systems and networks. Below are the detailed solutions to each question from the assignment, along with explanations to reinforce your understanding.
1. Which of the following NMAP options can be used to run some of the NMAP scripts?
Answer: e. sC
Reason: The -sC
option in NMAP is used to execute the default set of NMAP scripts, which are designed to detect a wide range of vulnerabilities and information about the target system. This option is essential for performing automated reconnaissance tasks during a network scan.
2. Which of the following NMAP scripts is used to perform a DoS attack?
Answer: e. None of these
Reason: NMAP is primarily a network scanning tool and is not typically used to perform DoS attacks. DoS attacks are often executed using specialized tools designed to flood a target system with excessive requests, leading to service disruption.
3. Which of the following tools/software can be used for scanning vulnerabilities?
Answer: a. Nessus
Reason: Nessus is a widely used vulnerability scanner that helps security professionals identify vulnerabilities in various systems, networks, and applications. It is one of the most reliable tools for vulnerability assessment and management.
4. Which of the following tools can be used to create a dictionary for a dictionary-based password attack?
Answer: b. Crunch
Reason: Crunch is a wordlist generator that can create custom dictionaries based on user-defined character sets and rules. It is often used in brute-force attacks where a precompiled dictionary is necessary to attempt password cracking.
5. Consider the following statements:
- (i) User enumeration refers to collecting details of users and their privileges.
- (ii) Hydra and Crunch tool can be used for user enumeration.
Answer: a. Only (i) is true.
Reason: User enumeration involves gathering information about user accounts, which can be used in subsequent attacks. While Hydra is a password-cracking tool that can be used for brute-force attacks, Crunch is a wordlist generator and not directly used for user enumeration.
6. Assume that we want to connect to a target system (10.0.0.1) through SSH service, the username and password are "user" and "pwd" respectively. Which of the following commands can be used to create a SSH connection?
Answer: a. ssh 10.0.0.1 -l user -p pwd
Reason: The correct SSH command format is ssh [target IP] -l [username] -p [password]
. This command initiates an SSH connection to the target system using the specified username and password.
7. How many words will be generated by Crunch tool if we use the Crunch command as "crunch 1 2 0123456789"?
Answer: 11
Reason: The Crunch command "crunch 1 2 0123456789" generates all possible combinations of the digits 0-9 for lengths 1 and 2. This results in 10 single-digit numbers and 1 empty combination, totaling 11 words.
8. Which of the following can be used for gaining the same level of privilege as the existing one?
Answer: b. Horizontal privilege escalation
Reason: Horizontal privilege escalation occurs when an attacker gains access to another user’s account or data with the same level of access as their own. This type of escalation does not increase privileges but extends access across similar levels.
9. Which of the following tools can be used for user enumeration?
Answer: d. None of these
Reason: While tools like Hydra are used for password cracking, user enumeration is typically performed using different methods or scripts specific to gathering user information. The tools listed are not typically used directly for user enumeration.
10. To download any file from the target system that is connected through FTP connection, which of the following commands can be used?
Answer: b. get
Reason: The get
command is used in FTP to download a file from the remote server to the local machine. It is one of the basic commands in FTP operations.
11. Which of the following statement(s) is/are false?
- (i) Malware are malicious software that damages or disables computer systems and gives limited or full control to the malware creator for the purpose of theft or fraud.
- (ii) Malware can get inside systems through file sharing or fake programs.
- (iii) Malwares can alter, corrupt, modify or delete some data/files.
Answer: d. None of these
Reason: All the statements are true as they accurately describe the nature and behavior of malware. Malware can infiltrate systems through various means, cause significant damage, and often provides unauthorized access to attackers.
12. Which of the following commands is used to delete an ARP entry?
Answer: b. arp -d
Reason: The arp -d
command is used to delete an entry from the ARP (Address Resolution Protocol) table. This command is useful for network troubleshooting and clearing outdated or incorrect ARP entries.
These answers provide clarity on key aspects of network security and ethical hacking, helping students develop a solid understanding of the tools and techniques used in this field. By mastering these concepts, students can better protect systems and networks from potential threats.