ECCouncil 312-50v13 - Certified Ethical Hacker Exam (CEHv13)

This phase having the hacker uses different techniques and tools to realize maximum data from the system. they’re –

• Password cracking – Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.

• Password attacks – Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

The AndroidManifest.xml file contains information of your package, including components of the appliance like activities, services, broadcast receivers, content providers etc.

It performs another tasks also:

• it’s responsible to guard the appliance to access any protected parts by providing the permissions.

• It also declares the android api that the appliance goes to use.

• It lists the instrumentation classes. The instrumentation classes provides profiling and other informations. These informations are removed just before the appliance is published etc.

This is the specified xml file for all the android application and located inside the basis directory.

Risk assessment is a key process in security management that identifies, evaluates, and prioritizes risks to organizational operations and assets. It considers various controls and safeguards to mitigate those risks.

Administrative safeguards are part of the components used in risk assessments and include:

Policies

Procedures

Training

Security awareness programs

Incident response planning

From CEH v13:

Module 1: Introduction to Ethical Hacking

Module 20: Cryptography (as it discusses risk management and governance)

Topic: Security Controls and Risk Management Frameworks

CEH v13 Official Courseware states:

“Administrative controls, also known as administrative safeguards, form a critical component of risk assessments. These include documented security policies, user training, security audits, and incident response plans that help an organization manage and reduce risks.”

Incorrect Options:

B. Physical security is a type of safeguard but not typically referred to as a "component" of a risk assessment itself.

C. DMZ (Demilitarized Zone) is a network architecture concept, not a risk assessment component.

D. Logical interface refers to system architecture and network segmentation—not risk assessment methodology.

Comprehensive and Detailed Explanation From CEH v13 Guide:

R-U-Dead-Yet? (RUDY) is a DoS tool that targets web applications by sending slow HTTP POST requests with large Content-Length headers. This consumes server resources, leading to a denial of service.

CEH v13 Reference:

Module 9: Denial-of-Service – DoS Tools

“R-U-Dead-Yet? (RUDY) sends long-form POST requests to consume server-side sessions and exhaust resources without completing the transaction.”

In CEH v13 Module 14: Cryptography, IPSec (Internet Protocol Security) is defined as a framework used to establish secure communication channels over IP networks, particularly in VPNs.

IPSec supports encryption, authentication, and integrity.

Operates in Tunnel Mode (VPNs) or Transport Mode (End-to-End).

Core protocols: AH (Authentication Header) and ESP (Encapsulating Security Payload).

Option Analysis:

A. PEM: Privacy Enhanced Mail (email encryption).

B. PPP: Point-to-Point Protocol (data link layer, not encryption).

C. IPSEC: VPN encryption protocol.

D. SET: Secure Electronic Transaction (used in payment systems, obsolete).

Comprehensive and Detailed Explanation:

In TCP session hijacking or spoofing:

An attacker sends a spoofed packet with the ACK bit set and a guessed (or predicted) sequence number to fool the receiver into thinking it's a legitimate continuation of an existing session.

Fred is simulating this by sending a TCP packet with the ACK bit and using his own IP as the source, trying to trick the switch into believing it's part of an already established session.

From CEH v13 Courseware:

Module 11: Session Hijacking

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant).

https://en.wikipedia.org/wiki/Subnetwork

This is a fairly simple question. You must to understand what a subnet mask is and how it works.

A subnetwork or subnet is a logical subdivision of an IP network.The practice of dividing a network into two or more networks is called subnetting.

Computers that belong to the same subnet are addressed with an identical most-significant bit-group in their IP addresses. This results in the logical division of an IP address into two fields: the network number or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network interface.

The routing prefix may be expressed in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 198.51.100.0/24 is the prefix of the Internet Protocol version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. Addresses in the range 198.51.100.0 to 198.51.100.255 belong to this network. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix.

For IPv4, a network may also be characterized by its subnet mask or netmask, which is the bitmask that when applied by a bitwise AND operation to any IP address in the network, yields the routing prefix. Subnet masks are also expressed in dot-decimal notation like an address. For example, 255.255.255.0 is the subnet mask for the prefix 198.51.100.0/24.

https://en.wikipedia.org/wiki/Residual_risk

The residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures); in other words, the amount of risk left over after natural or inherent risks have been reduced by risk controls.

· Residual risk = (Inherent risk) – (impact of risk controls)

Well-known and widely used password-cracking tools include:

A. L0phtcrack – Windows password auditing tool that can crack LM and NTLM hashes.

E. John the Ripper – Versatile password cracker that supports many hash types on Unix, Windows, etc.

Incorrect Options:

B. NetCat – A network tool used for port scanning and data transfer.

C. “Jack the Ripper” is likely a mistaken reference to John the Ripper.

D. Netbus – A remote access Trojan, not a password cracker.

From CEH v13 Courseware:

Module 6: Password Cracking Tools

Probing the IPC share by attempting to brute force admin credentials is the most appropriate technique for this scenario, because it can reveal valuable information about the target system, such as its operating system, services, users, groups, and shares. An IPC share is a special share that allows processes to communicate with each other over the network using named pipes. An IPC share can be accessed anonymously or with valid credentials, depending on the security configuration of the target system. A brute force attack is a method of trying different combinations of usernames and passwords until a valid pair is found. By using a brute force attack, the tester can try to access the IPC share with admin credentials, which can grant them more privileges and access to more resources on the target system.

The other options are less suitable or effective techniques for this scenario. Brute forcing Active Directory may not be relevant or feasible, as the target system may not be part of a domain or may have strong password policies. Extracting usernames using email IDs may not provide enough information or access to the target system, as email IDs may not match the usernames or passwords. Conducting a DNS zone transfer may not be possible or useful, as the target system may not be a DNS server or may have restricted zone transfers. A DNS zone transfer is a method of obtaining information about the domain names and IP addresses of the hosts in a network by querying a DNS server. References:

Inter-process communication - Wikipedia

IPC$ share and null session behavior - Windows Server

Brute Force Attack: Definition, Examples, and Prevention

DNS Zone Transfer: Definition, Types, and Examples

A hybrid attack is a method that combines the dictionary attack with brute-force techniques. It starts with a list of known words (like in a dictionary attack) and then mutates them by:

Appending or prepending numbers (e.g., password1, 123hello)

Adding special characters (e.g., P@ssword!, admin#123)

Varying letter casing or leetspeak (e.g., h@x0r)

From CEH v13 Courseware:

Module 6: Malware Threats → Password Cracking Methods

Incorrect Options:

B: Linear is not a password cracking method.

C: Symmetric refers to encryption, not password cracking.

D: Brute-force tries every possible combination but does not start with a word list.

Agent Smith Attack

Agent Smith attacks are carried out by luring victims into downloading and installing malicious

apps designed and published by attackers in the form of games, photo editors, or other

attractive tools from third-party app stores such as 9Apps. Once the user has installed the app,

the core malicious code inside the application infects or replaces the legitimate apps in the

victim's mobile device C&C commands. The deceptive application replaces legitimate apps such

as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes

also appears to be an authentic Google product such as Google Updater or Themes. The

attacker then produces a massive volume of irrelevant and fraudulent advertisements on the

victim's device through the infected app for financial gain. Attackers exploit these apps to steal

critical information such as personal information, credentials, and bank details, from the

victim's mobile device through C&C commands.

Hashing algorithms (such as SHA-256 or MD5) are used to generate a unique digital fingerprint of a file or message. Once the CFO approves the financial statement, generating a hash value for the document ensures that if any modification occurs (even a single bit), the hash value will change, indicating a breach in data integrity.

This solution directly addresses integrity — one of the three components of the CIA triad (Confidentiality, Integrity, Availability). Password protection or transferring via USB does not ensure integrity; they offer access control and delivery security.