ClassQuiz
Play
Explore
Search
Docs
GitHub
Register
Log in
Donate
❤️
ClassQuiz
Play
Block 1 Practical Quiz
Quiz
Made by
@dodosenpai
0
0
1
83
Practice
Download
Report
Ingest the Bloodhound data. What attack is the user ‘white.beard’ vulnerable to?
1: Ingest the Bloodhound data. What attack is the user ‘white.beard’ vulnerable to?
999s
Kerberoast
ASRepRoast
Constrained Delegation
Unconstrained Delegation
Ingest the Bloodhound data. Find a chain from Pedro to htb-svc$. What is the second DACL in this chain?
2: Ingest the Bloodhound data. Find a chain from Pedro to htb-svc$. What is the second DACL in this chain?
999s
GenericAll
GenericWrite
AllExtendedRights
ForceChangePassword
Read the source code of upload.php. Which of the following filenames will bypass the filters AND allow RCE?
3: Read the source code of upload.php. Which of the following filenames will bypass the filters AND allow RCE?
999s
cat.php.jpg
cat.php5
cat.php
cat.jpg.phar
Read the linpeas.1.txt file. How can the user escalate privileges?
4: Read the linpeas.1.txt file. How can the user escalate privileges?
999s
Install a malicious kernel module
Exploit a service
Create a cronjob
Create a new container and mount the root filesystem
Read the vncregistry file. What is the decrypted password?
5: Read the vncregistry file. What is the decrypted password?
999s
VNCPass1
VNCVNC12
Secure!
Passw0rd
Read the lfi.php source code. Which of the following LFI payloads would succeed?
6: Read the lfi.php source code. Which of the following LFI payloads would succeed?
999s
../../../../../etc/passwd
..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
..//..//..//..//..//etc//passwd
....//....//....//....//....//....//etc/passwd
Consider the ldapdomaindump output. Which ASRep-Roastable user is also a domain admin?
7: Consider the ldapdomaindump output. Which ASRep-Roastable user is also a domain admin?
999s
Yolanda Groce
Brian Davis
PROXYAGENT
Matthew Morgan
Consider the ldapdomaindump output. How many computers can each user add to the domain?
8: Consider the ldapdomaindump output. How many computers can each user add to the domain?
999s
10
5
0
8
Consider the crontab file. When is the next time the backup script will run?
9: Consider the crontab file. When is the next time the backup script will run?
999s
10:43 on the 8th of May
10:43 on the 5th of August
6:47 on Sunday
6:52 tomorrow
Consider the linpeas.2.txt file. Which binary can the user use to read privileged files?
10: Consider the linpeas.2.txt file. Which binary can the user use to read privileged files?
999s
vim.basic
perl
python
base64
Extract hashes from lsass.dmp. What is Jordan's SHA1 hash?
11: Extract hashes from lsass.dmp. What is Jordan's SHA1 hash?
999s
369b6cc895433f5534f0a23b3025266ab515a581
9097a5a64cd1d1d79dce421bc5e934c4d2b6f4a7
cba4e545b7ec918129725154b29f055e4cd5aea8
77ba9cd915c8e359d9733edcfe9c61e5aca92afb
Consider the group file. How many users can create containers (not including root)?
12: Consider the group file. How many users can create containers (not including root)?
999s
1
2
3
4
Consider the passwd and shadow files. What is the root user's password?
13: Consider the passwd and shadow files. What is the root user's password?
999s
password
kali
password123
qwertyuiop
Consider the icacls output. What privileges do all users have?
14: Consider the icacls output. What privileges do all users have?
999s
Replace the service binary
Start the service
Update the program
Run the program as administrator
Consider the whoami file. How can the user escalate privileges?
15: Consider the whoami file. How can the user escalate privileges?
999s
Take ownership of registry files
Read Event Logs
Dump LSASS
Load a malicious DLL
Read the sql.php source code. Which of the following SQL injections will extract the flag from the flags table?
16: Read the sql.php source code. Which of the following SQL injections will extract the flag from the flags table?
999s
1%' UNION SELECT 1,2,flag from flags; --
1' UNION SELECT flag from flags; --
1' UNION SELECT flag from flags
1' UNION SELECT flag; --
Which of the following is the best and most consistent method to prevent SQL injections?
17: Which of the following is the best and most consistent method to prevent SQL injections?
999s
Parameterized Queries
Enable database logging
Blacklisting
Front end validation
Consider the winpeas.1.txt file. How can the user escalate privileges?
18: Consider the winpeas.1.txt file. How can the user escalate privileges?
999s
Modify a service
Impersonate a token
Start a scheduled task
Dump registry
Use describeTicket to analyze hacker.ccache using the RC4 hash 9d765b482771505cbe97411065964d5f. What attack is being conducted?
19: Use describeTicket to analyze hacker.ccache using the RC4 hash 9d765b482771505cbe97411065964d5f. What attack is being conducted?
999s
ExtraSIDs
Silver Ticket
Kerberoasting
Golden Ticket
Which php function is used to prevent stored XSS attacks?
20: Which php function is used to prevent stored XSS attacks?
999s
htmlspecialchars
serialize
session_regenerate_id
trim