π― Exercises
Practice with interactive exercises to reinforce your learning.
0/49
Completed
multiple choice
easy
What Nmap flag performs a SYN stealth scan?...
fill command
medium
Write the Nmap command to scan all TCP ports on 10.10.10.5 with service version detection:...
decision tree
medium
You've found port 445 open on a Windows target. What's the best first step?...
multiple choice
easy
Which tool is used to enumerate SMB shares?...
fill command
medium
Write the command to list SMB shares on 10.10.10.5 using a null session with smbclient:...
case file
hard
<pre>smbclient -L //10.10.10.5 -N
Sharename Type Comment
--------- ---- -------
ADMIN$ Di...
fill command
easy
Write the ffuf command to fuzz directories on http://10.10.10.5 using common.txt:...
multiple choice
medium
What does the -fc flag do in ffuf?...
fill command
easy
Write the command to start a Python HTTP server on port 8000:...
multiple choice
medium
Which Windows command can download files via HTTP without PowerShell?...
fill command
medium
Write a bash reverse shell command connecting to 10.10.14.5 on port 4444:...
decision tree
easy
You got a shell but arrow keys don't work. What's the first step to upgrade it?...
multiple choice
medium
What hashcat mode (-m) is used for NTLM hashes?...
fill command
medium
Write the hashcat command to crack an NTLM hash file (ntlm.txt) using rockyou.txt:...
case file
medium
<pre>PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
445/tcp open microsoft-ds
3306/t...
fill command
hard
Write the command to start a Chisel reverse SOCKS proxy server on port 8000:...
multiple choice
medium
When using proxychains with Nmap, which scan type must you use?...
fill command
medium
Write the BloodHound Python command to collect all data from domain.local as user:pass:...
multiple choice
easy
What tool visualizes Active Directory attack paths?...
fill command
hard
Write the Impacket command to perform Kerberoasting against domain.local (user:pass, DC at 10.10.10.5):...
multiple choice
medium
What hashcat mode is used for Kerberos TGS (Kerberoast) tickets?...
fill command
easy
Write a basic SQL injection payload to bypass login:...
decision tree
medium
You found a potential SQLi point. The app shows no errors. What technique should you try first?...
fill command
medium
Write the sqlmap command to dump the database 'webapp' table 'users' from a vulnerable URL:...
fill command
easy
Write an XSS payload that triggers an alert:...
fill command
medium
Write an LFI payload to read /etc/passwd traversing 5 directories:...
multiple choice
hard
Which PHP wrapper can be used to read PHP source code via LFI?...
fill command
medium
Write a command injection payload using command substitution:...
fill command
easy
Write the command to find SUID binaries on Linux:...
multiple choice
easy
What's the first command to run for Linux privilege escalation?...
case file
hard
<pre>$ sudo -l
User www-data may run the following commands on target:
(ALL) NOPASSWD: /usr/bin/vim</pre>
How do you...
fill command
easy
Write the Windows command to list all user privileges:...
multiple choice
medium
Which registry key indicates AlwaysInstallElevated is enabled?...
fill command
medium
Write the netcat listener command on port 4444:...
multiple choice
easy
What port does SNMP typically use?...
fill command
medium
Write the snmpwalk command to enumerate 10.10.10.5 with community string 'public':...
fill command
medium
In Meterpreter, write the command to add a local port forward from local 8080 to 10.10.10.6:80:...
fill command
medium
Write the evil-winrm command to connect to 10.10.10.5 as user with password pass123:...
fill command
hard
Write the impacket-psexec command to get a shell as admin with NTLM hash aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae9...
fill command
hard
Write the secretsdump command to DCSync as domain\admin with password P@ssw0rd from DC at 10.10.10.5:...
fill command
medium
Write the PowerShell command to download a file from http://10.10.14.5/nc.exe to C:\temp\nc.exe:...
case file
medium
<pre>PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9
80/tcp open http Apache 2.4.29
3306/tcp ...
multiple choice
medium
What magic bytes indicate a GIF file?...
multiple choice
easy
What's the default Burp Suite proxy port?...
fill command
medium
Write an SSRF payload to access the AWS metadata endpoint:...
multiple choice
medium
Which PowerView command finds computers where the current user has local admin access?...
multiple choice
hard
What Active Directory attack extracts the entire domain password database?...
multiple choice
easy
What document defines the scope and rules of engagement for a penetration test?...
fill command
medium
Write an ffuf command to fuzz the 'id' parameter value on http://10.10.10.5/page?id=FUZZ using numbers 1-1000:...