what was it designed for?
WEP is used on 802.11 networks, what was it designed for?
What do you think is the reason behind this?
Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.
What do you think is the reason behind this?
What will it return?
Look at the following SQL query.
SELECT * FROM product WHERE PCategory=’computers’ or 1=1–‘
What will it return?
Select the best answer.
hown below:
Identify SQL injection attack from the HTTP requests shown below:
What technique does Jimmy use to compromise a database?
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?
How would an attacker use this technique to compromise a database?
A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?
What type of attack did the Hacker attempt?
Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost’s customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost’s customers had been changed! However, moneyhadn’t been removed from the bank. Instead, money was transferred between
accounts. Given this attack profile, John Stevens reviewed the Web application’s logs and found the following entries:
Attempted login of unknown user: johnm
Attempted login of unknown user: susaR
Attempted login of unknown user: sencat
Attempted login of unknown user: pete”;
Attempted login of unknown user: ‘ or 1=1–
Attempted login of unknown user: ‘; drop table logins–
Login of user jason, sessionID= 0x75627578626F6F6B
Login of user daniel, sessionID= 0x98627579539E13BE
Login of user rebecca, sessionID= 0x9062757944CCB811
Login of user mike, sessionID= 0x9062757935FB5C64
Transfer Funds user jason
Pay Bill user mike
Logout of user mike
What type of attack did the Hacker attempt?
what would be among the first steps that he would perform?
When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)
Which of the following activities will not be considered passive footprinting?
Which of the following activities will not be considered passive footprinting?
What would you call such an attack?
Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?