What frequency will you tune the Wireless hardware device to?
You come across a WiFi network in your neighborhood. You pull up your hardware WiFi sniffer from your car and tune into 802.11a network to sniff the Wireless traffic for sensitive data. What frequency will you tune the Wireless hardware device to?
How would you proceed?
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn’t work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system.
How would you proceed?
Which registry entry will you add akey to make it persistent?
You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (
What is wrong with the web application ser input is not sanitize?
Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com’. The application displays server error. What is wrong with the web application ser input is not sanitize?
Identify SQL injection attack from the HTTP requests shown below:
Identify SQL injection attack from the HTTP requests shown below:
What should Stephanie use so that she does not get in trouble for surfing the Internet?
Stephanie works as a records clerk in a large office building in downtown Chicago.On Monday, she went to a mandatory security awareness class (Security5) put on by her company’s IT department.During the class, the IT department informed all employees that everyone’s Internet activity was thenceforth going to be monitored.
Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired.Stephanie’s daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.
What should Stephanie use so that she does not get in trouble for surfing the Internet?
How did the attacker accomplish this hack?
Joseph is the Web site administrator for the Mason Insurance in New York, whose primary website is located at http://www.masonins.com/. Joseph uses his laptop computer regularly for website administration. One night, an associate notifies Joseph that the main Mason Insurance web site had been vandalized! In place of the legitimate content, the hacker had left a message ”H@cker Mess@ge: Y0u @re De@d! Fre@ks! ”
Joseph surfed to the Web site from his office, which was directly connected to Mason Insurance’s internal network using his laptop. However, no changes were apparent to him and he could see the legitimate content. Joseph was puzzled when another employee called in to report the defaced website.
Joseph logged off the company’s internal LAN and accessed the company Web site using his dial- up ISP connection. He browsed to http://www.masonins.com/ and saw the following on the web page:
H@ckermailto:H@cker Mess@gemailto:Mess@ge: Y0u @re De@dmailto:De@d! Fre@ksmailto:Fre@ks!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and found that every system file and all the Web content on the server were intact.
How did the attacker accomplish this hack?
What is Eve trying to do?
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice’s machine. From the command prompt, she types the following command.
For /f okens=1 %%a in (hackfile.txt) do net use * \10.1.2.3c$ /user:dministrator?%%a
What is Eve trying to do?
What category of virus is this?
You receive an e-mail with the following text message.
“Microsoft and AOL today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there’s a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible.”
You launch your antivirus software and scan the suspicious looking file hidserv.exe located in
c:windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file “Human Interface Device Service”.
What category of virus is this?
Why do you think Dan might not be able to get an interactive session?
Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?