Attacks Flashcards

1
Q

utilizes deception and manipulation to perform an action or reveal information that may compromise a target.
Is one of the most popular and successful tactics used when exploiting a target.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

are the pathways, methods or routes used by the attacker to exploit vulnerabilities and gain access to unauthorized networks or systems, in order to deliver a payload causing harm.

While social engineering in and of itself is not inherently technical, it presents a great deal of opportunity as an ______________.

A

Attack vectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

is an application that is included with the Kali and ParrotOS distributions of Linux.

  • The SE Toolkit contains a compilation of applications to enable target network access through various social engineering methods.
A

Social Engineering Toolkit (SET)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

refer to websites that are popular and frequently visited

A

Watering hole(s)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

are targeted social engineering attacks where a website is chosen due to its frequent visitors and then compromised, while the attacker waits for users to show up and to infects the sites visitors with malware.

Targets can also be lead to a watering hole as well through social engineering tactics.

Watering Hole Attacks often utilize Cross-Site Scripting and SQL Injection as a means of exploit.

A

Watering Hole Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What application contains various scripts that enable target network access through social engineering?

A

SET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Watering Hole Attacks often utilize _______ and _______as a means of exploit.

A

Cross-Site Scripting and SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a website that is targeted based on the amount of users that frequent it known as?

A

Water hole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

___________ is a type of injection exploit, where malicious scripts are injected into a trusted website. This occurs when an attacker sends malicious code, usually as a browser side script to another user through a web application.

A

Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When an attacker conducts ____________and sends a malicious script to an end user, the browser that the end user is using, will execute the script, believing it to be legitimate.

A

cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

______ exploits primarily utilize Javascript, though ______ exploits have been known to also use VBScript, ActiveX, Flash and CSS

A

XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

XSS can lead to:

A
  • Identity Theft
  • Access of sensitive or restricted information
  • Collection of user cookies, and user credential enumeration
  • Altered browser function
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

XSS: There are several types of cross-site scripting, _______, ________, ______. and ________; however none of these types are absolute as there is some overlap between the two

A

Reflected XSS, Stored XSS, Blind XSS and DOM Based XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

XSS: Because of the existing overlap, they have now been narrowed down into two further categories

A
  • Server XSS
  • Client XSS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

XSS: is a type of XSS where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.

A

Reflected XSS; is also sometimes referred to as Non-Persistent or Type-I XSS.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

XSS: When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.

A

XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

XSS: is a type of XSS where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.

A

Stored XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

XSS: The victim then retrieves the malicious script from the server when it requests the stored information.

Stored XSS is also sometimes referred to as ______ or ______

A

Persistent or Type-II XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

XSS: defines the logical structure of documents and the way a document is accessed and manipulated

A

Document Object Model (DOM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

XSS: Stored XSS can be more dangerous because it?

A
  • does not require a user to click on a malicious link, but instead to simply visit the trusted website.
  • Stored XSS can be used to keylog, gather session information, or deploy malicious payloads to visiting users.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

XSS: is a type of persistent XSS that typically takes place when the payload that is used by an attacker is saved on to the server and is reflected back to the victim via the backend.

A

Blind XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

XSS: is a type of XSS where both the source of data is in the DOM, but the sink is also in the DOM and the data flow stays contained within the browser and never leaves.

An example of this would be the source (where malicious data is read) is a URL of a page or an element of the HTML, and the sink is a sensitive method of call which executes malicious data

A

Document Object Mode (DOM ) Based XSS (type 0)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

XSS: exists when data that is provided by an untrusted user and is then included in an HTTP response that is generated by the server. Because the source of this data could be from either the request, or a stored location; it could be both Reflected Server XSS and Stored Server XSS.

A

Server XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

XSS: The vulnerability is in ________ code, with the browser rendering the response and executing any valid script that is on it.

A

server-side

25
XSS: exists when data that is provided by an untrusted user and is then used to update the DOM with an unsafe JavaScript call. An "unsafe JavaScript call" is unsafe if it it used to introduce valid script to the DOM. The source of this data could be the DOM or the server.
Client XSS
26
XSS: is a powerful open source security framework that can work as a standalone application or be integrated with MetaSploit and provides attackers with client-side attack vectors, exploiting vulnerabilities within the browser that a user is utilizing on a host machine on the target network.
Browser Exploitation Framework (BeEF)
27
XSS: capabilities that BeEF has to offer
is the ability to both scan for XSS vulnerabilities using the XSS Rays Scanner function and deliver XSS payloads
28
XSS: Rays Scanner function and deliver XSS payloads
XSS Rays Scanner
29
BeEF: BeEF is capable of various ___________ attacks, typically these attacks often utilize phishing components and combine them with popups, redirects and other means to obtain user credentials, and/or redirect the user to a malicious web page or download a malicious document/file while appearing to come from a legitimate source.
Social Engineering
30
BeEF: BeEF can fingerprint the browser, obtain software information and registry keys, the IP address and geolocation of a host system, as well as network fingerprinting, DNS enumeration, port scanning, amongst other capabilities.
Information Gathering / Network Discovery
31
What exists to assist in mitigating any confusion between cross-site scripting types?
client - server
32
True or False: DOM based XSS is a subset of Client XSS
True
33
is a programming language that is used to manipulate datasets and manage these databases
SQL or the Structured Query Language
34
are vulnerable as a result of a lack of input validation, failed error handling and the failure to suppress error messages.
SQL servers reason: Because of the ability to accept user input on some occasions, an attacker could "inject" SQL code into the input data from the client to the application with malicious intent, to exploit any SQL related vulnerabilities that may exist
35
SQL Injection types: Occurs when invalid input is submitted to the database to fail
Simple SQL Injection
36
SQL Injection types: Uses UNION SELECT to Collect data from the database
Union SQL Injection
37
SQL Injection types: Occurs when an invalid statement is submitted to cause the database to fail and output information
Error-Based SQL Injection
38
SQL Injection types: Occurs when the database is vulnerable but configured to suppress error messages. Statements are generated in effort to prompt a response.
Blind SQL Injection
39
SQL commands: Selects the data to be queried
Select
40
SQL commands: Joins select statements
union
41
SQL commands: Used to add a row into a table
Insert
42
SQL commands: Updates an existing record to a new value
Update
43
SQL commands: Remove a record from a table
Delete
44
SQL commands: Used to identify table to be searched or manipulated
From
45
SQL commands: Sets up a condition
Where
46
is a tool that can enable an attacker to easily perform a SQL injection attack. Automates detection for and exploiting SQL injection vulnerabilities.
SQLMap
47
Once the attacker realizes that the field is susceptible to a SQL injection attack, the attacker then enters _______, ______ or _____; This will then output information for all users.
SELECT FirstName, LastName FROM users WHERE ID=' or 1='1
48
True or False: Websites that accept user input to query SQL databases can also be vulnerable to exploit
True
49
What SQL injection method occurs when an invalid input is submitted to the database to fail?
simple SQL injection
50
Client side: The goal of ____________, is to penetrate the "human firewall", which is the comprised of a network’s end users. Social engineering is often implemented as a way to profile and manipulate these end users into performing tasks that expose the network from within
client-side attacks
51
Client side: Because these types of attacks occur within the network, they bypass most perimeter security defenses that would otherwise thwart such actions from taking place
client-side attacks
52
Client side: There are typically two main types of client-side attacks
Cross-site Scripting, and Content Spoofing
53
Client side: is an attack that targets a user through a web app inject vulnerability. goal of _________ is to convince a user that certain content on a website is legitimate and local, not appearing to be from an outside source
Content Spoofing
54
Client side: This occurs when an application doesn’t properly handle user provided data and allows the attack to supply their own content to a web app. This is usually done by using a parameter value that is reflected back to the user. This provides the target with a modified webpage, though they believe it to be legitimate
Content Spoofing
55
Client side: ________ is a form of content spoofing where an attacker injects arbitrary HTML code into a vulnerable web page in order to obtain login credentials. user session cookies to pose as the target or modify the page content that visitors will see
HTML Injection
56
Client side: is another method of a content spoofing attack. An example of this would be the presentation of false information to a target through the manipulation of text.
Text Injection
57
True or False: Cross-Site Scripting and and Content Spoofing are synonymous with each other.
False
58
What are two Content Spoofing Methods?
HTML and text injection
59
what is most accurate DOM based or Client Side?
Client Side