Attacks

Question 1

utilizes deception and manipulation to perform an action or reveal information that may compromise a target.
Is one of the most popular and successful tactics used when exploiting a target.

Answer 1

Social Engineering

Question 2

are the pathways, methods or routes used by the attacker to exploit vulnerabilities and gain access to unauthorized networks or systems, in order to deliver a payload causing harm.

While social engineering in and of itself is not inherently technical, it presents a great deal of opportunity as an ______________.

Answer 2

Attack vectors

Question 3

is an application that is included with the Kali and ParrotOS distributions of Linux.

• The SE Toolkit contains a compilation of applications to enable target network access through various social engineering methods.

Answer 3

Social Engineering Toolkit (SET)

Question 4

refer to websites that are popular and frequently visited

Answer 4

Watering hole(s)

Question 5

are targeted social engineering attacks where a website is chosen due to its frequent visitors and then compromised, while the attacker waits for users to show up and to infects the sites visitors with malware.

Targets can also be lead to a watering hole as well through social engineering tactics.

Watering Hole Attacks often utilize Cross-Site Scripting and SQL Injection as a means of exploit.

Answer 5

Watering Hole Attacks

Question 6

What application contains various scripts that enable target network access through social engineering?

Answer 6

SET

Question 7

Watering Hole Attacks often utilize _______ and _______as a means of exploit.

Answer 7

Cross-Site Scripting and SQL Injection

Question 8

What is a website that is targeted based on the amount of users that frequent it known as?

Answer 8

Water hole

Question 9

___________ is a type of injection exploit, where malicious scripts are injected into a trusted website. This occurs when an attacker sends malicious code, usually as a browser side script to another user through a web application.

Answer 9

Cross-Site Scripting (XSS)

Question 10

When an attacker conducts ____________and sends a malicious script to an end user, the browser that the end user is using, will execute the script, believing it to be legitimate.

Answer 10

cross-site scripting

Question 11

______ exploits primarily utilize Javascript, though ______ exploits have been known to also use VBScript, ActiveX, Flash and CSS

Answer 11

XSS

Question 12

XSS can lead to:

Answer 12

• Identity Theft
• Access of sensitive or restricted information
• Collection of user cookies, and user credential enumeration
• Altered browser function

Question 13

XSS: There are several types of cross-site scripting, _______, ________, ______. and ________; however none of these types are absolute as there is some overlap between the two

Answer 13

Reflected XSS, Stored XSS, Blind XSS and DOM Based XSS

Question 14

XSS: Because of the existing overlap, they have now been narrowed down into two further categories

Answer 14

• Server XSS
• Client XSS.

Question 15

XSS: is a type of XSS where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.

Answer 15

Reflected XSS; is also sometimes referred to as Non-Persistent or Type-I XSS.”

Question 16

XSS: When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.

Answer 16

XSS

Question 17

XSS: is a type of XSS where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.

Answer 17

Stored XSS

Question 18

XSS: The victim then retrieves the malicious script from the server when it requests the stored information.

Stored XSS is also sometimes referred to as ______ or ______

Answer 18

Persistent or Type-II XSS

Question 19

XSS: defines the logical structure of documents and the way a document is accessed and manipulated

Answer 19

Document Object Model (DOM)

Question 20

XSS: Stored XSS can be more dangerous because it?

Answer 20

• does not require a user to click on a malicious link, but instead to simply visit the trusted website.
• Stored XSS can be used to keylog, gather session information, or deploy malicious payloads to visiting users.

Question 21

XSS: is a type of persistent XSS that typically takes place when the payload that is used by an attacker is saved on to the server and is reflected back to the victim via the backend.

Answer 21

Blind XSS

Question 22

XSS: is a type of XSS where both the source of data is in the DOM, but the sink is also in the DOM and the data flow stays contained within the browser and never leaves.

An example of this would be the source (where malicious data is read) is a URL of a page or an element of the HTML, and the sink is a sensitive method of call which executes malicious data

Answer 22

Document Object Mode (DOM ) Based XSS (type 0)

Question 23

XSS: exists when data that is provided by an untrusted user and is then included in an HTTP response that is generated by the server. Because the source of this data could be from either the request, or a stored location; it could be both Reflected Server XSS and Stored Server XSS.

Answer 23

Server XSS

Question 24

XSS: The vulnerability is in ________ code, with the browser rendering the response and executing any valid script that is on it.

Answer 24

server-side

Question 25

XSS: exists when data that is provided by an untrusted user and is then used to update the DOM with an unsafe JavaScript call. An “unsafe JavaScript call” is unsafe if it it used to introduce valid script to the DOM. The source of this data could be the DOM or the server.

Answer 25

Client XSS

Question 26

XSS: is a powerful open source security framework that can work as a standalone application or be integrated with MetaSploit and provides attackers with client-side attack vectors, exploiting vulnerabilities within the browser that a user is utilizing on a host machine on the target network.

Answer 26

Browser Exploitation Framework (BeEF)

Question 27

XSS: capabilities that BeEF has to offer

Answer 27

is the ability to both scan for XSS vulnerabilities using the XSS Rays Scanner function and deliver XSS payloads

Question 28

XSS: Rays Scanner function and deliver XSS payloads

Answer 28

XSS Rays Scanner

Question 29

BeEF: BeEF is capable of various ___________ attacks, typically these attacks often utilize phishing components and combine them with popups, redirects and other means to obtain user credentials, and/or redirect the user to a malicious web page or download a malicious document/file while appearing to come from a legitimate source.

Answer 29

Social Engineering

Question 30

BeEF: BeEF can fingerprint the browser, obtain software information and registry keys, the IP address and geolocation of a host system, as well as network fingerprinting, DNS enumeration, port scanning, amongst other capabilities.

Answer 30

Information Gathering / Network Discovery

Question 31

What exists to assist in mitigating any confusion between cross-site scripting types?

Answer 31

client - server

Question 32

True or False: DOM based XSS is a subset of Client XSS

Answer 32

True

Question 33

is a programming language that is used to manipulate datasets and manage these databases

Answer 33

SQL or the Structured Query Language

Question 34

are vulnerable as a result of a lack of input validation, failed error handling and the failure to suppress error messages.

Answer 34

SQL servers

reason: Because of the ability to accept user input on some occasions, an attacker could “inject” SQL code into the input data from the client to the application with malicious intent, to exploit any SQL related vulnerabilities that may exist

Question 35

SQL Injection types: Occurs when invalid input is submitted to the database to fail

Answer 35

Simple SQL Injection

Question 36

SQL Injection types: Uses UNION SELECT to Collect data from the database

Answer 36

Union SQL Injection

Question 37

SQL Injection types: Occurs when an invalid statement is submitted to cause the database to fail and output information

Answer 37

Error-Based SQL Injection

Question 38

SQL Injection types: Occurs when the database is vulnerable but configured to suppress error messages. Statements are generated in effort to prompt a response.

Answer 38

Blind SQL Injection

Question 39

SQL commands: Selects the data to be queried

Answer 39

Select

Question 40

SQL commands: Joins select statements

Answer 40

union

Question 41

SQL commands: Used to add a row into a table

Answer 41

Insert

Question 42

SQL commands: Updates an existing record to a new value

Answer 42

Update

Question 43

SQL commands: Remove a record from a table

Answer 43

Delete

Question 44

SQL commands: Used to identify table to be searched or manipulated

Answer 44

From

Question 45

SQL commands: Sets up a condition

Answer 45

Where

Question 46

is a tool that can enable an attacker to easily perform a SQL injection attack.

Automates detection for and exploiting SQL injection vulnerabilities.

Answer 46

SQLMap

Question 47

Once the attacker realizes that the field is susceptible to a SQL injection attack, the attacker then enters _______, ______ or _____; This will then output information for all users.

Answer 47

SELECT FirstName, LastName FROM users WHERE ID=’ or 1=’1

Question 48

True or False: Websites that accept user input to query SQL databases can also be vulnerable to exploit

Answer 48

True

Question 49

What SQL injection method occurs when an invalid input is submitted to the database to fail?

Answer 49

simple SQL injection

Question 50

Client side: The goal of ____________, is to penetrate the “human firewall”, which is the comprised of a network’s end users. Social engineering is often implemented as a way to profile and manipulate these end users into performing tasks that expose the network from within

Answer 50

client-side attacks

Question 51

Client side: Because these types of attacks occur within the network, they bypass most perimeter security defenses that would otherwise thwart such actions from taking place

Answer 51

client-side attacks

Question 52

Client side: There are typically two main types of client-side attacks

Answer 52

Cross-site Scripting, and Content Spoofing

Question 53

Client side: is an attack that targets a user through a web app inject vulnerability.

goal of _________ is to convince a user that certain content on a website is legitimate and local, not appearing to be from an outside source

Answer 53

Content Spoofing

Question 54

Client side: This occurs when an application doesn’t properly handle user provided data and allows the attack to supply their own content to a web app.

This is usually done by using a parameter value that is reflected back to the user. This provides the target with a modified webpage, though they believe it to be legitimate

Answer 54

Content Spoofing

Question 55

Client side: ________ is a form of content spoofing where an attacker injects arbitrary HTML code into a vulnerable web page in order to obtain login credentials. user session cookies to pose as the target or modify the page content that visitors will see

Answer 55

HTML Injection

Question 56

Client side: is another method of a content spoofing attack. An example of this would be the presentation of false information to a target through the manipulation of text.

Answer 56

Text Injection

Question 57

True or False: Cross-Site Scripting and and Content Spoofing are synonymous with each other.

Answer 57

False

Question 58

What are two Content Spoofing Methods?

Answer 58

HTML and text injection

Question 59

what is most accurate DOM based or Client Side?

Answer 59

Client Side