Attacks Flashcards
utilizes deception and manipulation to perform an action or reveal information that may compromise a target.
Is one of the most popular and successful tactics used when exploiting a target.
Social Engineering
are the pathways, methods or routes used by the attacker to exploit vulnerabilities and gain access to unauthorized networks or systems, in order to deliver a payload causing harm.
While social engineering in and of itself is not inherently technical, it presents a great deal of opportunity as an ______________.
Attack vectors
is an application that is included with the Kali and ParrotOS distributions of Linux.
- The SE Toolkit contains a compilation of applications to enable target network access through various social engineering methods.
Social Engineering Toolkit (SET)
refer to websites that are popular and frequently visited
Watering hole(s)
are targeted social engineering attacks where a website is chosen due to its frequent visitors and then compromised, while the attacker waits for users to show up and to infects the sites visitors with malware.
Targets can also be lead to a watering hole as well through social engineering tactics.
Watering Hole Attacks often utilize Cross-Site Scripting and SQL Injection as a means of exploit.
Watering Hole Attacks
What application contains various scripts that enable target network access through social engineering?
SET
Watering Hole Attacks often utilize _______ and _______as a means of exploit.
Cross-Site Scripting and SQL Injection
What is a website that is targeted based on the amount of users that frequent it known as?
Water hole
___________ is a type of injection exploit, where malicious scripts are injected into a trusted website. This occurs when an attacker sends malicious code, usually as a browser side script to another user through a web application.
Cross-Site Scripting (XSS)
When an attacker conducts ____________and sends a malicious script to an end user, the browser that the end user is using, will execute the script, believing it to be legitimate.
cross-site scripting
______ exploits primarily utilize Javascript, though ______ exploits have been known to also use VBScript, ActiveX, Flash and CSS
XSS
XSS can lead to:
- Identity Theft
- Access of sensitive or restricted information
- Collection of user cookies, and user credential enumeration
- Altered browser function
XSS: There are several types of cross-site scripting, _______, ________, ______. and ________; however none of these types are absolute as there is some overlap between the two
Reflected XSS, Stored XSS, Blind XSS and DOM Based XSS
XSS: Because of the existing overlap, they have now been narrowed down into two further categories
- Server XSS
- Client XSS.
XSS: is a type of XSS where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.
Reflected XSS; is also sometimes referred to as Non-Persistent or Type-I XSS.”
XSS: When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
XSS
XSS: is a type of XSS where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.
Stored XSS
XSS: The victim then retrieves the malicious script from the server when it requests the stored information.
Stored XSS is also sometimes referred to as ______ or ______
Persistent or Type-II XSS
XSS: defines the logical structure of documents and the way a document is accessed and manipulated
Document Object Model (DOM)
XSS: Stored XSS can be more dangerous because it?
- does not require a user to click on a malicious link, but instead to simply visit the trusted website.
- Stored XSS can be used to keylog, gather session information, or deploy malicious payloads to visiting users.
XSS: is a type of persistent XSS that typically takes place when the payload that is used by an attacker is saved on to the server and is reflected back to the victim via the backend.
Blind XSS
XSS: is a type of XSS where both the source of data is in the DOM, but the sink is also in the DOM and the data flow stays contained within the browser and never leaves.
An example of this would be the source (where malicious data is read) is a URL of a page or an element of the HTML, and the sink is a sensitive method of call which executes malicious data
Document Object Mode (DOM ) Based XSS (type 0)
XSS: exists when data that is provided by an untrusted user and is then included in an HTTP response that is generated by the server. Because the source of this data could be from either the request, or a stored location; it could be both Reflected Server XSS and Stored Server XSS.
Server XSS
XSS: The vulnerability is in ________ code, with the browser rendering the response and executing any valid script that is on it.
server-side
XSS: exists when data that is provided by an untrusted user and is then used to update the DOM with an unsafe JavaScript call. An “unsafe JavaScript call” is unsafe if it it used to introduce valid script to the DOM. The source of this data could be the DOM or the server.
Client XSS
XSS: is a powerful open source security framework that can work as a standalone application or be integrated with MetaSploit and provides attackers with client-side attack vectors, exploiting vulnerabilities within the browser that a user is utilizing on a host machine on the target network.
Browser Exploitation Framework (BeEF)
XSS: capabilities that BeEF has to offer
is the ability to both scan for XSS vulnerabilities using the XSS Rays Scanner function and deliver XSS payloads
XSS: Rays Scanner function and deliver XSS payloads
XSS Rays Scanner
BeEF: BeEF is capable of various ___________ attacks, typically these attacks often utilize phishing components and combine them with popups, redirects and other means to obtain user credentials, and/or redirect the user to a malicious web page or download a malicious document/file while appearing to come from a legitimate source.
Social Engineering
BeEF: BeEF can fingerprint the browser, obtain software information and registry keys, the IP address and geolocation of a host system, as well as network fingerprinting, DNS enumeration, port scanning, amongst other capabilities.
Information Gathering / Network Discovery
What exists to assist in mitigating any confusion between cross-site scripting types?
client - server
True or False: DOM based XSS is a subset of Client XSS
True
is a programming language that is used to manipulate datasets and manage these databases
SQL or the Structured Query Language
are vulnerable as a result of a lack of input validation, failed error handling and the failure to suppress error messages.
SQL servers
reason: Because of the ability to accept user input on some occasions, an attacker could “inject” SQL code into the input data from the client to the application with malicious intent, to exploit any SQL related vulnerabilities that may exist
SQL Injection types: Occurs when invalid input is submitted to the database to fail
Simple SQL Injection
SQL Injection types: Uses UNION SELECT to Collect data from the database
Union SQL Injection
SQL Injection types: Occurs when an invalid statement is submitted to cause the database to fail and output information
Error-Based SQL Injection
SQL Injection types: Occurs when the database is vulnerable but configured to suppress error messages. Statements are generated in effort to prompt a response.
Blind SQL Injection
SQL commands: Selects the data to be queried
Select
SQL commands: Joins select statements
union
SQL commands: Used to add a row into a table
Insert
SQL commands: Updates an existing record to a new value
Update
SQL commands: Remove a record from a table
Delete
SQL commands: Used to identify table to be searched or manipulated
From
SQL commands: Sets up a condition
Where
is a tool that can enable an attacker to easily perform a SQL injection attack.
Automates detection for and exploiting SQL injection vulnerabilities.
SQLMap
Once the attacker realizes that the field is susceptible to a SQL injection attack, the attacker then enters _______, ______ or _____; This will then output information for all users.
SELECT FirstName, LastName FROM users WHERE ID=’ or 1=’1
True or False: Websites that accept user input to query SQL databases can also be vulnerable to exploit
True
What SQL injection method occurs when an invalid input is submitted to the database to fail?
simple SQL injection
Client side: The goal of ____________, is to penetrate the “human firewall”, which is the comprised of a network’s end users. Social engineering is often implemented as a way to profile and manipulate these end users into performing tasks that expose the network from within
client-side attacks
Client side: Because these types of attacks occur within the network, they bypass most perimeter security defenses that would otherwise thwart such actions from taking place
client-side attacks
Client side: There are typically two main types of client-side attacks
Cross-site Scripting, and Content Spoofing
Client side: is an attack that targets a user through a web app inject vulnerability.
goal of _________ is to convince a user that certain content on a website is legitimate and local, not appearing to be from an outside source
Content Spoofing
Client side: This occurs when an application doesn’t properly handle user provided data and allows the attack to supply their own content to a web app.
This is usually done by using a parameter value that is reflected back to the user. This provides the target with a modified webpage, though they believe it to be legitimate
Content Spoofing
Client side: ________ is a form of content spoofing where an attacker injects arbitrary HTML code into a vulnerable web page in order to obtain login credentials. user session cookies to pose as the target or modify the page content that visitors will see
HTML Injection
Client side: is another method of a content spoofing attack. An example of this would be the presentation of false information to a target through the manipulation of text.
Text Injection
True or False: Cross-Site Scripting and and Content Spoofing are synonymous with each other.
False
What are two Content Spoofing Methods?
HTML and text injection
what is most accurate DOM based or Client Side?
Client Side