CCT APP Written - Deck B Flashcards

1
Q

When does an SQL injection occur

A

When a user-input is used in an SQL query without proper sanitisation or filtering of the input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the types of SQL Injections

A

In-band. Blind Out-of-band

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are characters to use for testing of SQLi Discovery

A

” # ; )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 types of queries for MySQL fingerprint testing

A

SELECT @@version. SELECT POW(1.1). SELECT SLEEP(5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the expected output of SELECT @@version if MySQL

A

It will output the current MySQL version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the expected output of SELECT @@version if NOT MySQL

A

In MSSQL it returns MSSQL version. Error with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the expected output of SELECT POW(1.1) if MySQL

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the expected output of SELECT POW(1.1) if NOT MySQL

A

Error with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the expected output of SELECT SLEEP(5) if MySQL

A

Delays page response by 5 seconds and returns 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the expected output of SELECT SLEEP(5) if NOT MySQL

A

Will not delay response with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If the web server is running Apache or Nginx what is likely the SQL server

A

MySQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If the web server is running IIS what is likely the SQL server

A

MSSQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three types of XSS

A

Stored. Reflected and DOM-Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Stored XSS

A

The most critical type of XSS which occurs when user input is stored on the back-end database and displayed upon retrieval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Reflected XSS

A

When a user input is displayed on the page after being processed by the backend server but without being stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a DOM based XSS

A

When a user input is directly shown in the browser and is completely processed on the client side without reaching the backend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When can XSS be performed in Headers

A

When their values are displayed on the page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What 3 ports does MSSQL run on

A

TCP 1433 and UDP 1434. Hidden mode: TCP 2433

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Query to verify MSSQL version

A

SELECT @@version

20
Q

Oracle RDBMS port

A

TCP Port 1521

21
Q

Query to verify Oracle RDBMS version

A

SELECT * FROM v$version;

22
Q

MySQL Port

23
Q

Query to verify MySQL version

A

SELECT VERSION()

24
Q

MySQL Error

A

“You have an error in your SQL syntax”

25
PostgreSQL Port
TCP Port 5432
26
PostgreSQL Error
"PGERROR" or includes PostgreSQL in error text
27
Query to verify PostgreSQL version
SELECT version()
28
MongoDB port
TCP Port 27017
29
Query to verify MongoDB version
db.version()
30
Redis Port
TCP Port 6379
31
What is Spear Phishing
Instead of casting a wide net attackers research their victims and craft personalised messages increasing likelihood of success
32
What is Whaling
A subtype of Spear Phishing but targeting high profile individuals within an organisation such as C-Suite
33
What is Vishing
Voice Phishing involves using phone calls or voice messages to deceive victims into revealing sensitive information
34
What is Virtualisation
Virtualisation refers to creating a virtual version of a resource. It allows for multiple OS or applications to run on a single physical system whilst keeping them isolated from one another
35
VMWare ESXI Port
Port 902
36
HyperV DCE/RPC Port
135
37
Docker Port
Port 2375 and 2376
38
IBM DB2 Port
50000
39
What is the DB that contains schema info in MSSQL
INFORMATION_SCHEMA
40
What is the DB that contains schema info in MySQL
INFORMATION_SCHEMATA
41
In Blind SQLi what query can we use to extract length of a field
LEN(fieldName)
42
In Blind SQLi what query can we use to extract name of field letter by letter
ASCII(SUBSTRING(fieldName,1,1))
43
How to sleep in PGSQL
SELECT 1 FROM PG_SLEEP(10)
44
How to sleep in MSSQL
WAITFOR DELAY '0:0:5'
45
How to sleep in MySQL
SELECT SLEEP(5)
46
How to enable xp_cmdshell
EXEC sp_configure 'xp_cmdshell'. 1; RECONFIGURE;