CCT APP Written - Deck B

Question 1

When does an SQL injection occur

Answer 1

When a user-input is used in an SQL query without proper sanitisation or filtering of the input

Question 2

What are the types of SQL Injections

Answer 2

In-band. Blind Out-of-band

Question 3

What are characters to use for testing of SQLi Discovery

Answer 3

” # ; )

Question 4

What are the 3 types of queries for MySQL fingerprint testing

Answer 4

SELECT @@version. SELECT POW(1.1). SELECT SLEEP(5)

Question 5

What is the expected output of SELECT @@version if MySQL

Answer 5

It will output the current MySQL version

Question 6

What is the expected output of SELECT @@version if NOT MySQL

Answer 6

In MSSQL it returns MSSQL version. Error with other DBMS

Question 7

What is the expected output of SELECT POW(1.1) if MySQL

Answer 7

1

Question 8

What is the expected output of SELECT POW(1.1) if NOT MySQL

Answer 8

Error with other DBMS

Question 9

What is the expected output of SELECT SLEEP(5) if MySQL

Answer 9

Delays page response by 5 seconds and returns 0

Question 10

What is the expected output of SELECT SLEEP(5) if NOT MySQL

Answer 10

Will not delay response with other DBMS

Question 11

If the web server is running Apache or Nginx what is likely the SQL server

Answer 11

MySQL

Question 12

If the web server is running IIS what is likely the SQL server

Answer 12

MSSQL

Question 13

What are the three types of XSS

Answer 13

Stored. Reflected and DOM-Based

Question 14

What is a Stored XSS

Answer 14

The most critical type of XSS which occurs when user input is stored on the back-end database and displayed upon retrieval

Question 15

What is a Reflected XSS

Answer 15

When a user input is displayed on the page after being processed by the backend server but without being stored

Question 16

What is a DOM based XSS

Answer 16

When a user input is directly shown in the browser and is completely processed on the client side without reaching the backend

Question 17

When can XSS be performed in Headers

Answer 17

When their values are displayed on the page

Question 18

What 3 ports does MSSQL run on

Answer 18

TCP 1433 and UDP 1434. Hidden mode: TCP 2433

Question 19

Query to verify MSSQL version

Answer 19

SELECT @@version

Question 20

Oracle RDBMS port

Answer 20

TCP Port 1521

Question 21

Query to verify Oracle RDBMS version

Answer 21

SELECT * FROM v$version;

Question 22

MySQL Port

Answer 22

Port 3306

Question 23

Query to verify MySQL version

Answer 23

SELECT VERSION()

Question 24

MySQL Error

Answer 24

“You have an error in your SQL syntax”

Question 25

PostgreSQL Port

Answer 25

TCP Port 5432

Question 26

PostgreSQL Error

Answer 26

“PGERROR” or includes PostgreSQL in error text

Question 27

Query to verify PostgreSQL version

Answer 27

SELECT version()

Question 28

MongoDB port

Answer 28

TCP Port 27017

Question 29

Query to verify MongoDB version

Answer 29

db.version()

Question 30

Redis Port

Answer 30

TCP Port 6379

Question 31

What is Spear Phishing

Answer 31

Instead of casting a wide net attackers research their victims and craft personalised messages increasing likelihood of success

Question 32

What is Whaling

Answer 32

A subtype of Spear Phishing but targeting high profile individuals within an organisation such as C-Suite

Question 33

What is Vishing

Answer 33

Voice Phishing involves using phone calls or voice messages to deceive victims into revealing sensitive information

Question 34

What is Virtualisation

Answer 34

Virtualisation refers to creating a virtual version of a resource. It allows for multiple OS or applications to run on a single physical system whilst keeping them isolated from one another

Question 35

VMWare ESXI Port

Answer 35

Port 902

Question 36

HyperV DCE/RPC Port

Answer 36

135

Question 37

Docker Port

Answer 37

Port 2375 and 2376

Question 38

IBM DB2 Port

Answer 38

50000

Question 39

What is the DB that contains schema info in MSSQL

Answer 39

INFORMATION_SCHEMA

Question 40

What is the DB that contains schema info in MySQL

Answer 40

INFORMATION_SCHEMATA

Question 41

In Blind SQLi what query can we use to extract length of a field

Answer 41

LEN(fieldName)

Question 42

In Blind SQLi what query can we use to extract name of field letter by letter

Answer 42

ASCII(SUBSTRING(fieldName,1,1))

Question 43

How to sleep in PGSQL

Answer 43

SELECT 1 FROM PG_SLEEP(10)

Question 44

How to sleep in MSSQL

Answer 44

WAITFOR DELAY ‘0:0:5’

Question 45

How to sleep in MySQL

Answer 45

SELECT SLEEP(5)

Question 46

How to enable xp_cmdshell

Answer 46

EXEC sp_configure ‘xp_cmdshell’. 1; RECONFIGURE;