CCT APP Written - Deck B Flashcards
When does an SQL injection occur
When a user-input is used in an SQL query without proper sanitisation or filtering of the input
What are the types of SQL Injections
In-band. Blind Out-of-band
What are characters to use for testing of SQLi Discovery
” # ; )
What are the 3 types of queries for MySQL fingerprint testing
SELECT @@version. SELECT POW(1.1). SELECT SLEEP(5)
What is the expected output of SELECT @@version if MySQL
It will output the current MySQL version
What is the expected output of SELECT @@version if NOT MySQL
In MSSQL it returns MSSQL version. Error with other DBMS
What is the expected output of SELECT POW(1.1) if MySQL
1
What is the expected output of SELECT POW(1.1) if NOT MySQL
Error with other DBMS
What is the expected output of SELECT SLEEP(5) if MySQL
Delays page response by 5 seconds and returns 0
What is the expected output of SELECT SLEEP(5) if NOT MySQL
Will not delay response with other DBMS
If the web server is running Apache or Nginx what is likely the SQL server
MySQL
If the web server is running IIS what is likely the SQL server
MSSQL
What are the three types of XSS
Stored. Reflected and DOM-Based
What is a Stored XSS
The most critical type of XSS which occurs when user input is stored on the back-end database and displayed upon retrieval
What is a Reflected XSS
When a user input is displayed on the page after being processed by the backend server but without being stored
What is a DOM based XSS
When a user input is directly shown in the browser and is completely processed on the client side without reaching the backend
When can XSS be performed in Headers
When their values are displayed on the page
What 3 ports does MSSQL run on
TCP 1433 and UDP 1434. Hidden mode: TCP 2433
Query to verify MSSQL version
SELECT @@version
Oracle RDBMS port
TCP Port 1521
Query to verify Oracle RDBMS version
SELECT * FROM v$version;
MySQL Port
Port 3306
Query to verify MySQL version
SELECT VERSION()
MySQL Error
“You have an error in your SQL syntax”
PostgreSQL Port
TCP Port 5432
PostgreSQL Error
“PGERROR” or includes PostgreSQL in error text
Query to verify PostgreSQL version
SELECT version()
MongoDB port
TCP Port 27017
Query to verify MongoDB version
db.version()
Redis Port
TCP Port 6379
What is Spear Phishing
Instead of casting a wide net attackers research their victims and craft personalised messages increasing likelihood of success
What is Whaling
A subtype of Spear Phishing but targeting high profile individuals within an organisation such as C-Suite
What is Vishing
Voice Phishing involves using phone calls or voice messages to deceive victims into revealing sensitive information
What is Virtualisation
Virtualisation refers to creating a virtual version of a resource. It allows for multiple OS or applications to run on a single physical system whilst keeping them isolated from one another
VMWare ESXI Port
Port 902
HyperV DCE/RPC Port
135
Docker Port
Port 2375 and 2376
IBM DB2 Port
50000
What is the DB that contains schema info in MSSQL
INFORMATION_SCHEMA
What is the DB that contains schema info in MySQL
INFORMATION_SCHEMATA
In Blind SQLi what query can we use to extract length of a field
LEN(fieldName)
In Blind SQLi what query can we use to extract name of field letter by letter
ASCII(SUBSTRING(fieldName,1,1))
How to sleep in PGSQL
SELECT 1 FROM PG_SLEEP(10)
How to sleep in MSSQL
WAITFOR DELAY ‘0:0:5’
How to sleep in MySQL
SELECT SLEEP(5)
How to enable xp_cmdshell
EXEC sp_configure ‘xp_cmdshell’. 1; RECONFIGURE;
