Certified Ethical Hacker. Test 1 - Victor Part 2 Flashcards

1
Q

You analyze the logs and see the following output of logs from the machine with the IP address of 192.168.0.132:

  1. Time August 21 11:22:06 Port:20 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  2. Time August 21 11:22:08 Port:21 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  3. Time August 21 11:22:11 Port:22 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  4. Time August 21 11:22:14 Port:23 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  5. Time August 21 11:22:15 Port:25 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  6. Time August 21 11:22:19 Port:80 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
  7. Time August 21 11:22:21 Port:443 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP`

What conclusion can you make based on this output?

  • Port scan targeting 192.168.0.132
  • Teardrop attack targeting 192.168.0.132
  • Denial of service attack targeting 192.168.0.132
  • Port scan targeting 192.168.0.30
A
  • Port scan targeting 192.168.0.132(Correct)

Explanation
https://nmap.org/book/nmap-defenses-detection.html

As we can see in the image from IP 192.168.0.30 a lot of requests are received to IP 192.168.0.132 on different ports 20, 21, 22, etc.

Based on this, we can conclude that a port scan is being performed at 192.168.0.132.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following web application attack inject the special character elements “Carriage Return” and “Line Feed” into the user’s input to trick the web server, web application, or user into believing that the current object is terminated and a new object has been initiated?

  • Log Injection.
  • Server-Side JS Injection.
  • CRLF Injection.
  • HTML Injection.
A
  • CRLF Injection.(Correct)

Explanation
CRLF refers to the special character elements “Carriage Return” and “Line Feed.” These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and, more importantly, HTTP, use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other headers based on where CRLF is located. Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. By introducing this unexpected CRLF injection, the attacker is able to maliciously exploit CRLF vulnerabilities in order to manipulate the web application’s functions.

A more formal name for CRLF injection is Improper Neutralization of CRLF Sequences. Because CRLF injection is frequently used to split HTTP responses, it can also be designated as HTTP Response Splitting or Improper Neutralization of CRLF Sequences in HTTP Headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly