Deck C Flashcards

1
Q

When does an SQL injection occur

A

When a user-input is used in an SQL query without proper sanitisation or filtering of the input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the types of SQL Injections

A

In-band. Blind Out-of-band

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are characters to use for testing of SQLi Discovery

A

” # ; )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 types of queries for MySQL fingerprint testing

A

SELECT @@version. SELECT POW(1.1). SELECT SLEEP(5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the expected output of SELECT @@version if MySQL

A

It will output the current MySQL version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the expected output of SELECT @@version if NOT MySQL

A

In MSSQL it returns MSSQL version. Error with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the expected output of SELECT POW(1.1) if MySQL

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the expected output of SELECT POW(1.1) if NOT MySQL

A

Error with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the expected output of SELECT SLEEP(5) if MySQL

A

Delays page response by 5 seconds and returns 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the expected output of SELECT SLEEP(5) if NOT MySQL

A

Will not delay response with other DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If the web server is running Apache or Nginx what is likely the SQL server

A

MySQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If the web server is running IIS what is likely the SQL server

A

MSSQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three types of XSS

A

Stored. Reflected and DOM-Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Stored XSS

A

The most critical type of XSS which occurs when user input is stored on the back-end database and displayed upon retrieval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Reflected XSS

A

When a user input is displayed on the page after being processed by the backend server but without being stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a DOM based XSS

A

When a user input is directly shown in the browser and is completely processed on the client side without reaching the backend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When can XSS be performed in Headers

A

When their values are displayed on the page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What 3 ports does MSSQL run on

A

TCP 1433 and UDP 1434. Hidden mode: TCP 2433

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Query to verify MSSQL version

A

SELECT @@version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Oracle RDBMS port

A

TCP Port 1521

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Query to verify Oracle RDBMS version

A

SELECT * FROM v$version;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

MySQL Port

A

Port 3306

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Query to verify MySQL version

A

SELECT VERSION()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

MySQL Error

A

“You have an error in your SQL syntax”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
PostgreSQL Port
TCP Port 5432
26
PostgreSQL Error
"PGERROR" or includes PostgreSQL in error text
27
Query to verify PostgreSQL version
SELECT version()
28
MongoDB port
TCP Port 27017
29
Query to verify MongoDB version
db.version()
30
Redis Port
TCP Port 6379
31
What is Spear Phishing
Instead of casting a wide net attackers research their victims and craft personalised messages increasing likelihood of success
32
What is Whaling
A subtype of Spear Phishing but targeting high profile individuals within an organisation such as C-Suite
33
What is Vishing
Voice Phishing involves using phone calls or voice messages to deceive victims into revealing sensitive information
34
What is Virtualisation
Virtualisation refers to creating a virtual version of a resource. It allows for multiple OS or applications to run on a single physical system whilst keeping them isolated from one another
35
VMWare ESXI Port
Port 902
36
HyperV DCE/RPC Port
135
37
Docker Port
Port 2375 and 2376
38
IBM DB2 Port
50000
39
What is the DB that contains schema info in MSSQL
INFORMATION_SCHEMA
40
What is the DB that contains schema info in MySQL
INFORMATION_SCHEMATA
41
In Blind SQLi what query can we use to extract length of a field
LEN(fieldName)
42
In Blind SQLi what query can we use to extract name of field letter by letter
ASCII(SUBSTRING(fieldName,1,1))
43
How to sleep in PGSQL
SELECT 1 FROM PG_SLEEP(10)
44
How to sleep in MSSQL
WAITFOR DELAY '0:0:5'
45
How to sleep in MySQL
SELECT SLEEP(5)
46
How to enable xp_cmdshell
EXEC sp_configure 'xp_cmdshell'. 1; RECONFIGURE;
47
What does CSRF stand for
Cross Site Request Forgery
48
What is CSRF
Where an attacker tricks a victim into submitting unwanted requests through a link
49
Example of Insecure Headers
Missing CSP, Missing X-Frame-Options, Missing HSTS
50
What does CSP stand for
Content Security Policy
51
What does HSTS stand for
Header Strict-Transport-Security
52
What does CSP do and what is risks of missing CSP
Helps mitigate XSS by defining which resources can be loaded by browser, missing CSP means malicious scripts could be injected and executed in user's browsers
53
What is HSTS and risks of missing HSTS
HSTS ensures that the website is only accessed from HTTPS and not HTTP, missing HSTS increases the risk of HTTPS downgrade attacks where the attacker forces the user to connect via HTTP allowing them to intercept data
54
What are X-Frame-Options and what are risks of Missing X-Frame-Options
X-Frame-Options prevent clickjacking by disallowing the website to be embedded in an iframe, Missing X-Frame-Options means an attacker can embed the website in a malicious frame leading to clickjacking attacks
55
What are risks of CSRF
Unauthorised actions being performed, data manipulation, account takeover
56
What is XML Injection / XXE
When an attacker manipulates input in XML format, causing the web application to process unintended data or behaviour
57
What are anti-CSRF, anti-XSS headers
SameSite Cookie, CSRF Tokens, CSP Header
57
What are the risks of XML Injection / XXE
Data leakage, RCE, DoS
57
How can we test/exploit an XXE
We can try including malicious XML entities such that they read the contents of file:///etc/passwd and then print out the contents of it
58
What is a CSRF token
A unique and unpredictable value that is included in forms or headers for each request, these tokens must match a token stored in the user's session
58
What is a SameSite cookie
It controls when cookies are sent in cross-origin requests, Strict: cookies only sent in requests that originate from the same site
59
What does CSP do
Restricts scripts, styles and other resources from being loaded or executed if they are not explicitly allowed, can prevent reflected and stored XSS by blocking malicious scripts
60
What is Session Fixation
The attacker generates/creates a valid session and sends a victim a link using that cookie, which when the victim logs in, the attacker will have access to the account using the cookie
60
What is a MIME-Type and what can it be exploited for
Determines the file type through its general format and byte structure and can be exploited for passing malicious files as allowed files (e.g: php scripts as a .jpg)
61
What can be an example of Session Fixation
An attacker logs into an account, copies the session token, logs out to invalidate it, sends a crafted URL to a victim who will login and attacker will have possession of a valid session ID
62
Name 3 laws relating to Cyber in Australia
Privacy Act 1988, Cybercrime Act 2001 and Security of Critical Infrastructure Act 2018
63
What is the Cybercrime Act 2001
- Criminalises hacking and unauthorised access to data - Addresses fraud involving computers and data manipulation
64
What is the Privacy Act 1988
It regulates the handling of personal information about individuals, requires organisations to notify individuals and the Australian Information Commissioner about data breaches that are likely to result in serious harm
65
What is the Security of Critical Infrastructure Act 2018
The SOCI Act identifies critical infrastructure assets and imposes obligations on owners and operators to protect their assets
66
What are the top 3 international Cyber laws/standards
GDPR, PCI DSS and ISO 27001
67
What does GDPR stand for
General Data Protection Regulation
68
What does GDPR do
- Enhances individuals control over their personal data - Requires timely reporting of data breaches - Imposes fines for non-compliance
69
What does PCI DSS stand for
Payment Card Industry Data Security Standard
70
What does PCI DSS do
- Mandates encryption of cardholder data - Requires restricted access to sensitive information
71
What does ISO 27001 do?
- Emphasises the identification and management of information security risks - Encourages ongoing enhancement of security measures
72
What is the name of the scheme in the Privacy Act 1988 regarding notifying stakeholders
NDB scheme
73
What is the NDB scheme
Mandates the reporting of data breaches that are likely to result in serious harm
74
What TLS configuration does the PCI DSS find non-compliant
TLS 1.0
75
What are some questions that can be asked during scoping
- A brief description of the service? - How many endpoints and functions are there? - Does the service have a login mechanism in order to access authenticated content?
76
What is an open line in the Technical Summary
This section is targeted towards Project Managers or IT Managers wishing to delegate remediation tasks to various parties. It is a summary of all vulnerabilities with related risk ratings and business impacts designed to help prioritise resourcing for remediation.