J02: Packet Analysis (PE)

Question 1

What helps move code into the next memory address?

Answer 1

NOP sled

Question 2

How many bytes make up a shellcode?

Answer 2

25

Question 3

What is the storage region that holds data while being transferred called?

Answer 3

buffer

Question 4

In a buffer overflow attack what gets over-written?

Answer 4

memory

Question 5

If an attacker knew how a program organizes its memory how could it attack that system?

• Inputting too much information for the buffer to handle
• Logically remote into the areas of memory
• Replicate the application to learn its weaknesses
• Attack it with disorganized information

Answer 5

Inputting too much information for the buffer to handle

Question 6

What does a multi-byte sled have to support?

Answer 6

single opcode inside

Question 7

In what type of sled can the opcode jump straight to the shell code?

Answer 7

trampoline

Question 8

In a reverse shell who establishes the connection?

Answer 8

remote machine

Question 9

What is it called when data stored in the heap is overwritten?

Answer 9

heap overflow

Question 10

What was the first big buffer overflow attack?

Answer 10

morris internet worm

Question 11

What is the structure that stores data held on the stack?

Answer 11

stack frame

Question 12

_____ is a form of buffer overflow attack.

• Heap overflows
• Return to System call
• Replacement stack frame
• All of the Above

Answer 12

All of the Above

Question 13

What is a method used to get a target machine to initiate an outgoing connection?

Answer 13

phishing email

Question 14

A buffer can be located _____

• In the heap
• On the stack
• In the data section of the process
• All of the Above

Answer 14

All of the Above

Question 15

What is a data structure that is used to store values in a particular order and processes the dynamic variables used in the program?

Answer 15

stack

Question 16

What is the process called of setting a port number to a socket?

Answer 16

binding

Question 17

What type of an attack is it when the user-supplied input is used to construct a SQL request to retrieve information from a database?

Answer 17

SQL injection

Question 18

Servers can find it inconvenient to have ____ ____ port numbers assigned.

Answer 18

short term

Question 19

True/False You can determine in advance exactly where the targeted buffer will be located in the stack frame.

• True
• False

Answer 19

False

Question 20

What are the three places a buffer overflow usually targets? (use format xxx, xxx, xxx)

Answer 20

stack, heap, data section

Question 21

What are the locations in the stack area used to store the values referring to one invocation of a routine?

Answer 21

stack frame

Question 22

What type of an attack is it, when the input is used in the construction of a command that is subsequently executed by the system with privileges of the Web server.

Answer 22

command injection

Question 23

What is the code supplied by the attacker which is often saved in the buffer being overflowed so that it can be executed?

Answer 23

shellcode

Question 24

True or False Shellcode is not specific to a particular processor architecture?

• True
• False

Answer 24

False

Question 25

What is a Run-Time defense that blocks an attacker’s ability to find out where the stack is by placing it in a random spot in memory?

Answer 25

address space randomization