Packet Analysis 1 PEs

Question 1

How many bytes make up a shellcode?

Answer 1

25

Question 2

If an attacker knew how a program organizes its memory how could it attack that system?

Answer 2

Inputting too much information for the buffer to handle

Question 3

In a buffer overflow attack what gets over-written?

Answer 3

Memory of an Application

Question 4

What does a multi-byte sled have to support?

Answer 4

single opcode inside

Question 5

What is a method used to get a target machine to initiate an outgoing connection?

Answer 5

Connect Back (reverse shell)

Question 6

A buffer can be located _____

• In the heap
• On the stack
• In the data section of the process
• All of the Above

Answer 6

All of the above

Question 7

In a reverse shell who establishes the connection?

Answer 7

remote

Question 8

What is the storage region that holds data while being transferred called?

Answer 8

buffer

Question 9

True/False You can determine in advance exactly where the targeted buffer will be located in the stack frame.

Answer 9

False

Question 10

What is it called when data stored in the heap is overwritten?

Answer 10

Heap Overflow

Question 11

What type of an attack is it, when the input is used in the construction of a command that is subsequently executed by the system with privileges of the Web server.

Answer 11

Command Injection

Question 12

In what type of sled can the opcode jump straight to the shell code?

Answer 12

Trampoline Sled

Question 13

What is a Run-Time defense that blocks an attacker’s ability to find out where the stack is by placing it in a random spot in memory?

Answer 13

Address Space Randomization

Question 14

What are the three places a buffer overflow usually targets? (use format Alpha, Bravo, Charlie)

Question 15

What are the three places a buffer overflow usually targets? (use format Alpha, Bravo, Charlie)

Answer 15

stack, heap or data section

Question 16

What are the locations in the stack area used to store the values referring to one invocation of a routine?

Question 17

What helps move code into the next memory address?

Answer 17

NOP Sled

Question 18

What type of an attack is it when the user-supplied input is used to construct a SQL request to retrieve information from a database?

Answer 18

SQL Injection

Question 19

What is the structure that stores data held on the stack?

Answer 19

UNKNOWN

Question 20

True or False Shellcode is not specific to a particular processor architecture?

Answer 20

False

Question 21

Servers can find it inconvenient to have ____ ____ port numbers assigned.

Answer 21

Short Term

Question 22

What is the code supplied by the attacker which is often saved in the buffer being overflowed so that it can be executed?

Answer 22

Shellcode

Question 23

_____ is a form of buffer overflow attack.

• Heap overflows
• Return to System call
• Replacement stack frame
• All of the Above

Answer 23

All of the aboce

Question 24

What is the process called of setting a port number to a socket?

Answer 24

Binding

Question 25

What is a data structure that is used to store values in a particular order and processes the dynamic variables used in the program?

Answer 25

stack