packet analysis

Question 1

What helps move code into the next memory address?

Answer 1

NOP Sled

Question 2

What is the structure that stores data held on the stack?

Answer 2

Stack frame

Question 3

How many bytes make up a shellcode?

Answer 3

25

Question 4

What is the storage region that holds data while being transferred called?

Answer 4

Buffer

Question 5

In a buffer overflow attack what gets over-written?

Answer 5

Memory

Question 6

If an attacker knew how a program organizes its memory how could it attack that system?

Inputting too much information for the buffer to handle
Logically remote into the areas of memory
Replicate the application to learn its weaknesses
Attack it with disorganized information

Answer 6

Inputting too much information for the buffer to handle

Question 7

What does a multi-byte sled have to support?

Answer 7

A single opcode inside

Question 8

In what type of sled can the opcode jump straight to the shell code?

Answer 8

Trampoline

Question 9

In a reverse shell who establishes the connection?

Answer 9

Remote machine

Question 10

What is it called when data stored in the heap is overwritten?

Answer 10

heap overflow

Question 11

What is it called when data stored in the heap is overwritten?

Answer 11

Morris worm

Question 12

_____ is a form of buffer overflow attack.

Heap overflows
Return to System call
Replacement stack frame
All of the Above

Answer 12

All of the Above

Question 13

A buffer can be located _____

In the heap
On the stack
In the data section of the process
All of the Above

Answer 13

All of the above

Question 14

What is a data structure that is used to store values in a particular order and processes the dynamic variables used in the program?

Answer 14

A stack

Question 15

What is the process called of setting a port number to a socket?

Answer 15

binding

Question 16

What type of an attack is it when the user-supplied input is used to construct a SQL request to retrieve information from a database?

Answer 16

SQL injection

Question 17

Servers can find it inconvenient to have ____ ____ port numbers assigned.

Answer 17

short term

Question 18

True/False You can determine in advance exactly where the targeted buffer will be located in the stack frame.

True
False

Answer 18

False

Question 19

What are the locations in the stack area used to store the values referring to one invocation of a routine?

Answer 19

Stack frame

Question 20

What type of an attack is it, when the input is used in the construction of a command that is subsequently executed by the system with privileges of the Web server.

Answer 20

command injection

Question 21

What is the code supplied by the attacker which is often saved in the buffer being overflowed so that it can be executed?

Answer 21

shellcode

Question 22

True or False Shellcode is not specific to a particular processor architecture?

True
False

Answer 22

False

Question 23

What are the three places a buffer overflow usually targets? (use format xxx, xxx, xxx)

Answer 23

Stack, heap, data section