Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his test?
A. IP Range,OS,and patches installed.
B. Only the IP address range.
C. Nothing but corporate name.
D. All that is available from the client site.
Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box (with complete knowledge of the infrastructure to be tested). As you might expect,there are conflicting opinions about this choice and the value that either approach will bring to a project.
Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of XYZ, he went through a few scanners that are currently available. Here are the scanners that he uses:
1. Axentos NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?
A. Using Cheops-ng to identify the devices ofXYZ.
B. Using the manual method of telnet to each of the open ports ofXYZ.
C. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running forXYZ.
D. Using the default port and OS to make a best guess of what services are running on each port forXYZ.
By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.
Jim is having no luck performing a penetration test in XYZos network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.
Why is Jim having these problems?
A. Security scanners are not designed to do testing through a firewall.
B. Security scanners cannot perform vulnerability linkage.
C. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
D. All of the above.
The Security scanners available online are often to poutdatedq to perform a live pentest against a victim.
You have just received an assignment for an assessment at a company site. Company’s management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?
A. Black box testing
B. Black hat testing
C. Gray box testing
D. Gray hat testing
E. White box testing
F. White hat testing
Internal Testing is also referred to as Gray-box testing.
What does black box testing mean?
A. You have full knowledge of the environment
B. You have no knowledge of the environment
C. You have partial knowledge of the environment
Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive.
Bryan notices the error on the web page and asks Liza to enter liza’ or ’1′=’1 in the email field. They are greeted with a message “Your login information has been mailed to email@example.com”. What do you think has occurred?
A. The web application picked up a record at random
B. The web application returned the first record it found
C. The server error has caused the application to malfunction
D. The web application emailed the administrator about the error
The web application sends a query to an SQL database and by giving it the criteria 1=1,which always will be true,it will return the first value it finds.
Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email firstname.lastname@example.org’. The application displays server error. What is wrong with the web application?
A. The email is not valid
B. User input is not sanitized
C. The web server may be down
D. The ISP connection is not reliable
All input from web browsers,such as user data from HTML forms and cookies,must be stripped of special characters and HTML tags as described in the following CERT advisories: http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html
Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to?
A. Cross Site Scripting
B. SQL injection Attack
C. Format String Attack
D. Unicode Traversal Attack
Format string attacks are a new class of software vulnerability discovered around 1999,previously thought harmless. Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting,such as printf(). A malicious user may use the %s and %x format tokens,among others,to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token,which commands printf() and similar functions to write back the number of bytes formatted to the same argument to printf(),assuming that the corresponding argument exists,and is of type int * .
Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?
A. An integer variable
B. A ‘hidden’ price value
C. A ‘hidden’ form field value
D. A page cannot be changed locally; it can only be served by a web server
Changing hidden form values is possible when a web site is poorly built and is trusting the visitors computer to submit vital data,like the price of a product,to the database.
Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?
A. Cookie Stealing
B. Session Hijacking
C. Cross Site Scripting
D. Parameter Manipulation
Cookies are the preferred method to maintain state in the stateless HTTP protocol. They are however also used as a convenient mechanism to store user preferences and other data including session tokens. Both persistent and non-persistent cookies,secure or insecure can be modified by the client and sent to the server with URL requests. Therefore any malicious user can modify cookie content to his advantage. There is a popular misconception that non-persistent cookies cannot be modified but this is not true; tools like Winhex are freely available. SSL also only protects the cookie in transit.