An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

• A.Aircrack-ng
• B.Ettercap
• C.Tcpdump
• D.Wireshark

Comment: *

Name: *

Email: *

Verification: *

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?

• A.WhOiS lookup
• B.Banner grabbing
• C.Dictionary attack
• D.Brute forcing

Correct Answer: B

Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits.
Some samples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.
For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:
Graphical user interface, text, application Description automatically generated

This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits.To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.

Comment: *

Name: *

Email: *

Verification: *

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

• A.Role Based Access Control (RBAC)
• B.Single sign-on
• C.Discretionary Access Control (DAC)
• D.Windows authentication

Comment: *

Name: *

Email: *

Verification: *

Why should the security analyst disable/remove unnecessary ISAPI filters?

• A.To defend against jailbreaking
• B.To defend against webserver attacks
• C.To defend against social engineering attacks
• D.To defend against wireless attacks

Comment: *

Name: *

Email: *

Verification: *

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
< iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none"" > < /iframe > What is this type of attack (that can use either HTTP GET or HTTP POST) called?

• A.Browser Hacking
• B.Cross-Site Scripting
• C.SQL Injection
• D.Cross-Site Request Forgery

Correct Answer: D

https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.
This is done by making a logged in user in the victim platform access an attacker controlled website and from there execute malicious JS code, send forms or retrieve "images" to the victims account.
In order to be able to abuse a CSRF vulnerability you first need to find a relevant action to abuse (change password or email, make the victim follow you on a social network, give you more privileges...). The session must rely only on cookies or HTTP Basic Authentication header, any other header can't be used to handle the session. An finally, there shouldn't be unpredictable parameters on the request.
Several counter-measures could be in place to avoid this vulnerability. Common defenses:
- SameSite cookies: If the session cookie is using this flag, you may not be able to send the cookie from arbitrary web sites.
- Cross-origin resource sharing: Depending on which kind of HTTP request you need to perform to abuse the relevant action, you may take int account the CORS policy of the victim site. Note that the CORS policy won't affect if you just want to send a GET request or a POST request from a form and you don't need to read the response.
- Ask for the password user to authorise the action.
- Resolve a captcha
- Read the Referrer or Origin headers. If a regex is used it could be bypassed form example with:
http://mal.net?orig=http://example.com (ends with the url)
http://example.com.mal.net (starts with the url)
- Modify the name of the parameters of the Post or Get request
- Use a CSRF token in each session. This token has to be send inside the request to confirm the action. This token could be protected with CORS.

Comment: *

Name: *

Email: *

Verification: *