Free Access to ECCouncil.312-50v12.v2025-07-31.q254 with Valid Practice Test (Page 28)

Question 131

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 no response
TCP port 22 no response
TCP port 23 Time-to-live exceeded

A.The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
B.The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
C.The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
D.The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

Question 132

These hackers have limited or no training and know how to use only basic techniques or tools.
What kind of hackers are we talking about?

A.Black-Hat Hackers A
B.Script Kiddies
C.White-Hat Hackers
D.Gray-Hat Hacker

Question 133

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

A.Nmap
B.Armitage
C.Metasploit
D.Nikto

Question 134

Which of the following tactics uses malicious code to redirect users' web traffic?

A.Spimming
B.Pharming
C.Spear-phishing
D.Phishing

Question 135

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<
iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none""
> < /iframe >
What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A.Browser Hacking
B.Cross-Site Scripting
C.SQL Injection
D.Cross-Site Request Forgery

Correct Answer: D

https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.
This is done by making a logged in user in the victim platform access an attacker controlled website and from there execute malicious JS code, send forms or retrieve "images" to the victims account.
In order to be able to abuse a CSRF vulnerability you first need to find a relevant action to abuse (change password or email, make the victim follow you on a social network, give you more privileges...). The session must rely only on cookies or HTTP Basic Authentication header, any other header can't be used to handle the session. An finally, there shouldn't be unpredictable parameters on the request.
Several counter-measures could be in place to avoid this vulnerability. Common defenses:
- SameSite cookies: If the session cookie is using this flag, you may not be able to send the cookie from arbitrary web sites.
- Cross-origin resource sharing: Depending on which kind of HTTP request you need to perform to abuse the relevant action, you may take int account the CORS policy of the victim site. Note that the CORS policy won't affect if you just want to send a GET request or a POST request from a form and you don't need to read the response.
- Ask for the password user to authorise the action.
- Resolve a captcha
- Read the Referrer or Origin headers. If a regex is used it could be bypassed form example with:
http://mal.net?orig=http://example.com
(ends with the url)
http://example.com.mal.net
(starts with the url)
- Modify the name of the parameters of the Post or Get request
- Use a CSRF token in each session. This token has to be send inside the request to confirm the action. This token could be protected with CORS.
Diagram Description automatically generated

Question 131

Question 132

Question 133

Question 134

Question 135

Download PDF File