CompTIA Pentest+ Domain 3 Attacks and Exploits ( complete but under grammar and improvement review.)
WPS implementation attacks
A number of popular home and small office routers suffer from an implementation problem that could lead an experienced hacker down the road toward learning the devices' eight-digit Wi-Fi Protected Setup (WPS) PINs in one guess.
SQL injection
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Trojan
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.
Website redirection
A URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack. This page could lead to a malicious page that resembles the original, and tries to trick the user into giving their credentials.
Deauthentication Attacks
A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.
Backdoors
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes. However, attackers often use backdoors that they detect or install themselves as part of an exploit. In some cases, a worm or virus is designed to take advantage of a backdoor created by an earlier attack.
Pass the hash
A pass the hash attack is an NT LAN Manager (NTLM)-based technique in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick a Windows-based authentication system into creating a new authenticated session on the same network.
Daemons
A daemon (pronounced DEE-muhn) is a program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive. The daemon program forwards the requests to other programs (or processes) as appropriate.
Keylogger
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard.
Jamming attack
A kind of Denial of Service attack, which prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on Learn more in: Jamming Attacks and Countermeasures in Wireless Sensor Networks.
Race conditions
A race condition or race hazard is the behavior of an electronics, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended.
Relay attack
A relay attack in computer security is a type of hacking technique related to man-in-the-middle and replay attacks. In a classic man-in-the-middle attack, an attacker intercepts and manipulates communications between two parties initiated by one of the parties.
Replay attack
A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
Lock bypass
A technique in lockpicking, of defeating a lock through unlatching the underlying locking mechanism without operating the lock at all. It is commonly used on devices such as combination locks, where there is no natural access (such as a keyhole) for a tool to reach the locking mechanism.
ARP spoofing
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.
Denial of service attack
An attack that denies a resource or service to an entity that would need it.
Cookie manipulation
An attacker can leverage the data storage to control a part of the response (for example, a JavaScript string) that can be used to trigger the DOM-based vulnerability. DOM-based cookie manipulation arises when a script writes controllable data into the value of a cookie.
Spear phishing
An email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer.
Evil Twin Attack
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate, set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.
Bluejacking
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.
Bluesnarfing
Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices.
Clickjacking
Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page.
Code signing
Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author's identity and ensure that the code has not been changed or corrupted since it was signed by the author.
Cross-site scripting
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user.
DNS cache poisoning
DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server
Directory traversal
Directory traversal or Path Traversal is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server's root directory. Web servers provide two main levels of security mechanisms. Access Control Lists (ACLs) Root directory.
Distributed denial of service attack
Distributed DoS attack. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
Dumpster diving
Dumpster diving is looking for treasure in someone else's trash. Treasure of course means information that can be used in a future attack, exploit, or theft.
FTP exploits
File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet. But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It's a known fact that FTP doesn't provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be.
Fragmentation attacks
IP fragmentation attacks are a common form of denial of service attack, in which the perpetrator overbears a network by exploiting datagram fragmentation mechanisms.
Man-in-the-middle attacks
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
Cold Boot attack
In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine.
Input validation
Input validation, also known as data validation, is the proper testing of any input supplied by a user or application. Input validation prevents improperly formed data from entering an information system.
Interrogation
Is interviewing as commonly employed by law enforcement officers, military personnel, and intelligence agencies with the goal of eliciting useful information.
Fence jumping
Jumping over a fence to gain unauthorized access to a secure zone.
Badge cloning
Making a copy of a RFID badge so that it can be used to gain access to an unauthorized area.
Credential brute forcing
Refers to the hacking practice of re-using username and password combinations gathered in previous brute-force attacks. A special form of credential recycling is pass the hash, where unsalted hashed credentials are stolen and re-used without first being brute forced.
USB key drop
Purposefully losing an flash storage that is loaded with malware with the intention that someone will steal it and plug it into their computer.
SMS phishing
SMS phishing or smishing is a form of criminal activity using social engineering techniques. Phishing is the act of attempting to acquire personal information such as passwords and details by masquerading as a trustworthy entity in an electronic communication.
SNMP exploits
SNMP has three (3) versions. Version 1 or SNMPv1, has very poor security. The authentication of clients is in cleartext and by default, uses a "community string" that is set to "public". This community string operates like a password and it is valid for each and every node on the network.
SSL stripping
SSL Strip is a technique by which a website is downgraded from https to http .
SMB exploits
Server Message Block (SMB) is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services. SMB operates over TCP ports 139 and 445. In April 2017, Shadow Brokers released an SMB vulnerability named "EternalBlue," which was part of the Microsoft security bulletin MS17-010. The recent WannaCry ransomware takes advantage of this vulnerability to compromise Windows machines, load malware, and propagate to other machines in a network. The attack uses SMB version 1 and TCP port 445 to propagate.
Stress test
Stress testing is the process of determining the ability of a computer, network, program or device to maintain a certain level of effectiveness under unfavorable conditions. The process can involve quantitative tests done in a lab, such as measuring the frequency of errors or system crashes.
Tailgating/Piggybacking
Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
SAM database in Windows
The Security Account Manager (SAM), often Security Accounts Manager, is a database file in Windows XP, Windows Vista, Windows 7, 8.1 and 10 that stores users' passwords. It can be used to authenticate local and remote users.
Session hijacking
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http communication uses many different TCP connections, the web server needs a method to recognize every user's connections.
Impersonation
The act of pretending to be another person for the purpose of fraud.
Lock picking
The art of unlocking a lock by manipulating the components of the lock device without the original key.
Elicitation
The practice of collecting the requirements of a system from users, customers and other stakeholders. The practice is also sometimes referred to as "requirement gathering".
NETBIOS name service
This service is often called WINS on Windows systems. The NetBIOS Name Service is part of the NetBIOS-over-TCP protocol suite, see the NetBIOS page for further information. NBNS serves much the same purpose as DNS does: translate human-readable names to IP addresses
VLAN hopping
VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.
Voice phishing
Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. It is sometimes referred to as 'vishing', a word that is a combination of "voice" and phishing.
Whaling
Whaling is a specific form of phishing that's targeted at high-profile business executives, manager, and the like. It's different from ordinary phishing in that with whaling, the emails or web pages serving the scam take on a more official or serious look and are usually targeting someone in particular.
RFID clonning
When an attack takes the RF signal of a badge and makes an exact copy.