Section 6

Ace your homework & exams now with Quizwiz!

what is another name for pivoting?

redirection

once a stager communication channel is established what occurs?

upload/download is brokered in the form of the payload or a stage

pivoting allows an attacker to

use an existing session on a dual-homed computer as a proxy in order to exploit computers residing on another

how does the passivex payload work?

uses activex to create a hidden instance of internet explorer

describe the sql injection attack of compromised availability integrity

attacker alters contents of a database which makes the data untrustworthy

describe how a directory traversal attack may be attempted

attacker crafts a url which references directories that should be inaccessible

describe a stored cross-site scripting attack

attacker embeds the malicious code within the page that is stored on the web server

describe a reflected cross-site scripting attack

attacker includes html code within a link to a web address, knowing the linked page will fail to sanitize the html code

describe sql targeted attacks

attacks subvert the original intent of the application by submitting attacker supplied sql statements directly to the back-end database through normal interaction

how can a backslash be encoded in to a url?

by using %255c

how can aslr be bypassed?

by using a technique known as egg-hunter which involves executing a code stub that will identify where the malicious payload from the attacker is located within memory

how is dep performed on a system that supports it?

by using the nx bit

how can dep be circumvented?

by utilizing the heap memory

what is a common small single payload?

netcat

are shellcode attacks hard to detect if they are unencrypted?

no

does meterpreter need to start it's own process?

no

is an unstaged payload subject to the same space limitations as a staged payload?

no

describe a meterpreter payload

payload written specifically for the metasploit framework, sophisticated, and executes directly in to memory

describe a nonx payload

payloads designed to circumvent dep

describe data execution prevention (dep)

prevents the use of the stack memory space for execution

what is shellcode designed to do?

provide the threat actor with command shell access on the system

what is the most recognized remote command injection attack?

uses the xp cmdshell stored procedure (windows) or leverages the external procedure feature on oracle databases

describe how a dns tunneling attack is carried out

-attacker creates a dns server that resolves a domain name for the attack -a logical interface is created on the server -logical interface is created on target to use for tunneling -

what are some consequences of a successful sql injection attack?

-authentication bypass -disclosing confidential info -distributes malicious code to endpoints

sql injection can be used to perform what attacks?

-authentication bypass -information disclosure -compromised data integrity -compromised availability of data -remote command execution

describe some uses of dns tunneling

-command and control -data exfiltration -tunneling of ip traffic

what are the advantages of the ord payload?

-compatible with every flavor and language of windows dating back to windows 9x -extremely small

what are 2 memory based shellcode protection measures?

-data execution prevention -address space layout randomization

what are the methods for detecting dns tunneling attacks?

-examine payloads for unusual content, packet size, frequency of requests -looking for unusual hostnames

what other payload types are available within metasploit?

-meterpreter -passivex -nonx -ord -ipv6 -reflective dll injection

what forms can a stage come in?

-precompiled and configured -customized before deployment

what are disadvantages of the ord payload?

-relies on ws2_32.dll on the target -somewhat less stable than other stagers

what are the 3 basic metasploit payloads?

-singles -stagers -stages

what 2 variations does shellcode come in?

-staged -unstaged

what are the 2 types of cross-site scripting attacks?

-stored -reflected

which payloads make use of the reflective dll injection payload?

-vnc -meterpreter

describe pivoting

a method that allows an attacker to use a compromised computer to attack other computers within the same or other networks

what is the result of a stored cross-site scripting attack?

a persistent attack

describe a nop sled

a segment of no-operation instructions that precedes a section of shellcode

describe a reflective dll injection payload

a stage payload is injected into a compromised host process running in memory

describe punycode

a system for representing unicode characters in an ascii-only format to ensure compatibility with dns

describe the sql injection attack of remote command execution

allows an attacker to compromise the underlying os by exposing potential commands

describe the sql injection attack of compromised availability of data

allows an attacker to delete data, logs, or audit info

describe the sql injection attack of information disclosure

allows an attacker to obtain, directly or indirectly, sensitive information

describe the sql injection attack of authentication bypass

allows attackers to login in to a system without supplying proper credentials

describe a ipv6 payload

allows metasploit and corresponding payloads to function like ipv4 payloads on an ipv6 network

describe dns tunneling

another protocol is tunneled through dns

descrive a passivex payload

developed to circumvent outbound firewalls

what is a useful way of detecting shellcode on a network?

focus on detecting a pattern of code that contains a sequence of no-operation instructions

describe netcat

has a small size and foot print and can be compiled on windows or linux

describe a staged payload

intentionally designed to be very compact to fit within memory space limitations for a particular exploit

describe shellcode

is the payload that is attached to an exploit that will execute the desired actions of the threat actor

how is dep performed on a system that does not support it?

it's emulated via memory segmentation if the cpu does not support it

a shellcode exploit using nop sled will execute as long as

long as the jump lands somewhere along the nop sled memory

what's another name for shellcode?

machine code

what are critical to making an ids work properly?

regular expressions

describe the singles payload type

self-contained payloads that function on their own

describe stagers

set up a network connection between the attacker and the victim

what type of payload is not dependent on the metasploit framework?

singles

describe a directory traversal attack

takes advantage of improper checking or validation of user-supplied input, allowing the threat actor to gain unintended access to a file system

how can a reflected xss attack be used to compromise user credentials?

the cookie of the user is intercepted by the attack and the attacker uses to access the site under the user's account

what do payloads referrer to within the metasploit framework?

the modules utilized during the exploitation events to gain access

describe a stage

the payload that is delivered to the target host

why do exploit authors include nop sleds?

to increase the probability of the success of the exploit

why have many payload types been created within metasploit?

to keep the size, footprint, and detectability to a minimum

describe what sql is used for

to query, operate, and administer database systems such as microsoft sql, oracle, and mysql

what is the primary way a directory traversal attack works?

via a web server

describe a ord payload

window based stager payload

what is the structure of a puny code url?

xn-<ulr minus characters>-<code for special characters>.<tld (.com...net...etc)>

are payload singles easy to detect, block, and log?

yes

can directory traversal be accomplished with scripts?

yes


Related study sets

State Topic Tester- VA License Law

View Set

Managerial Account - Chapter 6: Cost-Volume-Profit Analysis

View Set

C1 CAE Key Word Transformations 1

View Set

PERFORMANCE APPRAISAL AND REWARDS

View Set

Chapter 40: Drugs Affecting the Female Reproductive System

View Set