SQL more like LOL right guys? guys?.....<insert cricket noises>
Cat in the net! A lesser known story by Dr. Suess
100
an enormous set of precomputed hash values for every possible combination of characters used to crack passwords
Rainbow table
100
An account that has no username or password.
Null user
100
Define a Black Box test
When there is absolutely no info given to the penetration testing team. In fact, using this method of testing, the penetration testing team may only be given the company name. Other times, they may be given an IP range and other parameters to limit the potential for collateral damage. This type of testing most accurately represents what an attacker may do and is the most realistic
100
What would the following SQL injection do? (Assume that this would work) John' or 'a'='a
dump the database.
100
This is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol.
Netcat
200
Wire Sniffing has this major drawback, which is why it is not typically used by itself.
only works in a common collision domain.
200
Name the three groups controlled by admin.
Authenticated users, power users, admin
200
This is the most important issue when planning a pen test since the test may vary greatly, this also helps us determine what machines will be in the test, cost and time.
Scope
200
What would the following SQL injection do? (Assume that this would work) ' UNION SELECT table_schema FROM information_schema.tables #
List all currently mounted databases
200
In the malicious PDF lab, once you created and executed the malicious PDF on the victim, you used this metasploit tool to connect up to it.
Multihandler.
300
Shoulder surfing and Keyboard sniffing are examples of these type of password attacks
nontechnical attacks
300
This type of vulnerability was used against older systems like NT or 2000.
Null Session
300
This is an item normally is done by the contractor, it defines the purpose of the assessment, type, time constraints, and communication strategy along with other items.
SOW or Statement of Work.
300
What would the following SQL injection do? (Assume that this would work) ' UNION SELECT table_name FROM information_schema.tables WHERE table_schema='sqlol' #
List the tables in the sqlol database
300
What does the curl command do?
A command line tool and library for transferring data with URL syntax.
400
"Borrowing" (legitimately or via a botnet) computing power from a large number of machines is an example of this type of password cracking.
Distributed Network
400
Admin controls assign permissions and follow a specific sequence very similarly to this authentication protocol.
Kerberos
400
During this phase you will typically develop a list of resources required from the client.
Planning phase
400
' UNION SELECT column_name FROM information_schema.columns WHERE table_name='ssn' AND table_schema='sqlol' #
List the columns in the ssn table
400
Small programs written to be run from within a container and can do just about anything that the user running them can do, including access the registry or modify the file system.
Active X controls
500
This type of offline attack is used when the attacker has some information about the password they are trying to crack.
Rule-based.
500
These cache information about a logon session for a particular user and only remain valid until the user logs out or uses another machine or resource.
Access tokens.
500
This methodology was developed so that, if followed, will ensure a baseline to test against, regardless of the customer environment or test provider. It is free to the public but the latest version requires purchasing.
OSSTMM Open Source Security Testing Methodology Manual
500
' UNION SELECT ssn FROM sqlol.ssn WHERE name='Wengdack Slobdegoob'#
List the ssn number for Wengdack Slobdegoob
500
An implicit security zone that was often the target of client-side browser attacks.