EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 371:

  Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?

  A. Jimmy can submit user input that executes an operating system command to compromise a target system

  B. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

  C. Jimmy can utilize an incorrect configuration that leads to access with higher-than-expected privilege of the database

  D. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access

  Correct Answer: B

  SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

• Question 372:

  A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

  A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database

  B. An attacker submits user input that executes an operating system command to compromise a target system

  C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access

  D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database

  Correct Answer: A

  Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack.

• Question 373:

  Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost's customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost's customers had been changed! However, moneyhadn't been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:

  Attempted login of unknown user: johnm Attempted login of unknown user: susaR Attempted login of unknown user: sencat Attempted login of unknown user: pete''; Attempted login of unknown user: ' or 1=1-Attempted login of unknown user: '; drop table logins-Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x9062757944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike

  What type of attack did the Hacker attempt?

  A. Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools.

  B. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability.

  C. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID.

  D. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.

  Correct Answer: C

  The 1=1 or drop table logins are attempts at SQL injection.

• Question 374:

  When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)

  A. Cover his tracks by eradicating the log files and audit trails.

  B. Gain access to the remote computer in order to conceal the venue of attacks.

  C. Perform a reconnaissance of the remote target for identical of venue of attacks.

  D. Always begin with a scan in order to quickly identify venue of attacks.

  Correct Answer: C

  A hacker always starts with a preparatory phase (Reconnaissance) where he seeks to gather as much information as possible about the target of evaluation prior to launching an attack. The reconnaissance can be either passive or active (or both).

• Question 375:

  Which of the following activities will not be considered passive footprinting?

  A. Go through the rubbish to find out any information that might have been discarded

  B. Search on financial site such as Yahoo Financial to identify assets

  C. Scan the range of IP address found in the target DNS database

  D. Perform multiples queries using a search engine

  Correct Answer: C

  Scanning is not considered to be passive footprinting.

• Question 376:

  Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?

  A. SQL Input attack

  B. SQL Piggybacking attack

  C. SQL Select attack

  D. SQL Injection attack

  Correct Answer: D

  This technique is known as SQL injection attack

• Question 377:

  Exhibit:

  

  You are conducting pen-test against a company's website using SQL Injection techniques. You enter "anuthing or 1=1-" in the username filed of an authentication form. This is the output returned from the server.

  What is the next step you should do?

  A. Identify the user context of the web application by running_http://www.example.com/order/include_rsa_asp?pressReleaseID=5ANDUSER_NAME() = `dbo'

  B. Identify the database and table name by running:http://www.example.com/order/include_rsa.asp? pressReleaseID=5ANDascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERExtype='U'),1))) > 109

  C. Format the C: drive and delete the database by running:http://www.example.com/order/include_rsa.asp?pressReleaseID=5 ANDxp_cmdshell `format

  c: /q /yes `; drop database myDB; -

  D. Reboot the web server by running:http://www.example.com/order/include_rsa.asp? pressReleaseID=5AND xp_cmdshell `iisreset reboot'; -

  Correct Answer: A

• Question 378:

  Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible.

  What is the first character that Bob should use to attempt breaking valid SQL requests?

  A. Semi Column

  B. Double Quote

  C. Single Quote

  D. Exclamation Mark

  Correct Answer: C

  In SQL single quotes are used around values in queries, by entering another single quote Bob tests if the application will submit a null value and probably returning an error.

• Question 379:

  Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

  Choose the attack type from the choices given below.

  A. Database Fingerprinting

  B. Database Enumeration

  C. SQL Fingerprinting

  D. SQL Enumeration

  Correct Answer: A

  He is trying to create a view of the characteristics of the target database, he is taking it's fingerprints.

• Question 380:

  Bank of Timbuktu was a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently, using which customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.

  John Stevens was in charge of information security at Bank of Timbuktu. After one month in production, several customers complained about the Internet enabled banking application. Strangely, the account balances of many bank's customers has been changed! However, money hadn't been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:

  Attempted login of unknown user: John Attempted login of unknown user: sysaR Attempted login of unknown user: sencat Attempted login of unknown user: pete `'; Attempted login of unknown user: ` or 1=1-Attempted login of unknown user: `; drop table logins-- Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x90627579944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike

  What kind of attack did the Hacker attempt to carry out at the bank? (Choose the best answer)

  A. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID.

  B. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.

  C. The Hacker attempted a brute force attack to guess login ID and password using password cracking tools.

  D. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability.

  Correct Answer: A

  The following part:

  Attempted login of unknown user: pete `';

  Attempted login of unknown user: ` or 1=1-Attempted login of unknown user: `; drop table logins-- Clearly shows a hacker trying to perform a SQL injection by bypassing the login with the statement 1=1 and then dumping the logins table.