CYB625 Midterm: SP 22 First Name: Last Name: Preps: For any web related question, FireFox is the recommended browser to test your scripts on Q1. [20 points ] Go to http://sudo.co.il/xss/level0.php and...

Attached


CYB625Midterm: SP 22 First Name: Last Name: Preps: For any web related question, FireFox is the recommended browser to test your scripts on Q1. [20 points ] Go to http://sudo.co.il/xss/level0.php and exploit it for XSS vulnerability. What type of XSS vulnerability this site exhibits? Briefly support you claim “ in a sentence or two max, you can use a screenshot if you like” Place your link below: Q2. [20 points ] You are the head of infosec dept in CYB625 Inc. As you were running a regular pen-testing exercise to see what assets exposed from your client, Detox Drink, in the open web, you came across the following file totally accessible in the wild which is marked as confidential because it highlights the market strategy till 2023. https://cyb625inc.azurewebsites.net/contracts/gov/detoxdrinksmarket-190326133630.pdf a. What type of vulnerability is this (if you answer no in question 2.a, please ignore this question and move on to the next question) · Answer (in ONE sentence): b. How would you protect your company against this type of vulnerability: Answer (in two/three sentences max): Q3. [20 points ] . Bypass authentication for the following banking site, http://altoromutual.com/login.jsp using two distinct methods. A. Using injection Type the exact statement you used to bypass authentication Paste a screen shot of the landing page after you bypass authentication B. Using brute force or guessing What is username/password of the admin user Q4. [20 points ] . BACKGROUND: This question is covering the very common SQL injection attack to bypass username & password. As discussed in class, the common injection on user table would target this sql statement select * from users where username='USERNAME' and password='USERPASSWORD'; Prep steps: Step1. go to the page t.ly/P5tX Step2. log in by decoding using base64 : cGFzc3dvcmRzX3dpbGxfY2hhbmdlX292ZXJfdGltZV9sZXRfdXNfZG9fYV9zaGl0dHlfcmh5bWU= Step3. Once you log in, you will be presented by a traditional username/password page. Use username: Hornoxe and then inject the right SQL to bypass the password. If you already landed in a page with username & password, then skip step2, and start with step 3 directly. Answer the following 1. How did you get in, show your SQL statement? 2. Paste the flag value. Below (Note: The flag is NOT the decoded base64 hash) 3. Upon successful attack, you will get a password, paste this password in the answer section, below Hint: The following link might be handy as cheat sheet https://pastebin.com/ASmH7LRj Q5. [20 points] As you were pen testing a corporate website, you came across a public hosted site and as you intercepted the request, you managed to updated as follows then you got a response message affirming that the request was executed successfully. ]> & credshound; 1 List (just list) the type of vulnerability(ies) your pen test report will include · OPTIONAL EXTRA CREDIT Q6 [10 points] BACKGROUND: UNION attack. The UNION keyword lets you execute one or more additional SELECT queries and append the results to the original query. For example: SELECT a, b FROM table1 UNION SELECT c, d FROM table2 This query will return a single result set with two columns, containing values from columns a and b in table1 and columns c and d in table2. This site, https://redtiger.labs.overthewire.org/level1.php?cat=1 , is exhibiting UNION attack vulnerability when you run the following from the browser https://redtiger.labs.overthewire.org/level1.php?cat=1 union select 1,2,3,4 from level1_users (pay a close attention to the select statement) Slightly modify this statement so that you can get the “username” and the “password” from level1_users table. A successful attack is when you type in the username and the password in the log in fields and you get the message “You made it!” a. Type the SQL statement you used to carry on this attack, below, b. then paste a screenshot showing that you successfully executed the attack and displaying the username/password