312-50v11 Practice Test

Firewalking

Directory traversal

Explanation:
Appropriately controlling admittance to web content is significant for running a safe web
worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to
get to limited catalogs and execute orders outside of the web worker’s root registry.
Web workers give two primary degrees of security instruments
Access Control Lists (ACLs)
Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web
worker’s manager uses to show which clients or gatherings can get to, change or execute
specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients
are kept. Clients can’t get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with
this arrangement, a client doesn’t approach C:\Windows yet approaches
C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog
(given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example,
C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on
Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web
application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and
some information on where to aimlessly discover any default documents and registries on
the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against
index crossing, an aggressor can utilize this weakness to venture out of the root catalog
and access different pieces of the record framework. This may enable the assailant to see
confined documents, which could give the aggressor more data needed to additional trade
off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by
mimicking himself as the client which is related with “the site”. Along these lines everything
relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web
applications with dynamic pages, input is generally gotten from programs through GET or
POST solicitation techniques. Here is an illustration of a HTTP GET demand URL
GET http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1
Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with
it also sends the parameter view with the value of oldarchive.html. When this request is
executed on the web server, show.asp retrieves the file oldarchive.html from the server’s
file system, renders it and then sends it back to the browser which displays it to the user.
The attacker would assume that show.asp can retrieve files from the file system and sends
the following custom URL.
GET http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1
Host: test.webarticles.com
This will cause the dynamic page to retrieve the file system.ini from the file system and
display it to the user. The expression ../ instructs the system to go one directory up which is
commonly used as an operating system directive. The attacker has to guess how many
directories he has to go up to find the Windows folder on the system, but this is easily done
by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the
code, even the web server itself can be open to directory traversal attacks. The problem
can either be incorporated into the web server software or inside some sample script files
left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are
web servers online which are still using older versions of IIS and Apache which might be
open to directory traversal attacks. Even though you might be using a web server software
version that has fixed this vulnerability, you might still have some sensitive default script
directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse
directories and execute a command can be
GET http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1
Host: server.com
The request would return to the user a list of all files in the C:\ directory by executing
the cmd.exe command shell file and run the command dir c:\ in the shell.
The %5c expression that is in the URL request is a web server escape code which is used
to represent normal characters. In this case %5c represents the character \.
Newer versions of modern web server software check for these escape codes and do not
let them through. Some older versions however, do not filter out these codes in the root
directory enforcer and will let the attackers execute such commands.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

Weaponization

Explanation: This stage coupling exploit with backdoor into deliverable payload
Next, attackers can re-engineer some core malware to suit their functions victimization
subtle techniques. counting on the requirements and talents of the assaulter, the malwaremight exploit antecedently unknown vulnerabilities, aka “zero-day” exploits, or some
combination of vulnerabilities, to quietly defeat a network’s defenses. By reengineering the
malware, attackers scale back the probability of detection by ancient security solutions.
This method typically involves embedding specially crafted malware into Associate in
Nursing otherwise benign or legitimate document, like a press release or contract
document, or hosting the malware on a compromised domain.