Common Vulnerabilities: SQL Injection and Cross-Site Scripting Quiz

Questions and Answers

What is the purpose of port scanning?

All of the above

Which port is used for the Hypertext Transfer Protocol (HTTP)?

80

What is the purpose of a 'close port'?

The host sends a reply indicating the connection will be denied

What type of port is used for the File Transfer Protocol (FTP) data transfer?

20

Which protocol uses port 22 for secure login?

Secure Shell (SSH)

What is the purpose of a 'filtered port'?

The host does not reply, indicating the port is filtered

How can SQL injection be prevented?

Using parameterized queries

What is the main risk associated with Cross-Site Scripting (XSS)?

Theft of sensitive information

How does CSRF attack work?

Causing a user's browser to perform unwanted actions on trusted sites

What is the consequence of Buffer Overflow?

Potential code execution by an attacker

How can Security Misconfigurations be avoided?

Using secure coding practices

What is the recommended method to prevent SQL injection?

Implementing input validation

What is the main purpose of the 'socat' command?

To connect stdio to a remote TCP port

What is the purpose of a port redirection tool?

To route traffic between two different ports

Which of the following is a Unix-based port redirection tool mentioned in the text?

datapipe

What does the 'localhost' argument represent in the 'datapipe' command?

The IP address on which to open the listening port

How is data transmitted when using the 'socat' command?

Data is piped into the command and forwarded to the remote host

What is the purpose of using a port redirection tool between a browser and a web server?

To allow the browser to access the web server without knowing its IP address

What is the purpose of the localport argument in the given context?

It specifies the port number on the local system to listen for incoming connections.

Why might you receive a "bind: Permission denied" error when opening a listening port below 1024 on UNIX systems?

Your account does not have the required privileges to open reserved ports.

What is the typical value for the remoteport argument when forwarding traffic to a web server?

80

What does the remotehost argument represent in the context of port redirection?

The hostname or IP address of the target system to which traffic is forwarded.

What is the purpose of the datapipe tool mentioned in the text?

It forwards traffic between TCP ports without modifying the data.

What is a key difference between datapipe and FPipe mentioned in the text?

FPipe supports both TCP and UDP protocols, while datapipe only supports TCP.

What tool in the Nmap suite is used for comparing scan results?

Ndiff

Which movie featured Nmap among its tools?

The Matrix Reloaded

What does Amap aim to identify?

Applications on non-standard ports

In which mode of THC - Amap does it not perform service identification?

-B

What characteristic is NOT attributed to NMAP in the text?

Expensive

Which tool in the Nmap suite focuses on packet generation and response analysis?

Nping

Study Notes

Ports and Protocols

• Ephemeral ports: a range of ports allocated by a web browser when connecting to a web server
• Well-known ports:
  • 20: FTP (File Transfer Protocol) data transfer
  • 21: FTP command control
  • 22: SSH (Secure Shell) secure login
  • 23: Telnet remote login service
  • 25: SMTP (Simple Mail Transfer Protocol) email routing
  • 53: DNS (Domain Name System) service
  • 67, 68: DHCP (Dynamic Host Configuration Protocol)
  • 80: HTTP (Hypertext Transfer Protocol) used in the World Wide Web
  • 110: POP3 (Post Office Protocol version 3) email retrieval
  • 119: NNTP (Network News Transfer Protocol)
  • 123: NTP (Network Time Protocol)
  • 143: IMAP (Internet Message Access Protocol) email retrieval
  • 161: SNMP (Simple Network Management Protocol)
  • 194: IRC (Internet Relay Chat)
  • 443: HTTPS (HTTP over TLS/SSL) secure web browsing

Port Scanning

• Port scanner: software designed to probe a server or host for open ports
• Port scan: a process that sends a client request to a server to find active ports
• Open port: a port that responds to a request, indicating it is active
• Closed port: a port that does not respond to a request, indicating it is inactive
• Filtered port: a port that does not respond to a request, but may be active
• Vulnerabilities: open ports or operating system vulnerabilities can be exploited by attackers

Vulnerabilities and Prevention

• SQL Injection (SQLi):
  • Description: injecting malicious SQL statements to gain unauthorized access to a database
  • Prevention: use parameterized queries, input validation, and least privilege principles
• Cross-Site Scripting (XSS):
  • Description: injecting malicious scripts into web pages to steal sensitive information or hijack sessions
  • Prevention: input validation, output encoding, and secure coding practices
• Cross-Site Request Forgery (CSRF):
  • Description: tricking a user into performing unwanted actions on a trusted site
  • Prevention: use anti-CSRF tokens, same-site attribute for cookies, and proper authentication
• Buffer Overflow:
  • Description: exploiting a program's buffer overflow to execute malicious code
  • Prevention: bounds checking, input validation, and secure coding practices
• Security Misconfigurations:
  • Description: improper configuration of settings, permissions, or defaults that expose sensitive information or provide unauthorized access

Port Redirection Tools

• Datapipe:
  • A Unix-based port redirection tool
  • Functions as a channel for TCP/IP connections
  • Redirects traffic from one port to another
  • Example usage: $ ./datapipe localhost localport remotehost remoteport
• FPipe:
  • A Windows-based port redirection tool
  • Adds UDP protocol and outbound source port number support
• Nmap:
  • A flexible data transfer, redirection, and debugging tool
  • Part of the Nmap suite
• THC-Amap:
  • A next-generation scanning tool for pentesters
  • Attempts to identify applications even if running on a different port
  • Identifies non-ASCII based applications
  • Modes:
    • -A: identifies the service associated with the port
    • -B: does not perform identification
    • -P: conducts a port scan