Bash, the Crucial Exams Chat Bot
AI Bot
Exploitation Techniques and Payloads Flashcards
| Front | Back |
| Define reflected cross-site scripting (XSS). | Reflected XSS occurs when user-supplied input is immediately returned by a web server without proper sanitization, leading to script execution in victims’ browsers |
| Describe one method to bypass Data Execution Prevention (DEP). | DEP can be bypassed using ROP techniques to mark pages as executable or by calling VirtualProtect to change memory protections |
| Describe the basic structure of a return-to-libc attack. | A return-to-libc attack hijacks control flow by overwriting return addresses to call existing libc functions like system() with attacker-controlled arguments |
| Explain the concept of Return-Oriented Programming (ROP). | ROP chains together existing small code snippets (gadgets) ending in return instructions to perform arbitrary operations without injecting new code |
| Give an example XSS payload to test for script injection. | <script>alert(document.cookie)</script> |
| How can environment variables be used to escalate privileges? | Attackers can manipulate environment variables like LD_PRELOAD or PATH to load malicious libraries or executables with elevated permissions |
| How does a blind SQL injection differ from traditional SQL injection? | Blind SQL injection provides no direct error or data output, forcing attackers to infer data via true/false responses or time-based delays |
| Name two common Windows privilege escalation vectors. | Unquoted service paths and weak service permissions are frequent vectors for Windows local privilege escalation |
| Provide a simple UNION-based SQL injection payload. | '+ UNION SELECT username, password FROM users-- |
| What is a buffer overflow and how does it enable code execution? | A buffer overflow occurs when input exceeds a program’s buffer capacity, overwriting adjacent memory and allowing an attacker to inject and execute malicious code |
| What is a staged payload in exploitation frameworks? | A staged payload splits the attack into a small initial loader (stager) that fetches and executes a larger second-stage payload on the target |
| What is the purpose of the Metasploit msfvenom tool? | msfvenom creates and encodes custom payloads for various platforms and exploits by combining payload generation and encoding in one tool |
| What SQL injection technique retrieves data via error messages? | Error-based SQL injection leverages verbose database errors to extract information by triggering SQL errors with crafted inputs |
| Which Metasploit tool generates cyclic patterns for offset calculation? | msf-pattern_create generates unique cyclic patterns, and msf-pattern_offset finds the exact overwrite offset |
| Which technique bypasses simple input filters by using Unicode encoding? | Unicode or UTF-8 encoding of special characters can evade character-based input filters like WAFs or application firewalls |
Front
Give an example XSS payload to test for script injection.
Click the card to flip
Back
<script>alert(document.cookie)</script>
Front
What is the purpose of the Metasploit msfvenom tool?
Back
msfvenom creates and encodes custom payloads for various platforms and exploits by combining payload generation and encoding in one tool
Front
Provide a simple UNION-based SQL injection payload.
Back
'+ UNION SELECT username, password FROM users--
Front
How can environment variables be used to escalate privileges?
Back
Attackers can manipulate environment variables like LD_PRELOAD or PATH to load malicious libraries or executables with elevated permissions
Front
Explain the concept of Return-Oriented Programming (ROP).
Back
ROP chains together existing small code snippets (gadgets) ending in return instructions to perform arbitrary operations without injecting new code
Front
Describe the basic structure of a return-to-libc attack.
Back
A return-to-libc attack hijacks control flow by overwriting return addresses to call existing libc functions like system() with attacker-controlled arguments
Front
Define reflected cross-site scripting (XSS).
Back
Reflected XSS occurs when user-supplied input is immediately returned by a web server without proper sanitization, leading to script execution in victims’ browsers
Front
Name two common Windows privilege escalation vectors.
Back
Unquoted service paths and weak service permissions are frequent vectors for Windows local privilege escalation
Front
What SQL injection technique retrieves data via error messages?
Back
Error-based SQL injection leverages verbose database errors to extract information by triggering SQL errors with crafted inputs
Front
How does a blind SQL injection differ from traditional SQL injection?
Back
Blind SQL injection provides no direct error or data output, forcing attackers to infer data via true/false responses or time-based delays
Front
Which Metasploit tool generates cyclic patterns for offset calculation?
Back
msf-pattern_create generates unique cyclic patterns, and msf-pattern_offset finds the exact overwrite offset
Front
What is a staged payload in exploitation frameworks?
Back
A staged payload splits the attack into a small initial loader (stager) that fetches and executes a larger second-stage payload on the target
Front
What is a buffer overflow and how does it enable code execution?
Back
A buffer overflow occurs when input exceeds a program’s buffer capacity, overwriting adjacent memory and allowing an attacker to inject and execute malicious code
Front
Describe one method to bypass Data Execution Prevention (DEP).
Back
DEP can be bypassed using ROP techniques to mark pages as executable or by calling VirtualProtect to change memory protections
Front
Which technique bypasses simple input filters by using Unicode encoding?
Back
Unicode or UTF-8 encoding of special characters can evade character-based input filters like WAFs or application firewalls
1/15
Delves into common exploitation frameworks and custom payload creation. Includes buffer overflow, SQL injection, cross-site scripting, privilege escalation and bypassing security controls.