Dashboard ​►​ MBAITBM ​►​ 2016-2018 ​►​ Semester 2 ​►​ DBAS ​►​ Week 7 ​►​ Quiz 5(C&D) ​►​

Preview

Question 1

Not yet answered

Marked out of 1.00

Question 2

Not yet answered

Marked out of 1.00

You can preview this quiz, but if this were a real attempt, you

would be blocked because:

This quiz is not currently available

For the purpose of this Quiz, you need to Configure Proxy settings for the browser (Use

Mozilla Firefox preferably). Set Manual proxy as 127.0.0.1 and the port number as 8080.

Visit altoromutual.com website and click go to the login page. Use the smallest query to log

in on that page from the following options.

Select one:

a. Username = null and password = ‘ OR ‘1’=’1

b. Username = null and password = null

c. Username = null ‘ OR ‘ 1’ = ‘1 and password = ‘ OR ‘1’=’1

d. Username = ‘ OR 1; -- and password = abc

e. Username = ‘ OR ‘1’ = ‘1’; -- and password = abc

Now after you have logged in as _________________ user, visit the “edit users” page and

look for the user ‘sspeed’. Mention the password for that user

________________________.

(Fill in the appropriate blank spaces)

Select one:

a. Admin, sspeed

b. Admin, demo1234

c. Admin, null

d. Admin, don’t know yet!

e. Sspeed, demo1234

f. Jsmith, demo1234
Question 3

Not yet answered

Marked out of 1.00

Question 4

Not yet answered

Marked out of 1.00

Question 5

Not yet answered

Marked out of 1.00

Answer Question 3 and 4 based on this

For the initial part you must be logged in as ‘sspeed’. (HINT: To do so, you need to

perform a SQL injection attack with a valid username i.e. sspeed and mask the password).

In the text box provided below, enter the query used to log in as sspeed. Mention the

injection query for the username field

For example:

if username = ' OR '1'='1 and password = null then mention the answer in the text box as

username = ' OR '1'='1

Answer:

Once logged in as ‘sspeed’,Go to the “View Transactions” page, select the appropriate

UNION query that will fetch you the passwords for all the users.

Select one:

a. 12/12/17 UNION SELECT username, password,3,4 FROM users; --

b. 12/12/17 UNION SELECT 1,2,3,4 FROM DUAL; --

c. 12/12/17 UNION SELECT username, password,3,4

d. 12/12/17 UNION SELECT username, password FROM users; --

e. 12/12/17 UNION SELECT user, password,3,4 FROM mysql.user; --

In the text box below, based on the results obtained from the previous question, mention

the password for the user ‘cclay’

Answer:

Question 6

Not yet answered

Marked out of 1.00

Question 7

Not yet answered

Marked out of 1.00

From the previous results obtained, Match the username with their passwords

admin Choose...

tuser Choose...

jsmith Choose...

sjoe Choose...

sspeed Choose...

Select the error message obtained on running the following query on the “View

Transactions” page.

12/12/17 UNION SELECT 1,2,3,4 FROM DUAL; --

Select one:

a. The Microsoft Jet database engine cannot find the input table or query 'Dual'. Make

sure it exists and that its name is spelled correctly.

b. The Microsoft SQL server database engine cannot find the input table or query

'Dual'. Make sure it exists and that its name is spelled correctly.

c. The Microsoft Access database engine cannot find the input table or query 'Dual'.

Make sure it exists and that its name is spelled correctly.

d. The Microsoft Jet database engine cannot find the input table or query 'Dual'.

e. Syntax error in string in query expression '1=1 and t.trans_date >= ' and a.userid =

100116014 ORDER BY 1 DESC'.

f. The Microsoft Jet database engine cannot find the input table or query 'Dual'. Make

sure it doesn't exist and that its name is spelled correctly.

Question 8

Not yet answered

Marked out of 1.00

Question 9

Not yet answered

Marked out of 1.00

Now log in as sspeed and view his account numbers. Now use the Savings Account

number obtained for sspeed and transfer 11000 from jsmith's saving account to that of

sspeed's. For this you will need Burpsuite to intercept the transaction. Once you intercept

the transaction, you need to change the account number in that captured HTTP request to

that of sspeed's and then forward the request. Mention the following in the answer

1. Account numbers for Sam Speed

2. Account numbers for John Smith

3. HTTP captured request

5. transaction id that will be generated after this execution.

The amUserInfo cookie has revealed value as follows

amUserInfo=UserName=63636c6179&Password=QWxp

Now using Burpsuite, visit the Decoder tab to mention the username and password value

after decoding. Also mention the decoding method used for both.

So in the text box below mention the answer as

username, decoding method; password, decoding method

Answer:

Question 10

Not yet answered

Marked out of 1.00

Question 11

Not yet answered

Marked out of 1.00

Question 12

Not yet answered

Marked out of 1.00

Select the appropriate script that on running in the search field on the website will give a

pop up “Hello!”

Select one:

a. <script> alert(‘123’)</script>

b. <script> alert(85121215)</script>

c. <script>alert(‘Hello!’)</script>
d. <alert>(‘Hello!’)</alert>

e. <script>alert(Hello What are you doing!)</script>

Which are the fields seen in an HTTP POST request? (Visit the Http history tab)

Select one or more:

a. Host

b. User Agent

c. Accept

d. Accept Language

e. Referer

f. Content type

g. Content string

OWASP is a non-profit organization

Select one:

True

False

Question 13

Not yet answered

Marked out of 1.00

Question 14

Not yet answered

Marked out of 1.00

Question 15

Not yet answered

Marked out of 1.00

Select all the appropriate vulnerabilities found in altoromutual.com (website)

Select one or more:

a. SQL Injection

b. XSS

c. CSRF

d. Missing function level access

e. Broken Authentication and Session Management

f. Sensitive Data Exposure

g. Unvalidated redirects

h. Using components with known vulnerabilities (shellshock, heartbeat)

i. Insecure direct object reference

For these questions, make sure you check your proxy settings. Turn the Manual proxy off.

Now download the homepage of altoromutual.com using wget.

Try out the following string expressions and select the one that will lead you to a domain

name.

There is only one .com domain name

which of the following expressions give you a neat and clean answer?

Select one:

a. cat index.html | grep href| cut ​d'/' ​f3| cut ​d'<' ​f3| cut ​

d'l' ​f1

b. cat index.html | grep href| cut ​d'/' ​f3| cut ​d'<' ​f3

c. cat index.html | grep href| cut ​d'/' ​f3| cut ​d'<' ​f2

d. cat index.html | grep href| cut ​d'/' ​f1| cut ​d'<' ​f3

e. Sjoe, demo1234

Mention the domain name obtained. Is it a subdomain?

(Your answer should be domain name, yes/no)

Answer:

Question 16

Not yet answered

Marked out of 1.00

Perform the following tasks. Ensure to copy paste your entire answer in the space provided

below.

1. Look up nameservers and mail servers for altoromutual.com

2. Look up nameservers and mail servers for the domain name obtained

3. From the Authoritative answers obtained from executing the above 2 queries, mention

the IP addresses for the 2 nameservers obtained. (Hint: Look for nameservers names

starting with 'ns1')

4. Run an nmap scan for the nameservers and mention the ports open
(Please paste all the output you get in the space provided below. DO NOT ASK ME THIS

QUESTION REPEATEDLY)