Beruflich Dokumente
Kultur Dokumente
Preview
Question 1
Question 2
You can preview this quiz, but if this were a real attempt, you
For the purpose of this Quiz, you need to Configure Proxy settings for the browser (Use
Mozilla Firefox preferably). Set Manual proxy as 127.0.0.1 and the port number as 8080.
Visit altoromutual.com website and click go to the login page. Use the smallest query to log
Select one:
Now after you have logged in as _________________ user, visit the “edit users” page and
look for the user ‘sspeed’. Mention the password for that user
________________________.
Select one:
a. Admin, sspeed
b. Admin, demo1234
c. Admin, null
e. Sspeed, demo1234
f. Jsmith, demo1234
Question 3
Question 4
Question 5
For the initial part you must be logged in as ‘sspeed’. (HINT: To do so, you need to
perform a SQL injection attack with a valid username i.e. sspeed and mask the password).
In the text box provided below, enter the query used to log in as sspeed. Mention the
For example:
if username = ' OR '1'='1 and password = null then mention the answer in the text box as
Answer:
Once logged in as ‘sspeed’,Go to the “View Transactions” page, select the appropriate
UNION query that will fetch you the passwords for all the users.
Select one:
In the text box below, based on the results obtained from the previous question, mention
Answer:
Question 6
Question 7
From the previous results obtained, Match the username with their passwords
admin Choose...
tuser Choose...
jsmith Choose...
sjoe Choose...
sspeed Choose...
Select the error message obtained on running the following query on the “View
Transactions” page.
Select one:
a. The Microsoft Jet database engine cannot find the input table or query 'Dual'. Make
b. The Microsoft SQL server database engine cannot find the input table or query
'Dual'. Make sure it exists and that its name is spelled correctly.
c. The Microsoft Access database engine cannot find the input table or query 'Dual'.
d. The Microsoft Jet database engine cannot find the input table or query 'Dual'.
e. Syntax error in string in query expression '1=1 and t.trans_date >= ' and a.userid =
f. The Microsoft Jet database engine cannot find the input table or query 'Dual'. Make
Question 8
Question 9
number obtained for sspeed and transfer 11000 from jsmith's saving account to that of
sspeed's. For this you will need Burpsuite to intercept the transaction. Once you intercept
the transaction, you need to change the account number in that captured HTTP request to
that of sspeed's and then forward the request. Mention the following in the answer
amUserInfo=UserName=63636c6179&Password=QWxp
Now using Burpsuite, visit the Decoder tab to mention the username and password value
after decoding. Also mention the decoding method used for both.
Answer:
Question 10
Question 11
Question 12
Select the appropriate script that on running in the search field on the website will give a
pop up “Hello!”
Select one:
a. <script> alert(‘123’)</script>
b. <script> alert(85121215)</script>
c. <script>alert(‘Hello!’)</script>
d. <alert>(‘Hello!’)</alert>
Which are the fields seen in an HTTP POST request? (Visit the Http history tab)
a. Host
b. User Agent
c. Accept
d. Accept Language
e. Referer
f. Content type
g. Content string
Select one:
True
False
Question 13
Question 14
Question 15
a. SQL Injection
b. XSS
c. CSRF
g. Unvalidated redirects
For these questions, make sure you check your proxy settings. Turn the Manual proxy off.
Try out the following string expressions and select the one that will lead you to a domain
name.
which of the following expressions give you a neat and clean answer?
Select one:
a. cat index.html | grep href| cut d'/' f3| cut d'<' f3| cut
d'l' f1
b. cat index.html | grep href| cut d'/' f3| cut d'<' f3
c. cat index.html | grep href| cut d'/' f3| cut d'<' f2
d. cat index.html | grep href| cut d'/' f1| cut d'<' f3
e. Sjoe, demo1234
Answer:
Question 16
Perform the following tasks. Ensure to copy paste your entire answer in the space provided
below.
2. Look up nameservers and mail servers for the domain name obtained
3. From the Authoritative answers obtained from executing the above 2 queries, mention
the IP addresses for the 2 nameservers obtained. (Hint: Look for nameservers names
4. Run an nmap scan for the nameservers and mention the ports open
(Please paste all the output you get in the space provided below. DO NOT ASK ME THIS
QUESTION REPEATEDLY)