Pass Your CompTIA Security+ Certification Easy!

100% Real CompTIA Security+ Certification Exams Questions & Answers, Accurate & Verified By IT Experts

Instant Download, Free Fast Updates, 99.6% Pass Rate.

€69.99

CompTIA Security+ Certification Bundle

CompTIA Security+

Includes 457 Questions & Answers

CompTIA Security+ Certification Bundle gives you unlimited access to "CompTIA Security+" certification premium .vce files. However, this does not replace the need for a .vce reader. To download your .vce reader click here
CompTIA Security+ Bundle

CompTIA Security+

Includes 457 Questions & Answers

€69.99

CompTIA Security+ Certification Bundle gives you unlimited access to "CompTIA Security+" certification premium .vce files. However, this does not replace the need for a .vce reader. To download your .vce reader click here

Download Free CompTIA Security+ Practice Test Questions VCE Files

Exam Title Files
Exam
SY0-701
Title
CompTIA Security+
Files
1

CompTIA Security+ Certification Exam Dumps & Practice Test Questions

Prepare with top-notch CompTIA Security+ certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All CompTIA Security+ certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.

1.2 Potential indicators of attacks

11. Using hashcat to crack passwords

In this video, I'm going to show you how to use a utility called Hashcat in order to crack passwords. And in this particular utility, it is very popular because it allows you to crack passwords using the power of your GPU, which is a whole lot faster than your CPU. So this is a very popular option when cracking passwords. If you know anything about hardware, GPUs are a whole lot faster than CPUs. Don't forget to use GPUs to mine Bitcoins and stuff like that. So if you can get powerful GPUs, it's probable that you can brute-force and crack some pretty large passwords. So Hashcat is the software you would use for this. I'm going to show you how to do it with a dictionary attack and a very famous file that has a bunch of common-use passwords. Call the rock. You file. I'll show you guys, from scratch, how to get everything and how to install it. so you can follow me. Now, I'm doing this on my Windows machine. I'm actually going to install Hashcat on my Windows machine, not on my Kali machine, for the reason that it's easier to access the GPU right on the desktop, and the machines, if they run on Windows, can do this. You just do this in Kali, if you want. Okay? So I'm going to go ahead and show you guys how to just get everything that you need. We're going to go here, and I'm going to type in hashcap net. And this is where you would download this from, all right? So you'd go here and download, so this is Windows, right? So you would go ahead and you would download this. Now, when you download this, you're going to have to open and unzip this. So what I did was copy this. I downloaded this and copied it onto the root of my C drive just to make it easier to access. I'll show you what I did with it. So I renamed it. I put it on the root of the C drop to make it easy to access. And I just called it Hashcap because we're going to have to access this thing through a command prompt. Now, when I got this, I went and downloaded this file called Rock You Text. Let me show you how to get this: Now, so the Rock You File is a very, very popular file of common passwords that hackers use. So you would just Google "TXT or "Rocky TXT." It's going to be one of the first links in here. So you just click on this. Note this out started to download. I've already downloaded, so I'm going to cancel that. So, just to make the command easier to use, I'm going to copy the Rock U file into that folder and paste it here. Now, I do want to open it and show you what it looks like. The Rock Your File basically has a giant list of common passwords. If I'm remembering right, it's like 14 million or something like that in terms of commonly used passwords that people use throughout the world. And if your password, if you ever do a search—let's say your password is password one, two, three—that's going to be in here somewhere. There it is. If your password falls into this file, maybe I don't know if it's in here. Some form of it is up to you go.So if your password falls in here, hackers have probably cracked this because it's a very popular password file. So what we're going to do is get some easy passwords, and we're going to try to use that software to crack them using this file. Okay? But first I need to get the hashes. So remember, hash it. They need to get the hashes. So to generate the hash, we're going to use an MD5 hasher. So I do MD Five online. I'm going to generate some MD-5 hashes. So let's say cats one, two, and three. We'll do dogs one, two, and three. And let's just do it one, two, and three. just need the passwords in there. Assume we treat each one separately. It's a separate string, so I can get each hash. Copy that. And what we're going to do is create a text file in that folder. So I already did that. Also create a text file in this folder called hashes TXT.And here are all the hashes for those. So we want hashcat to go through the entire RockU file and find the words that correspond to these hashes, which will give us the passwords. So I'm going to close this now. It doesn't need a name; it hashes TX. It's just what I named it. Okay? So let's go in there. So we've established that we do Dir. We're going to go into "let's make this a little bigger." Make it easy for everyone to see. OK? So we do dire. We see we have a hashcat there. So we'll do CD hashcat. Okay? So I'm in that folder. Now, I did run this command before the class, before I filmed the video, to make it a lot easier. So we don't have any mess-ups when we're typing it. Let me show what the command says. The command says "hashcat exe." That's the Hashcat software we're running here, right? That's this thing we're saying, "Mzero azero." What this is going to do is say do a dictionary attack. And we're using an MD-5 hash. And here's the hash. And I'd like you to make a comparison using this rocky text. So we're going to just press Enter. And now it's up and running. So it's running. It's running. And so it says that, you know what? It cracked. There you go. Hat one, two, three. So it says that it cracked something in there, right? So we want to see what it is. So you could just do you wouldrun it again, put tactics show. And look at that. It found the passwords. So one of them is "cat," one, two, three." The other one is "dog," one, two, three. The other one is hat, one, two, three. So it's showing me the output of what it found. And that's really what this does. Now, there are a whole bunch of commands with this, and there are a lot of tutorials online with this. I wanted to do a quick video just to show you guys this particular software. It's a very popular programme when it comes to the world of cracking. But you can see how a dictionary attack works in particular here, because you can see how we're comparing all the passwords against a dictionary of common passwords. And something like this will just run through it very quickly. This machine does have a pretty fast 2060 Gforce 2060 video card. I think that's a pretty fast video card. Some of you may be laughing at me for agamer, but hey, this is good enough for me. and I think it's pretty quick. All right, so we just learned a lot of interesting things. You guys can continue. I just gave a good introduction to it. You can follow your studies, do a lot more research into it, and have some fun using hashcap.

12. Using a brute force and rainbow tables to attack passwords

In this video, we're going to be talking about cracking passwords using what's known as a brute force attack and rainbow tables. Then we'll finish it off by discussing why passwords should never be in plain text or unencrypted. So let's get started. The first thing I want to show you is something called a rainbow table. A "rainbow table attack" is when you have a precomputed table of hashes and passwords. Now remember what I told you—passwords are stored as a hash. Passwords are not stored in plain text. So imagine if someone went out and got all the hashes and the corresponding passwords. In other words, they made a precomputed list of hashes and passwords. So what you need to do is all you have to do is give the table the hashes, and then what the table does is the table finds the corresponding password. Rainbow tables or lookup tables are really efficient at cracking passwords. In fact, it's one of the best ways to crack a password. And I'm going to show you someone with something called Crack Station. It's actually a website that does that. So let's go back here to my desktop. Where's my keyboard here? All right, so let's go to Google here, and we're going to just play on the web here for a minute. I'm going to do my MD five hashes again. Now, remember, in the cryptography section, we'll talk about different forms. We'll talk about different forms of hashing algorithms. So there'll be five online here and here. I'm going to go to the hash generator, and let's say your password was capital PFSW zero RD. You think you've got a complex password. You know what, we'll just add one, two, or three to it. Nice complex. You think it's a nice, complex password. You're pretty happy with this. But we're going to use a website called Crack Station. So Crackstation.net would be it. So what this does is basically create an associative precomputed lookup table to crack password hashes. Basically, you give this thing the hash and it will find the correspondent password. This is a great way to watch this So I'm going to go here and I'm going to take the hash. I'm going to copy this, and then I'm going to go into the table and I'm just going to give it to it and I'm going to say, "Hey, I'm not a bot." All right, taxis. That's a really ugly taxi, by the way. All right, so that wasn't a taxi. I thought I had that there. Okay, bicycle. Okay, so let's crack it just like that. No, here we go. just like that. We cracked it. Look at that. We took the hash that is this and converted it directly into the password. So this is a look-up table. You see how efficient this is? The good news here is this thing cancrack all types of hashes, windows hashes inparticular, NTLM hashes are cracked here also. So, MD Five, should I take a shot? 256 is a very popular hashing algorithm today. NTLM is what Windows uses. How big is this table? Very large. First of all, if you notice for MD5 and Sha1, it's 15 billion lookup entries, and for other hashes, we have 19 and one billion. So that's a lot of entries in this table for all different types of passwords. In my opinion, without using brute force methods, this is probably one of the most economical and fastest ways to crack a password economically.This means you won't need to invest in a lot of hardware. Okay? So that was a rainbow table. I'm telling you, if you're looking to crack a password, get the hash. That's the best way to do it. Now, the other way we're looking at it is something called a brute force attack. A brute force attack will attempt to crack a password by trying every possible combination of letters and characters. There are two ways of doing this: offline and online. Offline is when you grab the hash of itself and then use brute force to push it through. And brute force will put every human combination to the test. This can go on for millions of years to ensure that it cracks it.An online attack is when you try to basically hit the login prompt all the time because it's an online attack. So let's take a look at how to do a brute-force attack. So I have a piece of software running in my Windows 7 box called Cane Enable. So Cain enables my work because of my firewall. That's fine. Cain Enable is software that you can download. And to get this software, you would have just Googled "Cain Enable Password Cracker." It's like one of the first links here. I must give you a word of warning. If you're downloading this type of software, please be careful where you get it from. They could have malware in them. Cain Enable is actually considered malware. You have to shut your antivirus off. That's why I have it running here on Windows 7. Just turn your antivirus off. If you're doing this, the best thing to do is, of course, use a virtual machine. Do not use these. Do not attempt to download cracking tools on your actual computer. Okay? So I downloaded this, and I've installed it. So we're going to cracker now. What we're going to go here and do is go in here, and I'm going to dump the hashes from this computer. So, on this Windows machine, I'll right-click here, say "add to this," and we'll say "import hashes in the local system." So I have a user account called Bob. Now, this is the LM password. There's no LMS password. It's all Windows. But you notice we do have an Nt hashes in here. For Bob. Now, I know Bob's password; you don't, but let's see how we can crack it. Now, if I remember right, I had changed Bob's password to "cat," or it was "cat one, two, three." So I'm going to right-click on Bob here, and we're going to say brute force attempt. We're going to say NTLM hashes. Now watch what happens. I know Bob's password; I think it starts at three, and it's going to be no more than six characters. So you can actually specify the range. And then I'm going to go in here, and I'm going to say start. And it cracked just like that. His password was cap. That's all I changed it to, his cap. So basically it was really fast. But brute forcing can take really long. So here is Andy's password andI think Andy is just password. So I'm going to say brute force NTLM. And you know what I'm just going to say andnow look at all the different brute force methods. You know what, if we select just this, just use everycombination of lowercase characters and we go in there and wesay, well, try it from one to 16 digits. And you say "start." This can take a very long time. Do you notice how long that is? That's nine point something with an exponent. Billions of years, I guess, way too long to be here. So what I could do is I could say, you knowwhat, start at six, end at ten, and then go aheadand try to crack it and then it starts that. So it's like 116 days. The point is, brute force is not very efficient. The password here is actually just password. It would be more efficient to put this hash in arainbow table like we did just now with Crack station. Notice it's going to try somuch combination this thing is trying. And you can see this incredibly large number. It looks like 14 milliondifferent combinations a second. So it's really, really big. But look at the size of the key space there. It's a large key space of number ofkeys you see if you add in. So if you have a complex password, and thisis what I wanted to show you, hackers knowyour password will be minimum of eight characters. And hackers know that most people are not going to make it more than twelve. But if you make a complex, you know what, if wejust leave it as if your password was just lower case,it would take them 200 and about 40 years again onthis computer, with this processing power, with this software. I'll talk about other ways ofspeeding this up in a minute. But just to show you the difference, watch. If we go in there, we add in everything,symbols, uppercase, lowercase, so it was 214 years there. And if I say this now, it's nine. It's one with nine zerosyears, millions of years there. It'll take the cracks. It's significantly more when trying to crack this. If you up this to even 13characters now it even gets bigger. Now it's a plus twelve, nine with a twelve or 100. So really, really long time. OK, so that's a brute force attack. So what have you noticed about brute force attack? Brute force attack is really, first of all, bruteforce will crack every password known to mankind, period. It might take 10 million years. So now, here's the thing. This machine, it only has two cores in it. So it wasn't a very quick machine. Even though this desktop I'm using is very fast. I don't think Cain enables a really old softwareand I don't think it uses multiple threads. It's not an optimised software for today. But we do have different software out there, andI'm not going to get into the different cracking software is not an ethical hacking class. Take my ethical hacking class for that andI'll show you some pretty cool software. But there are other software out there that uses theGPU to crack the graphics processor from video cards. If you remember from hashcat that I used to crack ahash using a dictionary attack that actually used the GPU. So you could have different software usingGPU, which would significantly speed up theamount of time to crack a password. So the best thing we can do to protectourselves something like dictionary brute force rainbow tables to have a complex password; make them at least eight characters long, uppercase and lowercase, and, of course, change them every 60 days or so (numbers and symbols). The last part I want to mentionin this video is going to beplain text, unencrypted data, especially passwords. One of the things we have to do inapplications is we have to make sure that theapplications we're using always encrypts your password. That's like mandatory. All applications should store thepassword in an encrypted format. And if the password is moving around the network, youwant to make sure that that password is encrypted. Because if they sniff the line and theyjust get it, they will just see it. Now, certain protocols will put your password inplain text later on in the course. I'll show you a video when we talkabout FTP and different types of protocols. You'll see how FTP, when you authenticate to an FTP server, actually sends your password in plain text, allowing anybody sniffing the network traffic to actually see the password. You'll see me do an illustration of that later in this class. Okay, so we learned quite a lot in this video. I showed you guys rainbow table with crack station. If you ever try to crack a password, try that first. It's amazing how many passwords it can crack. And of course, the brute force is probably one of thehardest, the longest way, but it is the shortest way. You might have to wait couple 100 millionyears, depending on how complex that password is. And then, of course, make sure your passwordis never in plain text at all.

1.3 Analyze potential indicators associated with application attacks

1. Privilege escalation, (SSL) stripping, Pass the hash

In this video, we're going to be talking about privilege escalation, SSL stripping, and passing a hash. Let's get started. So the first thing up is privilege escalation. Privilege escalation is a pretty simple concept to understand. Basically when you have lower level privileges or you havea very small privileges or low privileges on a computer,then you want to rise it up to a higherlevel privilege to commit more malicious acts. Take, for example, the case where you're working in an accounting department or as a receptionist and have just normal user access to a computer. You can't even change the system time. Definitely, you can't install anything. The objective here would be to then gain admin access to the computer. So you could change different things on the computer, so you could become the administrator and maybe change the time, install malicious applications, and so on. Now, privilege escalations play with something that you should be familiar with. And this is going to be the protection ring of an operating system. So I have a good diagram here in Wikipedia that we'll take a look at. So this Wikipedia is under privilege escalation. I'm going to give you guys a link to all of these links that we're about to use in this video, in the description of the video, okay? So, here I have this thing called protection rings. Let's give it a quick zoom here. So protection rings Now the protection rings are basically how the operating system is layered: a structured layer of an operating system that protects the OS. And look at the different layers here. So here you have the centre layer, ring zero. and this is called the kernel of the operating system. This is where the kernel resides in the OS. Nothing should ever be executed or installed here because this basically controls the entire operating system of Windows. Also, ring one and ring two are where you install your device drivers. And ring three is where you install your applications. So basically, a privilege escalation would try to get from ring three to ring one or ring zero to have full, complete access to the OS itself. Now I'm going to zoom out here, and I want to show you guys that there are two privilege escalations that your exam may trigger. And again, it may or may not. You definitely need to know what it is, but they may or may not go so deep into this. So there's vertical privilege escalation. And what that means is where there's a lowerprivilege user is trying to get higher privileges. So vertically, it's a lower-privilege application trying to access or gain access to higher-privilege applications. Then there's horizontal, which is when one normal user attempts to access the content of another normal user. It's called vertical. So one is a horizontal I'm sorry, one is vertical going upwards, and one is horizontal right across. So on the horizontal, you're just trying to get access to other users. In a vertical escalation, you basically take a regular user account and try to gain admin access or permission to specific things. One simple example in horizontal is attempting to obtain the same access as other users in order to commit access to them. So maybe you have a checking account at one bank, and then I'm going to try to access your bank just as you have access to your checking account, not to gain any more access than what you have, just to get the same access that you have. So that would be horizontal. Now you're probably seeing some examples of this thing.Yes, the most well-known examples are when you jailbreak an iPhone or root your Android device. You're basically going from this normal user account into this admin access, or admin, account in your iPhone, allowing you to install, manipulate, and change anything in the operating system that you like. So you can see you're going from this higher level of ring three to maybe ring one or zero. also involves rooting your Android phone. How would you stop this? This is generally malware. Keep your machine updated, and anti-malware would solve this. Okay, the next thing we're going to talk about is something called SSL stripping. So what is this? SSL stripping occurs when you remove the SSL from an https request, turn it into plain text, and if you're an attacker in the middle of this connection, you can then read all the data. So let me give you an example. Let's say I go. Let's say I'm a normal user, and then there is a hacker on this side here. Let's say hacker on the side of the room. And on that side of the room, there is a server that I want to get to. It's a banking server. So when I go to the banking server on a normalrequest, I would say, hey bank, give me your login page. The bank would give me the login page. I would type in my username and password. I'm thinking it's all encrypted with HTTP, and I sent it back to the bank. The bank authenticates me and logsme in a normal function. But what happens in SSL stripping is when I go to the bank and I say, Hey bank, give me a web page. What happens? The hacker intercepts this connection, goes to the bank himself, gets an HTTPS page, brings it back, and then removes the SSN and gives it to me as plain text. I think I'm on an SSL connection, but it's not. It's a normal clear text connection. This may sound complex, but I have a good diagram that I found here that we should look at. So this is what I'm explaining here to you first. Let's do it one more time with the diagram. So let's say example.com is bank of America.comor Chase.com or whatever bank you use. So the user—let's say this is me— This is a hacker. And this is the bank and the server. So the user sends a request. I'm going to say, "Hey bank, please send me Bank of America.com." This is going to have to work with a man in a minute. He's going to have to intercept the connection. Notice there is a man in the middle of it. So he intercepts the connection and says to the bank and server, "Hey, send me. Send me Bank of America.com." Bank of America.com responds back with the web page itself, right? But what he does is remove the Https, resulting in the service sending back Https. And this poor guy, which is me, is receiving an HTTP page that I haven't even seen, that I'm not seeing, and that I haven't even known is happening. So this is bad now because anything I type on this page is all clear text and the hacker can read it, including my username and password. Now, this is the stripping part, where he strips off the Https from the actual webpage and sends it to me as a Http. So how do you secure against something like this? Now, this is generally done with a man-in-the-middle attack. Later in this course, when I do a man in the middle attack, we'll do a lab with that. I'll show you how to do ARP spoofing in it. The way to solve this, first of all, is to enable HTTP on pages on your website. And this means throughout the website—back in the day, sometimes they wouldn't have HTTP on all web pages. But if you go to Amazon right now, you'll notice that it's HTTPS throughout the entire website, from its home page to its sign-in page. And one way to definitely try to kill this thing is to use HSTs. This is an abbreviation for HTTPS strict transport security. As a result, HTTP S (strict transport security) is used. And what this means is that it's a strict policy under which a browser would not open a page unless that thing has HTTP in it. Do you see this? Have you recently visited a website that lacked HTTPS and may not even load? So let's go back to Amazon. here and remove this HTTP, right? And you'll notice Amazon is like, "Hey, I'm not allowing that." Did you guys notice that? Watch. Let's try it again. If I go and just delete the app, yeah, I don't want a secure web page. Amazon is like, "Nope, I'm not allowing that." So this year would help solve that. OK, the next attack we're talking about is something called pass the hash. This was a little bit easier to understand. So passwords are hashed, right? We talked about this previously, when cracking a password: passwords are hashes. So cracking a password or cracking a password hash is sometimes difficult to do because, remember, if that password is really long, it's really complex. Then you try, and especially if you use the hashing algorithm of a 256 with a giant hash on it, going through all the possible combinations of brute force can be difficult. One attack that may work is called Pass the Hash. So when you authenticate to a computer, let's say you authenticate to a server, what you would do is send the hash. What the attacker does is capture the hand and then pass it back as you, and the actual computer thinks it's you. So you have a little diagram of this here. So how fast does the hash work? First of all, the attacker has to steal the hash somehow. Now, whether that's sniffing the network or getting access to something like the Sam Finale Windows, which has a user and a password, he then uses the hash to authenticate. He basically takes the hash and places it back on the server. Now you can access resources. Assume now that one particular system that's very vulnerable to this idea of passing the hash is Windows NTLM. Windows, with domains and so on, is very prone to this. So you want to make sure that your operating system is updated. And there are different policies in the US. You can apply to help stop this. Okay? So in this video, we went through quite a few different attacks. Guys, we talked about privilege, escalation of your job, and the horizontal and vertical. We talked about SSL stripping. By the way, this is SSL stripping. really doesn't work in today's world. Very difficult. I do a lab in my ethical hacking class. With it, there is a command in Kali Linux that does it, but against modern websites, it is probably not going to work. And then pass the hash. also a later version of Windows. Keep your Windows updated. It's probably not going to work either. So as you can see, keeping stuff updated helps to solve many of these attacks.

2. Cross-site scripting (XSS) and Injections

In this video, we're going to be talking about cross-site scripting and injection attacks. So let's get started. So the first thing we're going to talk about is cross-site scripting. This is something that you're going to hear quite often as your security career progresses and you learn more about web application security. So I'm not going to get into the coding part of this. You don't need to know how to code to create applications. in order to understand this. I'm going to give you just a really quick overview of what it is that they're talking about and just what you need to know for your exam. So for both of them, cross-site scripting and injection So I'm going to try to keep it as codeless as possible, but we're going to have to look at some codes. The first thing we're going to talk about is cross-site scripting. Cross-site scripting really is about executing scripts against websites into website boxes and having things happen, whether it's facing the website, bringing down the website, or even stealing data right out of the website. There are several types of cross-site scripting available now. Just let me show you the most basic one. Let's take a look at my screen here. So here are some examples of some injections we're going to be doing. I want you guys to take a look at this. Here is a shopping cart. Now I'm using something called WebGold. There's a whole other platform. We talk more about this in our security classes, called the Open Web Application Security Project. ORP provides a very nice tutorial on these types of things. And I'll just use this here to show you what cross-site scripting is. There is a shopping cart if somebody is buying something. So you can notice that if they go in, it's $69. If we add two there, the price here should increase. So as I say, update cart," the price here would increase. If I say purchase, this is a credit card number; this is the expiration date. If I say "purchase," it will go in and it will say, "Thank you for shopping at Webgo." Your support is appreciated. I'm going to refresh this page here. Okay? So what I'm going to do is cross-site. scripting is I'm going to take a script. So I have written here a really small script, so it says script. And this is how you would get JavaScript in there. And this could use generally done with JavaScript. I'm just using a script tag. I'm going to say alert. And in here I'm going to write about what this does—this is going to give us a pop-up box. And what I'm doing here is I'm just showing you that you can actually write scripts and then inject the Microsoft Web applications, and you'll see them inject this alert. So this HTML tag here is basically saying "alert." And alert causes a window to appear on the screen. So I'm going to say, Hey, this is Andrew's Super Code, whatever. I'm going to copy this and watch what happens. The application is expecting a credit-card number. I'm just going to go in there. I'm going to paste that right in there. So basically, it's just about putting a script in a box in one of the fields. We're going to say purchase, and look what happens now. So I say, "Purchase" and "Look at that message there." You're seeing that the web application that I'm using is Andrew Supercoat has given me an alert. Now imagine what the probabilities are here. Imagine what you could do here. The probabilities here are that now we can take scripts, JavaScripts, and other scripts and insert or just paste them into fields and applications. And when you exit web applications or submit them, the script is executed on the user's computer and sometimes against the web server. So imagine that I send you a code and you click on it. It's basically a URL. You go to a website, it executes a script, and it can steal information from you. That's the basic idea here. Now people use these things a lot to deface websites. It's very common. Doing DDoS attacks and bringing down websites is also a very common thing. There are a few different types of cross-site scripting. I don't think you're going to need to know those for your exams, such as reflective cross-site scripting, which is just the one I showed you. I think you need to know that for your exam. Okay, the next part of this video we're talking about is injection attacks. So what exactly is that? Injection attacks may seem very similar to cross-site scripting, but what it is is that you're injecting certain commands, whether they're LDAP commands or SQL injections. There are a bunch of these. There are SQL injections, DLL injections, LDAP injections, and XML injections. I'll try to explain just a brief overview of all of them, and then we'll talk about how to fix them all. So let's go back here to my desktop, and I'm going to give you guys a little drawing here. So web applications, web applications aremade up of two parts. You have what's known as the front end and the back end. So anytime you guys hear this term "front end" and "back end," what does that mean? Well, at the front end, this is generally the user interface. So we'll say "user-interface interface." And this is generally the database that powers up these web applications. You see when you go to a website, thewebsite generally doesn't that HTML page are seeing isnot going to be holding any data there. All right? That web is just to display the data from the database. The back end is what's connecting here. Now, in back-end technology, first of all, you might see things like HTML and then all the other scripting languages that go into this JavaScript and all the other types of MicrosoftScripts that are out there in the backend. These are going to be different databases that we use. And you guys have probably heard of Oracle. So those are generally SQL databases. You also have like NoSQL databases, but more than likelysome kind of SQL database, whether it's Oracle, Oracle, SQL,Microsoft, Ms sequel, you have even such a small thingas Access MySQL is very popular also. So imagine I'm going to go into a web application like, let's say, Amazon, and you give it a SQL command, right? You're telling the front end of the application: "Here is a sequel command, and it basically executes that command against the database." Now remember: the database is storing all the data for the web application. So, let's say you have a web application that stores customers, right, that stores the customers, their first name, last name, credit card information, and address, all of which are stored in the back end of the SQL database, not in this front end. So in a SQL injection, what you're trying to do is basically write, let's say, "SQL command." Basically, you're writing a command into the front end of the application to get access to or manipulate data in that SQL database on the back end. Let me give you somewhat of a live example of this without going into the SQL code here. So first of all, this is a table in the back end of this application. SQL databases and structured query language, right here, are essentially data in this section. They're all tables; all the data is stored in tables. And there is a table right here. See, this is the table, these are the columns. So user ID, first name, last name, and these are columns going up and down. Then you have rows, right? So you have Pauline, you have Toby, you have Bob, and you have Abraham going across. Easy enough, right? So let me give this page a refresh here. SQL commands is basically when you want to extractdata, you want to add data, you want tochange data, you're going to run SQL commands. So I'm going to show you a quick command here that I have here. So here is a secret command. So we're going to run a command here in this tutorial. The first is to use the word "department." So we're going to say select departments. And also, let me just write this in here, and you'll see what I mean. So watch this. So it says "select the command" here, saying "select the department." So, that's right here from the employees. This table is called "Employees," where the user ID is. and this one, so 96134. So, theoretically, this command should be able to return, say, market. and let's see if you did that right. And success. Choose a department from the Employees' returns marketing list. So the point here is that what I'm showing you is that in order to manipulate data in these back ends of these websites, you have to know SQL commands. And there are a variety of these different commands here. First of all, there's a select command to retrieve. Let me just make this bigger here. There's a select command to retrieve data. There's an insert command to insert data. There's an update command. It's a lead delete command. So a SQL injection attack would be something like if I said, "Let's say I'm doing this against Amazon." Amazon is probably watching. It's going to probably watch this video and come after me. I'm just going to make this up just to give you an example of what it is. So we're going to say "select credit card." Now this is not going to work. I'm just showing you, okay? This is not going to work at all. I at least hope not. If it does, I'm going to alert Amazon and refund this video, and it's not going to work. Okay? Select credit cards from the customer's table, read a user ID, and I might just have to guess the user ID. Or you can actually put in wildcards. We're just going to be like that. That's why you could just use wildcards to give it all back to you. So then you go into something such as Amazon's Web application, and you would find a box where you could type this type of thing in. Notice how similar it is to cross-site scripting. And you just say "search." And in theory, this is not going to happen. I'm pretty sure Amazon is going to know that people could do this. And in theory, instead of returning search results because we're telling the Amazon database, "Hey man, give me all those credit cards," So you have to know the name of the field. You have to know the name of the table at the customer's table. And in theory, instead of returning this, you're going to return a whole bunch of credit card information. So that's what a SQL injection is. You can also use the and if you rememberin this one, you can use an insert command. So we can even insert userIDs or fake customers into databases. Lots of different things here you could do. I just wanted to show you what it was in this video. I found a good tutorial on this that I wanted to show you how to use to get into a database. So they have a database with a single table here. This table has a user ID with an email. And remember, we talked about how passwords are hash hashes. You guys remember that? So the password—remember, I said passwords are not stored in plain text. I'm not going to go through this in this setup, but basically, what it is and there is this website called 99 Guru.com Lauren SQL Injection and Practical. You could have actually gone through this and they would tell you, "Okay, you would put in the username here and instead of actually putting in the guy's password, right, instead of putting in the guy's password, you put a SQL command right in there." This is telling the programme to return a true statement. You see what happens when you type a password and it hashes it. And it's not just a hash in a database that they have matched up. It's basically saying it's true that, Hey, this guy is this guy. So what this statement does, without getting into the quota, is basically match this up. So without typing the guy's password, you would just type this in and it would log you in. All right? So that's the basic idea of what they're showing you here. So this is a sequel injection. The other one I wanted to talk about is something called a DLL injection. DLL injections? DLL injections occur when you have programmes that are working. I say you have one application working in memory, and then you have another programme working in another space in memory. The objective of DLL injection is to have the hacker application execute a programme into memory and try to go into the memory space of the other application to get that programme to execute the DLL, basically stealing memory and stealing data from the other application. The other one they talk about is something called LDAP injection. LDAP injections. So first of all, what is LDAP? LDAP uses a lightweight directory access protocol. LDAP is famous for Microsoft Active Directory. If you liked your A+ or your Netflix, you've probably heard of Active Directory, which is based on LDAP. LDAP is basically a directory structure that stores, like a telephone book, users, computer objects, and so on. So LDAP injections basically do something similar to how I showed you SQL injections. They're basically going to run LDAP commands to manipulate or access data in Web applications that use LDAP. And finally, XML-based injections. This is XML, which is something that I wanted to show you just so you guys are familiar with what that looks like. XML is a type of format. It's a very popular format. And here's an XML format. So in this particular one here, in this format, you'll notice it's pretty readable. This is a breakfast menu format. Think of it like a Word document format, right? So this is the format. It's telling you the breakfast menu. The food is waffles. Here's the price. Here's what the descriptions carry. The next food is strawberry waffles, and you have blueberry waffles for the price. This is an XML format. When they inject data into XML by injecting it, manipulating the data structure, and adding data, this is referred to as XML injection. So the question that people ask me is, "Andrew, these things are pretty scary." Yeah, they are especially cross-site scripting and injection attacks on some of the most popular web application vulnerabilities out there. Input validation is a technique for stopping these things for your exam. So what is input validation? Input sanitization and validation would prevent a lot of these things from working in cross-site scripting and injections. The reason is because you're going to sanitise the input to the point where it doesn't accept certain characters because there are not enough characters. So, like, let me show you what I mean. Let's say you go into a Web application, right? any web application, and you can come down even in this box here. Now, what they could do is limit what can be typed into this box, right? So they can say this box here cannot hold more than ten characters. In fact, on the Tiau.com website, a good example of this, I notice, is when you come here, you'll notice that, yeah, we could put a name in there. Put a name in there. But you'll notice if I submit it, it says you must have an email. If I go in here and I put an email, let's say it doesn't format the email, right? You see, it says "invalid email." So it's looking for a particular email or something. So that would be a type of input validation. So input validation and sanitising input are limiting what types of characters can fit into those fields and what the format of those characters is. Let's say you have a number feel like a phonenumber feel limited, so it can only accept numbers. And this is something that the web developers—the database developers—have to do on their end. It's not something we're going to do, but we're going to have to ensure as security administrators that you know what the fields are sanitised in the web app. You don't want to push it out where peoplecan just type any command into the fields themselves. Okay? So remember, input validation is generally the answer to cross-site scripting. cross-site scripting and injection attacks. Pretty interesting stuff. Let's keep going.

3. Pointer Dereference, directory traversal, buffer overflows, and tocttou

In this video, we're going to be talking about quite a lot of stuff, particularly pointers or objects, the reference directory traversal, buffer overflows, race conditions, error handling, improper input handling, and a lot of other stuff. Right, let's get started. So most of these things here in this video are going to be about programming. So we're going to have to take a look at some codes in this video, and I'm going to try to make sure I minimise that as much as possible. It's not a code in class, but as a security administrator, you should be familiar with these terms. Not to mention, it's in the exam objectives. Let's knock them out. The first one is something called pointer object" to reference. Now pointer object to reference, and I'm on the tutorialspoint.com website. Pointer object dereference is basically being able to point to and manipulate data in a certain part of memory. And this is generally done in asterisks, right? So if you want to point to a particular part of memory, you may just use a particular asterisk to point to a particular part of memory. So that's all you need to know about that. Just remember, a pointer object to reference is generally just an asterisk. Now the other one I want to mention is the direct reversal. Now what is that? Direct retroversal. So, I am going to open I made a website on this computer called Local Host. I'm just going to go to this website. It's actually a little host on this computer. This is my personal website. So as you can see, I just pulled up a website there. Now, directly traversal" is when a website is misconfigured and it allows you to see all the files. So our website is not just one file. It's not just one HTML file; it's many HTML files; it's scripting files; it's images. So when the webmasters build their website, they put the files into folders, and they're actually traversed. If the Web server is misconfigured, it allows us to browse these folders and see the files. This is a significant attack on web servers because software such as Web rippers can now steal websites directly from the web server. Let me show you this one. So back here at my website, if I just click here, I just have a page about me here. Go back to my home page. So right now I'm at this HTML index HTML.So if I just go in there and type images and press Enter, Notice how it brought up this folder that has images. You can actually try this on our website. Just go to our website and just type "images." Generally, a smaller website may just pop up a whole bunch of images that are there. If I click on "book," Here's the book that I have. And I actually have another folder in here called Docs. So you notice Doc is here, and I have a password: TXT. On this particular web server, if I click on a text file to load it, the username is ending and the password is password. So this is a directory traversal. So the way you fix it now is to run it on the older Windows 7 box. This is IAS 7.0. And I have to go in and enable direct traversal on this web server for this to even work to show you guys what it is. Well, some web servers are still configured like this. So you want to make sure that you understand that. You know what? If you configure your web server right, you shouldn't allow this because then people can steal your data. The next topic we're talking about is something called a buffer overflow. This is more of a coding thingand you don't need to know code. You've just got to understand what it is. So first of all, you have to understand that when people write programmes where there are particular applications and different types of scripts, and so on, they have to allocate parts of memory to store their data. So what happens is they allocate a certain portion of RAM to say, "Hey, let's say, "Hey, RAM, store this much memory for this part of the application." So let's say they have an application that is going to use up eight bites to store a particular thing, maybe a particular field that stores names or last names or something like that. What happens if you go and you put in ten bites or twelve bites? Then what happens? Now I have an example of this. Let me show you something. So in this example, this is the website here. So in this example, I'll show you what I mean. So somebody went ahead and made an application, and in the username field, they coded the application to only support eight characters. But what happens when someone went there and typed in ten characters? Now you have an extra two. Well, the application was only allocated eight characters. The buffer by itself was limited to eight. But when the memory buffers empty, what happens to the other two? Well, the other two go into the next portion of memory or the next set of buffers. This is why it's called a buffer overflow, because it's overflowing. So the buffer is up to eight. You're overflowing this by ten. So you've got another two over there. What does this lead to? So what can happen? So what happens if they go into the next buffers? Well, what happens here is that now you're executing more things than the application expected. You can put a payload in there. So you can, instead of the username being eight characters, like in this example, put the username, put a space, and then put, Hey, execute this code against the application, put a space, or attach more code and say open up a shell and give me remote access to this machine. In other words, you can run pretty much any type of malicious code using a buffer overflow. You're probably saying, Sandra, how do you fix this? You fix this by actually having good coding practices. Good coding standards are the way to fix this because using older applications to write programmes with could make this happen, even with some of the newer ones. So many good programming practices exist that almost all programmers know about them. They have to protect the way they write their codes. Okay, now for something you should be familiar with: exams like to talk about race conditions, and in particular, something called a time of check to time of use. So here's what this is. In applications, there is a time difference between when a system checks a particular programme and when somebody actually uses it. This is generally done with security credentials. So it may check if a credential is good. And then you can log in, and then you can start to use it. There's always a time difference, but I'll show you an example of what it looks like in coding. Here we go. So this is a time to use the Wikipedia article on this. But I thought I had a really good example here without getting into the coding aspect of it. So look at this here. Basically. Now I'm just going to read the code here for you. If you don't understand it, that's fine. Just know what this is. So it's saying that to access this file, you want to be able to open it and write to it. So this is just a piece of code that will open the file and allow you to write and read from it. So what happens is there's a time difference between thisaccess the file and open and write to the file. So the time of check to time of use race condition occurs here because an attacker can exploit the actual time difference between these two, allowing the attacker to insert a command that allows him to write or overwrite information in the password database. So imagine you go to Access, imagine you go to access a file, and by the time you try to open the file because it's going to check your permission, it says, "Okay, you do have access to that." And now it's using your permission to then overwrite a password found in another part of the system. So it's using your credentials to do something it didn't even have to before it even checked them. That's why it's called a time of check or time of use. You're probably saying, How do you fix this? good programming practices. Once again, there are a lot of different programming and coding practises that will help to defeat this. And sometimes the best thing to do is to follow the best practises in that industry about it.Okay? Another thing is something called error-handling and improper input handling. All right? improper input handling. Error handling. Let's fix improper input handling first. So when you have an application, any application, let's go to Amazon. So if you have an application, all of these boxes here are basically fields to handle input. If I sign in, here's a field that handles input. I'm just going to type some stuff in there and, hey, there's a problem. I couldn't find an account with that email address. That's good input handling. What happens when people insert improper data into fields in your Web application? Well, it has to be handled correctly. In other words, like Amazon has here, they're ensuring that something is not correct here.And also, it's not executing or causing any errors or problems in their Web application. So we need to be able to predict what users will enter, what kind of nonsense people will type into your application's input fields. There are different kinds of tests for this, like fuzzers or fuzzing, which we'll get to later in this class. And the next thing I want to talk about is something called impairment. So a lot of this happens on Web servers. So you noticed I have a website, right? So nothing is wrong with my website here, unless I put a space in there. And so I have this image folder. What if I created a folder that didn't exist? What is the Web server going to do? See, this is not good. So I did this purposely because I wanted to show what a bad one looks like. So you'll notice that the Web application is not handling errors very well because it's giving away way too much information. It's telling us right off the bat that this weird website is okay to see in the Internet Pub/wwwroute folder because it's running on this port. This is an ICS Web server that gives away a lot of information. So I need to go in and not use that Web server. It's a very old web server, by the way. Oh, you know what? I forgot to show you. Look. It even has a kind of new web version of it, 7.5. This is a Windows 7 web server, by the way. I use that on purpose to show you, hey, some of the problems that can happen. So, with error handling, what happens when an error occurs on the website or the application? How does the application handle that? It may freeze. It should simply display an error message that provides information to users while not divulging information about the server that is hosting it. These are just the default web pages that I had used on this particular web application. And I should have replaced them with more generic things that say, Sorry, this page does not exist. Please go back to the home page. Right? So you have to replace these types of error pages. Okay. In this video, we learned a lot. We talked about pointer object references at the asteroids; you also have directory traversal buffer overflow rates; we talked about error handling just now and improper input handlers.

ExamCollection provides the complete prep materials in vce files format which include CompTIA Security+ certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to CompTIA Security+ certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.

Read More


Comments
* The most recent comment are at the top
  • Strykar
  • Canada
  • Sep 26, 2022

Passed with 811. Premium Dump questions are valid, but I would highly recommend that you go through the content and cross verify the answers in dump.

  • Sep 26, 2022
  • Momodou Jallow
  • Gambia
  • Mar 05, 2021

Very good

  • Mar 05, 2021
  • Shaw
  • United Kingdom
  • Jan 18, 2021

I decided to go for the new SY0-601 test and found these preparation materials. It turned out that a friend of mine successfully took some tests with the help of this website, so I decided to go for it and buy a premium file package. Not all of the questions were the same during the test, but I think that the random question generator gave me the least popular questions. Eventually, I passed the test.

  • Jan 18, 2021
  • Austin Pokoleto
  • United States
  • Jan 07, 2021

I passed the exam with 830 points, and I was not sure that I even pass. However, most questions came from the SY0-501 questions and answers. So, it was quite easy to deal with them during the test.

  • Jan 07, 2021
  • Nonkululeko Maluleke
  • Brazil
  • Dec 28, 2020

After I passed my exam with 80% passing score using the Security+ premium dumps I can say that the materials here are 100% valid. I got a lot of questions from the practice test and was able to answer most of them. Thanks, ExamCollection!

  • Dec 28, 2020

Add Comment

Feel Free to Post Your Comments About EamCollection VCE Files which Include CompTIA Security+ Certification Exam Dumps, Practice Test Questions & Answers.

SPECIAL OFFER: GET 10% OFF

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads

SPECIAL OFFER: GET 10% OFF

Use Discount Code:

MIN10OFF

A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |