Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-82 Exam - Topic 5 Question 30 Discussion

Actual exam question for Eccouncil's 212-82 exam
Question #: 30
Topic #: 5
[All 212-82 Questions]

A web application www.movieabc.com was found to be prone to SQL injection attack. You are given a task to exploit the web application and fetch the user credentials. Select the UID which is mapped to user john in the database table.

Note:

Username: sam

Pass: test

Show Suggested Answer Hide Answer
Suggested Answer: B

The number of files in the ''Sensitive Corporate Documents'' folder is 4. This can be verified by initiating a remote connection to the target machine from the ''Attacker Machine-1'' using Theef client. Theef is a Remote Access Trojan (RAT) that allows an attacker to remotely control a victim's machine and perform various malicious activities. To connect to the target machine using Theef client, one can follow these steps:

Launch Theef client from Z:CCT-ToolsCCT Module 01 Information Security Threats and VulnerabilitiesRemote Access Trojans (RAT)Theef on the ''Attacker Machine-1''.

Enter the IP address of the target machine (20.20.10.26) and click on Connect.

Wait for a few seconds until a connection is established and a message box appears saying ''Connection Successful''.

Click on OK to close the message box and access the remote desktop of the target machine.

Navigate to the Documents directory and locate the ''Sensitive Corporate Documents'' folder.

Open the folder and count the number of files in it. The screenshot below shows an example of performing these steps: Reference: [Theef Client Tutorial], [Screenshot of Theef client showing remote desktop and folder]


by Carmela at Jun 02, 2024, 12:52 AM

Limited Time Offer

25%

Off

Get Premium 212-82 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shanice
6 months ago
Pretty sure it's 2, but could be wrong.
upvoted 0 times
...
Antonio
6 months ago
I think it's actually 4.
upvoted 0 times
...
Teddy
6 months ago
Wait, how do we even know that?
upvoted 0 times
...
Ty
7 months ago
Definitely B, no doubt about it!
upvoted 0 times
...
Shaniqua
7 months ago
I heard UID for john is 3.
upvoted 0 times
...
Sarah
7 months ago
I’m a bit confused about how to exploit the application correctly. I hope I remember the right syntax for the SQL query.
upvoted 0 times
...
Colby
7 months ago
I think the UID for john could be one of the lower numbers, but I can't recall if it was 2 or 3.
upvoted 0 times
...
Glenn
7 months ago
This question feels similar to one we did in class where we had to extract data using UNION statements. I think I might need to try that approach.
upvoted 0 times
...
Eulah
8 months ago
I remember practicing SQL injection techniques, but I'm not sure how to determine the UID for john specifically.
upvoted 0 times
...
Jamey
8 months ago
I'm a bit confused by the wording of this question. Does the 'Note' section provide any additional clues I should be considering?
upvoted 0 times
...
Lisha
8 months ago
Okay, I've got this. I'll use a union query to combine the legitimate query with a malicious one to extract the UID for the user 'john'.
upvoted 0 times
...
Laquita
8 months ago
Hmm, I'm not too familiar with SQL injection attacks. I'll need to review my notes and examples to figure out the best approach here.
upvoted 0 times
...
Stephaine
8 months ago
This looks like a classic SQL injection attack scenario. I'll need to carefully craft a malicious SQL query to exploit the vulnerability and retrieve the user credentials.
upvoted 0 times
...
Rory
8 months ago
I'm a bit confused on this one. The question mentions using SmartCapture forms, which makes me think HTML and CSS might be involved. But the data manipulation aspect points more towards SQL or AMPscript. I'll have to review my notes on this type of integration scenario.
upvoted 0 times
...
Bettyann
8 months ago
I've worked with OceanStor V3 before, so I think I have a good handle on this. I'll just double-check the details to be sure.
upvoted 0 times
...
Vallie
1 year ago
I got this. Time to channel my inner John Wick and take down this SQL injection vulnerability!
upvoted 0 times
Audra
12 months ago
C) 2
upvoted 0 times
...
Stevie
12 months ago
B) 3
upvoted 0 times
...
Jose
12 months ago
A) 5
upvoted 0 times
...
...
Wenona
1 year ago
Haha, 'movieabc.com'? Really? They couldn't come up with a more creative name for the website?
upvoted 0 times
Barbra
12 months ago
C) 2
upvoted 0 times
...
Merissa
12 months ago
C) 2
upvoted 0 times
...
Sharee
12 months ago
B) 3
upvoted 0 times
...
Merrilee
12 months ago
B) 3
upvoted 0 times
...
Lorriane
1 year ago
A) 5
upvoted 0 times
...
Rebbeca
1 year ago
A) 5
upvoted 0 times
...
...
Audrie
1 year ago
Wait, we're supposed to exploit the web app? That's like hacking, right? I don't think I'm comfortable with that.
upvoted 0 times
...
Stefany
1 year ago
This is a classic SQL injection question. I'm pretty sure the answer is C. 2.
upvoted 0 times
Kimbery
12 months ago
I agree, the answer is C) 2
upvoted 0 times
...
Xochitl
12 months ago
I think it's C) 2
upvoted 0 times
...
Beckie
1 year ago
D) 4
upvoted 0 times
...
Emelda
1 year ago
C) 2
upvoted 0 times
...
Keneth
1 year ago
B) 3
upvoted 0 times
...
Arthur
1 year ago
A) 5
upvoted 0 times
...
...
Arlie
1 year ago
I'm not sure, but I think the answer is C) 2 because it could be an older UID assigned to user john.
upvoted 0 times
...
Lezlie
1 year ago
I disagree, I believe the answer is D) 4 because it might be the next sequential UID after user john.
upvoted 0 times
...
Moira
1 year ago
I think the answer is B) 3 because it seems like a common UID for the user john.
upvoted 0 times
...

Save Cancel