CompTIA Security+ Question F-13

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?

A. Zero-day
B. LDAP injection
C. XML injection
D. Directory traversal

Answer: A

Explanation:
The security breaches have NOT yet been identified. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Security+ Question C-19

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

A. SQL injection
B. Cross-site scripting
C. Command injection
D. LDAP injection

Answer: D

Explanation:
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection. In a page with a user search form, the following code is responsible to catch input value and generate a LDAP query that will be used in LDAP database. Insert the username The LDAP query is narrowed down for performance and the underlying code for this function might be the following: String ldapSearchQuery = “(cn=” + $userName + “)”; System.out.println(ldapSearchQuery);

If the variable $userName is not validated, it could be possible accomplish LDAP injection, as follows: If a user puts “*” on box search, the system may return all the usernames on the LDAP base If a user puts “jonys) (| (password = * ) )”, it will generate the code bellow revealing jonys’ password ( cn = jonys ) ( | (password = * ) )

CompTIA Security+ Question A-68

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

A. Rogue access point
B. Zero day attack
C. Packet sniffing
D. LDAP injection

Answer: D

Explanation:
A directory service is accessed by using LDAP (Lightweight Directory Access Protocol). LDAP injection is an attack against a directory service. Just as SQL injection attacks take statements that are input by users and exploit weaknesses within, an LDAP injection attack exploits weaknesses in LDAP (Lightweight Directory Access Protocol) implementations. This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits. One of the most common uses of LDAP is associated with user information. Numerous applications exist—such as employee directories—where users find other users by typing in a portion of their name. These queries are looking at the cn value or other fields (those defined for department, home directory, and so on). Someone attempting LDAP injection could feed unexpected values to the query to see what results are returned. All too often, finding employee information equates to finding usernames and values about those users that could be portions of their passwords.