https://codemonk69.blogspot.com/2020/07/ethical-hacking-intershala.html
Ques : Below is an XSS filter. How will you bypass it to create a popup?
Ans : alert(1)
Ques : What can be the uses of “web.archive.org”?
Ans : Used to see how a website used to look at a certain time in the past
Ques : What is Phreaking?
Ans : Hacking into telephone networks
Ques : Which of the following tools is used to find common files and folders on websites?
Ans : DirBuster
Ques : Which of the following Intruder options is suitable for bruteforcing usernames and passwords?
Ans : Cluster Bomb
Ques : What is the purpose of “dnsdumpster.com”?
Ans : To find subdomains of a given domain
Ques : NMAP is used for which of the following purposes?
Ans : All the above
Ques : Proxy is better than VPN. This is true or false in terms of which of these factors?
Ans : Cost
Ques : What will happen when the "yolo" button is clicked?
Ans : Popup with a text: http://google.com
Ques : Which authentication bypass payload will work for this login query (assume your input will go in place of the word 'admin')? Select * from login where user="admin" && pass="password"
Ans : " or 1=1--
Ques : Which of the following is an internal IP address?
Ans : 172.16.96.123
Ques : How many valid IP addresses are possible in the given IP range (both ends included)? 192.168.0.0 to 192.168.255.255.
Ans : 65536
Ques : What will be the output of the following PHP code?
Ans : Infinite never ending loop
Ques : Uploading a txt file when website is asking for jpg file. This is a part of:
Ans : VA
Ques : In time based SQL injection, we ask the website: If length(database())>5 Then sleep(10)
If the website responds after 10 seconds, we get to know that the length of the database name is greater than 5.
Ans : True
Ques : You can brute force cookies with Burp Suite.
Ans : True
Ques : Which of the following sqlmap script can be used to load HTTP request from a file?
Ans : -r
Ques : Lease time is used in which protocol?
Ans : DHCP
Ques : In the below given google dork, what will be searched in the SQL files? “admin” ext:sql site:x.com intext:password -download
Ans : admin and password
Ques : Which of the following commands is used to see what computers we are connected with?
Ans : Netstat
Ques : The more ports open on a server, the more are the chances of it being vulnerable.
Ans : True
Ques : What is the main purpose of UNION command in SQL? Ans : Join output of 2 or more queries
Ques : Below is a part of PHP code in the file upload function of a website. How will you bypass this and upload a usable PHP shell on the website?
Ans : Upload shell.pHp
Ques : You report a vulnerability to a company telling them about a vulnerability in "Yoast SEO" plugin in their WordPress. What will you recommend them to patch it?
Ans : Install the patch for Yoast SEO plugin and update the plugin to its latest version.
Ques : Which layer in the OSI model is responsible to encode and compress data?
Ans : Presentation Layer
Ques : You run Dirbuster and find the default login page of an application. You guess the password and get admin access to the website. Which of the following will you not include in the PoC?
Ans : Dirbuster screenshot.
Ques : Checking how many requests are coming from a specific user/IP for a specific resource like an account or some data, and blocking them if too many requests are being made in a small amount of time is called ______________.
Ans : Rate Limiting
Ques : Burp Suite can be used to find vulnerabilities on its own, confirm vulnerabilities found with other tools, and exploit vulnerability to steal data.
Ans : True
Ques : The following exploit is made in which language? https://www.exploit-db.com/exploits/46330
Ans : None of the above
Ques : Which vulnerability is least probable in this URL: http://site.com/home.php?document_id=1056
Ans : Stored XSS
Ques : HTTPs requests are made so that the hackers cannot intercept them and see the data in them while they are being transferred. This makes it impossible to intercept and tamper HTTPs requests.
Ans : False
Ques : What will be the output of this SQL query? SELECT news_title FROM news WHERE news_id=1 UNION SELECT password FROM users
Ans : A row containing ‘news’ title whose id is 1 and then rows containing all the passwords in the users table.
Ques : Why do we need to put CA certificate of the burp in our browser?
Ans : All of the above
Ques : If you are connected to the internet at your home, which of these will you definitely have?
Ans : Both of the above
Ques : What of the following is not a purpose of cookies?
Ans : Help in preventing SQL injection attacks.
Ques : MAC address is used to logically trace the path to reach a device on the network.
Ans : False
Ques : You must put a detailed business impact in both developer and management level report.
Ans : True
Ques : Which of these HTTP methods can be used to send data to a web server from a browser?
Ans : Both of the above
Ques : When you type api.facebook.com in the browser, the following steps will be taken to resolve the name (ignore caching):
Ans : Request sent to root name server
Ques : WordPress default login page is at which URL?
Ans : site.com/wp-login
Ques : In which of the following URL you are most likely to find an Apache tomcat login page?
Ans : http://site.com/manager/html