Overview
Learning Outcomes:
In this module, you will complete the following exercises:
- Exercise 1 – Cross-Site Scripting
- Exercise 2 – SQL Injection
- Exercise 3 – Information Leakage and Improper Error Handling
- Exercise 4 – Race Conditions, Memory Leak, Resource Exhaustion, and Overflow Attacks
- Exercise 5 – Directory Traversal and Path Manipulation
- Exercise 6 – Privilege Escalation
- Exercise 7 – Driver Manipulation and Replay Attacks
- Exercise 8 - Pass the Hash, API Attacks, Request Forgeries, Pointer Dereference, and SSL Stripping
After completing this module, you should be able to:
- Exploit reflected XSS attacks.
- Exploit error-based SQL injection.
- Gather information from exception messages.
- Identify buffer overflow.
- Exploit directory listing vulnerability.
- Perform vertical privilege escalation.
- Perform cross-site request forgery.
After completing this module, you should have further knowledge of:
- Types of XSS attacks
- Error-based SQL injection
- Device manipulation and replay attacks
- API attacks, pointer dereference, pass the hash, and SSL stripping
Exam Objectives:
The following exam objective is covered in this lab:
1.3 Given a scenario, analyze potential indicators associated with application attacks.
- Privilege escalation
- Cross-Site Scripting
- Injections
- Pointer/object dereference
- Directory traversal
- Buffer overflows
- Race conditions
- Error handling
- Improper input handling
- Replay attack
- Integer overflow
- Request forgeries
- Application programming interface (API) attacks
- Resource exhaustion
- Memory leak
- Secure sockets layer (SSL) stripping
- Driver manipulation
- Pass the Hash
Note: Our main focus is to cover the practical, hands-on aspects of the exam objectives. We recommend referring to course material or a search engine to research theoretical topics in more detail.