WAHS Readiness Quiz Are you ready for the CEH exam? Test your skills! Step 1 of 8 12% QUESTION 1 – James is running a basic penetration test on the website http://certifiedhacker.com that he determined to have many vulnerabilities. After a basic scan he finds that the site is vulnerable to SQLi (SQL Injection.) Which of the following would allow him to test the site for SQLi:* http://certifiedhacker.com/MyOrderDetail.aspx?Id=ORD-001 “ or 1>1;-- http://certifiedhacker.com/MyOrderDetail.aspx?Id=ORD-001 “ SELECT * FROM MyOrderDetail http://certifiedhacker.com/MyOrderDetail.aspx?Id=ORD-001 ' or 1=1;-- http://certifiedhacker.com/MyOrderDetail.aspx?Id=ORD-001 ‘ SELECT *.* QUESTION 2 – James is running a basic penetration test on the website http://certifiedhacker.com that he determined to have many vulnerabilities. After a basic scan he finds that the site is vulnerable to XSS (Cross Site Scripting.) James opens the Contacts page. Which of the following would allow him to test the site for XSS:* *Script* alert(“Hack test”);*$Script* NMAP XSS Site: http://certifiedhacker.com NMAP XSS test Site: http://certifiedhacker.com QUESTION 3 – Kevin, a notorious threat actor, has determined that the site www.certifiedhacker.com is vulnerable to a Remote Code Execution (RCE). He has uploaded a php file called getroot.php, disguised as an MP3 file into one of the web app interfaces but he doesn’t know folder where the app put getroot.php.mp3. Which command will help Kevin find the file?* www.certifiedhacker.com/phpuploads/findfile C:\Get-ChildItem file getroot.php.mp3 www.certifiedhacker.com/phpuploads/search $ dirbuster QUESTION 4 – Linda is hacking a web application named HotelResApp.com. She has determined that the app is vulnerable to SQL injection. She has exported a Burp Suite Intercept to a file called burpexport.txt. She needs to perform a SQL injection attack against the web app. Which command should she use?* nmap -sS -sT -T5 -xF burpexport.txt nmap -sS -sT -T0 -xF burpexport.txt sqlmap -r /burpexport.txt -p --dbs --threads 5 sqlmap -h /burpexport.txt -p search -D hotel --tables QUESTION 5 – Larry, a notorious threat actor, has determined that a web app is based on Java and it is using a deployment descriptor file in order to map URLs to servlets. There is feature on the app that allows the user to download a PDF document. In order to obtain the descriptor file, what changes should Larry make to the following code: <a id="HyperLink1" href="userfiles/secure.jsp?filename=/webdoc/EmployeeInfo.pdf" style="background: linear-gradient(45deg, #1de099, #1dc8cd); border: 0; border-radius: 20px; padding: 8px 30px; color: #fff;" title="Download">Download Course Details</a>* replace the filename with, “/WEB-INF/descriptor.xml” . replace the filename with, “/DESCRIPTOR-INFO/descriptor.xml” . replace the filename with, “/DESCRIPTOR-INFO/web.xml” replace the filename with, “/WEB-INF/web.xml” QUESTION 6 – Nancy, a pentester for XYZCorp LLC has searched the Google Hacking Database (GHDB) determined that one of their web apps has an Arbitrary File Upload vulnerability. Hacking the app, she decides to use PHP to get a webshell using a common php reverse shell technique. Using kali linux, which PHP script should she use?* C:\home\shells\webshells\php\qsd-php-backdoor.php C:\windows\system32\drivers\etc\qsd-php-backdoor.php $ /usr/share/webshells/php/php-reverse-shell.php $ /home/shells/webshells/php/php-reverse-shell.php QUESTION 7 – You need to scan a website to determine vulnerabilities. Which of the following will NOT work to scan a web application for vulnerabilities?* hydra -t 1 -l admin -P scan.lst -vV 10.123.1.15 ftp wpscan --url http://certifiedhacker.com ./nikto.pl -h http://certifiedhacker.com nmap http://certifiedhacker.com -p 80 --script=http-frontpage-login Please submit form to see your quiz results.Name* First Last Address* Street Address Address Line 2 City State / Province / Region ZIP / Postal Code Country AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongoCongo, Democratic Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzechiaCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyria Arab RepublicTaiwanTajikistanTanzania, the United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland Islands Phone*Email* How would you like to be contacted?* Phone Email Select*Please confirm by checking the box below that you consent to EC-Council contacting you with the results from the quiz as well as the certification program(s) relevant to the quiz content. Your information will not be shared with any third party. Please see our full privacy policy here.SelectNoYesWe care about your data privacy. We will only collect your data via this form if you agree to our terms of use. If you do not agree to the collection of your data, we will not be able to send you the information you have requested.CAPTCHA Δ
