SEC 1:
SEC 2:
|. Compare between HTML Injection and XSS?
&
Daffodil International University
Department of Software Engineering
Faculty of Science & Information Technology
Final Examination, Fall-2021
Course Code: C8334, Course Title: Ethical Hacking and Countermeasures with Lab
Level: 3 Term: 3 Section: A
Course Instructor: SB
Date: Thursday 23 December, 2021 Time: 12:30pm-2:30pm
‘Two hour (2:00) assessment; Total Marks: 40
Illustrate Xmas Scan and how does it work? (1+3)=4 [CLO2, Level 3]
Define reconnaissance and why it’s important in hacking? (4) [CLO4, Level 3]
‘Show how does (intitle:"Index of" | intitle:"Directory Listing For") AND site:example.com dorking
will. Work. (2) (CLO3, Level 1}
Define DNS zone transfer, and classify the types of DNS zone transfer. (1+3)=4 [CLOI, Level 4]
‘As a hacker sometimes you may need to do firewall bypass. Explain a method which you can use
‘to bypass firewall using nmap.
(4) [CLO2, Level 2]
Define broken authentication, and show how you can exploit this vulnerability after proper
identification. (2+4}=6 [CLO3, Level 1]
We bypass admin panel using conditional query string, note a query and explain how it works?
(2+4)=6 [CLO2, Level 2]
Explain client and server side vulnerability (3 differences), now create a list of 3 server side and 3
client side vulnerability. (3+3)=6 [CLO2, Level 5]
(4) (CLO2, Level 5]