nerdexam
CompTIA

SY0-301 · Question #634

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the f

The correct answer is A. Buffer overflow. The repeated hex value 0x90 is the x86 NOP (No Operation) instruction, and a long sequence of NOPs known as a NOP sled is a classic signature of a buffer overflow exploit.

Threats, vulnerabilities, and mitigations

Question

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?

Options

  • ABuffer overflow
  • BCross-site scripting
  • CXML injection
  • DSQL injection

How the community answered

(39 responses)
  • A
    74% (29)
  • B
    3% (1)
  • C
    8% (3)
  • D
    15% (6)

Why each option

The repeated hex value 0x90 is the x86 NOP (No Operation) instruction, and a long sequence of NOPs known as a NOP sled is a classic signature of a buffer overflow exploit.

ABuffer overflowCorrect

In x86 architecture, the byte 0x90 represents the NOP instruction, which does nothing except advance the instruction pointer. Attackers craft a buffer overflow payload with a long NOP sled followed by shellcode, so that execution slides into the shellcode regardless of the exact return address. The repeated 0x90 sequence in the captured session is a direct indicator of this buffer overflow technique.

BCross-site scripting

Cross-site scripting injects malicious scripts into web pages delivered to users and would not produce a NOP sled pattern in a database session.

CXML injection

XML injection manipulates XML parsers with malformed input and does not involve NOP instruction sequences.

DSQL injection

SQL injection inserts malicious SQL statements into database queries and does not rely on NOP byte patterns.

Concept tested: NOP sled signature in buffer overflow attacks

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#NOP sled#packet analysis#exploit identification

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice