nerdexam
EC-Council

312-50V7 · Question #337

312-50V7 Question #337: Real Exam Question with Answer & Explanation

The correct answer is D. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell. See the full explanation below for the reasoning.

Question

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

Options

  • AUsing the Metasploit psexec module setting the SA / Admin credential
  • BInvoking the stored procedure xp_shell to spawn a Windows command shell
  • CInvoking the stored procedure cmd_shell to spawn a Windows command shell
  • DInvoking the stored procedure xp_cmdshell to spawn a Windows command shell

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V7 Practice