EC-Council
EC0-350 · Question #689
EC0-350 Question #689: Real Exam Question with Answer & Explanation
Sign in or unlock EC0-350 to reveal the answer and full explanation for question #689. The question stem and answer options stay visible for context.
Question
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The file Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below: What can you infer from the exploit given?
Exhibit
Options
- AIt is a local exploit where the attacker logs in using username johna2k.
- BThere are two attackers on the system ?johna2k and haxedj00.
- CThe attack is a remote exploit and the hacker downloads three files.
- DThe attacker is unsuccessful in spawning a shell as he has specified a high end UDP port.
Unlock EC0-350 to see the answer
You've previewed enough free EC0-350 questions. Unlock EC0-350 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.