GCIH · Question #536
An attacker has used an infected USB thumb drive to compromise an internal host. The host is firewalled, blocking all inbound ports and protocols, and allowing tcp port 8080 outbound through an intern
The correct answer is C. Reverse HTTP shell. A reverse HTTP shell allows an attacker to connect outbound over HTTP (regardless of port) and this will work through proxies as well. Ptunnel requires ICMP. Covert_TCP will not facilitate remote control. Passive FTP is not a covert method nor does it facilitate remote control.
Question
An attacker has used an infected USB thumb drive to compromise an internal host. The host is firewalled, blocking all inbound ports and protocols, and allowing tcp port 8080 outbound through an internal proxy. Which covert method would the attacker use to control the remote host?
Options
- APtunnel
- BPassive FTP
- CReverse HTTP shell
- DCovert_TCP
How the community answered
(28 responses)- A14% (4)
- B4% (1)
- C79% (22)
- D4% (1)
Explanation
A reverse HTTP shell allows an attacker to connect outbound over HTTP (regardless of port) and this will work through proxies as well. Ptunnel requires ICMP. Covert_TCP will not facilitate remote control. Passive FTP is not a covert method nor does it facilitate remote control.
Topics
Community Discussion
No community discussion yet for this question.