nerdexam
GIAC

GPEN · Question #69

GPEN Question #69: Real Exam Question with Answer & Explanation

The correct answer is C. Listen the incoming traffic on port 53 and execute the remote shell.. The netcat command sets up a bind shell on port 53 that executes cmd.exe upon receiving an incoming connection, acting as a hidden backdoor listener.

Question

You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

Options

  • ACapture data on port 53 and performing banner grabbing.
  • BCapture data on port 53 and delete the remote shell.
  • CListen the incoming traffic on port 53 and execute the remote shell.
  • DListen the incoming data and performing port scanning.

Explanation

The netcat command sets up a bind shell on port 53 that executes cmd.exe upon receiving an incoming connection, acting as a hidden backdoor listener.

Common mistakes.

  • A. Banner grabbing requires connecting outbound to a remote service, not listening with the -l flag, and the -e cmd.exe parameter executes a shell rather than capturing service banners.
  • B. The -d flag in netcat means detach (run in background/hidden mode), not delete; nothing in this command removes or destroys a remote shell.
  • D. Port scanning involves sending probes to multiple remote ports to discover open services, which is the opposite of what -l (listen) does on a single local port.

Concept tested. Netcat bind shell backdoor flags and usage

Reference. https://linux.die.net/man/1/nc

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice
You execute the following netcat command: c:\target\nc -1 -p 53 -d... | GPEN Q#69 Answer | NerdExam