GAQM CPEH-001 Exam - Topic 3 Question 50 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 50
Topic #: 3

[All CPEH-001 Questions]

What is the expected result of the following exploit?

AOpens up a telnet listener that requires no username or password.

BCreate a FTP server with write permissions enabled.

CCreates a share called ''sasfile'' on the target system.

DCreates an account with a user name of Anonymous and a password of noone@nowhere.com.

Show Suggested Answer

Suggested Answer: A

The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife -- netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.

by Tasia at May 04, 2022, 02:07 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lucia

4 months ago

I agree with techguy, A is the expected result.

upvoted 0 times

...

Rodolfo

4 months ago

D is just too weird to be true!

upvoted 0 times

...

Ling

4 months ago

C seems plausible, but not sure about that.

upvoted 0 times

...

Valentin

4 months ago

Definitely B, FTP server sounds right.

upvoted 0 times

...

Carma

5 months ago

I think it opens a telnet listener.

upvoted 0 times

...

Jarvis

5 months ago

The option about creating an account with the username "Anonymous" sounds familiar, but I can't remember if that was a common result of this type of exploit.

upvoted 0 times

...

Una

5 months ago

I have a feeling that the answer could be about creating an FTP server, but I’m not confident about the write permissions part.

upvoted 0 times

...

Brett

5 months ago

I remember practicing a question similar to this where an exploit opened a telnet listener, but I can't recall if it required credentials or not.

upvoted 0 times

...

Iluminada

5 months ago

I think this exploit might be related to creating a share on the target system, but I'm not entirely sure if it's specifically for a share called "sasfile."

upvoted 0 times

...

Gracia

5 months ago

This seems like a straightforward question about capturing customer details consistently. I think I'll go with option B and use an auto-launched flow to handle this.

upvoted 0 times

...

Izetta

5 months ago

I'm pretty confident I know the advantages of star topology over ring topology. The key ones are that a central device failure doesn't bring down the whole network, and the central connection point allows for flexibility and scalability.

upvoted 0 times

...

Heidy

5 months ago

This seems straightforward to me. The question is specifically asking about the CLI command to verify the status of SAML SSO, so the answer has to be "utils sso status". I'm confident that's the correct choice.

upvoted 0 times

...

Junita

5 months ago

I remember that Cisco AnyConnect supports SSL. Did we practice similar questions about VPN types?

upvoted 0 times

...