Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

GAQM Exam CEH-001 Topic 5 Question 4 Discussion

Actual exam question for GAQM's CEH-001 exam
Question #: 4
Topic #: 5
[All CEH-001 Questions]

Study the following exploit code taken from a Linux machine and answer the questions below:

echo ''ingreslock stream tcp nowait root /bin/sh sh --I" > /tmp/x;

/usr/sbin/inetd --s /tmp/x;

sleep 10;

/bin/ rm --f /tmp/x AAAA...AAA

In the above exploit code, the command ''/bin/sh sh --I" is given.

What is the purpose, and why is 'sh' shown twice?

Show Suggested Answer Hide Answer
Suggested Answer: A

What's going on in the above question is the attacker is trying to write to the unix filed /tm/x (his inetd.conf replacement config) -- he is attempting to add a service called ingresslock (which doesnt exist), which is 'apparently' suppose to spawn a shell the given port specified by /etc/services for the service 'ingresslock', ingresslock is a non-existant service, and if an attempt were made to respawn inetd, the service would error out on that line. (he would have to add the service to /etc/services to suppress the error). Now the question is asking about /bin/sh sh -i which produces an error that should read 'sh: /bin/sh: cannot execute binary file', the -i option places the shell in interactive mode and cannot be used to respawn itself.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel