Free Access to ECCouncil.312-50v12.v2025-07-31.q254 with Valid Practice Test (Page 36)

Question 171

Attempting an injection attack on a web server based on responses to True/False Question:s is called which of the following?

A.Compound SQLi
B.Blind SQLi
C.Classic SQLi
D.DMS-specific SQLi

Question 172

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem?

A.The service is LDAP. and you must change it to 636. which is LDPAPS.
B.The service is NTP. and you have to change It from UDP to TCP in order to encrypt it
C.The findings do not require immediate actions and are only suggestions.
D.The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.

Question 173

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

A.Carry out a passive wire sniffing operation using Internet packet sniffers
B.Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
C.Perform a PRobability INfinite Chained Elements (PRINCE) attack
D.Request a service ticket for the service principal name of the target service account

Correct Answer: D

A Kerberoasting attack is a technique that exploits the weak encryption of Kerberos service tickets to obtain the password hashes of service accounts that have a Service Principal Name (SPN) associated with them. The attacker can then crack the hashes offline and use the plaintext passwords to impersonate the service accounts and access network resources.
A Kerberoasting attack follows these steps1:
* The attacker impersonates a legitimate Active Directory user and authenticates to the Key Distribution Center (KDC) in the Active Directory environment. They then request a Ticket Granting Ticket (TGT) from the KDC to access network resources. The KDC complies because the attacker is impersonating a legitimate user.
* The attacker enumerates the service accounts that have an SPN using tools like GetUserSPNs.py or PowerView. They then request a service ticket for each SPN from the KDC using their TGT. The KDC grants the service tickets, which are encrypted with the password hashes of the service accounts.
* The attacker captures the service tickets and takes them offline. They then attempt to crack the password hashes using tools like Hashcat or John the Ripper. They can use various methods, such as brute force, dictionary, or hybrid attacks, to guess the passwords. Alternatively, they can use a PRINCE attack, which is a probabilistic password generation technique that combines common words, patterns, and transformations to generate likely passwords2.
* Once the attacker obtains the plaintext passwords of the service accounts, they can use them to authenticate as the service accounts and access the network resources that they are authorized to.
Therefore, the next step that the analyst should take after obtaining a valid TGT is to request a service ticket for the SPN of the target service account. This will allow them to capture the service ticket and extract the password hash of the service account.
References:
* How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX
* PRINCE: PRobability INfinite Chained Elements

Question 174

Which among the following is the best example of the hacking concept called "clearing tracks"?

A.During a cyberattack, a hacker corrupts the event logs on all machines.
B.An attacker gains access to a server through an exploitable vulnerability.
C.During a cyberattack, a hacker injects a rootkit into a server.
D.After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

Question 175

E-mail scams and mail fraud are regulated by which of the following?

A.18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
B.18 U.S.C. par. 1362 Communication Lines, Stations, or Systems
C.18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
D.18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Question 171

Question 172

Question 173

Question 174

Question 175

Download PDF File