Exam 312-50v12 topic 1 question 140 discussion

I believe it's not C, as unknown users have already been granted administrative permissions. Also, there is nowhere mentioned that unnecessarily accounts have been created. Also, not B or D, as these type of attacks do not require gaining admin permissions on a system. The problem with unkown users getting admin perms is that they can change the code the server is running, eg by injecting a malicious DLL. So, it's A.

CEH v12 page: 545 Host Misconfigurations

Option A (DLL injection) is not directly related to the described misconfiguration. Option B (weak encryption) is not mentioned in the scenario. Option D (Denial-of-Service) is possible but less likely to be the most potent risk given the specific misconfigurations described.

An attacker may be able to inject a malicious DLL into the current running process

It's C because, with administrative privileges, you can gain greater control over the network.

C doesn't make sense, unknown users were already granted access. C states "C. Unauthorized users may perform privilege escalation using unnecessarily created accounts". it states may perform privilege escalation, its not may, the privileges are already there. There is no need for privilege escalation, it has already been granted. Additionally, it says using unnecessarily created accounts, no where in here does it say any accounts were created unnecessarily. B and D are both wrong. So I have to go with A.

I believe the answer is A Yes, it is possible for an attacker to inject a malicious DLL through a server debugging tool, especially if debugging functions are enabled and not properly secured. Here’s how: Exploiting Debugging Functions: Debugging tools often have elevated privileges and direct access to the system memory and processes. If an attacker gains access to these debugging functions, they can manipulate the system in various ways, including injecting malicious code. DLL injection is a technique used to run malicious code within the address space of another process by loading a dynamic link library (DLL). If debugging functions are enabled, an attacker with access can use these tools to load their malicious DLL into a RUNNING PROCESS.

I think Is A, why bother in priv esc if the user has already administrative account?!?

Why bother with A when you can aleady have system access by using C. Also AI says C, the book says A & C, and C makes more sense...so C

Is C. Key words "unknown users were granted administrative permissions"

Could someone please validate this information

Could someone help me confirm the accuracy of this data

C. Unauthorized users may perform privilege escalation using unnecessarily created accounts