ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 246 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 246
Topic #: 1
[All 312-50v12 Questions]

John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John discovers that a new Dynamic Link Library is loaded in the application directory of the affected server. This DLL does not have a fully qualified path and seems to be malicious. What privilege escalation technique has the attacker likely used to compromise this server?

  • A. DLL Hijacking
  • B. Named Pipe Impersonation
  • C. Spectre and Meltdown Vulnerabilities
  • D. Exploiting Misconfigured Services
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ethacker2
10 months, 1 week ago
A. DLL Hijacking CEHv12 Book Module 6 p.711 Most Windows applications do not use the fully qualified path when loading an external DLL library; instead, they first search the directory from which they have been loaded. Taking this as an advantage, if attackers can place a malicious DLL in the application directory, the application will execute the malicious DLL in place of the real DLL. For example, if an application program “.exe” needs library.dll (usually in the Windows system directory) to install the application, and fails to specify the library.dll path, Windows will search for the DLL in the directory from which the application was launched. If an attacker has already placed the DLL in the same directory as program.exe, then that malicious DLL will load instead of the real DLL, which allows the attacker to gain remote access to the target system.
upvoted 3 times
...
qwerty100
10 months, 3 weeks ago
Selected Answer: A
A. DLL Hijacking (Module 06 page 711)
upvoted 3 times
...
[Removed]
10 months, 3 weeks ago
Could someone help me confirm if this is correct
upvoted 1 times
...
DarioReymag
11 months ago
Is this answer accurate friends
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel