ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 40 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 40
Topic #: 1
[All 312-50v11 Questions]

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named `nc.` The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

  • A. File system permissions
  • B. Privilege escalation
  • C. Directory traversal
  • D. Brute force login
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Angelife at July 16, 2021, 4:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ateh
Highly Voted 2 years, 11 months ago
anon user was able to upload and execute a file, folder permission was likely setup incorrectly
upvoted 10 times
...
Scryptic
Highly Voted 2 years, 10 months ago
For clarification of the unicode quote marks: ...a binary file is named ג€nc.ג€ = "nc" (netcat)
upvoted 10 times
...
Beekay52
Most Recent 9 months, 2 weeks ago
I think it's Privilege Escalation
upvoted 1 times
...
ostorgaf
10 months, 3 weeks ago
Selected Answer: A
The scenario indicates that the anonymous user was able to upload, extract, and execute files on the FTP server. This suggests that there is a vulnerability in the file system permissions that allowed the unauthorized actions to take place. The anonymous user should not have had the necessary permissions to perform such actions.
upvoted 2 times
...
Vincent_Lu
10 months, 3 weeks ago
Selected Answer: B
Why not B. Privilege escalation?
upvoted 1 times
Vincent_Lu
10 months, 3 weeks ago
The question is "What kind of vulnerability must be present to make this remote attack possible?" So I change the answer to "(a) File System permissions" which is the least vulnerability at first.
upvoted 2 times
...
...
MK123One
1 year ago
Selected Answer: A
FILE SYSTEM PERMISSIONS
upvoted 1 times
...
yasso2023
1 year, 3 months ago
A. File system permissions
upvoted 1 times
...
josevirtual
1 year, 6 months ago
Selected Answer: A
file system permissions
upvoted 2 times
...
Famous_Guy
1 year, 7 months ago
Selected Answer: A
IT'S A
upvoted 2 times
...
antoclk
1 year, 9 months ago
Selected Answer: A
for uploading the files is needed to have proper write file permissions so the answer is A
upvoted 1 times
...
n3wb
2 years ago
Selected Answer: A
The answer is file system permissions.
upvoted 1 times
...
armaan2003
2 years, 1 month ago
Selected Answer: A
this is the answer
upvoted 1 times
...
CCLIN1014
2 years, 1 month ago
For this Question, B would be more appropriate. To upload files the user must have proper write file permissions. Privilege escalation doesn't mean you have enough permission to upload files.
upvoted 3 times
CCLIN1014
2 years, 1 month ago
sorry I mean the selection A is the answer, typo...
upvoted 1 times
...
...
beskardrip
2 years, 2 months ago
Selected Answer: B
Idk it says in the root directory so wouldn't the attack have had to escalate privileges to do that? As root you can do whatever you want in regards to files
upvoted 1 times
josevirtual
1 year, 6 months ago
It is asking for a vulnerability. Privilege escalation is not a vulnerability.
upvoted 2 times
...
n3wb
2 years ago
The root directory is not the same as the root user.
upvoted 1 times
...
...
Novmejst
2 years, 7 months ago
A. File system permissions
upvoted 3 times
...
JC1418
2 years, 10 months ago
Filesystem Permissions Weakness Many processes in the Windows OSs execute binaries automatically as part of their functionality or to perform certain actions. If the filesystem permissions of these binaries are not set properly, then the target binary file may be replaced with a malicious file, and the actual process can execute it.
upvoted 6 times
...
Angelife
2 years, 12 months ago
Can someone explain this answer? It would be appreciated.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel