CERTIVIEW

Wednesday, 17 February 2016

CEH v9 Question of the Week: CVE-2007-2447

CEH-v9-QOWGreenYou have found a CVE-2007-2447: Remote Command Injection Vulnerability. This bug was originally reported against the anonymous calls to the SamrChangePassword() MS-RPC function in combination with the “username map script”smb.conf option (which is not enabled by default). The vulnerables version are Samba 3.0.0 – 3.0.25rc3. You want to exploit it and get access to the system.

Which exploitation framework will help you with the task?

A. BeEF
B. Metasploit
C. SET toolkit
D. Powersploit

Reveal Answer

The correct answer is B.

Metasploit comes with exploitation modules that enable pen testers to exploit known vulnerabilities in operating systems and applications. BeEF is a browser exploitation framework that focuses on the web browser and not other applications such as Samba. SET toolkit is specifically designed to perform advanced attacks against the human element. PowerSploit  is a collection of security-related modules and functions written in PowerShell. Many of the scripts in the project are extremely useful in post-exploitation in Windows environments.

 

 

Related Course
Certified Ethical Hacker v9

CEH v9 Question of the Week Series

  • CEH v9 Question of the Week: Retina Scanners
  • CEH v9 Question of the Week: Employee Behavior
  • CEH v9 Question of the Week: CVE-2007-2447


from
CERTIVIEW
Unknown at 03:24
Share

No comments:

Post a Comment

‹
›
Home
View web version

About Me

Unknown
View my complete profile
Powered by Blogger.