Ethical Hacking 7 Flashcards
Trojans are known to use specific protocols and ports to communicate. What protocol and port does the Devil Trojan use?
TCP 65000
Which of the following is NOT a true statement about why ICMP Backdoor Trojans are attractive to hackers?
Network devices filter the contents of ICMP_ECHO traffic.
Which tool used by trojan creators is run with the user’s IP address after starting a Netcat listener on the user’s machine at port 8080
RemoteByMail
You are attempting to infect a system with a Trojan horse as a demonstration to a client that the security on this target system is lacking. Where can you place the file Trojan.exe in the Windows registry such that it will auto start the Trojan horse?
HKCR\exefile\shell\open\command
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Which backdoor countermeasure tool calculates cryptographic hashes of all key system files that have to be monitored for modifications?
Tripwire
YOu are attempting to infiltrate a network by means of a vulnerable workstation, which you have already gained access to. In order to maintain access to the system, you are looking to establish a backdoor. What can you use to create a backdoor that will listen on TCP port 7777, that will also grant access without requiring any validation or authentication?
Tini
What type of Trojan provides attackers with passwords or other confidential data such as credit card numbers and audit sheets?
Data-Sending Trojans
What statement accurately describes how an ICMP backdoor trojan utilizes ICMP tunneling?
ICMP backdoor trojans make use of ICMP_ECHO and ICMP-ECHOREPLY packet data to carry a payload to a target host.
Whihc of the tools listen creates a backdoor that listens at port 7777 and gives a remote command promt to anyone who connects?
Tini
What tool involves the injection of malicious code into a website in a process called cross-site scripting, in order to gain shell access?
XSS Shell
Which of the following is NOT a typical step in detecting Trojans?
Scan for ICMP type 8 packets
Which of the following statements about how Trojans function is NOT true?
Trojans use UDP to transmit all information.
Which type of channel is a legal, secure channel for the transfer of data or information within the network of a company?
Overt
Which type of channel is an illegal, hidden path used to transfer data from a network?
cover
Which famous Trojan creates a backdoor, which allows remote control of a system, and was written in Visual Basic?
MoSucker Trojan
You haven been handed a compromised system by your client in order to determine the source of the compromise. Upon viewing the process list of the running system, you spot an odd process by the name MSNETCFG.exe. What trojan software is most likely being used on the system?
MoSucker Trojan
You are investigating a Windows workstation with a possible infection. You suspect that system files may have been modified after viewing event logs on the system. What command can you use to scan all protected system files and replace corrupted or modified system files with clean versions?
sfc /scannow
A client has asked you to deploy an application that will monitor files modifications and report on changes. What application should you use for this task?
Tripwire
When following the steps used for detecting Trojans, which step are you implementing when you use the TCPView?
Scan for Suspicious Open Ports
What is a program that is used to bind Trojan executable to legitimate files?
Wrappers
