Ethical Hacking 7

Question 1

Trojans are known to use specific protocols and ports to communicate. What protocol and port does the Devil Trojan use?

Answer 1

TCP 65000

Question 2

Which of the following is NOT a true statement about why ICMP Backdoor Trojans are attractive to hackers?

Answer 2

Network devices filter the contents of ICMP_ECHO traffic.

Question 3

Which tool used by trojan creators is run with the user’s IP address after starting a Netcat listener on the user’s machine at port 8080

Answer 3

RemoteByMail

Question 4

You are attempting to infect a system with a Trojan horse as a demonstration to a client that the security on this target system is lacking. Where can you place the file Trojan.exe in the Windows registry such that it will auto start the Trojan horse?

Answer 4

HKCR\exefile\shell\open\command

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Question 5

Which backdoor countermeasure tool calculates cryptographic hashes of all key system files that have to be monitored for modifications?

Answer 5

Tripwire

Question 6

YOu are attempting to infiltrate a network by means of a vulnerable workstation, which you have already gained access to. In order to maintain access to the system, you are looking to establish a backdoor. What can you use to create a backdoor that will listen on TCP port 7777, that will also grant access without requiring any validation or authentication?

Answer 6

Tini

Question 7

What type of Trojan provides attackers with passwords or other confidential data such as credit card numbers and audit sheets?

Answer 7

Data-Sending Trojans

Question 8

What statement accurately describes how an ICMP backdoor trojan utilizes ICMP tunneling?

Answer 8

ICMP backdoor trojans make use of ICMP_ECHO and ICMP-ECHOREPLY packet data to carry a payload to a target host.

Question 9

Whihc of the tools listen creates a backdoor that listens at port 7777 and gives a remote command promt to anyone who connects?

Answer 9

Tini

Question 10

What tool involves the injection of malicious code into a website in a process called cross-site scripting, in order to gain shell access?

Answer 10

XSS Shell

Question 11

Which of the following is NOT a typical step in detecting Trojans?

Answer 11

Scan for ICMP type 8 packets

Question 12

Which of the following statements about how Trojans function is NOT true?

Answer 12

Trojans use UDP to transmit all information.

Question 13

Which type of channel is a legal, secure channel for the transfer of data or information within the network of a company?

Answer 13

Overt

Question 14

Which type of channel is an illegal, hidden path used to transfer data from a network?

Answer 14

cover

Question 15

Which famous Trojan creates a backdoor, which allows remote control of a system, and was written in Visual Basic?

Answer 15

MoSucker Trojan

Question 16

You haven been handed a compromised system by your client in order to determine the source of the compromise. Upon viewing the process list of the running system, you spot an odd process by the name MSNETCFG.exe. What trojan software is most likely being used on the system?

Answer 16

MoSucker Trojan

Question 17

You are investigating a Windows workstation with a possible infection. You suspect that system files may have been modified after viewing event logs on the system. What command can you use to scan all protected system files and replace corrupted or modified system files with clean versions?

Answer 17

sfc /scannow

Question 18

A client has asked you to deploy an application that will monitor files modifications and report on changes. What application should you use for this task?

Answer 18

Tripwire

Question 19

When following the steps used for detecting Trojans, which step are you implementing when you use the TCPView?

Answer 19

Scan for Suspicious Open Ports

Question 20

What is a program that is used to bind Trojan executable to legitimate files?

Answer 20

Wrappers