Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In a buffer-overflow attack, the attacker either manually sends strings of information to the victim Linux machine or writes a script to do so. These strings contain the following: (select all that are correct)
A pointer to the start of the malicious code in the memory buffer.
Malicious code to replace the attacked process. For example, exec ("/bin/sh") creates a shell command prompt.
None of these
NOP
The goal of a buffer overflow is for an attacker's instructions to be performed by the stack (first answer). If the attacker knows exactly where the instructions will be in memory, they can include that instruction to the system (third answer). If the attacker is not sure exactly where the instructions will be located, they can use what is called a NOP sled (No OPeration) which is basically telling the system to do nothing (second answer). The NOPs pad the attacker's malicious code so the system will do nothing until it reaches the instructions.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.