Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 12

In a professional penetration test or vulnerability assessment, the most efficient and effective way to discover vulnerabilities on a Windows-based system is to use an automated vulnerability scanning tool such as Nessus.

Nessus is a widely used vulnerability scanner developed by Tenable. It performs comprehensive scans across systems to identify:

Missing patches and updates

Misconfigurations

Weak or default credentials

Known vulnerabilities and associated CVEs

Outdated software versions

CEH v13 course material emphasizes the use of tools like Nessus, OpenVAS, and Qualys during the Vulnerability Analysis phase of ethical hacking engagements.

From CEH v13 Official Study Guide (Module 05: Vulnerability Analysis):

“Vulnerability scanning tools such as Nessus and OpenVAS are used to automatically identify known vulnerabilities in systems, including operating systems, applications, and services. These tools correlate identified issues with CVE entries and offer severity ratings based on CVSS scores.”

Incorrect Options Explained:

A. The Windows Update tool only updates the operating system and Microsoft applications. It is not designed to detect security flaws or vulnerabilities comprehensively.

C. MITRE.org is an excellent source of information for known vulnerabilities (CVEs), but it does not scan systems or detect vulnerabilities in a target environment.

D. Creating a disk image is useful for forensic purposes or backup, but it does not help in actively identifying vulnerabilities in a live system.

Reference – CEH v13 Study Guide:

Module 05: Vulnerability Analysis

Section: “Vulnerability Assessment Tools”

CEH iLabs Exercise: “Using Nessus to Perform Vulnerability Scanning”

In CEH v13 Module 10: Injection Attacks, the SQL Injection technique is covered extensively. A common attack method is to manipulate the input fields so that the resulting SQL query becomes logically always true, effectively bypassing authentication.

Given the input:

Username: attack' or 1=1 --

Password: 123456

And assuming the original SQL query is:

SELECT * FROM Users WHERE UserName = '<input_username>' AND UserPassword = '<input_password>';

When inputs are substituted, the query becomes:

SELECT * FROM Users WHERE UserName = 'attack' or 1=1 --' AND UserPassword = '123456';

The -- sequence is used in SQL to indicate a comment. Everything after -- is ignored by the SQL engine. So the query essentially becomes:CopyEdit

SELECT * FROM Users WHERE UserName = 'attack' or 1=1;

This query is always true due to 1=1, and if the application is vulnerable, it grants access regardless of the password.

Option Analysis:

A. Incorrect – Contains '' (double quote) after attack, which would cause a syntax error due to extra quotation marks.

B. Correct – This is the accurate representation of what the SQL query would look like with a successful injection.

C. Incorrect – The input string is malformed, combining input into one literal string.

D. Incorrect – Misplacement of ' after the comment token -- invalidates the SQL syntax.

Reference from CEH v13 Study Materials:

Module 10 – Injection Attacks, Section: SQL Injection – Authentication Bypass

CEH v13 eCourseware Practical Lab: Exploiting SQL Injection Vulnerability in Login Forms

CEH Engage – Web Application Testing Phase: SQLi Exploitation in Login Panels

The TCP three-way handshake is the foundational mechanism used to establish a reliable connection between two devices. The sequence is as follows:

The client sends a SYN (synchronize) packet to the server to initiate the connection.

The server replies with a SYN-ACK (synchronize-acknowledge) packet.

The client sends an ACK (acknowledge) packet back to the server.

Therefore, the connection starts with a SYN packet from the client.

The Blackjacking attack involves leveraging a compromised BlackBerry device and its connection through the BlackBerry Enterprise Server (BES) to tunnel back into the internal corporate network, bypassing perimeter firewalls. The tool used in this method is BBProxy.

BBProxy is installed on the BlackBerry device and establishes a covert tunnel via BES, allowing attackers to pivot into the internal LAN from outside the perimeter.

Reference – CEH v13 Official Study Guide:

Module 17: Hacking Mobile Platforms

Quote:

“Blackjacking is a technique in which attackers use BBProxy to exploit a trusted path from a BlackBerry device to the corporate LAN through BES.”

Incorrect Options Explained:

A. Paros Proxy is a web proxy used for intercepting HTTP/S traffic.

C. Blooover is used for Bluetooth security auditing.

D. BBCrack is used for password recovery on BlackBerry devices, not for tunneling.

===========