A penetration tester recently came across an executable file that was developed in that house and used by administrators to remotely administer sensitive systems. The tester ran “strings” on the file and came up with the following output.
This program cannot be run in the OS mode.
.text
.dat e
Ntdll.dll
She1132.dll
User32.dll
Net use\\windc1\admin /user:windomain:admin p@ssw0rd1 /persistent
…
Which of the following recommendations should an analyst make to the testers?
Load the secure version of standard windows DLLs only
utilize base64 to encode the string with the net use command
perform static application security testing on all binaries
use the windows DPAPI to encrypt the password string
Load the secure version of standard windows DLLs only
because the string found in the output shows that it is injected in the DLL so DLL is vulnerable , just replace it with original DLL.
if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and i can edit and change the answers if you argue, thanks :)
Get Answers For Free
Most questions answered within 1 hours.