Pearson 312-50v13 New Attempt

flags –source-port and -g are equivalent and instruct nmap to send packets through a selected port. this option is used to try to cheat firewalls whitelisting traffic from specific ports. the following example can scan the target from the port twenty to ports eighty, 22, 21,23 and 25 sending fragmented packets to LinuxHint.

CEH teaches that unrestricted file upload vulnerabilities are among the most dangerous in web applications because they allow attackers to bypass extension checks and upload malicious executable files. When the server fails to validate MIME types, file extensions, or execution permissions, an attacker can upload a web shell disguised as a harmless file, such as “image.php.jpg,” which may pass superficial validation and still be executed by the server’s interpreter. Once executed, the shell provides the attacker with command execution capabilities, allowing full control over the system. CEH emphasizes that web shells can enable privilege escalation, database compromise, lateral movement, or full server takeover. Unlike SQL injection or XSS, file upload exploitation directly affects server-side execution, making it significantly more severe. Unrestricted upload flaws are commonly tested in CEH labs with tools like Burp Suite to alter content-type headers or bypass client-side filters. This is a high-impact vulnerability requiring strict validation and sandboxing controls.

A Stealth or Tunneling Virus is designed specifically to evade detection by antivirus software and system monitoring tools. These viruses work by intercepting and modifying the operating system’s service call interrupts (such as INT 13h and INT 21h in DOS systems), which are used to access files or system services.

By hooking into these interrupts, the virus can return clean or forged data to antivirus scanners, thus hiding its malicious presence from detection tools.

Tunneling viruses may also operate at a lower level to evade even more advanced antivirus detection methods, making them particularly dangerous and hard to detect.

Reference – CEH v13 Official Study Guide:

Module 6: Malware Threats

Section: Types of Viruses

Quote:

“Tunneling viruses attempt to avoid detection by antivirus programs by installing themselves in the interrupt handler chain. These viruses intercept operating system calls to conceal their activities.”

Incorrect Options Explained:

A. Macro viruses target applications like Microsoft Word/Excel and use embedded macros, but do not alter service call interrupts.

C. Cavity viruses insert code into empty spaces in files without changing the file size but do not modify interrupts.

D. Polymorphic viruses mutate their code to avoid signature-based detection but do not typically interfere with system interrupts directly.

There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non-persistent and persistent. In this issue, we consider the non-persistent cross-site scripting vulnerability.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.

Because HTML documents have a flat, serial structure that mixes control statements, formatting, and the actual content, any non-validated user-supplied data included in the resulting page without proper HTML encoding, may lead to markup injection. A classic example of a potential vector is a site search engine: if one searches for a string, the search string will typically be redisplayed verbatim on the result page to indicate what was searched for. If this response does not properly escape or reject HTML control characters, a cross-site scripting flaw will ensue.