Certified Ethical Hacker (CEH) — Question 51

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local
System account. How can this weakness be exploited to access the system?

Answer options

• A. Using the Metasploit psexec module setting the SA / Admin credential
• B. Invoking the stored procedure xp_shell to spawn a Windows command shell
• C. Invoking the stored procedure cmd_shell to spawn a Windows command shell
• D. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Correct answer: D

Explanation

The correct answer is D because xp_cmdshell is a stored procedure that allows the execution of operating system commands directly from SQL Server, enabling access to the command shell. Options A, B, and C are incorrect as they either reference incorrect procedures or methods that do not provide the same level of access to the system as xp_cmdshell does.