Certified Ethical Hacker (CEH v10) — Question 26

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

Answer options

• A. File system permissions
• B. Privilege escalation
• C. Directory traversal
• D. Brute force login

Correct answer: A

Explanation

The correct answer is A, as improper file system permissions allowed the anonymous user to upload and execute files on the server. If the permissions had been properly configured, the user would not have been able to write files or execute scripts. The other options do not apply here, as privilege escalation would involve gaining higher access than intended, directory traversal relates to accessing unauthorized directories, and brute force login refers to cracking passwords rather than exploiting file permissions.