Certified Ethical Hacker (CEH v12) — Question 241

John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John discovers that a new Dynamic Link Library is loaded in the application directory of the affected server. This DLL does not have a fully qualified path and seems to be malicious. What privilege escalation technique has the attacker likely used to compromise this server?

Answer options

• A. DLL Hijacking
• B. Named Pipe Impersonation
• C. Spectre and Meltdown Vulnerabilities
• D. Exploiting Misconfigured Services

Correct answer: A

Explanation

The correct answer is A, DLL Hijacking, because it involves placing a malicious DLL in a location where it can be loaded by an application, especially when the application does not use a fully qualified path. The other options, while they describe valid privilege escalation techniques, do not specifically relate to the situation of a malicious DLL being loaded without a fully qualified path.