ECCouncil Updated 312-50v13 Exam Questions and Answers by zayaan

The scenario describes a cryptographic attack where the attacker (in this case, the student) uses a predefined list of commonly used passwords to try and unlock a secured PDF document. This technique is known as a Dictionary Attack.

According to the CEH v13 Official Courseware:

A Dictionary Attack is defined as “a method of breaking passwords by trying out a predefined list of words (dictionary) commonly used as passwords.”

Unlike a brute-force attack, which tries every possible character combination, a dictionary attack relies on known or likely password choices, which makes it faster but less exhaustive.

Dictionary attacks are commonly used against encrypted or password-protected files, login forms, and even hashes.

Relevant distinctions from other options:

A. Man-in-the-middle attack involves intercepting communication between two parties and is unrelated to offline password cracking.

B. Brute-force attack tries all possible character combinations, not just a list of known or common passwords.

D. Session hijacking involves taking over a user session and is unrelated to document password cracking.

Reference – CEH v13 Official Study Materials:

Module 20: Cryptography

Section: "Cryptanalysis Techniques"

Subsection: "Dictionary Attack vs. Brute-force Attack"

CEH v13 eBook or Study Guide — look for Table: “Types of Password Attacks” under “Cryptography Attack Vectors”

This exact technique is illustrated in CEH v13 labs involving John the Ripper, Hydra, and password recovery tools.

Sending an email to a known non-existent user is a reconnaissance technique used to:

Analyze bounce-back (NDR) messages.

Discover the email server’s operating system, filtering behavior, internal mail routing, and directory structure.

Reveal technologies such as Exchange, Postfix, etc.

From CEH v13 Official Courseware:

Module 2: Footprinting and Reconnaissance

CEH v13 Study Guide states:

“Sending a message to an invalid address can reveal error messages or NDRs that leak internal system details, such as mail server versions, spam filtering technologies, and internal naming conventions.”

Incorrect Options:

A: Not applicable.

B/C: Not the purpose here.

E: Anti-virus testing requires a separate controlled method.

These tools are all Distributed Denial of Service (DDoS) attack tools that coordinate large numbers of systems (bots) to flood target networks or services:

Trinoo – UDP flood-based DDoS tool

TFN2k (Tribe Flood Network 2000) – Supports ICMP, SYN, and other attack types

WinTrinoo – Windows variant of Trinoo

Stacheldraht – Combines features of Trinoo and TFN with encryption and auto-updating

T-Sight – DDoS control tool

From CEH v13 Official Courseware:

Module 9: Denial-of-Service Attacks

CEH v13 Study Guide states:

“These tools are classic examples of distributed DoS platforms used by attackers to launch coordinated flood attacks using compromised hosts.”

Incorrect Options:

A: Not all tools were developed by the same group.

B: Not typically used by defenders.

D/E: These tools are cross-platform (some run on Linux, others on Windows).

In CEH v13 Module 11: Hacking Wireless Networks, it is explained that disabling SSID broadcast only hides the SSID from casual scanning, not from determined attackers.

When a legitimate client connects to a hidden SSID, the SSID is included in the probe request and association packets, which can be easily sniffed using tools like Wireshark or Kismet.

Leaving authentication open adds no real protection.

Attackers can still capture traffic and use it to determine the SSID and connect to the access point.