ECCouncil Updated 312-50v13 Exam Questions and Answers by rehmat

Most likely have an issue with DNS.

DNS stands for “Domain Name System.” It’s a system that lets you connect to websites by matching human-readable domain names (like example.com) with the server's unique ID where a website is stored.

Think of the DNS system as the internet’s phonebook. It lists domain names with their corresponding identifiers called IP addresses, instead of listing people’s names with their phone numbers. When a user enters a domain name like wpbeginner.com on their device, it looks up the IP address and connects them to the physical location where that website is stored.

NOTE: Often DNS lookup information will be cached locally inside the querying computer or remotely in the DNS infrastructure. There are typically 8 steps in a DNS lookup. When DNS information is cached, steps are skipped from the DNS lookup process, making it quicker. The example below outlines all 8 steps when nothing is cached.

The 8 steps in a DNS lookup:

1. A user types ‘example.com’ into a web browser, and the query travels into the Internet and is received by a DNS recursive resolver;

2. The resolver then queries a DNS root nameserver;

3. The root server then responds to the resolver with the address of a Top-Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD;

4. The resolver then requests the .com TLD;

5. The TLD server then responds with the IP address of the domain’s nameserver, example.com;

6. Lastly, the recursive resolver sends a query to the domain’s nameserver;

7. The IP address for example.com is then returned to the resolver from the nameserver;

8. The DNS resolver then responds to the web browser with the IP address of the domain requested initially;

Once the 8 steps of the DNS lookup have returned the IP address for example.com, the browser can request the web page:

9. The browser makes an HTTP request to the IP address;

10. The server at that IP returns the webpage to be rendered in the browser.

NOTE 2: DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to serve requests. And if this port is blocked, then a problem arises already in the first step. But the ninth step is performed without problems.

GINA stands for Graphical Identification and Authentication. It is a Windows component (a DLL) that provides the user interface for logging into a Windows system.

Located in msgina.dll (in legacy Windows)

Handles the Ctrl+Alt+Del screen

Collects credentials (username/password) and passes them to the Local Security Authority (LSA)

From CEH v13 Courseware:

Module 6: Malware Threats

Module 4: Windows Authentication Internals

CEH v13 Study Guide states:

“The Graphical Identification and Authentication (GINA) is a DLL that implements the authentication UI for Windows systems. Malicious actors can create custom GINA DLLs to capture login credentials.”

The total data extracted by the attacker is E=xyz’u’, where x is the number of tables, y is the number of columns, z is the number of records, and u is the number of SQL payloads. To maximize E, the attacker would want to choose the highest values of z and u, while keeping x and y constant. Therefore, the situation where z=600 and u=2 would result in the highest extracted data volume, as E=42600*2=9600. The other situations would result in lower values of E, as shown below:

A: E=42400*4=12800

B: E=42550*2=8800

D: E=42500*3=12000

The attacker uses UNION SELECT statements to combine the results from different tables and columns, and DBMS_XSLPPOCESSOR.READ2CLOB to read sensitive files from the database server12. These techniques can bypass input validation and pattern matching measures that are based on the application’s responses3.

In CEH v13 Module 03: Scanning Networks, stealth scanning refers to a method of scanning that avoids detection by not completing the TCP handshake.

-sS = TCP SYN scan (Stealth scan)

Sends SYN packet.

If SYN-ACK is returned, the port is open; then a RST is sent back instead of completing handshake.

Harder to detect via IDS/IPS.

Option Analysis:

A. -sM: TCP Maimon scan (rarely used).

B. -sU: UDP scan.

C. -sS: Stealth SYN scan.

D. -sT: TCP Connect scan (not stealthy).