212-82 Exam Dumps : Certified Cybersecurity Technician (CCT)

3 is the number of files present in the folder in the above scenario. A RAT (Remote Access Trojan) is a type of malware that allows an attacker to remotely access and control a compromised system or network. A RAT can be used to steal sensitive data, spy on user activity, execute commands, install other malware, etc. To initiate a remote connection using thief client, one has to follow these steps:

Navigate to the thief folder located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1.

Double-click on thief.exe file to launch thief client.

Enter 20.20.10.26 as IP address of server.

Enter 1234 as port number.

Click on Connect button.

After establishing connection with server, click on Browse button.

Navigate to Desktop folder on server.

Count number of files present in folder.

The number of files present in folder is 3, which are:

Sensitive corporate docs.docx

Sensitive corporate docs.pdf

Sensitive corporate docs.txt

 FTP Unencrypted Cleartext Login is the vulnerability that may affect the website according to the severity factor in the above scenario. A vulnerability is a weakness or flaw in a system or network that can be exploited by an attacker to compromise its security or functionality. A vulnerability assessment is a process that involves identifying, analyzing, and evaluating vulnerabilities in a system or network using various tools and techniques. Greenbone is a tool that can perform vulnerability assessment on various targets using various tests and scans. To perform a vulnerability assessment on the given IP address 20.20.10.26, one has to follow these steps:

Open a web browser and type 20.20.10.26:9392

Press Enter key to access the Greenbone web interface.

Enter admin as username and password as password.

Click on Login button.

Click on Scans menu and select Tasks option.

Click on Start Scan icon next to IP Address Scan task.

Wait for the scan to complete and click on Report icon next to IP Address Scan task.

Observe the vulnerabilities found by the scan.

The vulnerabilities found by the scan are:

The vulnerability that may affect the website according to the severity factor is FTP Unencrypted Cleartext Login, which has a medium severity level. FTP Unencrypted Cleartext Login is a vulnerability that allows an attacker to intercept or sniff FTP login credentials that are sent in cleartext over an unencrypted connection. An attacker can use these credentials to access or modify files or data on the FTP server. TCP timestamps and UDP timestamps are vulnerabilities that allow an attacker to estimate the uptime of a system or network by analyzing the timestamp values in TCP or UDP packets. Anonymous FTP Login Reporting is a vulnerabilitythat allows an attacker to access an FTP server anonymously without providing any username or password.

The IP address of the attacker is 10.10.1.16. This can be verified by analyzing the Windows.events.evtx file using a tool such as Event Viewer or Log Parser. The file contains several Audit Failure logs with event ID 4625, which indicate failed logon attempts to the system. The logs show that the source network address of the failed logon attempts is 10.10.1.16, which is the IP address of the attacker3. The screenshot below shows an example of viewing one of the logs using Event Viewer4: References: Audit Failure Log, [Windows.events.evtx], [Screenshot of Event Viewer showing Audit Failure log]