Which weakness involves replacing original binaries with malicious binaries to escalate privileges by manipulating how binaries are launched?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which weakness involves replacing original binaries with malicious binaries to escalate privileges by manipulating how binaries are launched?

Explanation:
Binaries are launched by following a search path to locate the executable by name. This weakness, often called path interception, happens when an attacker places a malicious binary with the same name in a directory that is searched before the legitimate one. When the program is started, the system finds and runs the first match it encounters, so the attacker’s binary gets executed. If that binary runs with elevated privileges (for example, a binary that normally runs with higher rights), the attacker can gain those privileges, effectively escalating access. This is about manipulating how the launcher resolves the binary name, not about tokens, network pivoting, or simply misconfiguring file permissions. Why this fits better than the others: pivoting describes moving laterally after compromise, not altering which binary is launched. Access tokens involve abusing or duplicating user tokens to impersonate someone else, not replacing executables at launch. Filesystem permissions weaknesses relate to who can read, modify, or execute files, but the scenario specifically hinges on altering the launcher’s binary choice through the search path, which is classic path interception. To mitigate, secure the PATH and application search order, use fully qualified paths, restrict write access to folders that hold executables, and employ code-signing or application whitelisting where feasible.

Binaries are launched by following a search path to locate the executable by name. This weakness, often called path interception, happens when an attacker places a malicious binary with the same name in a directory that is searched before the legitimate one. When the program is started, the system finds and runs the first match it encounters, so the attacker’s binary gets executed. If that binary runs with elevated privileges (for example, a binary that normally runs with higher rights), the attacker can gain those privileges, effectively escalating access. This is about manipulating how the launcher resolves the binary name, not about tokens, network pivoting, or simply misconfiguring file permissions.

Why this fits better than the others: pivoting describes moving laterally after compromise, not altering which binary is launched. Access tokens involve abusing or duplicating user tokens to impersonate someone else, not replacing executables at launch. Filesystem permissions weaknesses relate to who can read, modify, or execute files, but the scenario specifically hinges on altering the launcher’s binary choice through the search path, which is classic path interception. To mitigate, secure the PATH and application search order, use fully qualified paths, restrict write access to folders that hold executables, and employ code-signing or application whitelisting where feasible.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy