Question

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following MOST likely occurred?

A. A spraying attack was used to determine which credentials to use.
B. A packet capture tool was used to steal the password.
C. A remote-access Trojan was used to install the malware.
D. A dictionary attack was used to log in as the server administrator.

Answer 1

The most likely scenario is that a packet capture tool was used to intercept and steal the server administrator's password since Telnet transmits passwords in plaintext.

Step-by-step explanation:

The student's question relates to an incident where malicious software was installed on a server through the misuse of a server administrator's credentials, with Telnet being used for login. The scenario that most likely occurred is that a packet capture tool was used to steal the password. Telnet transmits all information, including passwords, in plaintext, which can be easily captured by someone snooping on the network. This approach is more direct and plausible than the occurrence of a spraying or dictionary attack in the context of using Telnet, and it doesn't require a prior infection by a remote-access Trojan, as the malware installation occurred due to the stolen credentials.In this scenario, the most likely method used to gain access to the server with the server administrator's credentials is A spraying attack.

A spraying attack involves a brute force approach where a large number of username and password combinations are tried on multiple accounts. This method increases the chances of successfully guessing the correct credentials to gain unauthorized access.In this case, the attackers likely used a spraying attack to determine the server administrator's credentials, allowing them to install the malicious software.