According to the Certified Ethical Hacker (CEH) attack methodology, once reconnaissance, footprinting, and website mirroring have been completed, the attacker proceeds cautiously to exploitation while maintaining stealth. CEH documentation emphasizes that low-noise, application-layer attacks are preferable when the objective is to minimize detection.
Option B, attempting SQL Injection, aligns directly with CEH’s Web Application Hacking module. SQL Injection is a server-side attack that can often be executed through normal-looking HTTP requests, making it less likely to trigger intrusion detection systems (IDS) or security alerts. CEH materials highlight SQL injection as a common and effective technique for extracting sensitive data such as usernames, passwords, and business-critical information without disrupting server operations.
Option A is incorrect because immediately modifying server configuration files after session hijacking significantly increases the risk of detection. CEH guidelines stress post-exploitation restraint, especially during red team operations.
Option C is not ideal at this stage because automated vulnerability scanners generate substantial traffic and are highly detectable. CEH explicitly notes that vulnerability scanning is noisy and often logged.
Option D is the least stealthy option. Brute-force attacks generate numerous failed authentication attempts, triggering security alerts and account lockouts. CEH classifies brute-force attacks as high-risk and easily detectable.
Therefore, SQL Injection represents the most effective and stealthy next step in accordance with CEH’s structured attack lifecycle.
