Sr xr x 1 root root 6443 homeuserchangepass using

This preview shows page 27 - 30 out of 36 pages.

-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass Using “strings" to print ASCII printable characters from changepass, the tester notes the following: $ strings changepass exit setuid strcmp GLIBC_2.0 ENV_PATH %s/changepw malloc strlen Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine? A. Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass. B. Create a copy of changepass in the same directory, naming it changepw. Export the ENV_PATH environmental variable to the path '/home/user/'. Then run changepass. C. Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary titled changepw. Then run changepass. D. Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of '/usr/local/bin'. Correct Answer: D Section: (none)
Explanation Explanation/Reference: QUESTION 47 A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
- VCE Exam Simulator - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - PDF Online
Section: (none) Explanation Explanation/Reference: QUESTION 48 Given the following Python script: Which of the following is where the output will go? Section: (none)
Explanation Explanation/Reference: QUESTION 49 - VCE Exam Simulator - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - PDF Online
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an: Section: (none)
Explanation Explanation/Reference: QUESTION 50 A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform? A. Vulnerability scan B. Dynamic scan C. Static scan D. Compliance scan Correct Answer: A Section: (none)
Explanation Explanation/Reference:

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture