lab 32

Question 1

How many “change to parent” operations are needed to create a relative URL reference to view the passwd file?

3
4
5
6
7

Answer 1

6

Question 2

What is the result of the whoami command injected in this step?

jaime
localhost
172.16.0.201
www-data

Answer 2

www-data

Question 3

What is the point of the string “../../../../../../” used in an attack?

Use command obfuscation to avoid keyword filters

Use special characters to avoid metacharacter escaping

Use directory traversal to reach the root directory

Trick the system into granting access to the file using root privileges

Answer 3

Use directory traversal to reach the root directory

Question 4

Score: 1
Which of the following characters can be used to stack commands in a command injection attack? (Select all that apply)

?
/
;
&&
^
|
+

Answer 4

;
&&
|

Question 5

What is the most significant concern of a file upload vulnerability?

An attacker’s ability to change user passwords.

An attacker learning the OS and software identities.

An attacker changing website contents (i.e., defacement)

An attacker being able to run malicious code on the web server.

Answer 5

An attacker being able to run malicious code on the web server.

Question 6

Exploiting systems using directory traversal, command injection, file upload, and web shell injection technique is typically performed during what phase of penetration testing?

Reconnaissance
Scanning
Vulnerability detection,
Gaining access
Post-exploit activities

Answer 6

Gaining access

Question 7

Injecting a web shell can be accomplished by taking advantage of what discovered vulnerability?

File upload
Adversary in the middle (AitM)
Brute force password cracking
Directory traversal

Answer 7

File upload