The suspicious line of code indicates an attempt to establish a reverse shell connection from the compromised web server to an external IP address (10.0.0.1) and a specific port (1234). This indicates that the attacker is attempting to gain unauthorized remote access to the web server by opening a network socket, executing a shell command (/bin/sh -i), and redirecting the input and output to the network socket.
Therefore, the correct answer is:
D. Reverse shell
The suspicious line in the web server logs indicates an attempt at Command Injection. The attacker is trying to execute arbitrary commands on the server by injecting them into the PHP code. Specifically, the code is attempting to open a socket connection to "10.0.0.1" on port 1234 and then execute a shell (/bin/sh) with input, output, and error streams redirected to the socket. This is a common technique used in command injection attacks.
Don't pick B, this is clearly a reverse shell attack. 'fsockopen' initiates the connection on 10.0.0.1. 'exec' function is then used to execute /bin/sh -i <&3 >&3 2>&3, which establishes a command shell on the target machine. /sh -i = reverse shell. Yes they are injecting commands, but the better answer (which is the goal of the attacker) is to create a reverse shell on the victim's machine
upvoted 14 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 10 months agoRiccardoBellitto
Highly Voted 7 months, 4 weeks agosection8santa
Most Recent 8 months, 2 weeks agoFranky30
9 months, 2 weeks agogarfield123
8 months, 4 weeks ago