Exam PT0-001 topic 1 question 34 discussion

PenTest+ Practice Tests Book - SYBEX D. - Port 21 is for TCP and FTP and is used as a control port. Port 80 is for TCP and HTTP and is used for transferring web pages. Port 443 is used for TCP, HTTPS, and is HTTP over TLS/SSL and is for encrypted transmission. In this scenario, all the ports that the penetration tester has discovered have to do with the Web. So, the answer for this question would be that sensitive information may be revealed on the web servers since those were the ports indicated during the vulnerability scan.

looks good to me

A. >>> https://vigilance.fr/vulnerability/Apache-httpd-mod-rewrite-open-redirect-31923 "An attacker can deceive the user of Apache httpd mod_rewrite, in order to redirect him to a malicious site." Remediation Upgrade to the latest version of Apache. This issue was fixed in Apache httpd 2.4.41.

So, thinking about this. C can be ruled out ... you are EXTERNAL ... so under normal circumstancen now way to intercep traffic. So translating the Rest to the Real world: First thing i would do is goging for A. Oboslet Software ... Maybe there is an Apache exploit out there that gives me RCE. This would be the shortest attach path. you could also try to go for weak FTP User Passwords ... but that give you only access to the data of that User. An Apache exploit would give you access to all. D. Also is not usefull ... in the Vul. Listing thers no indication that thers a wrong configuration. Seaching for Exposed config would help finding vulnerabilitys .. But if A. is allready successfull i don't need to find any other vulnerabillitys.

D - Explanation: Port 21 is for TCP and FTP and is used as a control port. Port 80 is for TCP and HTTP and is used for transferring web pages. Port 443 is used for TCP, HTTPS, and is HTTP over TLS/SSL and is for encrypted transmission. In this scenario, all the ports that the penetration tester has discovered have to do with the Web. So, the answer for this question would be that sensitive information may be revealed on the web servers since those were the ports indicated during the vulnerability scan.

It's A, note it says on an EXTERNAL vulnerability scan. Ok so HTTP and FTP traffic happens without encryption but how exactly are you intercepting legit user traffic from outside the network? Lots of out-dated items here: Old Windows Server, old Apache, mod_rewrite, lots to potentially exploit.

Definitely C or D... but I could see an argument for both. But since this is a web server, and it is "configured" to send traffic with weak cleartext protocols, I would choose D.

Port 80 is unsecure by default, anything transmitted over Port 80 is in cleartext.

Apache mod_rewrite vulnerability cve-2006-3747 https://www.drupal.org/forum/general/news-and-announcements/2006-08-11/apache-mod_rewrite-vulnerability-cve-2006-3747 CVSS v2 Base Score: 7.6 HIGH I'd go for A due to they mention mod_rewrite enabled. But who knows, depending on how many drinks the comptia guy had when writing this question, then it'd be D.

• 2017 Top 10 • A1:2017-Injection • A2:2017-Broken Authentication • A3:2017-Sensitive Data Exposure • A4:2017-XML External Entities (XXE) • A5:2017-Broken Access Control • A6:2017-Security Misconfiguration • A7:2017-Cross-Site Scripting (XSS) • A8:2017-Insecure Deserialization • A9:2017-Using Components with Known Vulnerabilities • A10:2017-Insufficient Logging & Monitoring

Maybe: Cryptographically weak protocols may be intercepted? Note that Winodows 2012 is has port 21 open. Port 21 is usually for FTP. FTP passes information, including passwords, in clear text. Also, FTP is *not* a web protocol. FTP has been around long before the web.

Maybe A. Obsolete software may contain exploitable components? Obsolete, unsupported, software is always a concern. According to the scan, there is obsolete software. For example there are several unsupported versions of Apache found. Also SSLv3 can be a problem.