So what, in XSS you ALWAYS look for script word? I don't know javascript, I've been comparing the parameters after ".id=" page to page, aside from the word "script", which could be a leg-puller, I fail to see how these are completely different techniques.
Is javascript required for this damn exam?
Not gonna lie, some of these questions are really irritating. Not once did I see or hear LFI during my studying. Maybe I just overlooked it, but I've never heard of that. Ugh.
The log entries show that the attacker is able to access the /etc/passwd and /etc/sudoers files, which are sensitive files that contain user account information. This is possible because the attacker is exploiting a directory traversal vulnerability.
LFI (Local File Inclusion) is a vulnerability that allows an attacker to read arbitrary files on the server. The attacker in the scenario is exploiting an LFI vulnerability by using the show_file.php script to read the /etc/passwd and /etc/sudoers files.
Directory traversal is a vulnerability that allows an attacker to access files outside of the web root directory. The attacker in the scenario is exploiting a directory traversal vulnerability by using the ../ sequence in the file name to access the /etc/passwd and /etc/sudoers files.
This is one of those questions that likely doesn't count..seems to be from Pentest+
File inclusion attacks build on directory traversal attacks in the sense that you don’t just navigate through the system and look at files, you execute a program from the URL of the request message. There are two types of file inclusion:
• Local: A local file inclusion is used to execute a program that is local or located on the web server. In this example, the hacker would typically compromise the system first and plant the program on the system. To execute the program at a later time, the hacker would include a reference to the program in the URL:
http://website/index.php?include=c:\\data\\exploit. exe"
-Comptia Pentest+ Certification for dummies 2nd Edition by Glen Clarke
The attacker has exploited the LFI (Local File Inclusion) and the Directory Traversal vulnerabilities.
The logs show two HTTP GET requests made to the web server:
The first request was made to the show_file.php page with a parameter file set to *2et2e2f:2et2et2fetc2fpasswd.
The second request was made to the same show_file.php page with a parameter file set to $2e92e292e2e2fetc\2fsudoers.
Both requests seem to be trying to access sensitive files on the server. The first request appears to be trying to access the /etc/passwd file, which contains user account information, and the second request appears to be trying to access the /etc/sudoers file, which contains the list of users who are allowed to run commands with elevated privileges using the sudo command.
Therefore, the attacker is trying to exploit a vulnerability that allows unauthorized access to sensitive files on the web server.
B. LFI
F. Directory Traversal
LFI
Local File Inclusion is an attack technique in which attackers trick a web application into either running or exposing files on a web server. LFI attacks can expose sensitive information, and in severe cases, they can lead to cross-site scripting (XSS) and remote code execution. LFI is listed as one of the OWASP Top 10 web application vulnerabilities.
RFI
Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain.
A directory traversal attack that dumps the contents of the /etc/passwd file through the browser is an example of a local file inclusion (LFI) attack.
LFI is a type of vulnerability that allows an attacker to include and execute files that are located on the same server as the vulnerable application. In a directory traversal attack, the attacker attempts to access files outside of the web root directory by manipulating input parameters. If successful, the attacker can access and view sensitive system files like /etc/passwd, which can contain hashed passwords and other system information. This can be a serious security issue, as it can allow the attacker to gain further access to the system or escalate privileges.
The attacker has likely exploited B. LFI and F. Directory traversal. The logs suggest the attacker is attempting to access files outside the server’s root directory, which could be indicative of a Local File Inclusion (LFI) vulnerability. Additionally, the attempt to “..dir.dir” suggests an attempt at directory traversal exploitation.
The answer is BE LFI & RFI
- A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, have a look at the time stamps, they are different
-Remote File Inclusion (RFI) is a type of vulnerability most often found on the suited PHP running web portals be on the web and the Local File Inclusion (LFI) is similar to RFI, the only difference is that in LFI, the attacker has been uploading the malicious scripts types
- Pass the hash is taking a hash and cracking it
-Xss is an attack on the client side of things this attack is on the web server
- There is NO directory traversal happening here
it looks like they are trying to trick the php into showing file ../../etc/passwd if i had to guess what characters that URL is trying to represent. This means it is navigating up from the current directory through parent directories, and switching to the "etc" folder and then to its child "passwd"
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ranaer
Highly Voted 2 years, 2 months agokrayxay
2 years, 2 months agoxdonoghan
1 year, 9 months agomemodrums
1 year, 2 months agorf18
Highly Voted 2 years, 2 months agoExlr8me
2 years agoAfel_Null
1 year, 6 months agoTeleco0997
1 year, 5 months agohoneybussy
Most Recent 11 months, 3 weeks agoLuckyAro
1 year, 3 months ago[Removed]
1 year, 5 months agoIGasset
1 year, 6 months agoiloco
1 year, 7 months agoLeonardSnart
1 year, 10 months agoKurt43
1 year, 7 months agoutrone
1 year, 11 months agoleobro
1 year, 12 months agoApplebeesWaiter1122
1 year, 11 months agoprincajen
2 years, 1 month agoTatba26
1 year, 11 months agoganymede
2 years, 2 months agoganymede
2 years, 2 months agoramesh2022
2 years, 2 months agoNunoF4
2 years, 2 months ago[Removed]
2 years, 2 months agoh3r0
2 years, 2 months agoNerdAlert
2 years, 1 month agoLeDarius3762
1 year, 9 months agoTunexBaba
2 years, 2 months ago