Computer Hacking Forensic Investigator (CHFI v10) — Question 560

Someone in the field of forensic investigation is looking at an Apache access log. They're searching for any evidence of a command injection attack. During this process, they find a log entry where the IP address "10.0.0.8" placed a GET request using the command ip=127.0.0.1;ls+/var/www/html. Judging by this data, what might be the individual’s objective behind this attack?

Answer options

• A. The individual behind the attack is attempting a brute-force attack on the host server
• B. The individual behind the attack is working towards replacing the target file on the host server
• C. The individual behind the attack aims to see what's inside the /var/www/html directory of the host server
• D. The individual behind the attack is working to put an XML external entity into the web application

Correct answer: C

Explanation

The correct answer is C because the command 'ls /var/www/html' is used to list the contents of a directory, indicating that the attacker is trying to see what files are present in that location. Options A and B are incorrect as they suggest different attack methods that do not align with the command used. Option D is also incorrect since there is no indication of an XML external entity attack in the log entry.