ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 98 discussion

Actual exam question from CompTIA's CS0-003
Question #: 98
Topic #: 1
[All CS0-003 Questions]

A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?

  • A. /etc/shadow
  • B. curl localhost
  • C. ; printenv
  • D. cat /proc/self/
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by kmordalv at Aug. 30, 2023, 2:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NetworkDisciple
6 months, 3 weeks ago
Selected Answer: A
The /etc/shadow contains hashed passwords in the linux OS
upvoted 2 times
...
bettyboo
9 months, 3 weeks ago
Selected Answer: A
A. /etc/shadow That's where Linux stores the passwords
upvoted 2 times
...
Alizade
1 year, 3 months ago
Selected Answer: A
The answer is A. /etc/shadow.
upvoted 2 times
...
jaeyon
1 year, 3 months ago
Selected Answer: C
While targeting files like /etc/shadow is a typical goal in LFI attacks, it doesn't represent a pattern that you would search for in logs. Instead, you would typically look for the patterns or payloads used by attackers in log entries. In this context, the pattern "; printenv" is a more direct representation of such a payload pattern.
upvoted 1 times
...
kmordalv
1 year, 3 months ago
Selected Answer: A
Again, I was wrong.... Bad day. The credentials are stored in the /etc/shadow file. Since the question talks about credentials, the existence of this file on the web server could indicate a LFI vulnerability. The printenv parameter (environment variables) would not indicate any vulnerability.
upvoted 2 times
...
kmordalv
1 year, 3 months ago
Selected Answer: C
My previous answer was wrong. LFI vulnerabilities typically allow an attacker to include and execute files on the server. In this case, the "; printenv" pattern may be used to include and execute a command that prints environment variables.
upvoted 1 times
...
kmordalv
1 year, 4 months ago
Selected Answer: A
Correct If an attacker successfully exploits an LFI vulnerability to extract credentials from the underlying host, one way they might attempt to access sensitive files is by trying to access the "/etc/shadow" file. The "/etc/shadow" file on Unix-based systems like Linux contains the hashed passwords of users.
upvoted 3 times
kmordalv
1 year, 3 months ago
My previous answer was wrong. LFI vulnerabilities typically allow an attacker to include and execute files on the server. In this case, the "; printenv" pattern may be used to include and execute a command that prints environment variables.
upvoted 1 times
kmordalv
1 year, 3 months ago
Ignore this answer, please... "A" is the correct answer
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel