ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 339 discussion

Actual exam question from CompTIA's PT0-002
Question #: 339
Topic #: 1
[All PT0-002 Questions]

During an engagement, a penetration tester was able to upload to a server a PHP file with the following content:



Which of the following commands should the penetration tester run to successfully achieve RCE?

  • A. python3 -c "import requests;print(requests.post(url-'http://172.16.200.10/uploads/shell.php',data={'cmd=id'}))"
  • B. python3 -c "import requests;print(requests.post(url-'http://172.16.200.10/uploads/shell.php',data={'cmd': 'id'}).text)"
  • C. python3 -c "import requests;print(requests.get(url-'http://172.16.200.10/uploads/shell.php',params={'cmd': 'id'}))"
  • D. python3 -c "import requests;print(requests.get(url-'http://172.16.200.10/uploads/shell.php',params={'cmd': 'id'}).test)"
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mat22 at Aug. 9, 2024, 10:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kinny4000
2 months, 2 weeks ago
Selected Answer: B
'id' should be a string as it is in option B. These all also contain a typo - "url-'http...." should be "url='http...."
upvoted 1 times
...
Alex818119
4 months, 3 weeks ago
Selected Answer: B
Bing AI says: To successfully achieve remote code execution (RCE) with the provided PHP file, the penetration tester should use the following command: B. python3 -c "import requests;print(requests.post(url-'http://172.16.200.10/uploads/shell.php',data={'cmd': 'id'}).text)" This command sends a POST request to the PHP script with the cmd parameter set to id, and the .text method ensures the response content is printed correctly.
upvoted 2 times
...
Nikamy
5 months, 1 week ago
Selected Answer: B
BBBBBBBB
upvoted 2 times
...
Kmelaun
8 months, 2 weeks ago
Selected Answer: A
A is correct!
upvoted 2 times
...
mat22
8 months, 2 weeks ago
Answer is B. To achieve Remote Code Execution (RCE) using this PHP script, you need to send a POST request to the server with the cmd parameter set to a command you'd like to execute. In this case, the command is id, which retrieves the user identity on a Unix-like system. Option B correctly sends a POST request to the specified URL with the cmd parameter set to 'id' and then prints the response text from the server.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago