Scribd
Upload
19 views

Assisted Lab 8

Uploaded by

007503711
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Assisted Lab 8

Uploaded by

007503711
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Firefox https://labclient.labondemand.com/Instructions/ExamResult/c727f6ad-b...

08: Assisted Lab: Exploiting Weaknesses in a Website


PenTest+ (PT0-002) 2022 Update

11/11
Congratulations, you passed!
Duration: 1 hour, 1 minute

What is the result of the whoami command injected in this step? Score: 1

jaime
localhost
172.16.0.201
www-data

Congratulations, you have answered the question correctly.

The core of this CSRF attack is tricking a victim into clicking on a link that will run Score: 1
commands against their account on a website where they have a pre-established session. (True/
False)
True
False

Congratulations, you have answered the question correctly.

What is the point of the string "../../../../../../" in the previous exploit of file inclusion? Score: 1

Use directory traversal to reach the root directory


Use command obfuscation to avoid keyword filters
Use special characters to avoid metacharacter escaping
Trick the system into granting access to the file using root privileges

Congratulations, you have answered the question correctly.

Use a script to confirm upload of /home/kali/world.png Score: 1


Select the Score button to validate this task.
File upload confirmed ...
Task complete

Use a script to confirm upload of special.php Score: 1

1 of 3 10/16/2024, 10:49 AM
Firefox https://labclient.labondemand.com/Instructions/ExamResult/c727f6ad-b...

Select the Score button to validate this task.


File upload confirmed ...
Task complete

Use a script to confirm local web server is started Score: 1


Select the Score button to validate this task.
Local web server detected ...
Task complete

Which of the following characters can be used to stack commands in a command Score: 1
injection attack? (Select all that apply)
?
/
;
&&
^
|
+

Congratulations, you have answered the question correctly.

What is the attack of CSRF based on? Score: 1

A website trusting the requests of a visitor


A victim typing in malicious commands
A social engineering phone call to a victim
Malware pre-installed on a web server
Congratulations, you have answered the question correctly.

Which of the following is true regarding file inclusion exploitation? (Select all that Score: 1
apply)
It can reference local files.
It can execute referenced files.
It can reference remote files.
It must be used in concert with command injection.

Congratulations, you have answered the question correctly.

What is the most significant concern of a file upload vulnerability? Score: 1

An attacker's ability to change user passwords.


An attacker learning the OS and software identities.
An attacker changing website contents (i.e., defacement)
An attacker being able to run malicious code on the web server.

2 of 3 10/16/2024, 10:49 AM
Firefox https://labclient.labondemand.com/Instructions/ExamResult/c727f6ad-b...

Congratulations, you have answered the question correctly.

Reflective cross-site scripting (XSS) attacks are often performed by tricking a victim Score: 1
into clicking on a malicious link that was crafted to include the attack script.
True
False
Congratulations, you have answered the question correctly.

3 of 3 10/16/2024, 10:49 AM

You might also like