Home » ECCouncil » 312-50 » What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
env x=`(){ :;};echo exploit` bash -c ‘cat /etc/passwd’
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
A. Display passwd content to prompt
B. Removes the passwd file
C. Changes all passwords in passwd
D. Add new user to the passwd file
Correct Answer: A
Explanation/Reference:
To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form:
() {:;}; /bin/cat /etc/passwd
That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned. References: https://blog.cloudflare.com/inside-shellshock/
Free dumps for 312-50v11 in Printable PDF format.
High quality PDF and software. VALID exam to help you pass.
|
 |
|
Download Printable PDF. VALID exam to help you PASS.
|
|
OK, I have done all the ques from 1-225.
Now I am going to ques no 500, and will work my way back to 226
As These ques seem to be repeating themselves and I need to hurry as I have my exam tom tom.