210-255 · Question #42
A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To
The correct answer is D. reconnaissance. The attacker is only sending HTTP GET requests to a non-exploitable file, which indicates information gathering rather than active exploitation.
Question
A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html. Which category best describes this activity?
Options
- Aweaponization
- Bexploitation
- Cinstallation
- Dreconnaissance
How the community answered
(16 responses)- A6% (1)
- B13% (2)
- C6% (1)
- D75% (12)
Why each option
The attacker is only sending HTTP GET requests to a non-exploitable file, which indicates information gathering rather than active exploitation.
Weaponization refers to creating or packaging an exploit payload, which occurs offline before any network interaction with the target.
Exploitation would require an HTTP POST with specific variables sent to exploitable.php, which is not present in the observed traffic.
Installation occurs after successful exploitation when malware or a backdoor is placed on the compromised system, which has not happened here.
Reconnaissance involves gathering information about a target without actively attacking it. The traffic consists solely of GET requests to myplugin.html, not the POST requests to exploitable.php required to trigger the vulnerability, meaning the actor is observing or mapping accessible resources rather than attempting to exploit them.
Concept tested: Cyber kill chain phase identification - reconnaissance
Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Topics
Community Discussion
No community discussion yet for this question.