nerdexam
Cisco

210-255 · Question #42

A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To

The correct answer is D. reconnaissance. The attacker is only sending HTTP GET requests to a non-exploitable file, which indicates information gathering rather than active exploitation.

Attack Methods

Question

A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html. Which category best describes this activity?

Options

  • Aweaponization
  • Bexploitation
  • Cinstallation
  • Dreconnaissance

How the community answered

(16 responses)
  • A
    6% (1)
  • B
    13% (2)
  • C
    6% (1)
  • D
    75% (12)

Why each option

The attacker is only sending HTTP GET requests to a non-exploitable file, which indicates information gathering rather than active exploitation.

Aweaponization

Weaponization refers to creating or packaging an exploit payload, which occurs offline before any network interaction with the target.

Bexploitation

Exploitation would require an HTTP POST with specific variables sent to exploitable.php, which is not present in the observed traffic.

Cinstallation

Installation occurs after successful exploitation when malware or a backdoor is placed on the compromised system, which has not happened here.

DreconnaissanceCorrect

Reconnaissance involves gathering information about a target without actively attacking it. The traffic consists solely of GET requests to myplugin.html, not the POST requests to exploitable.php required to trigger the vulnerability, meaning the actor is observing or mapping accessible resources rather than attempting to exploit them.

Concept tested: Cyber kill chain phase identification - reconnaissance

Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Topics

#Cyber Kill Chain#reconnaissance#HTTP traffic analysis#kill chain phases

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice