312-50V13 Question #26: Real Exam Question with Answer & Explanation

The correct answer is D: Display passwd content to prompt. The Shellshock bash vulnerability, demonstrated by the provided command, attempts to execute arbitrary commands by injecting them into environment variables, ultimately displaying the content of /etc/passwd.

Submitted by emma.c· Mar 6, 2026System Hacking

Question

env x='(){ :;};echo exploit' bash c 'cat/etc/passwd' What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options

ARemoves the passwd file
BChanges all passwords in passwd
CAdd new user to the passwd file
DDisplay passwd content to prompt

Explanation

The Shellshock bash vulnerability, demonstrated by the provided command, attempts to execute arbitrary commands by injecting them into environment variables, ultimately displaying the content of /etc/passwd.

Common mistakes.

A. The command cat /etc/passwd is used to display the file's content, not remove it; rm would be used for removal.
B. The command cat /etc/passwd only displays the file; it does not change any passwords. Password changes typically involve commands like passwd.
C. The command cat /etc/passwd does not add new users; adding users typically involves useradd or direct modification of /etc/passwd and /etc/shadow in a structured way.

Concept tested. Shellshock vulnerability exploitation

Reference. https://www.redhat.com/en/topics/security/shellshock

Topics

#Shellshock vulnerability#bash exploit#remote code execution

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice Browse All 312-50V13 Questions