312-50V13 · Question #306
312-50V13 Question #306: Real Exam Question with Answer & Explanation
The correct answer is D: .bash_history. Option D (.bash_history) is correct because Bash automatically logs every command typed in the terminal to the .bash_history file, meaning any plaintext passwords entered as part of SMB connection commands (e.g., smbclient //server/share -U user%password) would be recorded there
Question
By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?
Options
- A.X session-log
- B.bashrc
- C.profile
- D.bash_history
Explanation
Option D (.bash_history) is correct because Bash automatically logs every command typed in the terminal to the .bash_history file, meaning any plaintext passwords entered as part of SMB connection commands (e.g., smbclient //server/share -U user%password) would be recorded there and must be cleared to remove evidence of the credentials.
Why the distractors are wrong:
- .X session-log (A) records X Window System graphical session activity, not terminal commands or passwords typed in a shell.
- .bashrc (B) is a configuration file that stores shell settings, aliases, and functions - it is not a log of executed commands.
- .profile (C) is an initialization script that runs at login to set environment variables, and similarly does not record command history.
Memory Tip: Think of .bash_history as your shell's "diary" - everything you type and execute gets written down. If you type a password in plaintext on the command line, bash diligently records it. During a pentest cleanup, always ask yourself: "Did I type it? Then bash logged it!"
Topics
Community Discussion
No community discussion yet for this question.