GIAC
GCIH · Question #691
GCIH Question #691: Real Exam Question with Answer & Explanation
The correct answer is C: Verification of a blind attack. In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.
Web Application Attacks & Post-Exploitation
Question
When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?
Options
- ACollection of URL session tokens
- BLegal requirement
- CVerification of a blind attack
- DDetect target's operating system
Explanation
In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.
Common mistakes.
- A. URL session token collection is a technique associated with session hijacking or cross-site scripting attacks, not with confirming command execution via callback traffic in injection testing.
- B. There is no legal requirement mandating that an attacker route traffic through their own address space during command injection probing - this is a purely technical verification technique.
- D. Operating system fingerprinting is typically accomplished through tools like nmap using TCP/IP stack analysis or banner grabbing, not by having the remote host initiate callbacks to the attacker's address space.
Concept tested. Blind command injection out-of-band verification technique
Reference. https://owasp.org/www-community/attacks/Command_Injection
Topics
#command injection#blind injection#out-of-band verification#attack methodology
Community Discussion
No community discussion yet for this question.