nerdexam
GIAC

GCIH · Question #691

When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?

The correct answer is C. Verification of a blind attack. In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.

Web Application Attacks & Post-Exploitation

Question

When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?

Options

  • ACollection of URL session tokens
  • BLegal requirement
  • CVerification of a blind attack
  • DDetect target's operating system

How the community answered

(49 responses)
  • A
    10% (5)
  • B
    4% (2)
  • C
    63% (31)
  • D
    22% (11)

Why each option

In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.

ACollection of URL session tokens

URL session token collection is a technique associated with session hijacking or cross-site scripting attacks, not with confirming command execution via callback traffic in injection testing.

BLegal requirement

There is no legal requirement mandating that an attacker route traffic through their own address space during command injection probing - this is a purely technical verification technique.

CVerification of a blind attackCorrect

Blind command injection vulnerabilities produce no visible output in the HTTP response or application interface, making it impossible to directly observe whether injected commands executed. By injecting a command that initiates an out-of-band network request - such as a ping, DNS lookup, or HTTP request - directed at the attacker's own listener or infrastructure (e.g., Burp Collaborator or an attacker-controlled server), the attacker can observe the incoming connection and confirm command execution. This out-of-band callback is the standard technique for verifying blind injection without output.

DDetect target's operating system

Operating system fingerprinting is typically accomplished through tools like nmap using TCP/IP stack analysis or banner grabbing, not by having the remote host initiate callbacks to the attacker's address space.

Concept tested: Blind command injection out-of-band verification technique

Source: https://owasp.org/www-community/attacks/Command_Injection

Topics

#command injection#blind injection#out-of-band verification#attack methodology

Community Discussion

No community discussion yet for this question.

Full GCIH Practice