nerdexam
GIAC

GPEN · Question #434

GPEN Question #434: Real Exam Question with Answer & Explanation

The correct answer is A. Ping-n 1 192.168.1 200 on the compromised system. Blind command injection causes the injected command to execute on the compromised server with no output returned to the attacker's browser.

Question

You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1 200, which of the following would you see?

Options

  • APing-n 1 192.168.1 200 on the compromised system
  • BA 'Destination host unreachable' error message on the compromised system
  • CA packet containing 'Packets: Sent - 1 Received = 1, Loss = 0 (0% loss) on yoursniffer
  • DAn ICMP Echo packet on your sniffer containing the source address of the target

Explanation

Blind command injection causes the injected command to execute on the compromised server with no output returned to the attacker's browser.

Common mistakes.

  • B. A 'Destination host unreachable' error indicates a routing failure to the destination; since 192.168.1.200 is the attacker's own reachable machine, this error would not occur.
  • C. The ping statistics text 'Packets: Sent = 1, Received = 1' is console output generated on the compromised system, not a network packet that would appear on a sniffer.
  • D. While the ICMP Echo Request would arrive at the attacker's machine and could be captured, this option partially describes out-of-band detection rather than the primary behavior of blind injection, which is execution on the compromised host.

Concept tested. Blind command injection server-side execution behavior

Reference. https://owasp.org/www-community/attacks/Blind_command_injection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice