CompTIA
SY0-301 · Question #425
SY0-301 Question #425: Real Exam Question with Answer & Explanation
The correct answer is A: cd ../../../../bin/bash. Repeated use of 'cd ../../../../' traverses up multiple directory levels, which is the standard method to escape a chroot rootjail by reaching the real filesystem root.
Question
The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail?
Options
- Acd ../../../../bin/bash
- Bwhoami
- Cls /root
- Dsudo -u root
Explanation
Repeated use of 'cd ../../../../' traverses up multiple directory levels, which is the standard method to escape a chroot rootjail by reaching the real filesystem root.
Common mistakes.
- B. 'whoami' simply queries the current user identity and provides no information about an attempt to change filesystem scope or escalate privileges.
- C. 'ls /root' attempts to list the root user's home directory, which may indicate reconnaissance but does not indicate an attempt to break out of a jailed environment.
- D. 'sudo -u root' attempts privilege escalation to the root user account but does not attempt to escape the restricted filesystem boundary imposed by a chroot jail.
Concept tested. Chroot rootjail escape via directory traversal
Reference. https://linux.die.net/man/2/chroot
Community Discussion
No community discussion yet for this question.