Difficulty: Hard

Average Score: 0%

A security analyst receives an alert from a web server that contains the following logs:
GET /image?filename=../../../etc/passwd
Host: AcmeInc.web.net
useragent: python-request/ 2.27.1
GET /image?filename=../../../etc/shadow
Host: AcmeInc.web.net
useragent: python-request/ 2.27.1

Which of the following attacks is being attempted?

Rationale

Directory traversal

The logs indicate an attempt to access sensitive files on the server by manipulating the file path, which is characteristic of a directory traversal attack. By using sequences like `../../../`, the attacker aims to navigate outside the intended directory structure to access files such as `/etc/passwd` and `/etc/shadow`.

A (File injection) YOUR ANSWER

File injection attacks typically involve uploading malicious files to a server or application. The logs in this case do not show any file upload attempts; rather, they demonstrate an unauthorized attempt to read existing files, making this option incorrect.

B (Privilege escalation) YOUR ANSWER

Privilege escalation refers to exploiting a vulnerability to gain elevated access rights. While accessing sensitive files may lead to further exploitation, the logs specifically show directory traversal attempts rather than an action aimed at increasing user privileges or access levels.

C (Directory traversal) CORRECT

The logs clearly illustrate a directory traversal attack, where the attacker attempts to access restricted files by manipulating the URL path. The use of `../../../` indicates an effort to traverse the directory structure beyond the web server's root, aiming to retrieve critical system files.

D (Cookie forgery) YOUR ANSWER

Cookie forgery involves creating or modifying cookies to impersonate a user or gain unauthorized access. This attack is unrelated to the logs provided, which focus on file access rather than cookie manipulation or authentication issues.

Conclusion

The security logs reveal a clear case of a directory traversal attack, as the attacker uses path manipulation techniques to access sensitive system files. While file injection, privilege escalation, and cookie forgery represent other types of attacks, they do not align with the actions indicated in the logs. Understanding these attack vectors is crucial for implementing effective security measures to protect against unauthorized access.

Which of the following attacks is being attempted?

Directory traversal

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test