Question 1

What is the correct command to generate a pattern using Metasploit's pattern_create tool to identify buffer overflow offsets?

Options :

A : pattern_create -l 200 generates a unique 200-character string used to identify the exact offset in the buffer overflow.

B : pattern_offset -q EIP_VALUE -l 500 identifies the offset within a pattern of 500 bytes based on a crash result.

C : msfvenom -p windows/shell_reverse_tcp LHOST=[IP] LPORT=[port] -f c generates shellcode but doesn't help identify offsets.

D : gdb --args ./vulnerable_program $(python -c 'print "A" * 500') runs the vulnerable program under a debugger but does not directly calculate the offset.

Answer: A

Question 2

Which payload would be the most effective to upload when exploiting a vulnerable file upload feature to gain remote command execution on the server?

Options :

A :

B :

C :

D :

Answer: C

Question 3

You are conducting a penetration test and discover that a web application allows users to upload files without proper validation. How would you exploit this vulnerability to upload a PHP web shell and gain remote control of the server?

Options :

A : Rename a file with multiple extensions such as malware.php.gif, bypassing checks and gaining execution rights.

B : Inject PHP code into a non-executable file, such as a .txt, and trick the server into parsing it as PHP.

C : Use path traversal techniques to place the malicious script in a location where it can be executed.

D : Upload a PHP shell named shell.php.png to bypass the image file restriction, then access the file via the web interface to execute remote code.

Answer: D

Question 4

Which command should you use to initiate a comprehensive vulnerability scan on a network using OpenVAS, specifying a configuration that exhaustively checks for all known vulnerabilities without interrupting network services?

Options :

A : openvas --scan-start --target 192.168.0.1/24 --config-name "Full and fast" --alert-off

B : openvas --update --target 192.168.0.1/24 --deep-scan --verbose

C : openvas --run --ip-range 192.168.0.1/24 --minimal --quiet

D : openvas --quick-scan --target 192.168.0.1/24 --optimize-test --alert-on

Answer: A

Question 5

During an exploitation attempt on a zero-day vulnerability, which approach is effective for gaining unauthorized access to a system?

Options :

A : Use of tailored buffer overflow in the system’s application layer

B : Sending phishing emails to employees to obtain network credentials

C : Installing malware through third-party software updates

D : eploying a denial of service attack to disrupt the network

Answer: A