Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch Cr .bash_history temp
mv temp .bash_history
Which of the following actions is the tester MOST likely performing?
A . Redirecting Bash history to /dev/null
B. Making a copy of the user’s Bash history for further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders
Answer: C
Explanation:
Reference: https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover-your-tracks-remain-undetected-0244768/
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments