Question 21 of 52 from exam PT0-001: CompTIA PenTest+

Question 21 of 52 from exam PT0-001: CompTIA PenTest+

Prev Question Next Question

Question

DRAG DROP - You are a penetration tester reviewing a client's website through a web browser.

INSTRUCTIONS - Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Secure System User name Password
General | Details | Certification Path i] Certificate Information This certificate is intended for the following purpose(s): * Ensures the identity of a remote computer = Refer to the certification authority's statement for details. Issued to: * comptia.org Issued by: RapidSSL SHA256 CA Valid from 7/18/2016 to 7/19/2018 Learn more about certificates
‘Secure System € © _https://comptia org/login aspx#viewsource him <head> <itte>Secure Login <itite> <Ihead> ‘<body> <meta content="c2RmZGZnaHNzZmtqbGdoc2Rma2pnaGRzZmpoZGZvaW2aGRmc29p¥mp3ZXindWvdm9pb2hzZGd 1aW JoaGR 1ZmZpZ2hzZDtpYmhqZHNmc291Ymdoc3d5Z2Gi1Z2Zi bnNkbGtqO2Job3VpYXNpZGZubXM7bGtkZmliaHZsb3NhZGJua2N4dnZ1aWdia3NqYWVqa2JmbGI1Y3Z2Z2JobGFzZwJmaXVkZGZidmxiamFmbGhke3VmZyBuc2pyZ2hzZHVmaG d1d3NmZ2hqZHNmZmJ 1c2hmdWRzZmZoZ3U3cndweWhmamRzZmZ2bnVzZm53cnVMYNZ1ZXJ2=="name="esrt-token"/> <select><serip> document write("<OPTION value=1>"+document location href substring(document locaton href indexO{(1=")+16)* “</OPTION>"); <Iscript></select> <div align="center"> ‘form action="<c:ur value="main,do7>"method="post> ‘<div style="margin-top:200px;margin-bottom: 10px;"> <span style="width:500px color:bive font-size: 30px,ont-weight bol border-bottom: px solid blue;">Comptia Secure System Login</span> <dn> <div style="margin-bottom5px"> <span style="width 100px;">Name/span> <input style="width: 150px:"type="tex” name="name” <I--input style="width: 150px;"type="tex” name="name" </av> ‘<div><span style="width: 100px:">Password: </span><input style="width: 150px:" type="password” name="Password” id="password" value="> <I--div><scan style="width 100px.">Password: <span><input style="width: 150px" type="password" name="Password” id="password" value="password" —>
Secure System € C _hittps://comptia.org/login.aspx#viewcookies Name Value Domain Path_| Expires! ‘Size | HTTP | Secure | Samesite ‘ASP.NET_Sessionid_| hibedctse2ewvqwiabdebyav | www.com.._| 7 ‘Session 41 —_uima '36104370.911013732, 15082609 | .comptia.o.. | / 2019-10-7 Ey 63.1508266963.1508266963.1 uimb '361044370.7.9.1508267988443 | comptia.o.._|7 2017-10-1 2 utme. 36104370 comptia.o.._ [7 ‘Session. 14 utmt 1 comptia.o.._ [7 2017-10-41 T _utmv "36104370 [2=Account%20Type= | .comptia.o.... | 7 2019-10-1 48 Not%20Defined=1 aime '36104370.1508266963.1.1.uime | comptia.o.. | 7 2018-04-7 99 St googlutmeen=(organiyutm ~Sp_14 0767 aS TBSECETTETC TSONDBGETT | compiia oT 2019-10-1 99 1508258019. 1508266964.81113 afr Sp ses 0767 = ‘comptiao [7 2017-10-41 3
‘Secure System € _hittps://comptia.org/login.aspxi#remediatesource 10 <hime 20) <head> 3 stitle>Secure Login <!tile> 40) </head> -"c2RMZGZnaHNzZmtqbGdoc2Rma2pnaGRzZmpoZGZvaW2aGRmc29pYmp3ZXindWvdmopb2hzZGd 1aWJoaGR 1ZmZpZ2hzZDtpYmhqZHNme29 1¥mdoc3d52Gi1Z27i 81 bnNkbGtqO2Job3VpYXNpZGZubXM7bGtkZmliaHZsb3NhZG Jua2N4dnZ 1aWdia3NqY WV qa2smbGI1Y32222JobGF 2ZwJmaXVkZGZidmxiamFmbGhke3VmZyBuc2pyZ2hzZHVmaG 917 d1d3NmZ2hqZHNmZm4J 1c2hmdWRzZmZoZ3U3endweWhmamRzZmZ2bnV2ZmS3cnVMYNZ1ZXJ2=="name="esrt-token"/> 10F) <select><script> 1115) document write("<OPTION value=1>"+document location href. substring document locaton. href.indexOf("f=")+16)* "</OPTION 12F </script></select> 130 <div align="center"> 147) <form action="<c:url value='main.do/>"method="post"> 155. <div style="margin-top:200px:margin-bottom: 10px,"> 1SE1 <span style="wicth:500px:color:blue;font-size:30px.font-weight:bok border-bottom: px solid biue,”>Comptia Secure System Login</span> 170) </div> 18 <div style="margin-bottom:5px;"> 197 <span style="width: 100px;">Name</span> 20°" <input style="width: 150px:"type="text” name="name" id="name" value="> 21/7) <I-- input style="width: 150px;"type="text” name="name" id="name" valu 227 </div> 2315] <div><span style="width: 100px:">Password: </span><input style="width: 150px." type="password” name="Password” 247 <I--div><scan style="width: 100px:">Password: </span><input style="width: 150px:" type="password" name="Password" "admin"—> password” value="> password” value="password” —>
Secure System € C_hitps://comptia org/login.aspx#remediatecookies. Name Value Domain Path | Expires! Size_[ HTTP | Secure | SameSite ‘ASP.NET Sessionid | hibedeise2ewvquidbdcby3v | www.com.._| 7 ‘Session at o T__| 0 delete —_uima '36104370.91 1013732. 15082669 | .comptiao.... | 7 2019-10-1 39 r Bo | Baewte 63.1508266963, 1508266963.1 wutmb 361044370.7.9.1508267988443_| comptia.o.._|7 2017-10-1 32 o Dl _|Beetete wutme 36104370 ccomptia.o... | 7 ‘Session 14 ial | delete ‘utmt 1 ccomptia.o... [7 2017-10-4 7 o ED _ | Pi delete Sutmy 36104370 |2=Account%20Type= | .comptia.o.... [7 2019-10-1 48 No!%20Defined=1 BB ecko _utmz 36104370. 1508266063.1.1.uime | .comptia.o.. [7 2016-04-7 99 ‘st=google|utmecn=(organic)|utm 5 o © delete ©. —Sp_1d. 0767 4a84866C0FTTO 1c. 1508266064.1 | comptiao.. | 7 2019-10-1 39 1508258019. 1508266964.81f13 o 5 | eetete at Sp_Ses.0767 = ‘comptia.o.. [7 2017-10-1 3 o oH __|Tideiete

Select and Place:

Drag and Drop Options: | General | Detais | Certification Path = Remove certificate from server Lg) Certificate Information ibis ore tiicate b Mitceded for tise folowing perpose(s): Generate a Certificate Signing Request + Ensures the identity of a remote computer Submit CSR to the CA Install re-issued certificate on the server = Refer to the certification authority's statement for details. Issued to: *.comptia.org Issued by: RapidSSL SHA256 CA Valid from 7/18/2016 to 7/19/2018 Learn more about certificates

Explanations

General [Detais | Certification Path| Q Certificate Information This certificate is intended for the following purpose(s): «Ensures the identity of a remote computer = Refer to the certification authority's statement for details. Issued to: * comptia.org Issued by: RapidSSL SHA256 CA Valid from 7/18/2016 to 7/19/2018 Learn more about certificates Drag and Drop Options: Remove certificate from server Generate a Certificate Signing Request Submit CSR to the CA Install re-issued certificate on the server Generate a Certificate Signing Request | Wit ao] Step 2 Submit CSR to the CA Step 3 Install re-issued certificate on the server Step 4 Remove certificate from server
Prev Question Next Question