A pen tester's access to a file/directory

teancum144

I came across a question worded similarly to the following:

An anonymous pen tester was able to identify a shared print-spool directory and download a document from it. Which best describes the Pen Tester's privileges?
A) All users have read access to the file
The pen tester has read access to the directory
C) The pen tester has read access to the file
D) All users have write access to the directory

I got the correct answer, 'A' (because the pen tester is using an "anonymous" account).

Would the following option (if given) also be correct?

E) All users have read access to the directory

paul78

Having read access to a directory doesn't necessarily imply that the user-account has read access to a file. I suppose if "E" was "All users have read access to the file." would be more correct.

Shadow Realm

Nope, The overall dir could have directory listings disabled so you would have to bruteforce the filenames or they could all be chmodded to 600 with just the file that your looking at being 755/777

samurai86

To go along with this if answer A read "All users have read access to the directory", and these were compared to the other current answers, then then this would also be the correct answer given the other answers.

With that said individual file permissions do not have to be the same as their parent directory, but often those individual files inherit their permissions from a parent directory.