A pen tester's access to a file/directory

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
I came across a question worded similarly to the following:

An anonymous pen tester was able to identify a shared print-spool directory and download a document from it. Which best describes the Pen Tester's privileges?
A) All users have read access to the file
B) The pen tester has read access to the directory
C) The pen tester has read access to the file
D) All users have write access to the directory

I got the correct answer, 'A' (because the pen tester is using an "anonymous" account).

Would the following option (if given) also be correct?

E) All users have read access to the directory
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Having read access to a directory doesn't necessarily imply that the user-account has read access to a file. I suppose if "E" was "All users have read access to the file." would be more correct.
  • Shadow RealmShadow Realm Member Posts: 15 ■□□□□□□□□□
    Nope, The overall dir could have directory listings disabled so you would have to bruteforce the filenames or they could all be chmodded to 600 with just the file that your looking at being 755/777
    Currently Working On: CompTIA A+ and MCITP: Windows 7
    Want To Complete: Network+, Security+, Linux+, CCENT, CCNA, CCNA Security, RHCE, CISSP (Associate)
  • samurai86samurai86 Member Posts: 104 ■■□□□□□□□□
    To go along with this if answer A read "All users have read access to the directory", and these were compared to the other current answers, then then this would also be the correct answer given the other answers.

    With that said individual file permissions do not have to be the same as their parent directory, but often those individual files inherit their permissions from a parent directory.
    Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
    Masters of Science in Digital Forensics (University of Central Florida)
Sign In or Register to comment.