Question 1

What determines the level of access a hacker gains when they exploit a system?

Accepted Answer

The privileges of the exploited service or user

Answer

The number of vulnerabilities present

Answer

The type of exploit used

Answer

The hacker's skill level

Question 2

Why do most initial exploits result in unprivileged access?

Accepted Answer

Most network services run with restricted permissions

Answer

Exploits are usually ineffective

Answer

Operating systems prevent all privilege escalation

Answer

Hackers intentionally choose low-privilege exploits

Question 3

In Linux, what command is used to check the current user identity?

Accepted Answer

whoami

Answer

id

Answer

whois

Answer

ls -la

Question 4

What does the 'www-data' user typically represent?

Accepted Answer

A web server user with restricted access

Answer

A database administrator

Answer

A superuser account

Answer

A normal user account

Question 5

Why is privilege escalation important for hackers?

Accepted Answer

It allows them to execute administrative commands

Answer

It disables antivirus protection

Answer

It makes them undetectable

Answer

It prevents system crashes

Question 6

In Linux, what are the three types of file permissions?

Accepted Answer

Read, Write, Execute

Answer

Admin, User, Guest

Answer

Public, Private, Protected

Answer

Owner, Group, Other

Question 7

What does the command sudo chown root:root ./demo do?

Accepted Answer

Changes the owner and group of demo to root

Answer

Grants execution permissions to all users

Answer

Deletes the demo file

Answer

Moves the file to the root directory

Question 8

What does the SUID permission do?

Accepted Answer

Allows a file to be executed with the privileges of its owner

Answer

Grants read-only access to all users

Answer

Prevents a file from being deleted

Answer

Hides a file from normal users

Question 9

What command sets the SUID bit on a file?

Accepted Answer

chmod u+s filename

Answer

chmod 000 filename

Answer

chmod +x filename

Answer

chmod 777 filename

Question 10

How can you check if a file has the SUID permission set?

Accepted Answer

Both B and C

Answer

ls -halt

Answer

ls -l

Answer

find / -perm -4000

Question 11

What does the 'ps auxf' command do?

Accepted Answer

Shows running processes in a tree format

Answer

Lists all files on the system

Answer

Lists all open network ports

Answer

Searches for exploits in the system

Question 12

How can an attacker find an exploit for a specific Linux kernel version?

Accepted Answer

Searching Exploit-DB or using Google

Answer

Downloading patches from the kernel website

Answer

Using a brute-force attack

Answer

Running sudo exploit-search

Question 13

Which file stores Linux user account information?

Accepted Answer

/etc/passwd

Answer

/root/accounts

Answer

/bin/users

Answer

/home/userdata

Question 14

What does the find / -perm -4000 -user root -type f -print command do?

Accepted Answer

Finds root-owned SUID files

Answer

Lists all users on the system

Answer

Deletes all root-owned files

Answer

Modifies root-owned files

Question 15

How can an attacker abuse a cron job for privilege escalation?

Accepted Answer

Modifying a script executed by the cron job

Answer

Changing the system clock

Answer

Deleting the cron job

Answer

Running the cron hack command

Question 16

What is wildcard injection?

Accepted Answer

A technique to manipulate command-line arguments

Answer

A tool for encrypting files

Answer

A method to brute-force user passwords

Answer

A way to find SUID files

Question 17

Why is the export SCRIPT_PATH method useful for privilege escalation?

Accepted Answer

It allows modification of environment variables for executing privileged scr

Answer

It grants direct root access

Answer

It encrypts system files

Answer

It disables system security mechanisms

Question 18

What is the purpose of the /etc/shadow file?

Accepted Answer

Stores encrypted user passwords

Answer

Lists all installed programs

Answer

Contains system logs

Answer

Manages user groups

Question 19

Which Linux command displays the kernel version?

Accepted Answer

uname -a

Answer

sysinfo --kernel

Answer

lsb_release -a

Answer

kernel -v

Question 20

How does the DirtyCOW exploit work?

Accepted Answer

Overwrites read-only files using a race condition

Answer

Exploits misconfigured SUID binaries

Answer

Injects malicious shellcode into running processes

Answer

Bypasses firewalls to gain remote access

Question 21

What is the significance of the chmod u+s command in privilege escalation?

Accepted Answer

Grants SUID privileges to a file

Answer

Adds an administrator to the system

Answer

Grants sudo access to all users

Answer

Disables file execution

Question 22

What does the -rf flag do in the rm command?

Accepted Answer

Removes directories and their contents recursively

Answer

Restores deleted files

Answer

Forces system reboot

Answer

Formats the disk

Question 23

What is a common method of escalating privileges using the find command?

Accepted Answer

Executing arbitrary commands via -exec

Answer

Modifying system logs

Answer

Listing installed packages

Answer

Searching for user password

Question 24

Which command helps locate files with the SGID permission?

Accepted Answer

find / -perm -2000 -user root -type f -print 2>/dev/null

Answer

permissions -g

Answer

ls -halt | grep SGID

Answer

sudo sgid-locate

Question 25

What happens when an attacker modifies a script executed by a cron job running as root?

Accepted Answer

The script runs with root privileges

Answer

The cron job gets disabled

Answer

The attacker gets logged out

Answer

The system prevents script execution

Question 26

What is the primary function of the rsync command?

Accepted Answer

Synchronizes files between directories or systems

Answer

Modifies user permissions

Answer

Disables antivirus software

Answer

Cracks encrypted passwords

Question 27

How does wildcard injection work in Linux?

Accepted Answer

Modifies how shell commands interpret arguments

Answer

Corrupts the kernel's memory

Answer

Spoofs administrator credentials

Answer

Encrypts all files in a directory

Question 28

What is the risk of running sudo commands without password authentication?

Accepted Answer

Any user with sudo privileges can execute commands as root without restriction

Answer

The system automatically logs out after every command

Answer

Users cannot run any administrative commands

Answer

The system prevents execution of root commands

Question 29

What is the best way to prevent privilege escalation attacks?

Accepted Answer

Keeping software and kernel up to date

Answer

Allowing unrestricted file permissions

Answer

Running all services as root

Answer

Disabling all user accounts

Question 30

You gain access to a system through an exploited web server. What is the most likely privilege level you have?

Accepted Answer

www-data or similar unprivileged user

Answer

Administrator

Answer

System

Answer

Root

Question 31

A user unknowingly runs your malware as a standard user. What immediate action should you take to gain higher privileges?

Accepted Answer

Attempt privilege escalation techniques

Answer

Install a keylogger

Answer

Disconnect from the network

Answer

Delete system logs

Question 32

You exploited a service and now need to determine what privileges you have. What command should you run first?

Accepted Answer

id

Answer

ls

Answer

cd /root

Answer

chmod 777 /bin/bash

Question 33

You exploited MyBB forum software and got access as www-data. What directory are you most likely restricted to?

Accepted Answer

/var/www/html

Answer

/root

Answer

/bin

Answer

/home

Question 34

If you find an SUID binary owned by root, what privilege escalation method could be effective?

Accepted Answer

Execute the binary and attempt to spawn a root shell

Answer

Modify the binary’s source code

Answer

Delete the binary

Answer

Change the file permissions to 777

Question 35

A system administrator changes a file’s ownership using sudo chown root:root ./demo. What impact does this have?

Accepted Answer

The file can now only be modified by root

Answer

The file becomes a system binary

Answer

All users lose access to the file

Answer

The file is deleted

Question 36

You suspect a scheduled cron job is running as root. What command can help you verify this?

Accepted Answer

All of the above

Answer

ls -la /etc/cron.d/

Answer

crontab -l

Answer

ps aux | grep c

Question 37

. If you find a writable script being executed by root’s cron job, what action could escalate privileges?

Accepted Answer

Modify the script to execute a reverse shell

Answer

Restart the cron service

Answer

Delete the script

Answer

Move the script to another location

Question 38

Why does running a program as a different owner not automatically change its execution privileges?

Accepted Answer

Linux inherits permissions from the executing user by default

Answer

The file system prevents privilege escalation

Answer

The program is sandboxed by the OS

Answer

The root user must approve all executions

Question 39

Why would an attacker search for ps auxf output on a compromised machine?

Accepted Answer

To check for running processes that may be exploitable

Answer

To create a new process

Answer

To list all files on the system

Answer

To modify user privileges

Question 40

Why is export SCRIPT_PATH=/home/user/malicious.sh a potential privilege escalation technique?

Accepted Answer

It injects a new environment variable that overrides an existing one

Answer

It prevents scripts from executing

Answer

It creates a new root user by accessing script

Answer

It disables the kernel’s security features

Question 41

Why is wildcard injection (rm *) a dangerous misconfiguration?

Accepted Answer

It can delete unintended files when a specially named file is added

Answer

It enables remote command execution

Answer

It disables user authentication

Answer

It allows a user to modify file ownership

Question 42

You find a file /usr/bin/vuln_bin with the following permissions: -rwsr-xr-x 1 root root 12345 Feb 10 12:34 vuln_bin. What should your next step be?

Accepted Answer

Execute the binary to check its behavior

Answer

Change the binary’s ownership

Answer

Modify the binary’s permissions

Answer

Delete the binary to prevent misu

Question 43

A cron job runs /usr/local/bin/backup.sh every hour as root. The script is world-writable. What is a possible attack?

Accepted Answer

Modify the script to execute a reverse shell

Answer

Set chmod 000 backup.sh to disable it

Answer

Restart the cron service

Answer

Move the script to another directory

Question 44

You find an SUID binary that calls /usr/bin/editor using system(). What can you do?

Accepted Answer

Replace editor with a malicious script

Answer

Use chmod -s to remove SUID

Answer

Restart the system

Answer

Delete /usr/bin/editor

Question 45

Why is a writable /etc/shadow file a severe security risk?

Accepted Answer

It allows changing hashed passwords directly

Answer

It allows users to hide their login history

Answer

It makes the system unstable

Answer

It prevents root from logging in

Related quizzes

Related quizzes