PT0-002 Attacks and Exploits • Set 5
PT0-002 Attacks and Exploits Practice Test 5 — 15 questions with explanations. Free, no signup.
A penetration tester gained low-privileged access to a Linux server and found that the user can run a custom script located at /opt/tool/backup.sh with setuid root. The script begins with a hashbang #!/bin/bash and uses an internal variable defined as BASEDIR=$(dirname $0) to determine paths. Which technique is most likely to allow privilege escalation?