C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

The SecOps Group CAPenX - Certified AppSec Pentesting eXpert (CAPenX) Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

Demonstrate how to use Google Dorking to discover exposed camera or printer interfaces over the
internet. Explain how you confirm that the device is actually vulnerable.

A.
See the Explanation.
Correct Answer: A
Explanation:
Use:inurl:/view.shtml or intitle:"webcamXP" -download.
Thesetarget webcam interfaces; many lack auth by default.
Clicklinks to access live feed or control panels.
Confirminteractivity like pan/tilt or live video without login.
Reportthepublic exposure with IP, model, and CVE (if any) responsibly.
Question #2 (Topic: demo questions)

Find Git repositories accidentally exposed online using Google Dorking. Provide the steps to identify and
extract sensitive commit history or source code

A.
See the Explanations
Correct Answer: A
Explanation:
Usethedork: intitle:"index of" ".git" or inurl:.git/config.
Thisfindssites where .git directories are publicly browsable.
Openthe.git/config file to confirm repo existence.
Usetoolslike git-dumper or wget --mirror to download the full repo.
Analyzelogs/HEAD, refs/heads, or objects/ for hardcoded credentials or secrets.
Question #3 (Topic: demo questions)

Your goal is to identify documents indexed by Google that may contain sensitive credentials. Show how
to use Google Dorking to locate exposed .env or configuration files.

A.
See the Explanation.
Correct Answer: A
Explanation:
Usethedork: intitle:index.of ".env" or filetype:env intext:DB_PASSWORD.
Thesetarget environment config files often contain database/user credentials.
Openresults and inspect the raw text or file directory to locate variables like DB_USERNAME,
DB_PASSWORD, or APP_KEY.
Validate if credentials appear plaintext; never misuse the data.
Document the findings as a vulnerability and recommend file exclusion via robots.txt.
Question #4 (Topic: demo questions)

You are tasked with finding exposed login portals of web applications using Google Dorking.
Demonstrate how to identify pages that contain login forms using Google Search. Explain the logic
behind the dork and how to validate your results.

A.
See the Explanation
Correct Answer: A
Explanation:
1. OpenGoogle Search and enter the dork: inurl:login OR inurl:signin filetype:php | filetype:aspx |
filetype:jsp.
2. This dork filters results to URLs with login or signin, and page types commonly used in web apps.
3. Review the returned results. Click a few to verify they contain login forms.
4. Use “View Page Source” to confirm form elements like <input type="password">.
5. These portals can be used for brute force simulation (with permission) or to identify weak login
mechanisms.
Download Exam
Page: 1 / 1
Next Page