PT0-002 Question #260: Real Exam Question with Answer & Explanation

The correct answer is C: To remove a web shell after the penetration test. A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web

Post-exploitation and lateral movement

Question

A penetration tester gives the following command to a systems administrator to execute on one of the target servers: rm -f /var/www/html/G679h32gYu.php Which of the following BEST explains why the penetration tester wants this command executed?

Options

ATo trick the systems administrator into installing a rootkit
BTo close down a reverse shell
CTo remove a web shell after the penetration test
DTo delete credentials the tester created

Explanation

A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.

Topics

#Web shells#Post-exploitation cleanup#File removal#Penetration testing methodology

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions