PT0-003 Question #306: Real Exam Question with Answer & Explanation

The correct answer is B: Use BeEF and insert payload. A browser-based “reverse shell” via XSS is most effectively achieved by hooking the victim’s browser into a client-side command-and-control framework. Loading the hook script from the tester’s server establishes a persistent control channel in the victim’s browser session, enabli

Submitted by fatima_kr· Mar 6, 2026Attacks and Exploits

Question

During a penetration test, a tester has confirmed stored XSS within a comment form on a site. Which of the following payloads is required to exploit the vulnerability and provide a reverse shell against user browsers? IP>/?f'document.cookie+'"

Options

BUse BeEF and insert payload
DUse Metasploit post/firefox/gather/xss and insert payload

Explanation

A browser-based “reverse shell” via XSS is most effectively achieved by hooking the victim’s browser into a client-side command-and-control framework. Loading the hook script from the tester’s server establishes a persistent control channel in the victim’s browser session, enabling command execution in the browser context and follow-on actions.

Topics

#XSS exploitation#BeEF#browser exploitation#client-side attacks

Community Discussion

No community discussion yet for this question.

Full PT0-003 Practice Browse All PT0-003 Questions