CompTIA PenTest+ (PT0-001) — Question 160

A penetration tester has successfully exploited a vulnerability on an organization's authentication server and now wants to set up a reverse shell. The penetration tester finds that Netcat is not available on the target. Which of the following approaches is a suitable option to attempt NEXT?

Answer options

• A. Run xterm to connect to the X-server of the target.
• B. Attempt to escalate privileges to acquire an interactive shell.
• C. Try to use the /dev/tcp socket.
• D. Attempt to read out/etc/shadow.

Correct answer: C

Explanation

Option C is correct because using the /dev/tcp socket allows for network connections to be established directly from the shell, which is a viable alternative to Netcat for setting up a reverse shell. Options A and B do not directly facilitate the creation of a reverse shell, while option D is irrelevant as it focuses on accessing a password file rather than establishing a shell.